ComboFix 10-05-27.03 - jade 28/05/2010 10:47:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.223.122 [GMT 1:00]
Running from: c:\documents and settings\jade\Desktop\ComboFix.exe
AV: Madesafe Antivirus ver. 5.80 *On-access scanning disabled* (Updated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Thumbs.db
c:\windows\system32\abvkhcpo.ini
c:\windows\system32\ahvpwjka.ini
c:\windows\system32\aofwdsnh.ini
c:\windows\system32\aowcwlxw.ini
c:\windows\system32\ariynton.ini
c:\windows\system32\arygueyp.ini
c:\windows\system32\asmcrqdk.ini
c:\windows\system32\bdadrxit.ini
c:\windows\system32\beatolrk.ini
c:\windows\system32\bioatklj.ini
c:\windows\system32\blttmqti.ini
c:\windows\system32\blydqmjs.ini
c:\windows\system32\boyygqsu.ini
c:\windows\system32\brnwjlxg.ini
c:\windows\system32\bsmtqqhf.ini
c:\windows\system32\btjxmidv.ini
c:\windows\system32\ccqkoydk.ini
c:\windows\system32\cdmpcdtk.ini
c:\windows\system32\cgqjtcee.ini
c:\windows\system32\cirkajmu.ini
c:\windows\system32\ckmvsjvd.ini
c:\windows\system32\coajonik.ini
c:\windows\system32\cqocdwvx.ini
c:\windows\system32\csytobov.ini
c:\windows\system32\daotprdg.ini
c:\windows\system32\dbdptuqw.ini
c:\windows\system32\dcjdhewh.ini
c:\windows\system32\ddlxafdb.ini
c:\windows\system32\dghhk.bak1
c:\windows\system32\dghhk.bak2
c:\windows\system32\dghhk.ini
c:\windows\system32\dghhk.ini2
c:\windows\system32\dghhk.tmp
c:\windows\system32\dglibtwf.ini
c:\windows\system32\dnwacdsk.ini
c:\windows\system32\dwqsymmx.ini
c:\windows\system32\dyxxexsh.ini
c:\windows\system32\efiostyf.ini
c:\windows\system32\efklqipt.ini
c:\windows\system32\efywovvr.ini
c:\windows\system32\eghhaeml.ini
c:\windows\system32\egyhtuqp.ini
c:\windows\system32\fftkveqm.ini
c:\windows\system32\fijkkiml.ini
c:\windows\system32\fpyrxtmy.ini
c:\windows\system32\fpyukkrj.ini
c:\windows\system32\gccatwfk.ini
c:\windows\system32\ggevfumo.ini
c:\windows\system32\ghahyxsx.ini
c:\windows\system32\gqoqilxr.ini
c:\windows\system32\grmmporh.ini
c:\windows\system32\gulgynap.ini
c:\windows\system32\gwrqdbtv.ini
c:\windows\system32\hjhoonnv.ini
c:\windows\system32\hkmpunvk.ini
c:\windows\system32\hkyxxwqj.ini
c:\windows\system32\hnlddggy.ini
c:\windows\system32\htqgesto.ini
c:\windows\system32\hwatluoi.ini
c:\windows\system32\hxdjxwid.ini
c:\windows\system32\indtxkcv.ini
c:\windows\system32\inruocmg.ini
c:\windows\system32\iuqkrkxr.ini
c:\windows\system32\ixnfjaxa.ini
c:\windows\system32\jdkvsnfr.ini
c:\windows\system32\jfwgmlpk.ini
c:\windows\system32\jguskapv.ini
c:\windows\system32\jgviaaat.ini
c:\windows\system32\jhjtnrmr.ini
c:\windows\system32\jiileouw.ini
c:\windows\system32\jjflqmnt.ini
c:\windows\system32\jqvlkhpu.ini
c:\windows\system32\kjfgmixh.ini
c:\windows\system32\kjtuylaw.ini
c:\windows\system32\kkwbxjjo.ini
c:\windows\system32\klpndncl.ini
c:\windows\system32\kvjnheqf.ini
c:\windows\system32\kxqokwef.ini
c:\windows\system32\kypofnrv.ini
c:\windows\system32\lcnpspjx.ini
c:\windows\system32\ldbeuvhu.ini
c:\windows\system32\ldisesbx.ini
c:\windows\system32\lhJInidm.dll
c:\windows\system32\ljjulsls.ini
c:\windows\system32\ljyqmqli.ini
c:\windows\system32\lndqkfph.ini
c:\windows\system32\mcmfrndk.ini
c:\windows\system32\mdhsehjp.ini
c:\windows\system32\meyeelgg.ini
c:\windows\system32\miyrmvfu.ini
c:\windows\system32\mnpyxpqv.ini
c:\windows\system32\mpjjthwc.ini
c:\windows\system32\nebgmapx.ini
c:\windows\system32\nhmbeyrq.ini
c:\windows\system32\npgemgot.ini
c:\windows\system32\nshqnvsq.ini
c:\windows\system32\ntefykdv.ini
c:\windows\system32\nwbnfrvv.ini
c:\windows\system32\odqixkmm.ini
c:\windows\system32\oqotcqrc.ini
c:\windows\system32\otjahpga.ini
c:\windows\system32\oxabmqmh.ini
c:\windows\system32\oxwyuogw.ini
c:\windows\system32\oylayfta.ini
c:\windows\system32\oyvuowbx.ini
c:\windows\system32\pctjpgrn.ini
c:\windows\system32\pknllcup.ini
c:\windows\system32\pljtxgtt.ini
c:\windows\system32\plmhjneo.ini
c:\windows\system32\plpufwja.ini
c:\windows\system32\ppiiqufh.ini
c:\windows\system32\prkwnern.ini
c:\windows\system32\ptgbxjkd.ini
c:\windows\system32\pxknotrp.ini
c:\windows\system32\pyqoekaj.ini
c:\windows\system32\qdfmueit.ini
c:\windows\system32\qiqqhnvq.ini
c:\windows\system32\qjycwxhd.ini
c:\windows\system32\qlkhcyoi.ini
c:\windows\system32\qukginqo.ini
c:\windows\system32\qxpswsti.ini
c:\windows\system32\rcxhkktd.ini
c:\windows\system32\rmhewwij.ini
c:\windows\system32\rowmljip.ini
c:\windows\system32\rsgfggpx.ini
c:\windows\system32\rsrvjxtm.ini
c:\windows\system32\rwyvlixo.ini
c:\windows\system32\ryhpxdsw.ini
c:\windows\system32\sfuvtoeo.ini
c:\windows\system32\skopgygy.ini
c:\windows\system32\sqbusiya.ini
c:\windows\system32\sqoqsekp.ini
c:\windows\system32\stgcagst.ini
c:\windows\system32\sybmtaym.ini
c:\windows\system32\syjdljfd.ini
c:\windows\system32\tchiuxrg.ini
c:\windows\system32\teshwtig.ini
c:\windows\system32\Thumbs.db
c:\windows\system32\tomhvjit.ini
c:\windows\system32\tqwrpkqi.ini
c:\windows\system32\trbucnbx.ini
c:\windows\system32\ufckihhk.ini
c:\windows\system32\ufhvuwbi.ini
c:\windows\system32\ufnwlmhv.ini
c:\windows\system32\uhqnfodb.ini
c:\windows\system32\uiuihxst.ini
c:\windows\system32\ukqkehta.ini
c:\windows\system32\uldwpgkl.ini
c:\windows\system32\unximrvv.ini
c:\windows\system32\upbbivjr.ini
c:\windows\system32\urgfgseq.ini
c:\windows\system32\uromjmcf.ini
c:\windows\system32\utwjbxcq.ini
c:\windows\system32\vgivknpx.ini
c:\windows\system32\vimgrklo.ini
c:\windows\system32\voldwuji.ini
c:\windows\system32\voorlocj.ini
c:\windows\system32\voxaktlj.ini
c:\windows\system32\vryuhvck.ini
c:\windows\system32\vxqbpmwu.ini
c:\windows\system32\vxxjsjka.ini
c:\windows\system32\wjhnlpgi.ini
c:\windows\system32\wjiybcix.ini
c:\windows\system32\wnfdofik.ini
c:\windows\system32\wrxycqxf.ini
c:\windows\system32\xbirfbix.ini
c:\windows\system32\xdvokabs.ini
c:\windows\system32\xelptceu.ini
c:\windows\system32\xiaycggh.ini
c:\windows\system32\xkyodacc.ini
c:\windows\system32\xlyulmeh.ini
c:\windows\system32\xootrocq.ini
c:\windows\system32\yfdvnjkk.ini
c:\windows\system32\ygxmwfrl.ini
c:\windows\system32\ymrbdxbf.ini
c:\windows\system32\yomnqawo.ini
c:\windows\system32\yqcuvuks.ini
----- File Replicators -----
c:\windows\system32\akohwgpk.exe
c:\windows\system32\bwhugrsu.exe
c:\windows\system32\cacwvhuu.exe
c:\windows\system32\clnheoba.exe
c:\windows\system32\critksjw.exe
c:\windows\system32\ddrsyygs.exe
c:\windows\system32\dsrwcyce.exe
c:\windows\system32\dxsffenw.exe
c:\windows\system32\epradqed.exe
c:\windows\system32\fcuyhvdu.exe
c:\windows\system32\flybsvps.exe
c:\windows\system32\fsyuoyuh.exe
c:\windows\system32\gwkqtyys.exe
c:\windows\system32\iqhmfosg.exe
c:\windows\system32\itnldypo.exe
c:\windows\system32\jencjchu.exe
c:\windows\system32\jgbaeygk.exe
c:\windows\system32\jiocoyhc.exe
c:\windows\system32\juuthhcc.exe
c:\windows\system32\jvgtpmhm.exe
c:\windows\system32\jvvlktjx.exe
c:\windows\system32\kakaiyvu.exe
c:\windows\system32\klnmueaf.exe
c:\windows\system32\nbchfehs.exe
c:\windows\system32\ndpmwyxc.exe
c:\windows\system32\oeajyoop.exe
c:\windows\system32\phqiddap.exe
c:\windows\system32\pkryuxau.exe
c:\windows\system32\qeyflyxo.exe
c:\windows\system32\qouljial.exe
c:\windows\system32\raoujjva.exe
c:\windows\system32\rbqlricc.exe
c:\windows\system32\rpavpqdg.exe
c:\windows\system32\rsjutvjt.exe
c:\windows\system32\sbysdfdt.exe
c:\windows\system32\tukubtph.exe
c:\windows\system32\vatepopr.exe
c:\windows\system32\vjkmglya.exe
c:\windows\system32\wrrdmljm.exe
c:\windows\system32\xnymsqjo.exe
c:\windows\system32\xvgqblcd.exe
c:\windows\system32\ycrdkywk.exe
c:\windows\system32\yncjmqel.exe
c:\windows\system32\ytaxhbaj.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DOMAINSERVICE
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-28 )))))))))))))))))))))))))))))))
.
2010-05-28 05:34 . 2010-05-28 10:08 -------- d-----w- c:\documents and settings\jade\Tracing
2010-05-27 22:16 . 2010-05-27 22:16 -------- d-----w- c:\program files\Microsoft
2010-05-27 22:11 . 2010-05-27 22:11 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-05-27 22:11 . 2010-05-28 10:08 684032 ----a-w- c:\documents and settings\All Users\Application Data\Amok Copy User Bib\MULTI GRID.exe
2010-05-27 22:11 . 2010-05-27 22:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Amok Copy User Bib
2010-05-27 22:10 . 2010-05-27 22:10 684032 ----a-w- c:\documents and settings\jade\Application Data\AXIS SIGN\osboictx.exe
2010-05-27 22:09 . 2010-05-27 22:09 -------- d-----w- c:\program files\AXIS SIGN
2010-05-27 22:07 . 2010-05-27 22:07 270336 ----a-w- c:\documents and settings\jade\Application Data\AXIS SIGN\scmlwmsd.exe
2010-05-27 22:03 . 2010-05-27 22:15 -------- d-----w- c:\program files\Windows Live
2010-05-27 21:57 . 2010-05-27 21:57 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-27 19:19 . 2010-05-27 19:19 21275 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-27 19:16 . 2010-05-27 19:16 -------- d-----w- C:\temp
2010-05-27 19:16 . 2010-05-27 19:16 -------- d-----w- c:\documents and settings\jade\Application Data\InstallShield
2010-05-27 19:09 . 2010-05-27 19:09 -------- d-----w- C:\Siemens_WLAN108
2010-05-27 18:49 . 2010-05-27 22:34 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-05-27 18:37 . 2010-05-27 18:37 -------- d-----w- c:\documents and settings\jade\Application Data\Malwarebytes
2010-05-27 18:35 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-27 18:35 . 2010-05-27 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-27 18:35 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-27 18:35 . 2010-05-27 18:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-27 22:28 . 2007-04-07 12:12 -------- d-----w- c:\program files\MSN Messenger
2010-05-27 22:11 . 2007-04-30 13:14 -------- d-----w- c:\documents and settings\jade\Application Data\AXIS SIGN
2010-05-27 22:11 . 2007-05-21 17:33 311296 ----a-w- c:\documents and settings\jade\Application Data\AXIS SIGN\BibFast2.exe
2010-05-27 22:11 . 2007-05-21 17:33 270336 ----a-w- c:\documents and settings\jade\Application Data\AXIS SIGN\Base Roam Poke Dead.exe
2010-05-27 22:10 . 2007-05-21 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Playplanbuildlive
2010-05-27 22:10 . 2007-08-04 15:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Audio 4 part browse
2010-05-27 22:07 . 2007-04-30 13:14 544768 ----a-w- c:\documents and settings\jade\Application Data\AXIS SIGN\Waveglobal.exe
2010-05-27 19:18 . 2010-05-27 19:18 -------- d-----w- c:\program files\Siemens
2010-05-27 19:18 . 2006-11-10 18:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2007-05-08 14:36 . 2007-05-08 14:36 4904 --sh--w- c:\windows\system32\ienpkhqp.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Date Cast"="c:\docume~1\jade\APPLIC~1\AXISSI~1\Waveglobal.exe" [2010-05-27 544768]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2005-04-20 176128]
"S3hotkey"="S3hotkey.exe" [2003-05-27 159792]
"VTTimer"="VTTimer.exe" [2004-01-15 49152]
"Norman ZANDA"="c:\madesafe\bin\ZLH.EXE" [2005-03-07 135168]
"madeSafe ControlPad"="c:\program files\solarSoft\Madesafe\ControlPad.exe" [2005-03-07 679936]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-27 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-27 634880]
"user bib mp3 plan"="c:\documents and settings\All Users\Application Data\Amok Copy User Bib\MULTI GRID.exe" [2010-05-28 684032]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Gigaset WLAN Adapter Monitor.lnk - c:\program files\Siemens\Gigaset USB Adapter 108\GUI.exe [2010-5-27 811008]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^jade^Start Menu^Programs^Startup^TomTom HOME.lnk]
path=c:\documents and settings\jade\Start Menu\Programs\Startup\TomTom HOME.lnk
backup=c:\windows\pss\TomTom HOME.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ScanRegistry]
C:\W [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Date Cast]
2010-05-27 22:07 544768 ----a-w- c:\docume~1\jade\APPLIC~1\AXISSI~1\Waveglobal.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPLv3]
2007-07-10 15:42 124436 ----a-w- c:\windows\system32\ibwuvhfu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hbdgwxlsr]
2007-07-06 17:57 278528 ----a-w- c:\windows\system32\hbdgwxlsr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\j8231538]
2007-06-07 04:40 10752 ----a-w- c:\windows\system32\j8231538.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-10-10 13:25 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Part browse safe hold]
2009-08-17 19:27 3303936 ----a-w- c:\documents and settings\All Users\Application Data\Audio 4 part browse\mags dead.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Picasa Media Detector]
2007-06-15 23:15 366400 ----a-w- c:\program files\Picasa2\PicasaMediaDetector.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
2005-03-23 14:34 1630303 ------w- c:\program files\CyberLink\Power2Go\Power2GoExpress.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
2005-02-17 14:18 110592 ------w- c:\program files\CyberLink\PowerStarter\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 20:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 02:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-17 15:50 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{1290A33C-85F5-4164-A1BE-7DD299D4986A}]
2004-06-08 18:33 69721 ------w- c:\program files\CyberLink\PowerBackup\PBKScheduler.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 Ndiskio;Ndiskio;c:\madesafe\Nse\Bin\Ndiskio.sys [10/11/2006 19:33 18432]
R3 CBPSp50;CBPSp50 NDIS Protocol Driver;c:\windows\system32\drivers\CBPSp50.sys [27/05/2010 20:18 27072]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\madesafe\Nvc\Bin\Nvcsched.exe [10/11/2006 19:33 126976]
S2 OMSCAN;OMSCAN;\Sys��O� --> \Sys��O� [?]
S3 CBPMp50;CBPMp50 NDIS Protocol Driver;c:\windows\system32\Drivers\CBPMp50.sys --> c:\windows\system32\Drivers\CBPMp50.sys [?]
S3 nvcfsr;nvcfsr;c:\madesafe\Nvc\Bin\Nvcfsr.sys [10/11/2006 19:33 3584]
S3 nvcoafl51;nvcoafl51;c:\madesafe\Nvc\Bin\Nvcoafl51.sys [10/11/2006 19:33 26496]
S3 nvcoaft51;nvcoaft51;c:\madesafe\Nvc\Bin\Nvcoaft51.sys [10/11/2006 19:33 96000]
S3 nvcoarc51;nvcoarc51;c:\madesafe\Nvc\Bin\Nvcoarc51.sys [10/11/2006 19:33 18944]
S3 nvcoas;Norman Virus Control on-access component;c:\madesafe\Nvc\Bin\Nvcoas.exe [10/11/2006 19:33 167936]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2010-05-28 c:\windows\Tasks\AAC6997E90811676.job
- c:\docume~1\jade\applic~1\axissi~1\BibFast2.exe [2007-05-21 22:11]
2007-10-20 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2004-08-04 12:00]
.
.
------- Supplementary Scan -------
.
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Part browse safe hold - c:\documents and settings\All Users\Application Data\Audio 4 part browse\Save amen.exe
Notify-gebaaww - gebaaww.dll
Notify-urqoopn - urqoopn.dll
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-28 11:07
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\jade\LOCALS~1\Temp\mc21.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\athgina.dll
c:\windows\system32\athcfg11.dll
c:\windows\system32\athcfg11Res.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\madesafe\Bin\Zanda.exe
c:\madesafe\Nvc\BIN\nipsvc.exe
c:\madesafe\bin\NJEEVES.EXE
c:\windows\system32\pctspk.exe
c:\windows\system32\S3hotkey.exe
c:\windows\system32\VTTimer.exe
c:\madesafe\Nvc\BIN\NIP.EXE
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\acs.exe
.
**************************************************************************
.
Completion time: 2010-05-28 11:14:22 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-28 10:14
Pre-Run: 30,067,507,200 bytes free
Post-Run: 30,989,361,152 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - A6378F3ED73A4EADE787D2119ACA922A
Kaspersky Anti-Virus 2012: Click Here
Please download Malwarebytes Anti-Malware from Malwarebytes.org.
Mon May 21, 2012 7:06 pm by DragonMaster Jay
