fyrehorse
2008-12-22, 01:43
Thanks for responding, especially on a weekend, I appreciate it.
Here are the files you requested:
Combofix:
ComboFix 08-12-21.02 - Pete 2008-12-21 23:11:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.191 [GMT 0:00]
Running from: c:\documents and settings\Pete\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pete\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\Pete\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Pete\LOCALS~1\Temp\tmp2.tmp
c:\temp\FT62
c:\temp\FT62\teTU.log
c:\windows\cdmxtras
c:\windows\cdmxtras\uninst.exe
c:\windows\system32\404Fix.exe
c:\windows\system32\aluott.dll
c:\windows\system32\angfxy.dll
c:\windows\system32\byXQGApO.dll
c:\windows\system32\cache329
c:\windows\system32\cache329\B_329_0_0_105300.htm
c:\windows\system32\cache329\B_329_0_0_106800.htm
c:\windows\system32\cache329\B_329_1_0_449200.htm
c:\windows\system32\cache329\B_329_1_0_449600.htm
c:\windows\system32\cache329\B_329_1_0_454300.htm
c:\windows\system32\cache329\B_329_2_0_106800.htm
c:\windows\system32\cache329\B_329_2_0_107400.htm
c:\windows\system32\cache329\B_329_3_0_105300.htm
c:\windows\system32\cache329\B_329_3_0_106800.htm
c:\windows\system32\cache329\B_329_4_0_111600.htm
c:\windows\system32\cache329\B_329_4_0_152400.htm
c:\windows\system32\cache329\B_329_4_0_155300.htm
c:\windows\system32\cache329\B_329_4_0_164100.htm
c:\windows\system32\cache329\t_B_329_0_0_105300.htm
c:\windows\system32\cache329\t_B_329_0_0_106800.htm
c:\windows\system32\cache329\t_B_329_1_0_449200.htm
c:\windows\system32\cache329\t_B_329_1_0_449600.htm
c:\windows\system32\cache329\t_B_329_1_0_454300.htm
c:\windows\system32\cache329\t_B_329_2_0_106800.htm
c:\windows\system32\cache329\t_B_329_2_0_107400.htm
c:\windows\system32\cache329\t_B_329_3_0_105300.htm
c:\windows\system32\cache329\t_B_329_3_0_106800.htm
c:\windows\system32\cache329\t_B_329_4_0_111600.htm
c:\windows\system32\cache329\t_B_329_4_0_152400.htm
c:\windows\system32\cache329\t_B_329_4_0_155300.htm
c:\windows\system32\cache329\t_B_329_4_0_164100.htm
c:\windows\system32\ccgias.dll
c:\windows\system32\dJTDKRqr.ini
c:\windows\system32\dJTDKRqr.ini2
c:\windows\system32\dPI02
c:\windows\system32\dqjndx.dll
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dtiqdl.dll
c:\windows\system32\dukvhgri.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\eahhyvav.dll
c:\windows\system32\eaovkqsq.dll
c:\windows\system32\efwkiwel.dll
c:\windows\system32\eghbef.dll
c:\windows\system32\ekunmsnx.dll
c:\windows\system32\eshvei.dll
c:\windows\system32\exygisrf.dll
c:\windows\system32\fpoufeni.dll
c:\windows\system32\gbtaprto.dll
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\isckvbnk.dll
c:\windows\system32\iujhqsii.dll
c:\windows\system32\jfbyhfay.dll
c:\windows\system32\jmhmxklx.dll
c:\windows\system32\jxxdksnl.dll
c:\windows\system32\kesqavpm.dll
c:\windows\system32\kixjjoyt.dll
c:\windows\system32\krrvpl.dll
c:\windows\system32\kwtsht.dll
c:\windows\system32\kxthqrhg.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nxncscqx.dll
c:\windows\system32\o4Patch.exe
c:\windows\system32\ogqoig.dll
c:\windows\system32\oralsfcd.dll
c:\windows\system32\otomsj.dll
c:\windows\system32\packet.dll
c:\windows\system32\Process.exe
c:\windows\system32\psyojrmv.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qobcmkvv.dll
c:\windows\system32\qqdsqmxp.dll
c:\windows\system32\qvilytun.dll
c:\windows\system32\qysrwn.dll
c:\windows\system32\rccqdm.dll
c:\windows\system32\rqRKDTJd.dll
c:\windows\system32\sfvldg.dll
c:\windows\system32\sghevhno.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\ssuyom.dll
c:\windows\system32\tmp.reg
c:\windows\system32\trpkogic.dll
c:\windows\system32\twmiha.dll
c:\windows\system32\ujrnwfbw.dll
c:\windows\system32\uspdxw.dll
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\visimffs.dll
c:\windows\system32\viusnd.dll
c:\windows\system32\vpfeobjn.dll
c:\windows\system32\wanpacket.dll
c:\windows\system32\whuntexy.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\WS2Fix.exe
c:\windows\system32\wvnpih.dll
c:\windows\system32\wwitlakv.dll
c:\windows\system32\wybcvwns.dll
c:\windows\system32\X2
c:\windows\system32\xajgyl.dll
c:\windows\system32\xerjgrku.dll
c:\windows\system32\xjlrmnkw.dll
c:\windows\system32\xpfuzr.dll
c:\windows\system32\xwmkwfiq.dll
c:\windows\system32\ycekcbdr.dll
c:\windows\system32\ymcunk.dll
c:\windows\system32\ystcapcl.dll
c:\windows\system32\yxtgct.dll
c:\windows\system32\zptpbq.dll
c:\windows\system32\zyqwez.dll
c:\windows\Tasks\lpoeeaje.job
c:\windows\system32\winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-11-21 to 2008-12-21 )))))))))))))))))))))))))))))))
.
2008-12-21 21:56 . 2008-12-21 21:56 120 --ahs---- c:\windows\system32\irghvkud.ini
2008-12-19 21:02 . 2008-12-19 21:02 120 --ahs---- c:\windows\system32\wknmrljx.ini
2008-12-17 21:59 . 2008-12-17 21:59 120 --ahs---- c:\windows\system32\qifwkmwx.ini
2008-12-17 14:59 . 2008-12-17 14:59 <DIR> d-------- c:\program files\Microsoft Visual Studio .NET 2003
2008-12-17 14:59 . 2008-12-17 14:59 <DIR> d-------- c:\program files\AO Shop Agent
2008-12-16 14:56 . 2008-12-16 14:56 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-16 14:56 . 2008-12-16 14:56 1,409 --a------ c:\windows\QTFont.for
2008-12-16 12:30 . 2008-12-16 12:30 120 --ahs---- c:\windows\system32\yxetnuhw.ini
2008-12-15 16:39 . 2008-12-15 16:39 120 --ahs---- c:\windows\system32\nutylivq.ini
2008-12-13 22:50 . 2008-12-13 22:50 120 --ahs---- c:\windows\system32\lcpactsy.ini
2008-12-13 09:21 . 2008-12-13 09:59 <DIR> d-------- c:\documents and settings\Reuben\Application Data\SPORE Creature Creator
2008-12-12 22:48 . 2008-12-12 22:48 120 --ahs---- c:\windows\system32\rdbckecy.ini
2008-12-12 08:39 . 2008-12-12 08:39 120 --ahs---- c:\windows\system32\fowephag.ini
2008-12-11 11:59 . 2008-12-11 11:59 <DIR> d-------- c:\documents and settings\Pete\Application Data\Safer Networking
2008-12-11 11:25 . 2008-12-11 11:59 <DIR> d-------- c:\program files\Safer Networking
2008-12-11 08:37 . 2008-12-11 08:37 120 --ahs---- c:\windows\system32\iviknmro.ini
2008-12-10 13:06 . 2008-12-10 13:07 120 --ahs---- c:\windows\system32\bughbqij.ini
2008-12-09 13:04 . 2008-12-09 13:04 120 --ahs---- c:\windows\system32\akqpjbth.ini
2008-12-08 12:57 . 2008-12-08 12:57 120 --ahs---- c:\windows\system32\fihlagxn.ini
2008-12-07 15:41 . 2008-12-07 15:41 <DIR> d-------- c:\documents and settings\Reuben\Application Data\Affinegy
2008-12-07 12:58 . 2008-12-07 12:58 120 --ahs---- c:\windows\system32\qwfqxhig.ini
2008-12-07 10:23 . 2008-12-07 10:23 120 --ahs---- c:\windows\system32\jxlfxiad.ini
2008-12-06 10:14 . 2008-12-06 10:14 120 --ahs---- c:\windows\system32\leokmooc.ini
2008-12-05 10:19 . 2008-12-05 10:19 120 --ahs---- c:\windows\system32\pdnijaif.ini
2008-12-04 15:35 . 2008-12-21 10:22 <DIR> d-------- c:\documents and settings\Pete\Application Data\Affinegy
2008-12-04 15:24 . 2008-12-04 15:24 <DIR> d-------- c:\program files\WinPcap
2008-12-04 15:24 . 2008-12-04 15:25 <DIR> d-------- c:\program files\Virgin Broadband Wireless
2008-12-04 15:24 . 2008-12-04 15:24 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Affinegy
2008-12-04 15:24 . 2008-05-26 16:09 27,072 --a------ c:\windows\system32\drivers\AFGSp50.sys
2008-12-04 09:41 . 2008-12-04 09:41 120 --ahs---- c:\windows\system32\akclhvlb.ini
2008-12-03 07:08 . 2008-12-03 07:08 120 --ahs---- c:\windows\system32\leadlqco.ini
2008-12-01 15:36 . 2008-12-01 15:36 120 --ahs---- c:\windows\system32\ofcyyiqj.ini
2008-11-30 16:45 . 2008-12-19 17:40 <DIR> d-------- c:\documents and settings\Pete\Application Data\SPORE Creature Creator
2008-11-30 16:44 . 2008-11-30 16:44 <DIR> d----c--- C:\ProgramData
2008-11-30 16:44 . 2008-11-30 16:46 2,702 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-11-30 16:43 . 2008-11-30 16:44 <DIR> d-------- c:\program files\Electronic Arts
2008-11-30 16:33 . 2008-11-30 16:33 120 --ahs---- c:\windows\system32\tthwnjli.ini
2008-11-29 16:45 . 2008-12-07 16:36 <DIR> d-------- c:\documents and settings\Reuben\Application Data\WTablet
2008-11-29 16:44 . 2008-11-29 16:44 <DIR> d----c--- c:\documents and settings\Maggie\Application Data\Ambient Design
2008-11-29 15:34 . 2008-11-29 17:17 <DIR> d----c--- c:\documents and settings\Maggie\Application Data\WTablet
2008-11-29 15:34 . 2008-11-29 15:34 <DIR> d----c--- c:\documents and settings\Maggie
2008-11-29 15:30 . 2008-11-29 15:30 120 --ahs---- c:\windows\system32\qquyflbw.ini
2008-11-29 15:27 . 2008-11-29 15:28 <DIR> d-------- c:\documents and settings\Guest\Application Data\WTablet
2008-11-29 10:02 . 2008-11-29 10:02 <DIR> d----c--- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-28 23:12 . 2008-11-28 23:12 129,784 --a------ c:\windows\system32\pxafs.dll
2008-11-28 23:12 . 2008-11-28 23:12 118,520 --a------ c:\windows\system32\pxinsi64.exe
2008-11-28 23:12 . 2008-11-28 23:12 116,472 --a------ c:\windows\system32\pxcpyi64.exe
2008-11-28 23:12 . 2008-11-28 23:12 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-11-28 23:12 . 2008-11-28 23:12 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-11-28 20:20 . 2008-11-28 20:20 <DIR> d-------- c:\program files\Ambient Design
2008-11-28 20:17 . 2008-11-28 20:18 120 --ahs---- c:\windows\system32\onvdkfmc.ini
2008-11-28 14:00 . 2008-11-28 14:00 120 --ahs---- c:\windows\system32\crbsmupi.ini
2008-11-28 12:45 . 2008-05-19 18:16 186,407 --a------ c:\windows\system32\nvapps.nvb
2008-11-28 10:18 . 2008-11-28 10:18 120 --ahs---- c:\windows\system32\lfeqeohj.ini
2008-11-28 09:38 . 2008-11-28 09:38 <DIR> d-------- c:\documents and settings\Pete\Application Data\Malwarebytes
2008-11-28 09:38 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-28 09:37 . 2008-11-28 09:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 09:37 . 2008-11-28 09:37 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-28 09:37 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 08:17 . 2008-11-28 08:17 120 --ahs---- c:\windows\system32\hblmlxlm.ini
2008-11-28 08:11 . 2008-11-28 10:56 742,164 --ahs---- c:\windows\system32\vDJTBcdd.ini
2008-11-28 01:05 . 2008-12-10 17:30 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-11-28 00:46 . 2008-11-28 00:46 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-28 00:46 . 2008-11-28 00:46 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-28 00:46 . 2008-11-28 00:46 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-28 00:45 . 2008-12-10 15:24 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-28 00:45 . 2008-11-28 00:45 <DIR> d-------- c:\program files\AVG
2008-11-28 00:45 . 2008-11-28 00:45 <DIR> d----c--- c:\documents and settings\All Users\Application Data\avg8
2008-11-28 00:44 . 2008-11-28 00:44 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-28 00:44 . 2008-11-28 00:44 <DIR> d-------- c:\documents and settings\Pete\Application Data\SUPERAntiSpyware.com
2008-11-28 00:44 . 2008-11-28 00:44 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-28 00:43 . 2008-11-28 00:43 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-28 00:31 . 2008-11-28 00:31 120 --ahs---- c:\windows\system32\empxcwdk.ini
2008-11-28 00:30 . 2008-11-28 00:30 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-28 00:30 . 2008-11-28 00:30 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-28 00:12 . 2008-12-21 23:20 <DIR> d-------- c:\documents and settings\LocalService\Application Data\WTablet
2008-11-27 23:32 . 2008-11-27 23:32 <DIR> d----c--- C:\!KillBox
2008-11-27 12:40 . 2008-11-27 12:40 <DIR> d-------- c:\program files\ASTRA32
2008-11-26 18:38 . 2008-11-26 18:38 <DIR> d-------- c:\program files\MSBuild
2008-11-26 18:35 . 2008-11-26 18:35 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-26 18:33 . 2008-11-26 18:33 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-26 18:32 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-11-26 18:30 . 2008-11-26 18:30 <DIR> d-------- c:\program files\PenLauncher
2008-11-26 18:30 . 2008-06-04 18:14 319 --a------ c:\windows\system32\pentabletdefaults.xml
2008-11-26 17:37 . 2008-12-21 23:20 <DIR> d-------- c:\documents and settings\Pete\Application Data\WTablet
2008-11-26 17:37 . 2008-05-01 22:31 3,708,200 --a------ c:\windows\system32\PenTablet.cpl
2008-11-26 17:37 . 2008-04-14 22:59 1,532,082 --a------ c:\windows\system32\PenTablet.znc
2008-11-26 17:36 . 2007-02-16 00:11 11,440 --a------ c:\windows\system32\drivers\WacomVKHid.sys
2008-11-26 17:35 . 2008-11-26 17:35 <DIR> d-------- c:\windows\system32\WTablet
2008-11-26 17:35 . 2008-11-26 17:36 <DIR> d-------- c:\program files\Tablet
2008-11-26 17:35 . 2008-05-01 22:40 3,032,360 --a------ c:\windows\system32\Pen_Tablet.exe
2008-11-26 17:35 . 2008-05-01 22:23 181,544 --a------ c:\windows\system32\Wintab32.dll
2008-11-26 17:35 . 2008-05-01 22:33 128,296 --a------ c:\windows\system32\Pen_Tablet.dll
2008-11-26 17:35 . 2008-03-17 20:14 15,144 --a------ c:\windows\system32\drivers\wacmoumonitor.sys
2008-11-26 17:35 . 2008-01-15 20:11 13,480 --a------ c:\windows\system32\drivers\wacomvhid.sys
2008-11-26 17:35 . 2007-02-16 19:12 11,312 --a------ c:\windows\system32\drivers\wacommousefilter.sys
2008-11-26 11:46 . 2008-11-26 12:25 <DIR> d-------- c:\documents and settings\Pete\Application Data\F-Secure
2008-11-26 10:25 . 2008-11-28 01:23 <DIR> d-------- c:\windows\rnapxs
2008-11-26 10:18 . 2008-11-26 10:18 118,842 -r------- c:\windows\bwUnin-6.3.2.116-1245240L.exe
2008-11-26 09:52 . 2008-11-26 09:52 <DIR> d----c--- c:\temp\olsdb
2008-11-26 09:45 . 2008-11-28 01:23 741,556 --ahs---- c:\windows\system32\vvGOUvut.ini
2008-11-25 23:45 . 2008-11-25 23:45 120 --ahs---- c:\windows\system32\raxljujb.ini
2008-11-24 16:27 . 2008-11-24 16:27 120 --ahs---- c:\windows\system32\leydfugq.ini
2008-11-24 16:05 . 2008-11-28 10:41 <DIR> d-------- c:\windows\system32\rt
2008-11-24 16:05 . 2008-11-24 16:05 <DIR> d-------- c:\windows\system32\nex
2008-11-24 16:05 . 2008-11-26 13:04 <DIR> d-------- c:\windows\system32\avi
2008-11-24 16:04 . 2008-12-21 23:11 <DIR> d----c--- C:\Temp
2008-11-24 13:33 . 2008-11-24 13:33 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Corel
2008-11-24 11:52 . 2008-11-28 10:01 <DIR> d-------- c:\program files\VisualTool
2008-11-24 11:48 . 2008-11-24 13:42 <DIR> d-------- c:\documents and settings\Pete\Application Data\Corel
2008-11-24 11:48 . 2008-11-24 13:47 1,890 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-11-24 11:48 . 2008-11-24 11:48 8 -r-hs---- c:\windows\system32\5E9C519ADC.sys
2008-11-24 11:45 . 2008-11-24 16:38 <DIR> d-------- c:\program files\Corel
2008-11-24 11:44 . 2008-11-24 11:44 <DIR> d-------- c:\program files\Corel(R) Painter(TM) IX.5 TBYB EN
2008-11-22 21:48 . 2008-11-24 16:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\WinZip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 15:16 --------- d-----w c:\program files\Funcom
2008-12-01 16:06 --------- d-----w c:\documents and settings\Pete\Application Data\Moyea
2008-11-30 16:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-28 23:20 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-28 23:20 --------- d-----w c:\program files\Common Files\Adobe
2008-11-28 23:12 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-11-28 23:06 --------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-28 23:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-28 12:57 --------- d-----w c:\program files\ATI Technologies
2008-11-28 12:55 --------- d-----w c:\documents and settings\Reuben\Application Data\ATI
2008-11-28 12:55 --------- d-----w c:\documents and settings\Pete\Application Data\ATI
2008-11-28 09:46 --------- d-----w c:\program files\GameSpy Arcade
2008-11-27 11:48 --------- d-----w c:\program files\iiyama monitor test
2008-11-24 17:46 --------- d-----w c:\program files\Common Files\Vbox
2008-11-24 17:11 --------- d-----w c:\documents and settings\Pete\Application Data\LimeWire
2008-11-24 16:34 --------- d-----w c:\program files\Inkscape
2008-11-22 21:49 --------- d-----w c:\program files\LucasArts
2008-11-20 15:59 --------- d-----w c:\documents and settings\Pete\Application Data\Inkscape
2008-11-20 15:50 --------- d-----w c:\documents and settings\Pete\Application Data\Ambient Design
2008-11-15 23:40 --------- d-----w c:\program files\Lavalys
2008-11-11 04:06 --------- d-----w c:\program files\BitTorrent
2008-05-21 20:54 1 ----a-w c:\documents and settings\Pete\SI.bin
2007-11-27 14:25 1,120 -c--a-w c:\program files\Global.sw
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
c:\documents and settings\Pete\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-11-24 225280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled
backup=c:\windows\pss\Adobe Gamma Loader.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk.disabled
backup=c:\windows\pss\BT Broadband Help.lnk.disabledCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"e0ef58bb"=rundll32.exe "c:\windows\system32\ormnkivi.dll",b
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\3dsmax6\\3dsmax.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Funcom\\Anarchy Online\\Anarchy.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MrFilter.sys [2005-11-23 12384]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-28 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 aliasdocserver;Alias Documentation Server;"c:\program files\Alias\Maya6.0\docs\Wrapper.exe" -s "c:\program files\Alias\Maya6.0\docs/Wrapper.conf" [2005-08-23 110592]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\c:\program files\ASTRA32\ASTRA32.sys [2007-02-22 30864]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-28 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-28 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-28 76040]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-11-26 3032360]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-11-26 15144]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2005-12-25 3712]
S2 BackWeb Plug-in - 1245240;F-Secure 2006 OEM;c:\progra~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE []
S3 lredbooo;lredbooo;\??\c:\docume~1\Pete\LOCALS~1\Temp\lredbooo.sys []
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S4 Sysapsrsm32p;Sysapsrsm32p; []
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44AA3114-D221-43EC-1C32-1EAC52A2014D}]
c:\windows\system32\msnvl.exe
.
- - - - ORPHANS REMOVED - - - -
BHO-{02424ADD-E957-450B-924D-BB7EFA3DE081} - (no file)
BHO-{0C15A413-F4AA-4F48-8263-382421B0157F} - (no file)
BHO-{0FE5C021-D88F-4970-8A38-382D49E262D9} - c:\windows\system32\rqRKDTJd.dll
BHO-{18675217-0E36-4EA1-922B-21FD259F9E9B} - (no file)
BHO-{20E3A587-3ED0-441C-817A-A7FAB7B354D6} - (no file)
BHO-{296495D9-098B-42F3-B467-2BB857FE699C} - (no file)
BHO-{2C7BE71E-F0FD-4BD3-9B1B-8287F5A329F1} - (no file)
BHO-{2C9B9C54-7F2D-4310-AFBC-EA1F5722D628} - (no file)
BHO-{2e6c5c09-8c5f-4be0-936f-c4e3c4f90e0c} - c:\windows\system32\zyqwez.dll
BHO-{2F9D63A5-603F-43D4-BEED-7B78F2706DA5} - (no file)
BHO-{40E7AF5A-F0D7-4027-9A58-A727F6763318} - (no file)
BHO-{42D44252-5874-49C3-AB04-235B1BA0B0F4} - (no file)
BHO-{4A3F7E21-ECF1-469F-8B2F-7825D00F2B12} - (no file)
BHO-{4E1E81B8-54E7-4143-A436-0C1E63702AEE} - (no file)
BHO-{51FC0006-91D8-49B5-8009-04F101F22AF8} - (no file)
BHO-{561DF5EE-EC00-4276-904C-42C82E629F59} - (no file)
BHO-{67201CE6-FAC3-4B5B-9BB9-6F0969896082} - (no file)
BHO-{6FD15057-0F4B-41E0-828C-1711282ECEA8} - (no file)
BHO-{7563DC76-0C5A-4B32-BCBA-7E512935EA29} - (no file)
BHO-{80621A99-02CE-4B60-89B4-6E6A2D2F26CF} - c:\windows\system32\tuvUOGvv.dll
BHO-{889B0C0D-E0A4-4CB8-A48C-8BE7C4816229} - c:\windows\system32\ddcBTJDv.dll
BHO-{903C57BD-F724-4DC2-BF28-B53C54979DC8} - (no file)
BHO-{99C82F86-FB45-4F8A-8CA1-E2DD72C7F7A5} - (no file)
BHO-{B06CC011-296A-4657-8524-B041884F87B5} - (no file)
BHO-{B55DFC5F-4BB1-40D1-BE5D-DECE961DF4FB} - (no file)
BHO-{EBDE40BF-EC5E-42A3-BA00-BCDC161EB5A5} - (no file)
BHO-{F4423DB5-86D7-42A6-BA3B-9E8DCCB1E53B} - (no file)
BHO-{FB59EBBF-892E-4245-8DD2-9D97572E9067} - (no file)
ShellExecuteHooks-{ADA12CEB-64E9-494A-B404-D0ECF3065519} - c:\windows\system32\byXQGApO.dll
Notify-AtiExtEvent - (no file)
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-21 23:21:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Alias\Maya6.0\docs\Wrapper.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\Ctsvccda.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Alias\Maya6.0\docs\jre\bin\java.exe
c:\windows\system32\PSIService.exe
c:\windows\system32\UAService7.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\rundll32.exe
c:\program files\Virgin Broadband Wireless\ndis_events.exe
.
**************************************************************************
.
Completion time: 2008-12-21 23:29:41 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-21 23:29:39
Pre-Run: 15,955,378,176 bytes free
Post-Run: 16,878,661,632 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
426 --- E O F --- 2008-10-08 18:49:58
[B]New Hijackthis file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:33:29, on 21/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Pete\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.google.co.uk/options/icons/gmail.gif
--
End of file - 6137 bytes
fyrehorse
2008-12-23, 16:13
Here are the reports you requested, also I have removed the P2P software. Thanks once again for your help, the machine is already running smoother, although I'd like to get a clean bill of health from you obviously.
In order I did them:
Combofix:
ComboFix 08-12-21.02 - Pete 2008-12-22 22:24:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.187 [GMT 0:00]
Running from: c:\documents and settings\Pete\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pete\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\system32\akclhvlb.ini
c:\windows\system32\akqpjbth.ini
c:\windows\system32\bughbqij.ini
c:\windows\system32\crbsmupi.ini
c:\windows\system32\empxcwdk.ini
c:\windows\system32\fihlagxn.ini
c:\windows\system32\fowephag.ini
c:\windows\system32\hblmlxlm.ini
c:\windows\system32\irghvkud.ini
c:\windows\system32\iviknmro.ini
c:\windows\system32\jxlfxiad.ini
c:\windows\system32\lcpactsy.ini
c:\windows\system32\leadlqco.ini
c:\windows\system32\leokmooc.ini
c:\windows\system32\leydfugq.ini
c:\windows\system32\lfeqeohj.ini
c:\windows\system32\msnvl.exe
c:\windows\system32\nutylivq.ini
c:\windows\system32\ofcyyiqj.ini
c:\windows\system32\onvdkfmc.ini
c:\windows\system32\pdnijaif.ini
c:\windows\system32\qifwkmwx.ini
c:\windows\system32\qquyflbw.ini
c:\windows\system32\qwfqxhig.ini
c:\windows\system32\raxljujb.ini
c:\windows\system32\rdbckecy.ini
c:\windows\system32\tthwnjli.ini
c:\windows\system32\vDJTBcdd.ini
c:\windows\system32\vvGOUvut.ini
c:\windows\system32\wknmrljx.ini
c:\windows\system32\yxetnuhw.ini
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\olsdb
c:\temp\olsdb\avdb_mf
c:\temp\olsdb\avdb_mf.ref
c:\temp\olsdb\avp.klb
c:\temp\olsdb\avp.set
c:\temp\olsdb\avp.vnd
c:\temp\olsdb\ca.avc
c:\temp\olsdb\daily.avc
c:\temp\olsdb\dbindex.cpt
c:\temp\olsdb\dup.pub
c:\temp\olsdb\eicar.avc
c:\temp\olsdb\ext.dat
c:\temp\olsdb\fa.avc
c:\temp\olsdb\fsav.set
c:\temp\olsdb\fsmacro.def
c:\temp\olsdb\fsscript.def
c:\temp\olsdb\fssign2.def
c:\temp\olsdb\gen001.avc
c:\temp\olsdb\gen002.avc
c:\temp\olsdb\gen003.avc
c:\temp\olsdb\gen004.avc
c:\temp\olsdb\gen999.avc
c:\temp\olsdb\header.ini
c:\temp\olsdb\kernel.avc
c:\temp\olsdb\krn001.avc
c:\temp\olsdb\krndos.avc
c:\temp\olsdb\krnengn.avc
c:\temp\olsdb\krnexe.avc
c:\temp\olsdb\krnexe32.avc
c:\temp\olsdb\krnjava.avc
c:\temp\olsdb\krnmacro.avc
c:\temp\olsdb\krnunp.avc
c:\temp\olsdb\mail.avc
c:\temp\olsdb\malw001.avc
c:\temp\olsdb\malw002.avc
c:\temp\olsdb\malw003.avc
c:\temp\olsdb\malw004.avc
c:\temp\olsdb\ocr.avc
c:\temp\olsdb\orion.dat
c:\temp\olsdb\orioneng.dat
c:\temp\olsdb\orionfin.dat
c:\temp\olsdb\sign.def
c:\temp\olsdb\smart.avc
c:\temp\olsdb\troj001.avc
c:\temp\olsdb\troj003.avc
c:\temp\olsdb\troj004.avc
c:\temp\olsdb\troj005.avc
c:\temp\olsdb\troj006.avc
c:\temp\olsdb\troj007.avc
c:\temp\olsdb\troj008.avc
c:\temp\olsdb\troj009.avc
c:\temp\olsdb\troj010.avc
c:\temp\olsdb\troj011.avc
c:\temp\olsdb\troj012.avc
c:\temp\olsdb\troj013.avc
c:\temp\olsdb\troj014.avc
c:\temp\olsdb\troj015.avc
c:\temp\olsdb\troj016.avc
c:\temp\olsdb\troj017.avc
c:\temp\olsdb\troj018.avc
c:\temp\olsdb\troj019.avc
c:\temp\olsdb\troj020.avc
c:\temp\olsdb\troj021.avc
c:\temp\olsdb\troj022.avc
c:\temp\olsdb\troj023.avc
c:\temp\olsdb\troj024.avc
c:\temp\olsdb\troj025.avc
c:\temp\olsdb\troj026.avc
c:\temp\olsdb\troj027.avc
c:\temp\olsdb\troj028.avc
c:\temp\olsdb\troj029.avc
c:\temp\olsdb\troj030.avc
c:\temp\olsdb\troj031.avc
c:\temp\olsdb\troj032.avc
c:\temp\olsdb\troj033.avc
c:\temp\olsdb\unp000.avc
c:\temp\olsdb\unp001.avc
c:\temp\olsdb\unp002.avc
c:\temp\olsdb\unp003.avc
c:\temp\olsdb\unp004.avc
c:\temp\olsdb\unp005.avc
c:\temp\olsdb\unp006.avc
c:\temp\olsdb\unp007.avc
c:\temp\olsdb\unp008.avc
c:\temp\olsdb\unp009.avc
c:\temp\olsdb\unp010.avc
c:\temp\olsdb\unp011.avc
c:\temp\olsdb\unp012.avc
c:\temp\olsdb\unp013.avc
c:\temp\olsdb\unp014.avc
c:\temp\olsdb\unp015.avc
c:\temp\olsdb\unp016.avc
c:\temp\olsdb\unp017.avc
c:\temp\olsdb\unp018.avc
c:\temp\olsdb\unp019.avc
c:\temp\olsdb\unp020.avc
c:\temp\olsdb\unp021.avc
c:\temp\olsdb\unp022.avc
c:\temp\olsdb\unp023.avc
c:\temp\olsdb\unp024.avc
c:\temp\olsdb\unp025.avc
c:\temp\olsdb\unp026.avc
c:\temp\olsdb\virus001.avc
c:\temp\olsdb\virus002.avc
c:\temp\olsdb\virus003.avc
c:\temp\olsdb\virus004.avc
c:\temp\olsdb\virus005.avc
c:\temp\olsdb\virus006.avc
c:\temp\olsdb\virus007.avc
c:\temp\olsdb\virus008.avc
c:\temp\olsdb\virus009.avc
c:\temp\olsdb\virus010.avc
c:\temp\olsdb\virus011.avc
c:\temp\olsdb\virus012.avc
c:\temp\olsdb\virus013.avc
c:\temp\olsdb\virus014.avc
c:\temp\olsdb\virus015.avc
c:\temp\olsdb\virus016.avc
c:\temp\olsdb\virus017.avc
c:\temp\olsdb\virus018.avc
c:\temp\olsdb\virus019.avc
c:\temp\olsdb\virus020.avc
c:\temp\olsdb\worm001.avc
c:\temp\olsdb\worm002.avc
c:\temp\olsdb\worm003.avc
c:\temp\olsdb\worm004.avc
c:\temp\olsdb\worm005.avc
c:\temp\olsdb\worm006.avc
c:\temp\olsdb\worm999.avc
c:\windows\system32\akclhvlb.ini
c:\windows\system32\akqpjbth.ini
c:\windows\system32\avi
c:\windows\system32\bughbqij.ini
c:\windows\system32\crbsmupi.ini
c:\windows\system32\empxcwdk.ini
c:\windows\system32\fihlagxn.ini
c:\windows\system32\fowephag.ini
c:\windows\system32\hblmlxlm.ini
c:\windows\system32\irghvkud.ini
c:\windows\system32\iviknmro.ini
c:\windows\system32\jxlfxiad.ini
c:\windows\system32\lcpactsy.ini
c:\windows\system32\leadlqco.ini
c:\windows\system32\leokmooc.ini
c:\windows\system32\leydfugq.ini
c:\windows\system32\lfeqeohj.ini
c:\windows\system32\nex
c:\windows\system32\nutylivq.ini
c:\windows\system32\ofcyyiqj.ini
c:\windows\system32\onvdkfmc.ini
c:\windows\system32\pdnijaif.ini
c:\windows\system32\qifwkmwx.ini
c:\windows\system32\qquyflbw.ini
c:\windows\system32\qwfqxhig.ini
c:\windows\system32\raxljujb.ini
c:\windows\system32\rdbckecy.ini
c:\windows\system32\rt
c:\windows\system32\tthwnjli.ini
c:\windows\system32\vDJTBcdd.ini
c:\windows\system32\vvGOUvut.ini
c:\windows\system32\wknmrljx.ini
c:\windows\system32\yxetnuhw.ini
c:\windows\system32\winlogon.exe . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_Sysapsrsm32p
((((((((((((((((((((((((( Files Created from 2008-11-22 to 2008-12-22 )))))))))))))))))))))))))))))))
.
2008-12-22 21:25 . 2008-12-22 21:25 <DIR> d-------- c:\program files\MSXML 6.0
2008-12-22 10:08 . 2008-12-22 12:07 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-17 14:59 . 2008-12-17 14:59 <DIR> d-------- c:\program files\Microsoft Visual Studio .NET 2003
2008-12-17 14:59 . 2008-12-17 14:59 <DIR> d-------- c:\program files\AO Shop Agent
2008-12-13 09:21 . 2008-12-13 09:59 <DIR> d-------- c:\documents and settings\Reuben\Application Data\SPORE Creature Creator
2008-12-11 11:59 . 2008-12-11 11:59 <DIR> d-------- c:\documents and settings\Pete\Application Data\Safer Networking
2008-12-11 11:25 . 2008-12-11 11:59 <DIR> d-------- c:\program files\Safer Networking
2008-12-07 15:41 . 2008-12-07 15:41 <DIR> d-------- c:\documents and settings\Reuben\Application Data\Affinegy
2008-12-04 15:35 . 2008-12-21 10:22 <DIR> d-------- c:\documents and settings\Pete\Application Data\Affinegy
2008-12-04 15:24 . 2008-12-04 15:24 <DIR> d-------- c:\program files\WinPcap
2008-12-04 15:24 . 2008-12-04 15:25 <DIR> d-------- c:\program files\Virgin Broadband Wireless
2008-12-04 15:24 . 2008-12-04 15:24 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Affinegy
2008-12-04 15:24 . 2008-05-26 16:09 27,072 --a------ c:\windows\system32\drivers\AFGSp50.sys
2008-11-30 16:45 . 2008-12-19 17:40 <DIR> d-------- c:\documents and settings\Pete\Application Data\SPORE Creature Creator
2008-11-30 16:44 . 2008-11-30 16:44 <DIR> d----c--- C:\ProgramData
2008-11-30 16:44 . 2008-11-30 16:46 2,702 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-11-30 16:43 . 2008-11-30 16:44 <DIR> d-------- c:\program files\Electronic Arts
2008-11-29 16:45 . 2008-12-07 16:36 <DIR> d-------- c:\documents and settings\Reuben\Application Data\WTablet
2008-11-29 16:44 . 2008-11-29 16:44 <DIR> d----c--- c:\documents and settings\Maggie\Application Data\Ambient Design
2008-11-29 15:34 . 2008-11-29 17:17 <DIR> d----c--- c:\documents and settings\Maggie\Application Data\WTablet
2008-11-29 15:34 . 2008-11-29 15:34 <DIR> d----c--- c:\documents and settings\Maggie
2008-11-29 15:27 . 2008-11-29 15:28 <DIR> d-------- c:\documents and settings\Guest\Application Data\WTablet
2008-11-29 10:02 . 2008-11-29 10:02 <DIR> d----c--- c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-28 23:12 . 2008-11-28 23:12 129,784 --a------ c:\windows\system32\pxafs.dll
2008-11-28 23:12 . 2008-11-28 23:12 118,520 --a------ c:\windows\system32\pxinsi64.exe
2008-11-28 23:12 . 2008-11-28 23:12 116,472 --a------ c:\windows\system32\pxcpyi64.exe
2008-11-28 23:12 . 2008-11-28 23:12 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2008-11-28 23:12 . 2008-11-28 23:12 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2008-11-28 20:20 . 2008-11-28 20:20 <DIR> d-------- c:\program files\Ambient Design
2008-11-28 12:45 . 2008-05-19 18:16 186,407 --a------ c:\windows\system32\nvapps.nvb
2008-11-28 09:38 . 2008-11-28 09:38 <DIR> d-------- c:\documents and settings\Pete\Application Data\Malwarebytes
2008-11-28 09:38 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-11-28 09:37 . 2008-11-28 09:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-28 09:37 . 2008-11-28 09:37 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-28 09:37 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-28 01:05 . 2008-12-10 17:30 <DIR> d--h-c--- C:\$AVG8.VAULT$
2008-11-28 00:46 . 2008-11-28 00:46 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-28 00:46 . 2008-11-28 00:46 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-11-28 00:46 . 2008-11-28 00:46 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-28 00:45 . 2008-12-10 15:24 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-28 00:45 . 2008-11-28 00:45 <DIR> d-------- c:\program files\AVG
2008-11-28 00:45 . 2008-11-28 00:45 <DIR> d----c--- c:\documents and settings\All Users\Application Data\avg8
2008-11-28 00:44 . 2008-11-28 00:44 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-11-28 00:44 . 2008-11-28 00:44 <DIR> d-------- c:\documents and settings\Pete\Application Data\SUPERAntiSpyware.com
2008-11-28 00:44 . 2008-11-28 00:44 <DIR> d----c--- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-28 00:43 . 2008-11-28 00:43 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-28 00:30 . 2008-11-28 00:30 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-28 00:30 . 2008-11-28 00:30 <DIR> d-------- c:\program files\Adobe Media Player
2008-11-28 00:12 . 2008-12-22 22:31 <DIR> d-------- c:\documents and settings\LocalService\Application Data\WTablet
2008-11-27 23:32 . 2008-11-27 23:32 <DIR> d----c--- C:\!KillBox
2008-11-27 12:40 . 2008-11-27 12:40 <DIR> d-------- c:\program files\ASTRA32
2008-11-26 18:38 . 2008-11-26 18:38 <DIR> d-------- c:\program files\MSBuild
2008-11-26 18:35 . 2008-11-26 18:35 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-26 18:33 . 2008-11-26 18:33 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-26 18:32 . 2006-06-29 13:07 14,048 --a------ c:\windows\system32\spmsg2.dll
2008-11-26 18:30 . 2008-11-26 18:30 <DIR> d-------- c:\program files\PenLauncher
2008-11-26 18:30 . 2008-06-04 18:14 319 --a------ c:\windows\system32\pentabletdefaults.xml
2008-11-26 17:37 . 2008-12-22 22:32 <DIR> d-------- c:\documents and settings\Pete\Application Data\WTablet
2008-11-26 17:37 . 2008-05-01 22:31 3,708,200 --a------ c:\windows\system32\PenTablet.cpl
2008-11-26 17:37 . 2008-04-14 22:59 1,532,082 --a------ c:\windows\system32\PenTablet.znc
2008-11-26 17:36 . 2007-02-16 00:11 11,440 --a------ c:\windows\system32\drivers\WacomVKHid.sys
2008-11-26 17:35 . 2008-11-26 17:35 <DIR> d-------- c:\windows\system32\WTablet
2008-11-26 17:35 . 2008-11-26 17:36 <DIR> d-------- c:\program files\Tablet
2008-11-26 17:35 . 2008-05-01 22:40 3,032,360 --a------ c:\windows\system32\Pen_Tablet.exe
2008-11-26 17:35 . 2008-05-01 22:23 181,544 --a------ c:\windows\system32\Wintab32.dll
2008-11-26 17:35 . 2008-05-01 22:33 128,296 --a------ c:\windows\system32\Pen_Tablet.dll
2008-11-26 17:35 . 2008-03-17 20:14 15,144 --a------ c:\windows\system32\drivers\wacmoumonitor.sys
2008-11-26 17:35 . 2008-01-15 20:11 13,480 --a------ c:\windows\system32\drivers\wacomvhid.sys
2008-11-26 17:35 . 2007-02-16 19:12 11,312 --a------ c:\windows\system32\drivers\wacommousefilter.sys
2008-11-26 10:25 . 2008-11-28 01:23 <DIR> d-------- c:\windows\rnapxs
2008-11-26 10:18 . 2008-11-26 10:18 118,842 -r------- c:\windows\bwUnin-6.3.2.116-1245240L.exe
2008-11-24 16:04 . 2008-12-22 22:25 <DIR> d----c--- C:\Temp
2008-11-24 13:33 . 2008-11-24 13:33 <DIR> d----c--- c:\documents and settings\All Users\Application Data\Corel
2008-11-24 11:52 . 2008-11-28 10:01 <DIR> d-------- c:\program files\VisualTool
2008-11-24 11:48 . 2008-11-24 13:42 <DIR> d-------- c:\documents and settings\Pete\Application Data\Corel
2008-11-24 11:48 . 2008-11-24 13:47 1,890 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-11-24 11:48 . 2008-11-24 11:48 8 -r-hs---- c:\windows\system32\5E9C519ADC.sys
2008-11-24 11:45 . 2008-11-24 16:38 <DIR> d-------- c:\program files\Corel
2008-11-24 11:44 . 2008-11-24 11:44 <DIR> d-------- c:\program files\Corel(R) Painter(TM) IX.5 TBYB EN
2008-11-22 21:48 . 2008-11-24 16:30 <DIR> d----c--- c:\documents and settings\All Users\Application Data\WinZip
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 15:16 --------- d-----w c:\program files\Funcom
2008-12-01 16:06 --------- d-----w c:\documents and settings\Pete\Application Data\Moyea
2008-11-30 16:45 107,888 -c--a-w c:\windows\system32\CmdLineExt.dll
2008-11-30 16:44 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-28 23:20 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-28 23:20 --------- d-----w c:\program files\Common Files\Adobe
2008-11-28 23:12 43,528 ------w c:\windows\system32\drivers\pxhelp20.sys
2008-11-28 23:06 --------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-28 23:00 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-11-28 12:57 --------- d-----w c:\program files\ATI Technologies
2008-11-28 12:55 --------- d-----w c:\documents and settings\Reuben\Application Data\ATI
2008-11-28 12:55 --------- d-----w c:\documents and settings\Pete\Application Data\ATI
2008-11-28 09:46 --------- d-----w c:\program files\GameSpy Arcade
2008-11-27 11:48 --------- d-----w c:\program files\iiyama monitor test
2008-11-24 17:46 --------- d-----w c:\program files\Common Files\Vbox
2008-11-24 16:34 --------- d-----w c:\program files\Inkscape
2008-11-22 21:49 --------- d-----w c:\program files\LucasArts
2008-11-20 15:59 --------- d-----w c:\documents and settings\Pete\Application Data\Inkscape
2008-11-20 15:50 --------- d-----w c:\documents and settings\Pete\Application Data\Ambient Design
2008-11-15 23:40 --------- d-----w c:\program files\Lavalys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 14:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 14:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 14:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 14:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 14:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 14:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 14:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 14:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-05-21 20:54 1 ----a-w c:\documents and settings\Pete\SI.bin
2007-11-27 14:25 1,120 -c--a-w c:\program files\Global.sw
.
((((((((((((((((((((((((((((( snapshot@2008-12-21_23.29.09.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 ----a-w c:\windows\Driver Cache\i386\mrxsmb.sys
- 2007-02-28 09:08:48 2,136,064 ----a-w c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 ----a-w c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\Driver Cache\i386\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ----a-w c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 ----a-w c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2008-06-23 16:57:27 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-06-23 16:57:27 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-06-23 16:57:27 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-06-23 16:57:27 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-06-23 16:57:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-06-23 09:20:25 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-06-23 16:57:29 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-06-23 16:57:29 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-06-21 05:23:54 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-06-23 16:57:29 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-06-23 16:57:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-06-23 16:57:33 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-06-23 16:57:34 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-06-23 09:20:26 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-06-23 09:20:52 625,664 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-06-23 16:57:35 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-06-23 16:57:36 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-06-23 16:57:36 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-06-23 16:57:39 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-06-23 16:57:39 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-06-23 16:57:40 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-06-23 16:57:40 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-06-23 16:57:40 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-06-23 16:57:40 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-06-23 16:57:41 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-06-23 16:57:41 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
+ 2008-06-24 09:57:40 3,592,192 -c----w c:\windows\ie7updates\KB960714-IE7\mshtml.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:47 371,424 -c----w c:\windows\ie7updates\KB960714-IE7\spuninst\updspapi.dll
+ 2008-12-22 21:24:00 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-06-23 16:57:27 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-06-23 16:57:27 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\system32\dllcache\advpack.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\dllcache\afd.sys
+ 2008-08-14 09:51:43 138,368 -c--a-w c:\windows\system32\dllcache\afd.sys
- 2008-06-23 16:57:27 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 -c--a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\system32\dllcache\dxtrans.dll
- 2008-06-23 16:57:27 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\system32\dllcache\extmgr.dll
- 2008-02-20 06:51:05 282,624 ----a-w c:\windows\system32\dllcache\gdi32.dll
+ 2008-10-23 13:01:36 283,648 -c--a-w c:\windows\system32\dllcache\gdi32.dll
- 2008-06-23 16:57:28 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\system32\dllcache\icardie.dll
- 2008-06-23 09:20:25 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 -c--a-w c:\windows\system32\dllcache\ieakeng.dll
- 2008-06-23 16:57:29 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 -c--a-w c:\windows\system32\dllcache\ieaksie.dll
- 2008-06-21 05:23:54 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
+ 2008-10-15 07:04:53 161,792 -c--a-w c:\windows\system32\dllcache\ieakui.dll
- 2008-06-23 16:57:29 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\system32\dllcache\ieframe.dll
- 2008-06-23 16:57:33 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 -c--a-w c:\windows\system32\dllcache\iernonce.dll
- 2008-06-23 16:57:34 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\system32\dllcache\iertutil.dll
- 2008-06-23 09:20:26 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\system32\dllcache\ieudinit.exe
- 2008-06-23 09:20:52 625,664 -c----w c:\windows\system32\dllcache\iexplore.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\system32\dllcache\iexplore.exe
- 2008-06-23 16:57:35 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-18 20:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 01:09:22 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
- 2004-08-04 12:00:00 72,704 ----a-w c:\windows\system32\dllcache\magnify.exe
+ 2006-10-04 08:48:36 72,704 -c--a-w c:\windows\system32\dllcache\magnify.exe
- 2006-05-05 09:41:45 453,120 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
+ 2008-10-24 11:10:42 453,632 -c--a-w c:\windows\system32\dllcache\mrxsmb.sys
- 2008-06-23 16:57:36 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\system32\dllcache\msfeeds.dll
- 2008-06-23 16:57:36 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-06-24 09:57:40 3,592,192 -c----w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\system32\dllcache\mshtml.dll
- 2008-06-23 16:57:39 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\system32\dllcache\mshtmled.dll
- 2008-06-23 16:57:39 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\system32\dllcache\msrating.dll
- 2008-06-23 16:57:40 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 -c--a-w c:\windows\system32\dllcache\mstime.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\dllcache\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 -c--a-w c:\windows\system32\dllcache\msxml3.dll
- 2004-08-04 12:00:00 53,760 ----a-w c:\windows\system32\dllcache\narrator.exe
+ 2006-10-04 08:48:36 53,760 -c--a-w c:\windows\system32\dllcache\narrator.exe
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\dllcache\netapi32.dll
+ 2008-10-15 16:57:55 332,800 -c--a-w c:\windows\system32\dllcache\netapi32.dll
- 2007-02-28 09:08:48 2,136,064 ----a-w c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2008-08-14 09:58:27 2,136,064 -c--a-w c:\windows\system32\dllcache\ntkrnlmp.exe
- 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 -c--a-w c:\windows\system32\dllcache\ntkrnlpa.exe
- 2007-02-28 08:38:57 2,015,744 ----a-w c:\windows\system32\dllcache\ntkrpamp.exe
+ 2008-08-14 09:22:14 2,015,744 -c--a-w c:\windows\system32\dllcache\ntkrpamp.exe
- 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\system32\dllcache\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 -c--a-w c:\windows\system32\dllcache\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 -c----w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00:00 215,552 ----a-w c:\windows\system32\dllcache\osk.exe
+ 2006-10-04 08:48:37 215,552 -c--a-w c:\windows\system32\dllcache\osk.exe
- 2008-06-23 16:57:40 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 -c--a-w c:\windows\system32\dllcache\pngfilt.dll
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\dllcache\srv.sys
+ 2008-08-28 10:04:17 333,056 -c--a-w c:\windows\system32\dllcache\srv.sys
- 2006-08-21 09:52:08 246,814 ----a-w c:\windows\system32\dllcache\strmdll.dll
+ 2008-10-03 10:15:47 247,326 -c--a-w c:\windows\system32\dllcache\strmdll.dll
- 2004-08-04 12:00:00 35,840 ----a-w c:\windows\system32\dllcache\umandlg.dll
+ 2006-10-04 13:33:38 35,840 -c--a-w c:\windows\system32\dllcache\umandlg.dll
- 2008-06-23 16:57:40 105,984 -c----w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\system32\dllcache\url.dll
- 2008-06-23 16:57:40 1,159,680 -c----w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\system32\dllcache\urlmon.dll
- 2004-08-04 12:00:00 50,176 ----a-w c:\windows\system32\dllcache\utilman.exe
+ 2006-10-04 08:48:37 50,176 -c--a-w c:\windows\system32\dllcache\utilman.exe
- 2008-06-23 16:57:41 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\system32\dllcache\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 ----a-w c:\windows\system32\dllcache\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 -c--a-w c:\windows\system32\dllcache\win32k.sys
- 2008-06-23 16:57:41 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\system32\dllcache\wininet.dll
- 2006-10-18 21:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 05:03:08 938,496 -c--a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-18 21:47:22 2,450,944 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 05:03:14 2,458,112 -c--a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-06-20 10:44:38 138,368 ----a-w c:\windows\system32\drivers\afd.sys
+ 2008-08-14 09:51:43 138,368 ----a-w c:\windows\system32\drivers\afd.sys
- 2006-08-14 10:34:41 332,928 ----a-w c:\windows\system32\drivers\srv.sys
+ 2008-08-28 10:04:17 333,056 ----a-w c:\windows\system32\drivers\srv.sys
- 2008-06-23 16:57:27 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-06-23 16:57:27 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-06-23 16:57:27 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-11-29 09:55:01 122,928 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2008-12-22 22:06:28 122,928 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-06-23 16:57:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-06-23 09:20:25 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-06-23 16:57:29 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-06-23 16:57:29 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-06-21 05:23:54 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-06-23 16:57:29 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-06-23 16:57:29 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-06-23 16:57:33 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-06-23 16:57:33 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-06-23 16:57:34 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-06-23 09:20:26 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-06-23 16:57:35 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-18 20:03:58 100,864 -c--a-w c:\windows\system32\logagent.exe
+ 2008-06-18 01:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2004-08-04 12:00:00 72,704 ----a-w c:\windows\system32\magnify.exe
+ 2006-10-04 08:48:36 72,704 ----a-w c:\windows\system32\magnify.exe
- 2008-08-26 12:28:14 16,208,504 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 15:24:38 17,593,280 ----a-w c:\windows\system32\MRT.exe
- 2008-06-23 16:57:36 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-06-23 16:57:36 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-06-24 09:57:40 3,592,192 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-06-23 16:57:39 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-06-23 16:57:39 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-06-23 16:57:40 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll
- 2007-06-26 06:08:16 1,104,896 ----a-w c:\windows\system32\msxml3.dll
+ 2008-09-04 16:42:02 1,106,944 ----a-w c:\windows\system32\msxml3.dll
- 2006-09-01 12:08:02 1,334,032 ----a-w c:\windows\system32\msxml6.dll
+ 2008-08-29 20:06:44 1,350,664 ----a-w c:\windows\system32\msxml6.dll
- 2004-08-04 12:00:00 53,760 ----a-w c:\windows\system32\narrator.exe
+ 2006-10-04 08:48:36 53,760 ----a-w c:\windows\system32\narrator.exe
- 2006-08-17 12:28:27 332,288 ----a-w c:\windows\system32\netapi32.dll
+ 2008-10-15 16:57:55 332,800 ----a-w c:\windows\system32\netapi32.dll
- 2007-02-28 08:38:55 2,057,600 ----a-w c:\windows\system32\ntkrnlpa.exe
+ 2008-08-14 09:22:13 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
- 2007-02-28 09:10:57 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
+ 2008-08-14 10:00:45 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
- 2008-06-23 16:57:40 102,912 ------w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
- 2004-08-04 12:00:00 215,552 ----a-w c:\windows\system32\osk.exe
+ 2006-10-04 08:48:37 215,552 ----a-w c:\windows\system32\osk.exe
- 2008-06-23 16:57:40 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-07-14 11:09:18 62,976 ----a-w c:\windows\system32\tzchange.exe
+ 2008-10-22 09:47:07 62,976 ----a-w c:\windows\system32\tzchange.exe
- 2004-08-04 12:00:00 35,840 ----a-w c:\windows\system32\umandlg.dll
+ 2006-10-04 13:33:38 35,840 ----a-w c:\windows\system32\umandlg.dll
- 2008-06-23 16:57:40 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-06-23 16:57:40 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2004-08-04 12:00:00 50,176 ----a-w c:\windows\system32\utilman.exe
+ 2006-10-04 08:48:37 50,176 ----a-w c:\windows\system32\utilman.exe
- 2008-06-23 16:57:41 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-03-19 09:47:00 1,845,248 ----a-w c:\windows\system32\win32k.sys
+ 2008-09-15 11:57:41 1,846,016 ----a-w c:\windows\system32\win32k.sys
- 2006-10-18 21:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 05:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-18 21:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 05:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
+ 2008-09-30 16:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 16:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Wireless Manager"="c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
c:\documents and settings\Pete\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-11-24 225280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled
backup=c:\windows\pss\Adobe Gamma Loader.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk.disabled
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.disabledCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BT Broadband Help.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BT Broadband Help.lnk.disabled
backup=c:\windows\pss\BT Broadband Help.lnk.disabledCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\3dsmax6\\3dsmax.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Sony\\Station\\Launchpad\\LaunchPad.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Funcom\\Anarchy Online\\Anarchy.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R0 MrFilter;EasyWrite Driver;c:\windows\system32\drivers\MrFilter.sys [2005-11-23 12384]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-28 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 aliasdocserver;Alias Documentation Server;"c:\program files\Alias\Maya6.0\docs\Wrapper.exe" -s "c:\program files\Alias\Maya6.0\docs/Wrapper.conf" [2005-08-23 110592]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;\??\c:\program files\ASTRA32\ASTRA32.sys [2007-02-22 30864]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-28 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-28 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-28 76040]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-11-26 3032360]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-11-26 15144]
S0 NVStrap;NVStrap;c:\windows\system32\drivers\NVStrap.sys [2005-12-25 3712]
S2 BackWeb Plug-in - 1245240;F-Secure 2006 OEM;c:\progra~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE []
S3 lredbooo;lredbooo;\??\c:\docume~1\Pete\LOCALS~1\Temp\lredbooo.sys []
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uDefault_Search_URL = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-22 22:32:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Virgin Broadband Wireless\AffinegyService.exe
c:\program files\Alias\Maya6.0\docs\Wrapper.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\windows\system32\Ctsvccda.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Alias\Maya6.0\docs\jre\bin\java.exe
c:\windows\system32\UAService7.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\rundll32.exe
c:\program files\Virgin Broadband Wireless\ndis_events.exe
.
**************************************************************************
.
Completion time: 2008-12-22 22:40:50 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-22 22:40:48
ComboFix2.txt 2008-12-21 23:29:42
Pre-Run: 15,595,905,024 bytes free
Post-Run: 15,813,971,968 bytes free
677 --- E O F --- 2008-12-22 21:28:49
Kaspersky:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, December 23, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, December 23, 2008 07:54:33
Records in database: 1503786
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Scan statistics:
Files scanned: 137891
Threat name: 5
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 02:48:16
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\dtiqdl.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\fpoufeni.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exy 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kesqavpm.dll.vir Infected: Trojan-PSW.Win32.QQPass.efx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\twmiha.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exq 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ycekcbdr.dll.vir Infected: Packed.Win32.PolyCrypt.d 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ymcunk.dll.vir Infected: Trojan-PSW.Win32.QQPass.efx 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\zptpbq.dll.vir Infected: not-a-virus:AdWare.Win32.SuperJuan.exy 1
C:\WINDOWS\system32\hhk.dll_tobedeleted Infected: Trojan.Win32.Puper.ar 1
The selected area was scanned.
Hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:50:26, on 23/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\WINDOWS\system32\CTSvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Alias\Maya6.0\docs\jre\bin\java.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pete\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Wireless Manager] "C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe" startup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: AffinegyService - Affinegy, Inc. - C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
O23 - Service: Alias Documentation Server (aliasdocserver) - Unknown owner - C:\Program Files\Alias\Maya6.0\docs\Wrapper.exe
O23 - Service: F-Secure 2006 OEM (BackWeb Plug-in - 1245240) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\1245240\Program\SERVIC~1.EXE (file missing)
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\1245240\program\fsbwsys.exe (file missing)
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - http://www.google.co.uk/options/icons/gmail.gif
--
End of file - 6440 bytes