ComboFix 08-06-20.4 - Trupti 2008-07-01 14:02:17.2 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2280 [GMT -4:00] Running from: C:\Users\Trupti\Desktop\ComboFix.exe Command switches used :: C:\Users\Trupti\Desktop\CFScript.txt * Created a new restore point FILE :: C:\Windows\System32\bpxork.dll C:\Windows\System32\ccfxpumx.dll C:\Windows\System32\dormwobf.dll C:\Windows\System32\gmqpiogk.ini C:\Windows\system32\hgGwxWpO.dll C:\Windows\System32\hxcyldqp.dll C:\Windows\System32\iqluwlhf.dll C:\Windows\System32\jbvompqo.dll C:\Windows\System32\kgoipqmg.dll C:\Windows\system32\khfETnmj.dll C:\Windows\System32\kyonaujr.dll C:\Windows\System32\ofcbjsle.dll C:\Windows\System32\scodcsrq.dll C:\Windows\System32\tqjghgkf.dll C:\Windows\System32\uqblnksf.dll C:\Windows\System32\utfpahue.dll C:\Windows\System32\whjisfgj.dll C:\Windows\System32\xcdecx.dll C:\Windows\System32\yxanccrb.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\System32\bpxork.dll C:\Windows\System32\ccfxpumx.dll C:\Windows\System32\dormwobf.dll C:\Windows\System32\gmqpiogk.ini C:\Windows\System32\hxcyldqp.dll C:\Windows\System32\iqluwlhf.dll C:\Windows\System32\jbvompqo.dll C:\Windows\System32\kgoipqmg.dll C:\Windows\System32\kyonaujr.dll C:\Windows\System32\ofcbjsle.dll C:\Windows\System32\scodcsrq.dll C:\Windows\System32\tqjghgkf.dll C:\Windows\System32\uqblnksf.dll C:\Windows\System32\utfpahue.dll C:\Windows\System32\whjisfgj.dll C:\Windows\System32\xcdecx.dll C:\Windows\System32\yxanccrb.dll . ---- Previous Run ------- . C:\Windows\System32\abJjPXbc.ini C:\Windows\System32\abJjPXbc.ini2 C:\Windows\system32\awtsSmkl.dll C:\Windows\system32\cbXRIcYs.dll C:\Windows\system32\ddcDsqno.dll C:\Windows\system32\EffhjQss.ini C:\Windows\System32\EffhjQss.ini2 C:\Windows\System32\eKknWvut.ini C:\Windows\System32\eKknWvut.ini2 C:\Windows\system32\ffvfpmhi.ini C:\Windows\system32\fhlwulqi.ini C:\Windows\System32\FMWvCcdd.ini C:\Windows\System32\FMWvCcdd.ini2 C:\Windows\system32\fsknlbqu.ini C:\Windows\system32\gmqpiogk.ini C:\Windows\system32\iqbauyun.ini C:\Windows\system32\jkkJDvTJ.dll C:\Windows\System32\jmnTEfhk.ini C:\Windows\System32\jmnTEfhk.ini2 C:\Windows\system32\jusched.exe C:\Windows\System32\lkmSstwa.ini C:\Windows\System32\lkmSstwa.ini2 C:\Windows\system32\ludyrndo.ini C:\Windows\system32\mcrh.tmp C:\Windows\system32\mnvknoxd.ini C:\Windows\system32\nvfyspip.ini C:\Windows\System32\onqsDcdd.ini C:\Windows\System32\onqsDcdd.ini2 C:\Windows\System32\OpWxwGgh.ini C:\Windows\System32\OpWxwGgh.ini2 C:\Windows\system32\pkhdnkao.ini C:\Windows\system32\ssQjhffE.dll C:\Windows\system32\tuvWnkKe.dll C:\Windows\System32\XIRsBJjl.ini C:\Windows\System32\XIRsBJjl.ini2 . ((((((((((((((((((((((((( Files Created from 2008-06-01 to 2008-07-01 ))))))))))))))))))))))))))))))) . 2008-07-01 14:00 . 2008-07-01 14:01 d-------- C:\327882R2FWJFW 2008-06-30 19:56 . 2008-06-30 19:56 d-------- C:\Users\All Users\Yahoo! 2008-06-30 19:56 . 2008-06-30 19:56 d-------- C:\ProgramData\Yahoo! 2008-06-30 19:54 . 2008-06-30 19:54 d-------- C:\Program Files\Yahoo! 2008-06-29 09:29 . 2008-06-29 09:31 d-------- C:\Users\All Users\Lavasoft 2008-06-29 09:29 . 2008-06-29 09:31 d-------- C:\ProgramData\Lavasoft 2008-06-29 09:29 . 2008-06-29 09:29 d-------- C:\Program Files\Lavasoft 2008-06-29 09:28 . 2008-06-29 09:28 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-06-28 22:14 . 2008-06-28 22:14 d-------- C:\Users\Trupti\AppData\Roaming\DivX 2008-06-28 22:13 . 2008-06-30 09:12 d-------- C:\Program Files\DivX 2008-06-28 22:13 . 2008-06-30 09:12 d-------- C:\Program Files\Common Files\PX Storage Engine 2008-06-28 18:16 . 2008-06-28 18:53 524,288 --ahs---- C:\ntuser.dat{76de9a94-455f-11dd-a238-001e8c77262a}.TMContainer00000000000000000002.regtrans-ms 2008-06-28 18:16 . 2008-06-28 18:53 524,288 --ahs---- C:\ntuser.dat{76de9a94-455f-11dd-a238-001e8c77262a}.TMContainer00000000000000000001.regtrans-ms 2008-06-28 18:16 . 2008-06-28 18:53 65,536 --ahs---- C:\ntuser.dat{76de9a94-455f-11dd-a238-001e8c77262a}.TM.blf 2008-06-28 18:11 . 2008-06-28 19:48 429 --a------ C:\Windows\wininit.ini 2008-06-28 17:51 . 2008-06-28 19:57 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-28 17:51 . 2008-06-28 19:57 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-06-28 17:51 . 2008-06-28 19:57 d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-28 17:51 . 2008-06-28 18:12 524,288 --ahs---- C:\ntuser.dat{83a2c4a1-4546-11dd-a6ec-001e8c77262a}.TMContainer00000000000000000002.regtrans-ms 2008-06-28 17:51 . 2008-06-28 18:12 524,288 --ahs---- C:\ntuser.dat{83a2c4a1-4546-11dd-a6ec-001e8c77262a}.TMContainer00000000000000000001.regtrans-ms 2008-06-28 17:51 . 2008-06-28 18:12 65,536 --ahs---- C:\ntuser.dat{83a2c4a1-4546-11dd-a6ec-001e8c77262a}.TM.blf 2008-06-28 15:25 . 2008-06-28 15:43 d-------- C:\Users\Trupti\.housecall6.6 2008-06-28 15:25 . 2008-06-28 15:25 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys 2008-06-28 15:24 . 2008-06-28 15:24 d-------- C:\Windows\Sun 2008-06-28 14:51 . 2008-06-28 19:22 262,144 --a------ C:\ntuser.dat 2008-06-28 14:51 . 2008-06-28 19:22 5,120 --ah----- C:\ntuser.dat.LOG1 2008-06-28 14:51 . 2008-06-28 17:51 0 --ah----- C:\ntuser.dat.LOG2 2008-06-28 11:48 . 2008-06-28 11:48 d-------- C:\Program Files\Trend Micro 2008-06-28 09:44 . 2008-06-28 09:44 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe 2008-06-28 08:45 . 2008-06-28 10:03 d-------- C:\VundoFix Backups 2008-06-28 08:11 . 2008-06-28 08:11 103,424 --a------ C:\Windows\System32\yqniah.dll 2008-06-27 19:51 . 2008-06-27 19:51 d-------- C:\Windows\System32\config\systemprofile\AppData\Roaming\Snapfish 2008-06-27 19:50 . 2008-06-27 19:50 dr------- C:\Windows\System32\config\systemprofile\Videos 2008-06-27 19:50 . 2008-06-27 19:50 dr------- C:\Windows\System32\config\systemprofile\Searches 2008-06-27 19:50 . 2008-06-27 19:50 dr------- C:\Windows\System32\config\systemprofile\Saved Games 2008-06-27 19:50 . 2008-06-27 19:50 dr------- C:\Windows\System32\config\systemprofile\Pictures 2008-06-27 19:50 . 2008-06-27 19:50 dr------- C:\Windows\System32\config\systemprofile\Music 2008-06-27 19:50 . 2008-06-27 19:50 dr------- C:\Windows\System32\config\systemprofile\Links 2008-06-27 19:50 . 2008-06-27 19:50 dr------- C:\Windows\System32\config\systemprofile\Downloads 2008-06-27 19:50 . 2008-06-27 19:50 dr------- C:\Windows\System32\config\systemprofile\Documents 2008-06-27 14:45 . 2008-06-27 14:45 286,720 --------- C:\Windows\Setup1.exe 2008-06-27 14:45 . 2008-06-27 14:45 73,216 --a------ C:\Windows\ST6UNST.EXE 2008-06-25 18:13 . 2008-06-25 18:13 d-------- C:\Program Files\Logitech 2008-06-25 18:12 . 2008-06-25 18:13 d-------- C:\Program Files\Jasc Software Inc 2008-06-25 18:10 . 2008-06-25 18:10 d-------- C:\Users\Trupti\AppData\Roaming\Jasc Software Inc 2008-06-25 09:34 . 2008-06-25 09:34 d-------- C:\Program Files\uTorrent 2008-06-25 09:33 . 2008-06-26 08:47 d-------- C:\Users\Trupti\AppData\Roaming\uTorrent 2008-06-25 09:12 . 2008-06-25 10:09 d-------- C:\Users\All Users\RoboForm 2008-06-25 09:12 . 2008-06-25 10:09 d-------- C:\ProgramData\RoboForm 2008-06-24 18:21 . 2008-06-24 18:21 d-------- C:\Program Files\Microsoft.NET 2008-06-24 18:18 . 2008-06-27 10:49 d-------- C:\Users\All Users\Microsoft Help 2008-06-24 18:18 . 2008-06-27 10:49 d-------- C:\ProgramData\Microsoft Help 2008-06-24 18:17 . 2008-06-24 18:17 dr-h----- C:\MSOCache 2008-06-24 15:58 . 2008-06-24 15:58 d-------- C:\Users\Trupti\AppData\Roaming\muvee Technologies 2008-06-24 15:57 . 2008-06-28 11:14 d-a------ C:\Users\All Users\TEMP 2008-06-24 15:57 . 2008-06-28 11:14 d-a------ C:\ProgramData\TEMP 2008-06-24 15:52 . 2008-06-24 15:52 d-------- C:\My Downloads 2008-06-24 13:54 . 2008-06-24 13:54 d-------- C:\Users\Trupti\AppData\Roaming\WildTangent 2008-06-24 11:26 . 2008-06-24 11:26 d-------- C:\Program Files\The Font Thing 2008-06-24 11:25 . 2008-06-24 11:25 d-------- C:\Program Files\XP Codec Pack 2008-06-24 11:24 . 2008-06-24 11:24 d-------- C:\Program Files\Siber Systems 2008-06-24 11:13 . 2008-06-24 11:14 d-------- C:\Program Files\FTP Surfer 2008-06-23 21:27 . 2008-06-23 21:27 d-------- C:\Users\Trupti\AppData\Roaming\Template 2008-06-23 21:27 . 2008-06-27 12:32 1,966 --a------ C:\Users\Trupti\AppData\Roaming\wklnhst.dat 2008-06-23 14:20 . 2008-06-23 14:20 d-------- C:\Windows\PCHEALTH 2008-06-23 14:17 . 2008-06-23 14:20 d-------- C:\Program Files\Windows Live 2008-06-23 14:17 . 2008-06-23 14:20 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-06-23 14:16 . 2008-06-23 14:16 d-------- C:\Users\All Users\WLInstaller 2008-06-23 14:16 . 2008-06-23 14:16 d-------- C:\ProgramData\WLInstaller 2008-06-23 13:58 . 2008-06-23 13:58 d-------- C:\Users\Trupti\AppData\Roaming\CyberLink 2008-06-23 13:58 . 2008-06-23 13:58 d-------- C:\Users\Public\CyberLink 2008-06-23 13:58 . 2008-06-23 13:58 d-------- C:\Users\All Users\CyberLink 2008-06-23 13:58 . 2008-06-23 13:58 d-------- C:\ProgramData\CyberLink 2008-06-23 13:58 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss 2008-06-23 13:57 . 2008-01-15 11:26 4,874,240 --a------ C:\Windows\RtHDVCpl.exe 2008-06-23 13:57 . 2008-01-07 19:30 2,156,544 --a------ C:\Windows\System32\RtkAPO.dll 2008-06-23 13:57 . 2008-01-15 19:19 2,047,576 --a------ C:\Windows\System32\drivers\RTKVHDA.sys 2008-06-23 13:57 . 2007-11-07 17:31 1,191,936 --a------ C:\Windows\RtlUpd.exe 2008-06-23 13:57 . 2008-01-09 18:52 636,416 --a------ C:\Windows\System32\RtkPgExt.dll 2008-06-23 13:57 . 2007-11-13 12:35 532,480 --a------ C:\Windows\System32\RTSndMgr.cpl 2008-06-23 13:57 . 2008-01-14 16:18 29,696 --a------ C:\Windows\System32\RtkCoInst.dll 2008-06-23 13:54 . 2008-06-23 13:54 d-------- C:\Users\Trupti\AppData\Roaming\WinBatch 2008-06-23 13:54 . 2008-06-23 13:54 d-------- C:\Users\All Users\eBay 2008-06-23 13:54 . 2008-06-23 13:54 d-------- C:\ProgramData\eBay 2008-06-23 13:54 . 2008-06-23 13:54 d-------- C:\Program Files\eBay 2008-06-23 13:45 . 2008-06-23 13:45 194,560 --a------ C:\Windows\System32\WebClnt.dll 2008-06-23 13:45 . 2008-06-23 13:45 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys 2008-06-23 13:44 . 2008-06-23 13:44 d-------- C:\Windows\OvtCam 2008-06-23 13:44 . 2008-06-23 13:44 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-06-23 13:44 . 2008-06-23 13:44 41,984 --a------ C:\Windows\System32\drivers\monitor.sys 2008-06-23 13:41 . 2008-06-23 13:41 2,027,008 --a------ C:\Windows\System32\win32k.sys 2008-06-23 13:41 . 2008-06-23 13:41 296,448 --a------ C:\Windows\System32\gdi32.dll 2008-06-23 13:41 . 2008-06-23 13:41 223,232 --a------ C:\Windows\System32\WMASF.DLL 2008-06-23 13:41 . 2008-06-23 13:41 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys 2008-06-23 13:41 . 2008-06-23 13:41 14,848 --a------ C:\Windows\System32\wshrm.dll 2008-06-23 13:41 . 2008-06-23 13:41 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-06-23 13:41 . 2008-06-23 13:41 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2008-06-23 13:41 . 2008-06-23 13:41 2,048 --a------ C:\Windows\System32\asferror.dll 2008-06-23 13:40 . 2008-06-23 13:40 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-06-23 13:40 . 2008-06-23 13:40 1,686,528 --a------ C:\Windows\System32\gameux.dll 2008-06-23 13:40 . 2008-06-23 13:40 1,327,104 --a------ C:\Windows\System32\quartz.dll 2008-06-23 13:40 . 2008-06-23 13:40 130,048 --a------ C:\Windows\System32\drivers\srv2.sys 2008-06-23 13:40 . 2008-06-23 13:40 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys 2008-06-23 13:40 . 2008-06-23 13:40 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys 2008-06-23 13:40 . 2008-06-23 13:40 84,480 --a------ C:\Windows\System32\dnsrslvr.dll 2008-06-23 13:40 . 2008-06-23 13:40 58,368 --a------ C:\Windows\System32\drivers\mrxsmb20.sys 2008-06-23 13:40 . 2008-06-23 13:40 24,576 --a------ C:\Windows\System32\dnscacheugc.exe 2008-06-23 13:39 . 2008-06-23 13:39 1,244,672 --a------ C:\Windows\System32\mcmde.dll 2008-06-23 13:39 . 2008-06-23 13:39 428,032 --a------ C:\Windows\System32\EncDec.dll 2008-06-23 13:39 . 2008-06-23 13:39 292,352 --a------ C:\Windows\System32\psisdecd.dll 2008-06-23 13:39 . 2008-06-23 13:39 218,624 --a------ C:\Windows\System32\psisrndr.ax 2008-06-23 13:39 . 2008-06-23 13:39 80,896 --a------ C:\Windows\System32\MSNP.ax 2008-06-23 13:39 . 2008-06-23 13:39 68,608 --a------ C:\Windows\System32\Mpeg2Data.ax 2008-06-23 13:39 . 2008-06-23 13:39 57,856 --a------ C:\Windows\System32\MSDvbNP.ax 2008-06-23 13:37 . 2008-06-23 13:37 2,048 --a------ C:\Windows\System32\tzres.dll 2008-06-23 13:33 . 2008-06-23 13:33 d-------- C:\Users\Trupti\AppData\Roaming\Symantec 2008-06-23 13:33 . 2008-06-23 13:33 d-------- C:\Users\Trupti\AppData\Roaming\Snapfish 2008-06-23 13:32 . 2008-06-23 13:32 dr------- C:\Users\Trupti\Searches 2008-06-23 13:32 . 2008-06-30 14:10 dr------- C:\Users\Trupti\Contacts 2008-06-23 13:30 . 2008-06-23 13:34 d-------- C:\Users\Trupti\AppData\Roaming\Hewlett-Packard 2008-06-23 13:28 . 2008-06-28 22:13 dr------- C:\Users\Trupti\Videos 2008-06-23 13:28 . 2008-06-23 13:32 dr------- C:\Users\Trupti\Saved Games 2008-06-23 13:28 . 2008-06-27 15:24 dr------- C:\Users\Trupti\Pictures 2008-06-23 13:28 . 2008-06-26 23:29 dr------- C:\Users\Trupti\Music 2008-06-23 13:28 . 2008-06-23 13:32 dr------- C:\Users\Trupti\Links . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-30 14:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-06-30 14:11 --------- d-----w C:\ProgramData\Symantec 2008-06-24 17:54 --------- d-----w C:\ProgramData\WildTangent 2008-06-23 18:04 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-23 18:04 --------- d-----w C:\Program Files\Windows Mail 2008-06-23 17:57 319,456 ----a-w C:\Windows\DIFxAPI.dll 2008-06-23 17:54 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-23 17:40 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-06-23 17:40 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-06-23 17:40 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-06-23 17:40 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-06-23 17:40 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-06-23 17:38 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-06 20:14 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((( snapshot@2008-06-30_14.44.54.36 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-30 18:23:16 67,584 --s-a-w C:\Windows\bootstat.dat + 2008-07-01 18:05:22 67,584 --s-a-w C:\Windows\bootstat.dat - 2008-06-30 18:23:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2008-07-01 18:05:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2008-06-30 18:23:17 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2008-07-01 18:05:22 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2008-06-30 18:36:33 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-07-01 18:20:58 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT + 2008-07-01 18:20:58 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 - 2008-06-30 18:41:03 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-07-01 18:20:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT + 2008-07-01 18:20:53 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 - 2008-06-30 18:19:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2008-07-01 18:02:02 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2008-06-30 18:19:37 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-07-01 18:02:02 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2008-03-25 02:32:44 218,496 ----a-r C:\Windows\System32\Macromed\Flash\FlashUtil9f.exe - 2008-02-06 20:34:14 48,238 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe + 2008-06-30 23:54:58 74,137 ----a-w C:\Windows\System32\Macromed\Flash\uninstall_activeX.exe - 2008-06-30 18:28:20 108,966 ----a-w C:\Windows\System32\perfc009.dat + 2008-07-01 18:09:43 108,966 ----a-w C:\Windows\System32\perfc009.dat - 2008-06-30 18:28:20 625,810 ----a-w C:\Windows\System32\perfh009.dat + 2008-07-01 18:09:43 625,810 ----a-w C:\Windows\System32\perfh009.dat - 2008-06-30 16:38:29 4,772 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2222510163-356037411-772758534-1000_UserData.bin + 2008-07-01 12:07:38 5,368 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2222510163-356037411-772758534-1000_UserData.bin - 2008-06-30 16:38:29 53,294 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2008-07-01 12:07:38 53,474 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2008-06-30 13:59:02 2,738 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat + 2008-07-01 03:50:42 2,850 ----a-w C:\Windows\System32\WDI\ERCQueuedResolutions.dat - 2008-06-30 16:42:00 29,976 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2008-07-01 12:07:38 30,016 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-06-23 13:41 1232896] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-06-26 08:43 160592] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 14:37 2321600] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-06-24 13:51 5724184] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-07-06 21:45 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-07-06 21:45 8466432] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-07-06 21:45 81920] "RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 11:26 4874240 C:\Windows\RtHDVCpl.exe] "HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ] "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 06:56 54936] "HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="C:\Windows\SMINST\launcher.exe" [2007-10-09 14:02 44168] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3codecp"= l3codecp.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{25202E35-BBB8-4517-A284-46525D8261E7}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{1C86E564-CE51-4B81-A97E-8C6B2D5DEE5F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{86202441-8667-40C0-AF46-58603C297B78}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{C1D86D2A-69C8-4A44-8BC0-4E79A6F314A1}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{F3C6B646-48C1-4959-9FDD-FA28608806D7}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{A1467F1F-7E69-419A-9B41-220FE40C9FE7}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{75BA54C5-2A9D-4F1D-8CA6-01104A615B17}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{4D01DA72-6069-45C0-8EF3-F0547AE8F908}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{D3EFDF9A-9F7D-470C-8A9D-A93D118CE36B}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "UDP Query User{FF29D48F-14A3-4E9A-9562-E2B46245E13E}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer "TCP Query User{2400CBB9-E8ED-47D0-8F61-9EC1774C61B3}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare "UDP Query User{C3AA8713-18C2-4D5F-A9D8-03C7C0313E38}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare "{9656687A-A48F-4A36-9255-80AB57D41D2B}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{42C3E27A-F843-443D-9B6D-B29EF65EECA1}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{8ECD46DD-0D2B-4FB5-A89F-51DC8AC0EE24}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent "{5CE87FFF-86D2-4AD0-A40F-561AA264A587}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{BA709AF6-8333-454D-B5D0-52ADA75D94CC}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{A459D664-7C7E-44B8-936D-2408B77AB7D5}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{FE4AE27C-6C42-4C9F-8D53-F59C0361CA27}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 19:33] . Contents of the 'Scheduled Tasks' folder "2008-07-01 12:10:14 C:\Windows\Tasks\User_Feed_Synchronization-{F5D1D9D1-2670-46C8-833D-B4F80856E51B}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-07-01 14:23:46 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... C:\Users\Trupti\AppData\Local\Temp\CabFE6A.tmp C:\Users\Trupti\AppData\Local\Temp\TarFE6B.tmp C:\Users\Trupti\AppData\Roaming\Microsoft\Windows\Cookies\trupti@yahoo[2].txt ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Windows\System32\audiodg.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Windows\System32\drivers\XAudio.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\System32\conime.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\schtasks.exe C:\Windows\System32\rundll32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\hp\KBD\kbd.exe C:\Windows\System32\dllhost.exe . ************************************************************************** . Completion time: 2008-07-01 14:29:23 - machine was rebooted [Trupti] ComboFix-quarantined-files.txt 2008-07-01 18:28:17 Pre-Run: 451,163,787,264 bytes free Post-Run: 451,882,770,432 bytes free 367 --- E O F --- 2008-06-26 19:30:42