ComboFix 08-09-16.05 - Andre White 2008-09-18 20:15:12.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1513 [GMT -4:00] Running from: H:\Documents and Settings\Andre White\Desktop\Combo-Fix.exe [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . H:\Program Files\HP\HP Software Update\HPWuSchd2.exe H:\WINDOWS\system32\ban_list.txt H:\WINDOWS\system32\drivers\downld H:\WINDOWS\system32\drivers\downld\101828.exe H:\WINDOWS\system32\drivers\downld\103031.exe H:\WINDOWS\system32\drivers\downld\104578.exe H:\WINDOWS\system32\drivers\downld\104890.exe H:\WINDOWS\system32\drivers\downld\105421.exe H:\WINDOWS\system32\drivers\downld\106015.exe H:\WINDOWS\system32\drivers\downld\106125.exe H:\WINDOWS\system32\drivers\downld\106312.exe H:\WINDOWS\system32\drivers\downld\110515.exe H:\WINDOWS\system32\drivers\downld\113234.exe H:\WINDOWS\system32\drivers\downld\113468.exe H:\WINDOWS\system32\drivers\downld\118953.exe H:\WINDOWS\system32\drivers\downld\122390.exe H:\WINDOWS\system32\drivers\downld\122828.exe H:\WINDOWS\system32\drivers\downld\122937.exe H:\WINDOWS\system32\drivers\downld\127750.exe H:\WINDOWS\system32\drivers\downld\128468.exe H:\WINDOWS\system32\drivers\downld\129390.exe H:\WINDOWS\system32\drivers\downld\131625.exe H:\WINDOWS\system32\drivers\downld\132125.exe H:\WINDOWS\system32\drivers\downld\132656.exe H:\WINDOWS\system32\drivers\downld\133312.exe H:\WINDOWS\system32\drivers\downld\134156.exe H:\WINDOWS\system32\drivers\downld\136062.exe H:\WINDOWS\system32\drivers\downld\136968.exe H:\WINDOWS\system32\drivers\downld\137859.exe H:\WINDOWS\system32\drivers\downld\138015.exe H:\WINDOWS\system32\drivers\downld\138640.exe H:\WINDOWS\system32\drivers\downld\139171.exe H:\WINDOWS\system32\drivers\downld\139593.exe H:\WINDOWS\system32\drivers\downld\140062.exe H:\WINDOWS\system32\drivers\downld\140171.exe H:\WINDOWS\system32\drivers\downld\140359.exe H:\WINDOWS\system32\drivers\downld\140484.exe H:\WINDOWS\system32\drivers\downld\140500.exe H:\WINDOWS\system32\drivers\downld\142484.exe H:\WINDOWS\system32\drivers\downld\142734.exe H:\WINDOWS\system32\drivers\downld\143265.exe H:\WINDOWS\system32\drivers\downld\143390.exe H:\WINDOWS\system32\drivers\downld\143906.exe H:\WINDOWS\system32\drivers\downld\145890.exe H:\WINDOWS\system32\drivers\downld\146671.exe H:\WINDOWS\system32\drivers\downld\146796.exe H:\WINDOWS\system32\drivers\downld\146921.exe H:\WINDOWS\system32\drivers\downld\147015.exe H:\WINDOWS\system32\drivers\downld\147718.exe H:\WINDOWS\system32\drivers\downld\148140.exe H:\WINDOWS\system32\drivers\downld\148234.exe H:\WINDOWS\system32\drivers\downld\150125.exe H:\WINDOWS\system32\drivers\downld\150187.exe H:\WINDOWS\system32\drivers\downld\150984.exe H:\WINDOWS\system32\drivers\downld\151671.exe H:\WINDOWS\system32\drivers\downld\151921.exe H:\WINDOWS\system32\drivers\downld\152265.exe H:\WINDOWS\system32\drivers\downld\155234.exe H:\WINDOWS\system32\drivers\downld\156250.exe H:\WINDOWS\system32\drivers\downld\157187.exe H:\WINDOWS\system32\drivers\downld\158484.exe H:\WINDOWS\system32\drivers\downld\158984.exe H:\WINDOWS\system32\drivers\downld\161031.exe H:\WINDOWS\system32\drivers\downld\161812.exe H:\WINDOWS\system32\drivers\downld\162046.exe H:\WINDOWS\system32\drivers\downld\162421.exe H:\WINDOWS\system32\drivers\downld\162656.exe H:\WINDOWS\system32\drivers\downld\162828.exe H:\WINDOWS\system32\drivers\downld\166437.exe H:\WINDOWS\system32\drivers\downld\167031.exe H:\WINDOWS\system32\drivers\downld\167218.exe H:\WINDOWS\system32\drivers\downld\168343.exe H:\WINDOWS\system32\drivers\downld\171625.exe H:\WINDOWS\system32\drivers\downld\171671.exe H:\WINDOWS\system32\drivers\downld\171859.exe H:\WINDOWS\system32\drivers\downld\172093.exe H:\WINDOWS\system32\drivers\downld\172328.exe H:\WINDOWS\system32\drivers\downld\174656.exe H:\WINDOWS\system32\drivers\downld\176796.exe H:\WINDOWS\system32\drivers\downld\177015.exe H:\WINDOWS\system32\drivers\downld\177343.exe H:\WINDOWS\system32\drivers\downld\177843.exe H:\WINDOWS\system32\drivers\downld\178703.exe H:\WINDOWS\system32\drivers\downld\179687.exe H:\WINDOWS\system32\drivers\downld\181046.exe H:\WINDOWS\system32\drivers\downld\181156.exe H:\WINDOWS\system32\drivers\downld\181218.exe H:\WINDOWS\system32\drivers\downld\183671.exe H:\WINDOWS\system32\drivers\downld\183843.exe H:\WINDOWS\system32\drivers\downld\184812.exe H:\WINDOWS\system32\drivers\downld\184906.exe H:\WINDOWS\system32\drivers\downld\185468.exe H:\WINDOWS\system32\drivers\downld\186953.exe H:\WINDOWS\system32\drivers\downld\188609.exe H:\WINDOWS\system32\drivers\downld\190281.exe H:\WINDOWS\system32\drivers\downld\191187.exe H:\WINDOWS\system32\drivers\downld\194203.exe H:\WINDOWS\system32\drivers\downld\195203.exe H:\WINDOWS\system32\drivers\downld\195781.exe H:\WINDOWS\system32\drivers\downld\195968.exe H:\WINDOWS\system32\drivers\downld\196000.exe H:\WINDOWS\system32\drivers\downld\197875.exe H:\WINDOWS\system32\drivers\downld\200187.exe H:\WINDOWS\system32\drivers\downld\200984.exe H:\WINDOWS\system32\drivers\downld\201062.exe H:\WINDOWS\system32\drivers\downld\201625.exe H:\WINDOWS\system32\drivers\downld\202171.exe H:\WINDOWS\system32\drivers\downld\202765.exe H:\WINDOWS\system32\drivers\downld\204015.exe H:\WINDOWS\system32\drivers\downld\208000.exe H:\WINDOWS\system32\drivers\downld\209109.exe H:\WINDOWS\system32\drivers\downld\210281.exe H:\WINDOWS\system32\drivers\downld\221078.exe H:\WINDOWS\system32\drivers\downld\222531.exe H:\WINDOWS\system32\drivers\downld\223046.exe H:\WINDOWS\system32\drivers\downld\223250.exe H:\WINDOWS\system32\drivers\downld\226984.exe H:\WINDOWS\system32\drivers\downld\228859.exe H:\WINDOWS\system32\drivers\downld\231218.exe H:\WINDOWS\system32\drivers\downld\237031.exe H:\WINDOWS\system32\drivers\downld\247250.exe H:\WINDOWS\system32\drivers\downld\249328.exe H:\WINDOWS\system32\drivers\downld\253218.exe H:\WINDOWS\system32\drivers\downld\259531.exe H:\WINDOWS\system32\drivers\downld\260171.exe H:\WINDOWS\system32\drivers\downld\261828.exe H:\WINDOWS\system32\drivers\downld\261906.exe H:\WINDOWS\system32\drivers\downld\262109.exe H:\WINDOWS\system32\drivers\downld\267578.exe H:\WINDOWS\system32\drivers\downld\269343.exe H:\WINDOWS\system32\drivers\downld\270843.exe H:\WINDOWS\system32\drivers\downld\271828.exe H:\WINDOWS\system32\drivers\downld\272281.exe H:\WINDOWS\system32\drivers\downld\273093.exe H:\WINDOWS\system32\drivers\downld\275937.exe H:\WINDOWS\system32\drivers\downld\276671.exe H:\WINDOWS\system32\drivers\downld\277781.exe H:\WINDOWS\system32\drivers\downld\278890.exe H:\WINDOWS\system32\drivers\downld\278921.exe H:\WINDOWS\system32\drivers\downld\280265.exe H:\WINDOWS\system32\drivers\downld\280843.exe H:\WINDOWS\system32\drivers\downld\281531.exe H:\WINDOWS\system32\drivers\downld\286265.exe H:\WINDOWS\system32\drivers\downld\288203.exe H:\WINDOWS\system32\drivers\downld\293875.exe H:\WINDOWS\system32\drivers\downld\298718.exe H:\WINDOWS\system32\drivers\downld\299984.exe H:\WINDOWS\system32\drivers\downld\302765.exe H:\WINDOWS\system32\drivers\downld\303296.exe H:\WINDOWS\system32\drivers\downld\303812.exe H:\WINDOWS\system32\drivers\downld\303875.exe H:\WINDOWS\system32\drivers\downld\307343.exe H:\WINDOWS\system32\drivers\downld\308703.exe H:\WINDOWS\system32\drivers\downld\309484.exe H:\WINDOWS\system32\drivers\downld\317093.exe H:\WINDOWS\system32\drivers\downld\318437.exe H:\WINDOWS\system32\drivers\downld\318687.exe H:\WINDOWS\system32\drivers\downld\319359.exe H:\WINDOWS\system32\drivers\downld\319812.exe H:\WINDOWS\system32\drivers\downld\325125.exe H:\WINDOWS\system32\drivers\downld\326015.exe H:\WINDOWS\system32\drivers\downld\326843.exe H:\WINDOWS\system32\drivers\downld\334421.exe H:\WINDOWS\system32\drivers\downld\335156.exe H:\WINDOWS\system32\drivers\downld\335562.exe H:\WINDOWS\system32\drivers\downld\342890.exe H:\WINDOWS\system32\drivers\downld\345843.exe H:\WINDOWS\system32\drivers\downld\352578.exe H:\WINDOWS\system32\drivers\downld\386546.exe H:\WINDOWS\system32\drivers\downld\391296.exe H:\WINDOWS\system32\drivers\downld\391500.exe H:\WINDOWS\system32\drivers\downld\408718.exe H:\WINDOWS\system32\drivers\downld\408796.exe H:\WINDOWS\system32\drivers\downld\460187.exe H:\WINDOWS\system32\drivers\downld\482718.exe H:\WINDOWS\system32\drivers\downld\514390.exe H:\WINDOWS\system32\drivers\downld\519609.exe H:\WINDOWS\system32\drivers\downld\520203.exe H:\WINDOWS\system32\drivers\downld\529359.exe H:\WINDOWS\system32\drivers\downld\535609.exe H:\WINDOWS\system32\drivers\downld\542843.exe H:\WINDOWS\system32\drivers\downld\545953.exe H:\WINDOWS\system32\drivers\downld\554109.exe H:\WINDOWS\system32\drivers\downld\563843.exe H:\WINDOWS\system32\drivers\downld\564265.exe H:\WINDOWS\system32\drivers\downld\569140.exe H:\WINDOWS\system32\drivers\downld\570484.exe H:\WINDOWS\system32\drivers\downld\574750.exe H:\WINDOWS\system32\drivers\downld\576984.exe H:\WINDOWS\system32\drivers\downld\579171.exe H:\WINDOWS\system32\drivers\downld\584218.exe H:\WINDOWS\system32\drivers\downld\592406.exe H:\WINDOWS\system32\drivers\downld\592500.exe H:\WINDOWS\system32\drivers\downld\594046.exe H:\WINDOWS\system32\drivers\downld\595750.exe H:\WINDOWS\system32\drivers\downld\595937.exe H:\WINDOWS\system32\drivers\downld\596968.exe H:\WINDOWS\system32\drivers\downld\66187.exe H:\WINDOWS\system32\drivers\downld\76031.exe H:\WINDOWS\system32\drivers\downld\76171.exe H:\WINDOWS\system32\drivers\downld\79921.exe H:\WINDOWS\system32\drivers\downld\89937.exe H:\WINDOWS\system32\drivers\downld\90671.exe H:\WINDOWS\system32\drivers\downld\92500.exe H:\WINDOWS\system32\drivers\downld\93640.exe H:\WINDOWS\system32\drivers\downld\93828.exe H:\WINDOWS\system32\drivers\downld\94156.exe H:\WINDOWS\system32\drivers\downld\96078.exe H:\WINDOWS\system32\drivers\downld\98875.exe H:\WINDOWS\system32\drivers\hldrrr.exe H:\WINDOWS\system32\drivers\srosa.sys H:\WINDOWS\system32\mdelk.exe H:\WINDOWS\system32\wintems.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_srosa ((((((((((((((((((((((((( Files Created from 2008-08-19 to 2008-09-19 ))))))))))))))))))))))))))))))) . 2008-09-18 19:38 . 2008-09-18 19:44 d-------- H:\WINDOWS\LastGood 2008-09-17 21:33 . 2008-09-17 21:33 d-------- H:\Program Files\CCleaner 2008-09-17 21:06 . 2008-09-17 21:06 d-------- H:\Program Files\AVG 2008-09-17 06:40 . 2008-09-17 21:06 d-------- H:\Documents and Settings\All Users\Application Data\avg8 2008-09-16 19:41 . 2008-09-16 19:41 d-------- H:\Program Files\Reference Assemblies 2008-09-16 19:35 . 2006-06-29 13:07 14,048 --------- H:\WINDOWS\system32\spmsg2.dll 2008-09-16 19:34 . 2008-09-16 19:34 d-------- H:\65441f49f91edf10783a036ba50c 2008-09-16 19:33 . 2005-05-26 15:34 2,297,552 --a------ H:\WINDOWS\system32\d3dx9_26.dll 2008-09-15 06:21 . 2008-09-15 07:04 d-------- H:\Program Files\HandicapMaster 2008-09-13 21:52 . 2008-09-13 21:52 d-------- H:\Documents and Settings\All Users\Application Data\Bass Amp 2008-09-13 21:52 . 2008-09-14 07:26 20 ---h----- H:\Documents and Settings\All Users\Application Data\PKP_DLbw.DAT 2008-09-11 19:24 . 2008-09-11 19:24 d-------- H:\Program Files\iTunes 2008-09-11 19:24 . 2008-09-11 19:24 d-------- H:\Program Files\iPod 2008-09-11 19:24 . 2008-09-11 19:24 d-------- H:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-11 19:22 . 2008-09-11 19:22 d-------- H:\Program Files\Bonjour 2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ H:\WINDOWS\system32\QuickTimeVR.qtx 2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ H:\WINDOWS\system32\QuickTime.qts 2008-09-03 18:01 . 2008-09-03 18:01 410,976 --a------ H:\WINDOWS\system32\deploytk.dll 2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ H:\WINDOWS\system32\dns-sd.exe 2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ H:\WINDOWS\system32\dnssd.dll 2008-08-26 23:33 . 2008-08-26 23:33 d-------- H:\Documents and Settings\Andre White\Application Data\Avant Profiles . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-19 00:18 --------- d-----w H:\Documents and Settings\Andre White\Application Data\Skype 2008-09-18 22:45 --------- d-----w H:\Documents and Settings\Andre White\Application Data\skypePM 2008-09-17 00:13 422,888 --sha-w H:\WINDOWS\system32\drivers\fidbox.idx 2008-09-17 00:13 31,245,344 --sha-w H:\WINDOWS\system32\drivers\fidbox.dat 2008-09-16 23:42 --------- d-----w H:\Program Files\eMule 2008-09-14 11:26 20 ---h--w H:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT 2008-09-14 11:26 20 ---h--w H:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT 2008-09-14 01:52 --------- d-----w H:\Documents and Settings\All Users\Application Data\Ultima_T15 2008-09-14 01:52 --------- d-----w H:\Documents and Settings\All Users\Application Data\EnterNHelp 2008-09-11 23:21 --------- d-----w H:\Program Files\QuickTime 2008-09-11 23:20 --------- d-----w H:\Program Files\Common Files\Apple 2008-09-04 03:38 2,917,376 ----a-w H:\WINDOWS\Internet Logs\xDB1CD.tmp 2008-09-03 22:01 --------- d-----w H:\Program Files\Java 2008-08-27 03:39 --------- d-----w H:\Documents and Settings\Andre White\Application Data\OpenOffice.org2 2008-08-20 10:31 --------- d-----w H:\Program Files\Microsoft Silverlight 2008-08-16 06:05 2,627,072 ----a-w H:\WINDOWS\Internet Logs\xDB17E.tmp 2008-08-13 04:06 --------- d-----w H:\Program Files\Common Files\Adobe 2008-08-13 04:01 --------- d--ha-w H:\Documents and Settings\All Users\Application Data\GTek 2008-08-13 03:56 --------- d-----w H:\Program Files\Linksys EasyLink Advisor 2008-08-13 03:55 --------- d--h--w H:\Documents and Settings\Andre White\Application Data\GTek 2008-08-10 18:45 --------- d-----w H:\Documents and Settings\Andre White\Application Data\Apple Computer 2008-08-10 18:39 2,899,456 ----a-w H:\WINDOWS\Internet Logs\xDB62.tmp 2008-08-10 18:39 2,804,736 ----a-w H:\WINDOWS\Internet Logs\xDB144.tmp 2008-08-10 18:39 --------- d-----w H:\Program Files\Apple Software Update 2008-08-10 18:14 --------- d-----w H:\Program Files\Safari 2008-07-19 02:10 94,920 ----a-w H:\WINDOWS\system32\cdm.dll 2008-07-19 02:10 53,448 ----a-w H:\WINDOWS\system32\wuauclt.exe 2008-07-19 02:09 563,912 ----a-w H:\WINDOWS\system32\wuapi.dll 2008-07-19 02:09 325,832 ----a-w H:\WINDOWS\system32\wucltui.dll 2008-07-19 02:09 205,000 ----a-w H:\WINDOWS\system32\wuweb.dll 2008-07-19 02:09 1,811,656 ----a-w H:\WINDOWS\system32\wuaueng.dll 2008-07-15 01:55 20 ---h--w H:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT 2008-07-09 13:05 75,248 ----a-w H:\WINDOWS\zllsputility.exe 2008-07-09 13:05 1,086,952 ----a-w H:\WINDOWS\system32\zpeng24.dll 2008-06-28 11:22 2,430,396 ----a-w H:\WINDOWS\Internet Logs\tvDebug.zip 2008-06-20 22:50 499,712 ----a-w H:\WINDOWS\system32\msvcp71.dll 2008-06-16 21:28 92,064 ----a-w H:\Documents and Settings\Andre White\mqdmmdm.sys 2008-06-16 21:28 9,232 ----a-w H:\Documents and Settings\Andre White\mqdmmdfl.sys 2008-06-16 21:28 79,328 ----a-w H:\Documents and Settings\Andre White\mqdmserd.sys 2008-06-16 21:28 66,656 ----a-w H:\Documents and Settings\Andre White\mqdmbus.sys 2008-06-16 21:28 6,208 ----a-w H:\Documents and Settings\Andre White\mqdmcmnt.sys 2008-06-16 21:28 5,936 ----a-w H:\Documents and Settings\Andre White\mqdmwhnt.sys 2008-06-16 21:28 4,048 ----a-w H:\Documents and Settings\Andre White\mqdmcr.sys 2008-06-16 21:28 25,600 ----a-w H:\Documents and Settings\Andre White\usbsermptxp.sys 2008-06-16 21:28 22,768 ----a-w H:\Documents and Settings\Andre White\usbsermpt.sys . ((((((((((((((((((((((((((((( snapshot@2008-09-18_19.33.00.15 ))))))))))))))))))))))))))))))))))))))))) . + 2008-09-18 23:29:08 503,808 ----a-w H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ComSvcConfig\373d5acced35e392e1f413a69042340d\ComSvcConfig.ni.exe + 2008-09-18 23:29:17 1,114,112 ----a-w H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\[u]0[/u]19a85babfbe02cecdbb63a65d391aba\Microsoft.Transactions.Bridge.ni.dll + 2008-09-18 23:29:28 401,408 ----a-w H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.Transacti#\cb8d7b6cc6827e9f2d66c4d7ef9b5d54\Microsoft.Transactions.Bridge.Dtc.ni.dll + 2008-09-18 23:29:32 139,264 ----a-w H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\ServiceModelReg\[u]0[/u]bcc4abbe0c5c3feeda7f711304ac4a0\ServiceModelReg.ni.exe + 2008-09-18 23:29:34 286,720 ----a-w H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\5e3765ee346151c26a3793ddf3a8d6d7\SMDiagnostics.ni.dll + 2008-09-18 23:29:38 323,584 ----a-w H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMSvcHost\c6f33f28f5bb403981ac148da447e3c5\SMSvcHost.ni.exe + 2008-09-18 23:28:17 17,354,752 ----a-w H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\7a2bc3302a133e235ec99193c56a0571\System.ServiceModel.ni.dll + 2008-09-18 23:29:41 380,928 ----a-w H:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WsatConfig\[u]0[/u]2436080d129210828823210ce879fd8\WsatConfig.ni.exe + 2007-07-31 00:19:20 92,504 ----a-w H:\WINDOWS\LastGood\system32\cdm.dll + 2007-07-31 00:19:36 549,720 ----a-w H:\WINDOWS\LastGood\system32\wuapi.dll + 2007-07-31 00:19:16 53,080 ----a-w H:\WINDOWS\LastGood\system32\wuauclt.exe + 2007-07-31 00:19:42 1,712,984 ----a-w H:\WINDOWS\LastGood\system32\wuaueng.dll + 2007-07-31 00:19:32 325,976 ----a-w H:\WINDOWS\LastGood\system32\wucltui.dll + 2007-07-31 00:18:40 33,624 ----a-w H:\WINDOWS\LastGood\system32\wups.dll + 2007-07-31 00:19:12 43,352 ----a-w H:\WINDOWS\LastGood\system32\wups2.dll + 2007-07-31 00:19:28 203,096 ----a-w H:\WINDOWS\LastGood\system32\wuweb.dll - 2007-07-31 00:19:20 92,504 -c--a-w H:\WINDOWS\system32\dllcache\cdm.dll + 2008-07-19 02:10:48 94,920 -c--a-w H:\WINDOWS\system32\dllcache\cdm.dll - 2007-07-31 00:19:36 549,720 -c--a-w H:\WINDOWS\system32\dllcache\wuapi.dll + 2008-07-19 02:09:44 563,912 -c--a-w H:\WINDOWS\system32\dllcache\wuapi.dll - 2007-07-31 00:19:16 53,080 -c--a-w H:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-07-19 02:10:42 53,448 -c--a-w H:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-07-31 00:19:42 1,712,984 -c--a-w H:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-19 02:09:42 1,811,656 -c--a-w H:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-07-31 00:19:32 325,976 -c--a-w H:\WINDOWS\system32\dllcache\wucltui.dll + 2008-07-19 02:09:46 325,832 -c--a-w H:\WINDOWS\system32\dllcache\wucltui.dll - 2007-07-31 00:19:28 203,096 -c--a-w H:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-19 02:09:44 205,000 -c--a-w H:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-19 02:10:20 36,552 ----a-w H:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-19 02:10:40 45,768 ----a-w H:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll + 2008-09-18 23:37:32 16,384 ----atw H:\WINDOWS\Temp\Perflib_Perfdata_7c4.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSMSGS"="H:\Program Files\Messenger\msmsgs.exe" [2004-10-13 1694208] "ctfmon.exe"="H:\WINDOWS\system32\ctfmon.exe" [2006-02-28 15360] "NBJ"="H:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984] "Skype"="H:\Program Files\Skype\Phone\Skype.exe" [2008-05-30 21718312] "Yahoo! Pager"="H:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 4670704] "EasyLinkAdvisor"="H:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 454784] "Google Update"="H:\Documents and Settings\Andre White\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-02 133104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP Software Update"="H:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [BU] "Acrobat Assistant 7.0"="H:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "Adobe Photo Downloader"="H:\Program Files\Adobe\Adobe Photoshop Lightroom 1.3\apdproxy.exe" [2007-11-05 61440] "MBM 5"="H:\Program Files\Motherboard Monitor 5\MBM5.EXE" [2004-06-12 594944] "SunJavaUpdateSched"="H:\Program Files\Java\jre6\bin\jusched.exe" [2008-09-03 144792] "NeroFilterCheck"="H:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648] "TkBellExe"="H:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-20 185896] "QuickTime Task"="H:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AppleSyncNotifier"="H:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936] "iTunesHelper"="H:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576] "ZoneAlarm Client"="H:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-09-18 919016] "C-Media Mixer"="Mixer.exe" [2002-07-12 H:\WINDOWS\mixer.exe] "nForce Tray Options"="sstray.exe" [2003-08-13 H:\WINDOWS\system32\sstray.exe] H:\Documents and Settings\Andre White\Start Menu\Programs\Startup\ Adobe Gamma.lnk - H:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] H:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - H:\WINDOWS\Installer\{AC76BA86-1033-F400-7760-000000000002}\SC_Acrobat.exe [2008-03-28 25214] HP Digital Imaging Monitor.lnk - H:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 288472] Microsoft Office.lnk - H:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "H:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "H:\\Program Files\\Bonjour\\mDNSResponder.exe"= "H:\\Program Files\\iTunes\\iTunes.exe"= "H:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "H:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "H:\\Program Files\\Skype\\Phone\\Skype.exe"= R2 JavaQuickStarterService;Java Quick Starter;H:\Program Files\Java\jre6\bin\jqs.exe [2008-09-03 147456] R2 UxTuneUp;TuneUp Theme Extension;H:\WINDOWS\System32\svchost.exe [2006-02-28 14336] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;H:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-25 354560] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9250147e-fd31-11dc-891e-00409507b599}] \Shell\AutoRun\command - J:\setupSNK.exe . Contents of the 'Scheduled Tasks' folder . . ------- Supplementary Scan ------- . FireFox -: Profile - H:\Documents and Settings\Andre White\Application Data\Mozilla\Firefox\Profiles\e48lwnzs.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - www.msnbc.com FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll FF -: plugin - C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll FF -: plugin - H:\Documents and Settings\Andre White\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll FF -: plugin - H:\Program Files\Adobe\Acrobat 7.0\Acrobat\browser\nppdf32.dll FF -: plugin - H:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - H:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll FF -: plugin - H:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll FF -: plugin - h:\Program Files\Microsoft Silverlight\2.0.30523.8\npctrl.dll FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll FF -: plugin - H:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll FF -: plugin - H:\Program Files\Yahoo!\Shared\npYState.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-18 20:18:59 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-09-18 20:32:16 ComboFix-quarantined-files.txt 2008-09-19 00:31:53 Pre-Run: 42,799,366,144 bytes free Post-Run: 42,671,636,480 bytes free 435 --- E O F --- 2008-05-28 11:09:19