ComboFix 09-07-14.08 - Owner 18/07/2009 13:51.1.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.247.114 [GMT 0:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users.\documents\settings c:\recycler\S-1-5-21-3900787112-985568456-1564013102-1003 c:\recycler\S-1-5-21-694538670-139600038-1196398672-1003 c:\windows\Downloaded Program Files\RdxIE.dll c:\windows\Installer\110ee.msi c:\windows\Installer\13c81.msi c:\windows\Installer\18482.msi c:\windows\Installer\18488.msi c:\windows\Installer\1848e.msi c:\windows\Installer\18494.msi c:\windows\Installer\1ee39f.msi c:\windows\Installer\2542a.msi c:\windows\Installer\25437.msi c:\windows\Installer\592039a.msi c:\windows\Installer\6b88d5.msi c:\windows\Installer\6b88e1.msi c:\windows\Installer\6b88f1.msp c:\windows\Installer\6b88f8.msi c:\windows\Installer\a91a580.msi c:\windows\Installer\afea5b2.msi c:\windows\Installer\c09fb.msi c:\windows\Installer\dca4b.msi c:\windows\Installer\dca5f.msi c:\windows\Installer\dca68.msi c:\windows\Installer\dca6e.msi c:\windows\Installer\dca74.msi c:\windows\Installer\dca7a.msi c:\windows\Installer\dca80.msi c:\windows\Installer\dca9a.msi c:\windows\Installer\f89f3.msi c:\windows\system32\drivers\beep.sys c:\windows\system32\drivers\null.sys c:\windows\system32\mdm.exe c:\windows\system32\tmp.reg D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_6TO4 -------\Legacy_BROWSERUPS -------\Legacy_CRYPTSVCWUAUSERV -------\Legacy_DHCPRDSESSMGR -------\Legacy_MSISERVERRDSESSMGR -------\Legacy_WINDOWS_MANAGEMENT_SERVICE -------\Service_6to4 -------\Service_BrowserUPS -------\Service_CryptSvcwuauserv -------\Service_DhcpRDSessMgr -------\Service_MSIServerRDSessMgr ((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 ))))))))))))))))))))))))))))))) . 2009-07-18 13:57 . 2009-07-18 13:57 90624 ----a-w- c:\windows\system32\_trkwks.dll_.vir 2009-07-18 12:59 . 2004-08-04 07:56 616960 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\_entreelist.dll 2009-07-15 19:48 . 2009-07-15 19:55 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-15 19:48 . 2009-07-15 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-15 19:45 . 2009-07-15 19:45 -------- d-----w- c:\program files\CleanUp! 2009-07-14 23:02 . 2009-07-14 23:02 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2009-07-14 23:02 . 2009-07-13 13:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-14 23:02 . 2009-07-14 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-07-14 23:02 . 2009-07-13 13:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-14 23:02 . 2009-07-14 23:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-13 10:12 . 2009-07-13 10:12 20480 --sha-w- c:\windows\system32\A83u.dll 2009-07-11 14:23 . 2009-07-11 14:23 -------- d-----w- c:\documents and settings\Owner\.housecall6.6 2009-07-11 14:15 . 2009-07-11 14:15 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-07-10 16:12 . 2009-07-10 16:12 46080 ----a-w- c:\windows\system32\spnmld.dll 2009-07-03 16:54 . 2009-07-03 16:54 20480 --sha-w- c:\windows\system32\1042d.dll 2009-07-03 16:52 . 2009-07-14 14:12 88 --s-a-w- c:\windows\system32\1240232250.dat 2009-07-03 16:50 . 2004-08-04 07:56 82944 -c--a-w- c:\windows\system32\dllcache\ws2_32.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-18 14:06 . 2005-03-17 10:33 -------- d-----w- c:\program files\Microsoft AntiSpyware 2009-07-18 13:25 . 2009-07-18 12:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan 2009-07-18 08:04 . 2004-07-03 15:45 38066 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat 2009-07-14 21:26 . 2004-07-18 16:03 -------- d-----w- c:\program files\MSN Messenger 2009-07-14 21:22 . 2009-01-02 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Downloaded Installations 2009-07-14 21:19 . 2004-01-01 10:35 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-14 21:18 . 2005-04-21 17:36 -------- d-----w- c:\program files\iPod 2009-07-14 21:10 . 2007-12-11 18:46 -------- d-----w- c:\program files\Windows Media Connect 2 2009-07-11 14:16 . 2004-01-01 09:24 -------- d-----w- c:\program files\Java 2009-07-10 16:12 . 2008-08-13 20:12 -------- d-----w- c:\documents and settings\Owner\Application Data\FrostWire 2009-07-08 22:00 . 2006-05-14 11:11 -------- d-----w- c:\program files\Google 2009-06-15 16:09 . 2004-07-03 15:44 -------- d-----w- c:\documents and settings\Owner\Application Data\AdobeUM 2009-06-07 17:45 . 2008-04-06 17:10 -------- d-----w- c:\documents and settings\Owner\Application Data\ZoomBrowser EX 2009-05-27 15:42 . 2009-05-27 15:42 152576 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-21 11:33 . 2009-05-27 15:44 410984 ----a-w- c:\windows\system32\deploytk.dll 1999-03-22 01:00 . 1999-03-22 01:00 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL 1999-03-22 01:00 . 1999-03-22 01:00 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL 1999-03-22 01:00 . 1999-03-22 01:00 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL 1999-03-22 01:00 . 1999-03-22 01:00 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL 1999-03-22 01:00 . 1999-03-22 01:00 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL 1999-03-22 01:00 . 1999-03-22 01:00 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL 2008-02-02 10:27 . 2008-03-21 20:59 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll 2008-02-02 10:27 . 2008-03-21 20:59 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll 2008-02-02 10:27 . 2008-03-21 20:59 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll 2008-02-02 10:27 . 2008-03-21 20:59 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll 2008-02-02 10:27 . 2008-03-21 20:59 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll 2005-01-24 19:19 . 2005-01-24 19:19 0 -csha-w- c:\windows\crxu32.exe 2005-01-12 11:39 . 2005-01-12 11:39 0 -csha-w- c:\windows\vgpnh.dll 2004-08-04 07:56 . 2004-02-24 20:35 165635 --sha-r- c:\windows\system32\qgqtdq.dll . ------- Sigcheck ------- [-] 2003-09-23 19:40 12800 0F7D9C87B0CE1FA520473119752C6F79 c:\windows\$NtServicePackUninstall$\svchost.exe [-] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\ServicePackFiles\i386\svchost.exe [-] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe [-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll [-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll [-] 2005-03-02 18:20 561152 74202EB1BD67E8BE9509E38C8D2234B0 c:\windows\$NtServicePackUninstall$\user32.dll [-] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll [-] 2003-09-25 23:49 560128 32173306185F603E75C477E117F3BB8D c:\windows\$NtUninstallKB890859_0$\user32.dll [-] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\ServicePackFiles\i386\user32.dll [-] 2004-12-29 01:31 574464 0706E1CD6B89800781DB038F4B3F5654 c:\windows\SoftwareDistribution\Download\8a4341850daecfe5fcade73622025bbf\sp1qfe\user32.dll [-] 2004-06-17 17:58 560128 31FB2D788A9AA618452C02E8375B6DCD c:\windows\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\user32.dll [-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\system32\user32.dll [-] 2003-09-24 03:18 75264 8529C295DF59B564D37A73B5629162B1 c:\windows\$NtServicePackUninstall$\ws2_32.dll [-] 2004-08-04 07:56 82944 D710CE7D2ED7EC4328EE3EB084ED0629 c:\windows\ServicePackFiles\i386\ws2_32.dll [-] 2004-08-04 07:56 82944 D710CE7D2ED7EC4328EE3EB084ED0629 c:\windows\system32\ws2_32.dll [-] 2004-08-04 07:56 82944 D710CE7D2ED7EC4328EE3EB084ED0629 c:\windows\system32\dllcache\ws2_32.dll [-] 2006-04-28 10:58 575488 3D5062A7667913B9B515CC5769E9FB31 c:\windows\$NtServicePackUninstall$\wininet.dll [-] 2004-01-21 15:16 588288 96E9CBB9F5B7FACA709D87F49183AE5F c:\windows\$NtUninstallKB916281-IE6SP1-20060526.162249$\wininet.dll [-] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie7\wininet.dll [-] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ServicePackFiles\i386\wininet.dll [-] 2006-10-27 15:09 818688 7CF0B0D5D9D47585853E2A6978441F64 c:\windows\system32\wininet.dll [-] 2006-10-27 15:09 818688 7CF0B0D5D9D47585853E2A6978441F64 c:\windows\system32\dllcache\wininet.dll [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys [-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys [-] 2006-04-20 11:38 340480 B8158E2A6112C0A5CA67BC158FC70218 c:\windows\$NtServicePackUninstall$\tcpip.sys [-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys [-] 2003-09-23 20:18 332928 244A2F9816BC9B593957281EF577D976 c:\windows\$NtUninstallKB917953_0$\tcpip.sys [-] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\ServicePackFiles\i386\tcpip.sys [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\system32\dllcache\tcpip.sys [-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\system32\drivers\tcpip.sys [-] 2003-09-23 19:45 516608 2246D8D8F4714A2CEDB21AB9B1849ABB c:\windows\$NtServicePackUninstall$\winlogon.exe [-] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2004-05-27 01:38 483328 E7F9D2E4E4A94A6F58014E5FFA16A65E c:\windows\SoftwareDistribution\Download\cb54485933aa009855d78885e4c31c64\sp1qfe\winlogon.exe [-] 2004-05-27 01:38 483328 E7F9D2E4E4A94A6F58014E5FFA16A65E c:\windows\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\winlogon.exe [-] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe [-] 2003-03-06 17:30 162432 09B38768036508B51564201AFB000950 c:\windows\$NtServicePackUninstall$\ndis.sys [-] 2003-09-23 20:03 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtUninstallQ815485$\ndis.sys [-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\ServicePackFiles\i386\ndis.sys [-] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\ServicePackFiles\i386\ip6fw.sys [-] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys [-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$hf_mig$\KB890859\SP2GDR\ntkrnlpa.exe [-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe [-] 2005-03-02 00:36 1955840 62C353C0449FD961EF7814973FC2FD30 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe [-] 2003-04-24 22:57 1949440 46AE6F2D416C39FFDCFC8BCB01203EA3 c:\windows\$NtUninstallKB885835_0$\ntkrnlpa.exe [-] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe [-] 2004-10-22 07:29 1955840 EFA7883018F42295D927121808AE6CEE c:\windows\$NtUninstallKB890859_0$\ntkrnlpa.exe [-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\Driver Cache\i386\ntkrnlpa.exe [-] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2004-10-22 07:29 1955840 EFA7883018F42295D927121808AE6CEE c:\windows\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\sp1qfe\ntkrnlpa.exe [-] 2004-06-17 08:03 1954688 ED0D7A5F1138CCFD3ECAF8F6AC691F13 c:\windows\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\ntkrnlpa.exe [-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\system32\ntkrnlpa.exe [-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$hf_mig$\KB890859\SP2GDR\ntoskrnl.exe [-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe [-] 2005-03-02 01:33 2040832 A15A2EE0BE2F71FC1752A05660B8EBDC c:\windows\$NtServicePackUninstall$\ntoskrnl.exe [-] 2003-04-24 22:57 1925760 97EC4AB4650DA6FC521CF16F8A6DDCB0 c:\windows\$NtUninstallKB885835_0$\ntoskrnl.exe [-] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe [-] 2004-10-22 08:33 2088448 5A7EB0C9F96917B7ECF5ADF70C4B1BAE c:\windows\$NtUninstallKB890859_0$\ntoskrnl.exe [-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\Driver Cache\i386\ntoskrnl.exe [-] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2004-10-22 08:33 2088448 5A7EB0C9F96917B7ECF5ADF70C4B1BAE c:\windows\SoftwareDistribution\Download\c9057d3faf4a326a2fefff7bde9fec31\sp1qfe\ntoskrnl.exe [-] 2004-06-17 17:22 2051584 F240DC474F8EDB2D95514D831DF069E5 c:\windows\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\ntoskrnl.exe [-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\system32\ntoskrnl.exe [-] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\explorer.exe [-] 2003-09-23 19:32 1004032 A82B28BFC2E4455FE43022A498C0EF0A c:\windows\$NtServicePackUninstall$\explorer.exe [-] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\ServicePackFiles\i386\explorer.exe [-] 2003-09-24 02:43 101376 E3DF4A0252D287C44606EE55355E1623 c:\windows\$NtServicePackUninstall$\services.exe [-] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\ServicePackFiles\i386\services.exe [-] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe [-] 2003-09-23 19:31 11776 B2B6BA905D0E3F8A32A0EB3B4051807B c:\windows\$NtServicePackUninstall$\lsass.exe [-] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\ServicePackFiles\i386\lsass.exe [-] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe [-] 2003-09-23 19:54 13312 414DE7CF9D3F19C3EA902F1BB38EC116 c:\windows\$NtServicePackUninstall$\ctfmon.exe [-] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe [-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe [-] 2005-06-10 23:55 53248 6B4BF97957A0B8795811975D4BF1ACFE c:\windows\$NtServicePackUninstall$\spoolsv.exe [-] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe [-] 2003-09-24 03:19 51200 9B4155BA58192D4073082B8FC5D42612 c:\windows\$NtUninstallKB896423_0$\spoolsv.exe [-] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\ServicePackFiles\i386\spoolsv.exe [-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe [-] 2003-09-23 19:45 22016 E931E0A2B8BF0019DB902E98D03662CB c:\windows\$NtServicePackUninstall$\userinit.exe [-] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\ServicePackFiles\i386\userinit.exe [-] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe [-] 2003-09-23 20:26 200192 FE84E045A09A4ABC4DEEF7270448B64E c:\windows\$NtServicePackUninstall$\termsrv.dll [-] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\ServicePackFiles\i386\termsrv.dll [-] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll [-] 2003-09-24 00:32 930304 8F162DC91D67D87C1A481BF602A9DAC8 c:\windows\$NtServicePackUninstall$\kernel32.dll [-] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\ServicePackFiles\i386\kernel32.dll [-] 2004-06-17 17:58 930816 FCA73DE7B988A2F7837FFBFFCFBED088 c:\windows\SoftwareDistribution\Download\cf113cf67754a276d1983478748b20da\sp1qfe\kernel32.dll [-] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\system32\kernel32.dll [-] 2003-09-23 20:18 14848 865AD7CCB20856727D5BD994B094DC5E c:\windows\$NtServicePackUninstall$\powrprof.dll [-] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\ServicePackFiles\i386\powrprof.dll [-] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll [-] 2003-09-23 20:29 103936 C9F9E3E6B59C6D6CBCE7F14494A4518A c:\windows\$NtServicePackUninstall$\imm32.dll [-] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\ServicePackFiles\i386\imm32.dll [-] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll [-] 2003-09-24 05:30 1157632 2564949DBE5F643F50913BBE45D346E2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll [-] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\ServicePackFiles\i386\sfcfiles.dll [-] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll [-] 2002-08-29 01:27 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\$NtServicePackUninstall$\kbdclass.sys [-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\ServicePackFiles\i386\kbdclass.sys [-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys [-] 2002-08-29 01:27 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0009\DriverFiles\i386\kbdclass.sys [-] 2003-09-23 19:53 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\kbdclass.sys [-] 2003-09-23 19:53 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0011\DriverFiles\i386\kbdclass.sys [-] 2003-09-23 19:53 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0012\DriverFiles\i386\kbdclass.sys [-] 2003-09-23 19:53 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0013\DriverFiles\i386\kbdclass.sys [-] 2003-09-23 19:53 23424 1E7F78C2FC393356CD884C6FDE7966F9 c:\windows\system32\ReinstallBackups\0014\DriverFiles\i386\kbdclass.sys [-] 2003-09-24 07:16 792064 1F51839ECCF908FD86558198909262E4 c:\windows\$NtServicePackUninstall$\comres.dll [-] 2004-08-04 07:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\ServicePackFiles\i386\comres.dll [-] 2004-08-04 07:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll [-] 2003-09-23 19:31 18944 55990CA08692E2739A8DDCE0B04352AC c:\windows\$NtServicePackUninstall$\lpk.dll [-] 2004-08-04 07:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\ServicePackFiles\i386\lpk.dll [-] 2004-08-04 07:56 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll [-] 2003-09-24 05:32 4224 DA1F27D85E0D1525F6621372E7B685E9 c:\windows\system32\dllcache\beep.sys [-] 2003-09-24 00:25 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\dllcache\null.sys [-] 2003-09-24 09:29 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\system32\mfc40u.dll [-] 2003-09-24 09:29 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\system32\dllcache\mfc40u.dll [-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\$hf_mig$\KB902400\SP2GDR\rpcss.dll [-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll [-] 2005-07-26 04:31 276992 0D903904A1CDDAA2AE29F48176C683D4 c:\windows\$NtServicePackUninstall$\rpcss.dll [-] 2003-08-26 01:53 260608 7A6F20EEAC4B2168451878AF9054396F c:\windows\$NtUninstallKB828741$\rpcss.dll [-] 2004-08-04 07:56 395776 5C83A4408604F737717AB96371201680 c:\windows\$NtUninstallKB902400$\rpcss.dll [-] 2003-08-26 01:53 260608 7A6F20EEAC4B2168451878AF9054396F c:\windows\$NtUninstallKB902400_0$\rpcss.dll [-] 2003-09-23 19:46 202752 D3553AA5CA7CDD9BB01D72374A7069D7 c:\windows\I386\rpcss.dll [-] 2004-08-04 07:56 395776 5C83A4408604F737717AB96371201680 c:\windows\ServicePackFiles\i386\rpcss.dll [-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\system32\rpcss.dll [-] 2003-10-22 06:06 32256 41C5F3B926942EBDD35C6BF4154FE5F8 c:\windows\$NtServicePackUninstall$\msgsvc.dll [-] 2004-08-04 07:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\ServicePackFiles\i386\msgsvc.dll [-] 2004-08-04 07:56 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll [-] 2003-09-24 05:32 557056 0B5D337119929505EE72D4E4A41ED1FD c:\windows\$NtServicePackUninstall$\comctl32.dll [-] 2003-11-02 20:34 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\I386\ASMS\6000\MSFT\WINDOWS\COMMON\CONTROLS\COMCTL32.DLL [-] 2004-08-04 07:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2004-08-20 15:01 921600 FC13804088C77CCA6B6C9B26BA5BDECB c:\windows\SoftwareDistribution\Download\95cf6eb04c28d6c2d66103e61d5c5b6d\sp1qfe\asms\60\msft\windows\common\controls\comctl32.dll [-] 2004-08-04 07:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\system32\comctl32.dll [-] 2003-11-03 03:34 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2003-09-24 13:07 921600 76B90BD220F1B1CC9E183C6B1AE9FBB4 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll [-] 2005-08-31 18:49 925184 A93B7C3B08B9AC15B4DCDC96A50E4C2C c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1740_x-ww_7cb8ab44\comctl32.dll [-] 2006-03-17 05:04 925184 551E967F1E08EE6E205FCB5ADCB0DFC5 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.1816_x-ww_7d33ba0e\comctl32.dll [-] 2004-08-04 07:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll [-] 2003-09-24 05:32 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys [-] 2003-09-24 05:30 4096 52BB2A508CB3EB8AAA5F6F142F5B73D6 c:\windows\$NtServicePackUninstall$\sfc.dll [-] 2004-08-04 07:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\ServicePackFiles\i386\sfc.dll [-] 2004-08-04 07:56 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acme.PCHButton"="c:\progra~1\HPPAVI~1\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe" [2004-01-01 155648] "Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-08 1923352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-11-18 118784] "HPHUPD05"="c:\program files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152] "HPHmon05"="c:\windows\System32\hphmon05.exe" [2003-08-21 483328] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "gcasServ"="c:\program files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-10 473920] "basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2003-11-03 221184] "PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888] "AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344] c:\windows\system32\config\systemprofile\Start Menu\Programs\Startup\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Administrator.HOME\Start Menu\Programs\Startup\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Default User\Start Menu\Programs\Startup\ AutoTBar.exe [2003-9-30 57344] c:\documents and settings\Owner\Start Menu\Programs\Startup\ wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2003-4-16 24651] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-1-10 113664] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-3-22 65588] Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1999-3-22 45568] [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf f:\program files\iolo\System Mechanic Professional 6\ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmadmin] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmboot.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmio.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmload.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dmserver] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SRService] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\program files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 "c:\\Program Files\\MSN Messenger\\livecall.exe"= c:\program files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List] "139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "DoNotAllowExceptions"= 0 (0x0) "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "c:\\Program Files\\Global Star Software\\Friday Night 3D Darts\\GsDarts.exe"= c:\program files\Global Star Software\Friday Night 3D Darts\GsDarts.exe:*:Enabled:GsDarts "c:\\WINDOWS\\neos.exe"= c:\windows\neos.exe:*:Enabled:enable "c:\\Program Files\\iTunes\\iTunes.exe"= c:\program files\iTunes\iTunes.exe:*:Enabled:iTunes "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= c:\program files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer "c:\\WINDOWS\\system32\\sessmgr.exe"= c:\windows\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019 "c:\\Program Files\\MSN Messenger\\livecall.exe"= c:\program files\MSN Messenger\livecall.exe:*:Disabled:Windows Live Messenger 8.1 (Phone) "c:\\Documents and Settings\\All Users\\Documents\\Gav2\\FrostWire\\FrostWire.exe"= c:\documents and settings\All Users\Documents\Gav2\FrostWire\FrostWire.exe:*:Enabled:FrostWire "c:\\WINDOWS\\system32\\alt.exe.exe"= c:\windows\system32\alt.exe.exe:*:Enabled:alt.exe "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= c:\program files\AVG\AVG8\avgemc.exe:*:Disabled:avgemc.exe "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= c:\program files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List] "139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 "1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007 "2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008 "3389:TCP"= 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 "6346:TCP"= 6346:TCP:*:Enabled:frost "6346:UDP"= 6346:UDP:*:Enabled:froot "4495:TCP"= 4495:TCP:*:Enabled:ohzqwff [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) S2 Ca533av;Icatch(IV) Video Camera Device;c:\windows\system32\drivers\Ca533av.sys [30/06/2006 12:43 515803] S2 galmu;ocwjdinen;c:\windows\system32\svchost.exe -k netsvcs [24/02/2004 20:37 14336] S2 XTSWZZCG;XTSWZZCG;\??\c:\windows\system32\xtswzzcg.adz --> c:\windows\system32\xtswzzcg.adz [?] S2 yesedir;Center Image;c:\windows\system32\svchost.exe -k netsvcs [24/02/2004 20:37 14336] S3 USBCamera;Icatch(IV) Still Camera Device;c:\windows\system32\drivers\Bulk533.sys [30/06/2006 12:43 10986] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HTTPFilter REG_MULTI_SZ HTTPFilter DcomLaunch REG_MULTI_SZ DcomLaunch TermService p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc WudfServiceGroup REG_MULTI_SZ WUDFSvc HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs CryptSvc DMServer DHCP ERSvc EventSystem HidServ LanmanWorkstation Messenger Netman TrkWks W32Time WZCSVC WmdmPmSN xmlprov wscsvc yesedir galmu HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService Alerter LmHosts . Contents of the 'Scheduled Tasks' folder 2009-07-09 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2005-02-06 c:\windows\Tasks\Symantec NetDetect.job - c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2004-01-01 00:17] . - - - - ORPHANS REMOVED - - - - HKCU-Run-BackupNotify - c:\program files\HP\Digital Imaging\bin\backupnotify.exe HKLM-Run-KBD - c:\hp\KBD\KBD.EXE HKLM-Run-dmsqe.exe - c:\windows\system32\dmsqe.exe HKLM-Run-lphc797j0evcc - c:\windows\system32\lphc797j0evcc.exe HKLM-Run-AutoTBar - AUTOTBAR.EXE HKLM-Run-VTTimer - VTTimer.exe HKLM-Run-SVCHOSÒ.EXE - SVCHOSÒ.EXE HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.yahoo.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 DPF: {BA3BAF69-72B1-4BCE-BE96-A4D304EAFBB4} - hxxp://assets.photobox.com/assets/aurigma/ImageUploader4.cab?20080724113114 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\b0hramxf.default\ FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-18 14:09 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}] @Denied: (A 2) (Everyone) @="FlashProp Class" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{1171A62F-05D2-11D1-83FC-00A0C9089C5A}\InprocServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9b.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{8D8763AB-E93B-4812-964E-F04E0008FD50}\Version] @Denied: (A) (Everyone) @="{8D8763AB-E93B-4812-964E-F04E0008FD50}" "GlobalState"=hex:4c,79,48,39,30,e4,b9,f0,f9,75,f2,b1,78,79,2b,fa,37,ac,1c,b9 "RevocationList"=hex:37,6b,6f,d1,86,7c,7a,d0,98,76,a4,4b,07,68,ce,44,78,bb,31, d4 "{EDB9185F-C6C3-43AD-8274-1CBFBA5D83C3}"=hex:c9,dc,d3,4e,0e,ba,ce,58,07,23,36, ae,04,e8,47,68,6c,99,31,0c [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.9" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9f.ocx, 1" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9f.ocx" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\Flash9f.ocx, 1" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil9f.exe" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}] @Denied: (A 2) (Everyone) @="IFlashBroker" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" [HKEY_LOCAL_MACHINE\softwareSoftware\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(4080) c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft AntiSpyware\gcasDtServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\snmp.exe . ************************************************************************** . Completion time: 2009-07-18 14:20 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-18 14:20 Pre-Run: 31,547,219,968 bytes free Post-Run: 31,417,630,720 bytes free 512