ComboFix 08-03-30.3 - localadmin 2008-03-31 14:04:48.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.699 [GMT -6:00]
Running from: C:\Documents and Settings\localadmin\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\localadmin\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\SETB5.tmp
C:\WINDOWS\SETC4.tmp
C:\WINDOWS\SETDA.tmp
C:\WINDOWS\system32\Drivers\pssdk41.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\winsusrm.dll
C:\WINDOWS\system32\winsusrx.dll
.
---- Previous Run -------
.
C:\WINDOWS\SETB5.tmp
C:\WINDOWS\SETC4.tmp
C:\WINDOWS\SETDA.tmp
C:\WINDOWS\system32\Drivers\pssdk41.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PSSDK41
-------\Service_PsSdk41
((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.
2008-03-31 21:14 . 2008-03-31 21:21 28 --a------ C:\WINDOWS\ODBC.INI
2008-03-31 21:12 . 2008-03-31 21:12 <DIR> d-------- C:\WINDOWS\5350-8641-2429-7641-5705
2008-03-31 21:12 . 2008-03-31 21:12 <DIR> d-------- C:\Program Files\eEye Digital Security
2008-03-31 21:12 . 2008-03-31 21:12 <DIR> d-------- C:\Program Files\Common Files\eEye Digital Security
2008-03-31 21:03 . 2008-03-31 21:03 8 --a------ C:\WINDOWS\system32\ptl.dat.{F9EC52FA-7EC9-4CB0-AC04-73ECCDD900F5}
2008-03-31 13:49 . 2008-03-31 13:49 <DIR> d-------- C:\Documents and Settings\localadmin\Shared
2008-03-31 13:49 . 2008-03-31 13:49 <DIR> d-------- C:\Documents and Settings\localadmin\Incomplete
2008-03-31 13:30 . 2008-03-31 13:49 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\FrostWire
2008-03-31 13:29 . 2008-03-31 13:30 <DIR> d-------- C:\Program Files\FrostWire
2008-03-31 13:29 . 2008-03-31 13:29 <DIR> d-------- C:\Program Files\AskSBar
2008-03-31 11:48 . 2008-03-31 11:49 <DIR> d-------- C:\Program Files\Chinese Symbol Studio
2008-03-31 11:48 . 2008-03-31 11:48 <DIR> d-------- C:\Documents and Settings\localadmin\CSB
2008-03-31 11:11 . 2008-03-31 11:11 34 --a------ C:\WINDOWS\system32\BD7220.DAT
2008-03-31 10:31 . 2008-03-31 10:31 <DIR> d-------- C:\Program Files\SourceTec
2008-03-31 10:31 . 2008-03-31 10:31 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-03-30 21:19 . 2008-03-30 21:19 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-30 21:19 . 2008-03-30 21:19 <DIR> d-------- C:\Program Files\CGN
2008-03-28 10:53 . 2008-03-28 10:53 <DIR> d-------- C:\Program Files\vixy.net
2008-03-28 07:47 . 2008-03-28 07:51 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\U3
2008-03-28 06:44 . 2008-03-31 11:11 410 --a------ C:\WINDOWS\BRWMARK.INI
2008-03-27 09:34 . 2008-03-27 09:34 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-26 22:51 . 2008-03-26 22:51 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-03-26 20:10 . 2005-12-13 17:40 135,168 --a------ C:\WINDOWS\system32\igfxres.dll
2008-03-26 19:59 . 2004-08-04 04:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-03-26 19:58 . 2004-08-04 04:00 10,096,640 --a--c--- C:\WINDOWS\system32\dllcache\hwxcht.dll
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-03-26 19:54 . 2008-03-26 19:54 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-03-26 19:54 . 2008-03-26 19:54 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-03-26 19:53 . 2004-08-04 04:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-03-26 19:38 . 2004-08-04 04:00 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2008-03-26 19:38 . 2004-08-04 04:00 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2008-03-26 19:38 . 2004-08-04 04:00 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2008-03-26 19:38 . 2004-08-04 04:00 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2008-03-26 13:25 . 2008-03-31 21:15 1,063,743,488 --a------ C:\WINDOWS\MEMORY.DMP
2008-03-25 16:41 . 2008-03-25 16:41 <DIR> d-------- C:\WINDOWS\EHome
2008-03-25 15:57 . 2008-03-26 20:15 <DIR> d-------- C:\Program Files\Unlocker
2008-03-25 01:35 . 2008-03-25 01:35 <DIR> d-------- C:\WINDOWS\system32\bits
2008-03-25 01:30 . 2004-08-04 04:00 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-03-25 01:30 . 2004-08-04 04:00 18,944 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-03-25 01:24 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-03-25 01:24 . 2007-07-30 19:19 216,408 --a--c--- C:\WINDOWS\system32\dllcache\wuaucpl.cpl
2008-03-25 00:58 . 2008-03-25 00:58 299,552 --a------ C:\WINDOWS\WMSysPrx.prx
2008-03-25 00:58 . 2008-03-25 01:13 25,065 --a------ C:\WINDOWS\system32\wmpscheme.xml
2008-03-25 00:58 . 2008-03-25 00:58 0 --a------ C:\WINDOWS\control.ini
2008-03-25 00:54 . 2004-08-04 04:00 3,555,328 --a--c--- C:\WINDOWS\system32\dllcache\moviemk.exe
2008-03-25 00:52 . 2007-07-30 19:19 1,712,984 --a------ C:\WINDOWS\system32\wuaueng.dll
2008-03-25 00:50 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-03-25 00:50 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-03-25 00:20 . 2004-08-03 22:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-03-25 00:17 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-03-25 00:17 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-03-25 00:15 . 2004-08-04 01:01 40,840 --a------ C:\WINDOWS\system32\drivers\termdd.sys
2008-03-25 00:14 . 2004-08-04 04:00 741,376 --a--c--- C:\WINDOWS\system32\dllcache\sapi.dll
2008-03-25 00:14 . 2004-08-04 04:00 155,648 --a--c--- C:\WINDOWS\system32\dllcache\sapi.cpl
2008-03-25 00:13 . 2004-08-04 04:00 146,432 --a------ C:\WINDOWS\system\WINSPOOL.DRV
2008-03-25 00:13 . 2004-08-04 00:56 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2008-03-25 00:13 . 2004-08-04 04:00 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2008-03-25 00:13 . 2004-08-04 04:00 11,264 --a--c--- C:\WINDOWS\system32\dllcache\irenum.sys
2008-03-24 21:21 . 2008-03-24 21:26 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\gtk-2.0
2008-03-24 21:20 . 2008-03-24 22:31 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\.purple
2008-03-24 21:17 . 2008-03-28 12:42 135,168 --a------ C:\WINDOWS\system32\MSCOMCT2.oca
2008-03-24 21:17 . 2008-03-28 12:42 76,288 --a------ C:\WINDOWS\system32\Msflxgrd.oca
2008-03-24 21:16 . 2008-03-24 21:16 <DIR> d-------- C:\Program Files\Common Files\GTK
2008-03-24 21:14 . 2008-03-24 21:14 27,702 --a------ C:\YimDPImage.bmp
2008-03-24 21:02 . 2008-03-27 11:14 265,728 --a------ C:\WINDOWS\system32\MSCOMCTL.oca
2008-03-24 17:22 . 2008-03-24 17:22 <DIR> d-------- C:\Program Files\BreakPoint Software
2008-03-24 17:15 . 2008-03-24 18:26 <DIR> d-------- C:\Program Files\XAimer
2008-03-24 17:15 . 2004-12-06 06:10 192,512 --a------ C:\WINDOWS\system32\ssresources.dll
2008-03-24 17:15 . 2006-05-08 19:59 49,152 --a------ C:\WINDOWS\system32\AIMDL.exe
2008-03-24 17:15 . 2008-03-24 17:27 20,481 --a------ C:\WINDOWS\system32\SystemsHook.dll
2008-03-24 17:01 . 2008-03-24 17:01 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-23 16:05 . 2008-03-23 16:05 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-03-23 16:04 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-23 16:03 . 2004-09-29 11:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-03-23 16:03 . 2004-09-29 11:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-03-23 16:03 . 2004-09-29 11:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-03-23 16:03 . 2004-09-29 11:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-03-23 16:03 . 2004-09-29 11:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-03-23 16:03 . 2004-09-29 11:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-03-23 16:01 . 2008-03-23 16:03 <DIR> d-------- C:\Program Files\HP
2008-03-23 16:00 . 2008-03-23 16:06 102,262 --a------ C:\WINDOWS\hpoins05.dat
2008-03-23 16:00 . 2005-12-16 23:56 51,120 --a------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-03-23 16:00 . 2005-12-16 23:56 21,744 --a------ C:\WINDOWS\system32\drivers\HPZius12.sys
2008-03-23 16:00 . 2005-12-16 23:56 17,505 --a------ C:\WINDOWS\hpomdl07.dat
2008-03-23 16:00 . 2005-12-16 23:56 16,496 --a------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-03-23 15:59 . 2005-12-16 23:56 606,208 --a------ C:\WINDOWS\system32\hpotscl.dll
2008-03-23 15:59 . 2005-12-16 23:55 393,216 --a------ C:\WINDOWS\system32\hpzcon12.dll
2008-03-23 15:59 . 2005-12-16 23:56 278,528 --a------ C:\WINDOWS\system32\hpgwiamd.dll
2008-03-23 15:59 . 2005-12-16 23:56 274,432 --a------ C:\WINDOWS\system32\HPZc3212.dll
2008-03-23 15:59 . 2005-12-16 23:56 258,122 --a------ C:\WINDOWS\system32\hpovst08.dll
2008-03-23 15:59 . 2005-12-16 23:55 196,608 --a------ C:\WINDOWS\system32\hpzcoi12.dll
2008-03-23 15:59 . 2005-12-16 23:55 180,315 --a------ C:\WINDOWS\system32\hpzsnt12.dll
2008-03-23 15:59 . 2005-12-16 23:56 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2008-03-23 15:58 . 2008-03-24 18:26 <DIR> d-------- C:\temp\HP_WebRelease
2008-03-23 15:54 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-21 09:43 . 2008-03-21 09:44 <DIR> d-------- C:\Program Files\Source Insight 3
2008-03-21 01:34 . 2008-03-21 23:14 <DIR> d-------- C:\Program Files\mIRC
2008-03-21 01:34 . 2008-03-21 23:18 <DIR> d-------- C:\Documents and Settings\localadmin\Application Data\mIRC
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-27 17:14 --------- d-----w C:\Program Files\'Full Speed' Internet Booster + Performance Tests
2008-03-25 04:31 --------- d-----w C:\Documents and Settings\localadmin\Application Data\.purple
2008-03-03 19:51 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((( snapshot@2008-03-31_12.21.52.96 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-03-19 01:05:50 89,088 ----a-w C:\WINDOWS\system32\atl71.dll
- 2008-03-14 15:41:03 34,308 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2008-03-31 17:49:01 10,752 ----a-w C:\WINDOWS\system32\BASSMOD.dll
+ 2004-09-02 01:51:02 238,720 ----a-w C:\WINDOWS\system32\DebugRpt.dll
+ 2004-09-02 01:51:04 20,608 ----a-w C:\WINDOWS\system32\eevtc.dll
+ 2004-09-02 01:51:04 87,168 ----a-w C:\WINDOWS\system32\eEyePKI.dll
+ 2004-08-31 20:37:08 890,056 ----a-w C:\WINDOWS\system32\elic.dll
+ 2004-09-02 01:51:06 115,840 ----a-w C:\WINDOWS\system32\EMSAgent.dll
+ 2004-08-31 20:12:44 91,264 ----a-w C:\WINDOWS\system32\FileStore.dll
+ 2004-09-01 22:40:42 193,664 ----a-w C:\WINDOWS\system32\LocalStorage.dll
+ 2003-03-19 02:44:36 40,960 ----a-w C:\WINDOWS\system32\MFC71CHS.DLL
+ 2003-03-19 02:44:36 45,056 ----a-w C:\WINDOWS\system32\MFC71CHT.DLL
+ 2003-03-19 02:44:34 65,536 ----a-w C:\WINDOWS\system32\MFC71DEU.DLL
+ 2003-03-19 02:44:38 57,344 ----a-w C:\WINDOWS\system32\MFC71ENU.DLL
+ 2003-03-19 02:44:36 61,440 ----a-w C:\WINDOWS\system32\MFC71ESP.DLL
+ 2003-03-19 02:44:34 61,440 ----a-w C:\WINDOWS\system32\MFC71FRA.DLL
+ 2003-03-19 02:44:36 61,440 ----a-w C:\WINDOWS\system32\MFC71ITA.DLL
+ 2003-03-19 02:44:34 49,152 ----a-w C:\WINDOWS\system32\MFC71JPN.DLL
+ 2003-03-19 02:44:38 49,152 ----a-w C:\WINDOWS\system32\MFC71KOR.DLL
+ 2003-03-19 03:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
- 2008-03-31 18:14:06 72,554 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-31 22:24:23 72,554 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-31 18:14:06 445,096 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-31 22:24:23 445,096 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2003-02-21 21:34:00 121,562 ----a-w C:\WINDOWS\system32\PicFormat32.dll
+ 2004-09-02 01:51:10 136,320 ----a-w C:\WINDOWS\system32\seccomm.dll
+ 2002-10-08 17:34:04 136,464 ----a-w C:\WINDOWS\system32\SfxBar.dll
+ 2003-11-18 07:37:20 72,192 ----a-r C:\WINDOWS\system32\zlib.dll
+ 2003-11-18 07:37:20 72,192 ----a-r C:\WINDOWS\system32\zlibwapi.dll
+ 2008-03-31 22:20:12 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_4c4.dat
+ 2008-03-31 22:20:02 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_75c.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-03-31 13:29 66912 --a------ C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-03-31 13:29 267592 --a------ C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= "C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL" [2008-03-31 13:29 267592]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL [2008-03-31 13:29 267592]
[HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:00 15360]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-02-13 17:09 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 10:34 5724184]
"Y!TunnelPro"="YTPro.exe" []
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-04-06 14:58 1032192]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56 602182]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 07:00 79224]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 22:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 12:10 267048]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-02-29 23:10 15872]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 17:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 17:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 17:45 118784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 17:30 282624 C:\WINDOWS\stsystra.exe]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Giganology\\Gigaget\\Gigaget.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\WINDOWS\\system32\\rundll32.exe"=
"C:\\TDdownload\\aircrack-ng-1.0-beta2-win\\aircrack-ng-1.0-beta2-win\\bin\\buddy-ng.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\EA GAMES\\Need For Speed Underground\\Speed.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\FrostWire\\FrostWire.exe"=
R2 AcuWVSSchedulerv5;Acunetix WVS Scheduler v5;"C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe" [2007-12-18 12:33]
R2 Tenable Nessus;Tenable Nessus;"C:\Program Files\Tenable\Nessus\nessusd.exe" [2008-03-13 13:56]
R3 KFilter;KFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\KFilter.sys [2008-01-31 12:11]
R3 MailScan;MailScan;C:\PROGRA~1\AVANQU~1\SYSTEM~1\MailScan.sys [2008-02-01 02:05]
R3 RET55;RET55 NDIS Protocol Driver;C:\PROGRA~1\EEYEDI~1\RETINA~1\Scanner\RET55.SYS [2004-09-01 20:40]
R3 TFilter;TFilter;C:\PROGRA~1\AVANQU~1\SYSTEM~1\TFilter.sys [2008-01-31 11:11]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-23 20:12]
S3 PCANDIS5_RETWIFI;PCANDIS5_RETWIFI Protocol Driver;C:\PROGRA~1\EEYEDI~1\RETINA~1\Tools\Wireless\PCANDIS5_RETWIFI.SYS []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6def4d2e-ea31-11dc-b50e-ec717f90566f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 21:47:28 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-31 19:15:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\eEye Digital Security\Retina 5\Scanner\RetinaEngine.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-03-31 19:17:32 - machine was rebooted [localadmin]
ComboFix-quarantined-files.txt 2008-04-01 01:17:29
Pre-Run: 25,557,000,192 bytes free
Post-Run: 25,609,719,808 bytes free
.
2008-04-01 03:18:12 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:22:44 PM, on 3/31/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\eEye Digital Security\Retina 5\Scanner\RetinaEngine.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
C:\Program Files\Tenable\Nessus\nessusd.exe
C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
C:\PROGRA~1\AVANQU~1\SYSTEM~1\mxtask.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.daemon-search.com/startpageR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\Avanquest\SystemSuite\LinkScannerIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Y!TunnelPro] YTPro.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &Download All by Gigaget - C:\Program Files\Giganology\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - C:\Program Files\Giganology\Gigaget\geturl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1204839214263O23 - Service: Acunetix WVS Scheduler v5 (AcuWVSSchedulerv5) - Acunetix Ltd. - C:\Program Files\Acunetix\Web Vulnerability Scanner 5\WVSScheduler.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: eEye Application Bus (eeyeevnt) - eEye Digital Security - C:\Program Files\Common Files\eEye Digital Security\Application Bus\eeyeevnt.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: eEye Retina Engine (RetinaEngine) - eEye Digital Security - C:\Program Files\eEye Digital Security\Retina 5\Scanner\RetinaEngine.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SystemSuite Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\SYSTEM~1\MXTask.exe
O23 - Service: Tenable Nessus - Tenable Network Security - C:\Program Files\Tenable\Nessus\nessusd.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 10329 bytes
i finaly got it to run imma run the dss now