Thanks alot!
;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-05-05 00:57:45
PROTECTIONS: 1
MALWARE: 46
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
Windows Defender 1.1.3408.0 No No
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@trafficmp[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@tradedoubler[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@fastclick[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@tribalfusion[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@mediaplex[2].txt
00145881 Cookie/NewMedia TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@revenue[1].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@findwhat[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@com[1].txt
00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@yadro[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@xiti[1].txt
00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@toplist[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@statcounter[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\
[email protected][1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@apmebf[2].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][2].txt
00168097 Cookie/BurstBeacon TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
00168105 Cookie/Cd Freaks TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@cdfreaks[2].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][4].txt
00168116 Cookie/Comclick TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@advertising[2].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@realmedia[1].txt
00170557 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][2].txt
00170559 Cookie/Com.com TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@questionmarket[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@zedo[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@adrevolver[2].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@bravenet[1].txt
00191644 Cookie/adultfriendfinder TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@adultfriendfinder[2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@go[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@target[2].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Mozilla\Firefox\Profiles\xt0qe3r8.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Mozilla\Firefox\Profiles\xt0qe3r8.default\cookies.txt[.atwola.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\shea@atwola[1].txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
00286739 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Users\Shea\AppData\Roaming\Microsoft\Windows\Cookies\Low\
[email protected][1].txt
;===============================================================================
=================================================================================
===================
SUSPECTS
Sent Location [J����
3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
VULNERABILITIES
Id Severity Description [J����
3
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
ComboFix 08-05-01.3 - Shea 2008-05-06 0:44:33.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2147 [GMT -4:00]
Running from: C:\Users\Shea\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-06 to 2008-05-06 )))))))))))))))))))))))))))))))
.
2008-05-05 20:00 . 2008-05-05 20:00 <DIR> d-------- C:\Windows\LastGood
2008-05-05 00:14 . 2008-05-05 00:14 <DIR> d-------- C:\Program Files\Panda Security
2008-04-30 17:59 . 1998-10-29 14:45 306,688 --a------ C:\Windows\IsUninst.exe
2008-04-30 17:57 . 2008-04-30 17:57 222 --a------ C:\Windows\System32\Support.xml
2008-04-30 17:46 . 2008-04-30 17:46 <DIR> d-------- C:\Program Files\Activision
2008-04-30 17:45 . 2008-05-02 02:20 604 --a------ C:\Windows\Spiderman.INI
2008-04-22 19:55 . 2008-04-22 19:55 <DIR> d-------- C:\Users\All Users\Roxio
2008-04-22 19:55 . 2008-04-22 19:55 <DIR> d-------- C:\ProgramData\Roxio
2008-04-22 14:10 . 2008-04-22 14:10 <DIR> d-------- C:\_OTMoveIt
2008-04-22 14:07 . 2008-04-22 14:07 <DIR> d-------- C:\Deckard
2008-04-22 14:02 . 2008-04-22 14:02 <DIR> d-------- C:\Users\Shea\AppData\Roaming\Comodo
2008-04-22 14:02 . 2008-04-22 14:19 <DIR> d-------- C:\Users\All Users\comodo
2008-04-22 14:02 . 2008-04-22 14:19 <DIR> d-------- C:\ProgramData\comodo
2008-04-22 14:02 . 2008-04-22 14:02 <DIR> d-------- C:\Program Files\COMODO
2008-04-22 14:02 . 2008-04-22 14:02 139,008 --a------ C:\Windows\System32\guard32.dll
2008-04-22 14:02 . 2008-04-22 14:02 85,520 --a------ C:\Windows\System32\drivers\cmdguard.sys
2008-04-22 14:02 . 2008-04-22 14:02 25,104 --a------ C:\Windows\System32\drivers\cmdhlp.sys
2008-04-22 14:00 . 2008-04-22 14:00 <DIR> d-------- C:\Users\Shea\AppData\Roaming\Malwarebytes
2008-04-22 14:00 . 2008-04-22 14:00 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-04-22 14:00 . 2008-04-22 14:00 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-04-22 14:00 . 2008-04-22 14:00 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 02:21 . 2008-04-22 02:21 <DIR> d-------- C:\Users\Shea\AppData\Roaming\SUPERAntiSpyware.com
2008-04-22 02:21 . 2008-04-22 02:21 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-04-22 02:21 . 2008-04-22 02:21 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-04-22 02:21 . 2008-04-22 02:21 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-22 01:55 . 2008-04-22 01:55 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-22 01:09 . 2008-04-29 14:57 <DIR> d-------- C:\Users\All Users\Avira
2008-04-22 01:09 . 2008-04-29 14:57 <DIR> d-------- C:\ProgramData\Avira
2008-04-20 14:38 . 2008-04-20 14:38 63,892 --a------ C:\Windows\System32\{7f4a61d5-b8c1-79b4-3acb-39f5f2d37cd3}.dll-uninst.exe
2008-04-20 14:32 . 2008-04-20 15:44 <DIR> d-------- C:\Users\Shea\AppData\Roaming\LimeWire
2008-04-09 01:34 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe
2008-04-09 01:34 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll
2008-04-09 01:34 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll
2008-04-09 01:34 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe
2008-04-09 01:34 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll
2008-04-09 01:34 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll
2008-04-09 01:34 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe
2008-04-09 01:34 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll
2008-04-09 01:34 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll
2008-04-06 17:44 . 2008-04-06 17:44 <DIR> d-------- C:\Users\Shea\Roaming
2008-04-06 17:44 . 2008-04-06 17:44 <DIR> d-------- C:\Users\Shea\AppData\Roaming\MySpace
2008-04-06 17:44 . 2008-04-06 17:44 <DIR> d-------- C:\Users\IUSR_NMPR\Roaming
2008-04-06 17:44 . 2008-04-06 17:44 <DIR> d-------- C:\Users\Default\Roaming
2008-04-06 17:44 . 2008-04-07 14:24 <DIR> d-------- C:\Program Files\MySpace
2008-04-06 02:03 . 2008-04-06 02:46 <DIR> d-------- C:\Users\Shea\AppData\Roaming\Screaming Bee
2008-04-06 02:02 . 2008-04-06 02:03 <DIR> d-------- C:\Users\All Users\Screaming Bee
2008-04-06 02:02 . 2008-04-06 02:03 <DIR> d-------- C:\ProgramData\Screaming Bee
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 10:31 --------- d-----w C:\ProgramData\Google Updater
2008-05-02 17:44 --------- d--h--w C:\ProgramData\yahoo!
2008-05-02 17:44 --------- d-----w C:\Program Files\Yahoo!
2008-04-24 12:18 --------- d-----w C:\Program Files\Starcraft
2008-04-22 17:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-22 17:42 --------- d-----w C:\ProgramData\Symantec
2008-04-22 06:20 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 06:50 --------- d-----w C:\Users\Shea\AppData\Roaming\dvdcss
2008-04-09 11:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-07 18:26 --------- d-----w C:\ProgramData\WildTangent
2008-03-26 04:59 --------- d-----w C:\Users\Shea\AppData\Roaming\teamspeak2
2008-03-22 21:04 --------- d-----w C:\Program Files\Project64 1.6
2008-03-18 19:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-17 03:15 --------- d-----w C:\Program Files\Teamspeak2_RC2
2008-03-11 18:59 --------- d-----w C:\ProgramData\TEMP
2008-02-29 04:14 2,028,544 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 08:06 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 08:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 08:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 08:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 08:03 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 08:03 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 08:03 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 08:03 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 08:03 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-14 08:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 08:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 08:03 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 08:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2007-12-20 20:07 174 --sha-w C:\Program Files\desktop.ini
.
((((((((((((((((((((((((((((( snapshot@2008-05-05_ 1.06.41.68 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-04 22:33:49 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-05 05:13:45 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2006-11-02 08:55:11 73,216 ----a-w C:\Windows\LastGood\system32\drivers\usbccgp.sys
- 2008-05-04 22:32:38 966,312 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2008-05-05 05:12:35 966,312 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2008-05-04 22:33:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-05 05:13:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-04 22:33:49 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-05 05:13:46 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-05 04:49:00 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-06 04:29:10 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-04 22:35:33 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-06 00:01:26 1,572,864 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-05 05:03:53 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
+ 2008-05-06 04:44:35 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
- 2008-05-04 22:35:28 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-05 05:15:28 1,572,864 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-04 09:30:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-05 10:31:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-04 09:30:34 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-05 10:31:03 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-04 09:30:34 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-05 10:31:03 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 08:55:11 73,216 ----a-w C:\Windows\System32\drivers\usbccgp.sys
+ 2007-12-20 19:06:13 73,216 ----a-w C:\Windows\System32\drivers\usbccgp.sys
- 2008-05-04 22:39:10 107,508 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-06 02:20:03 107,508 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-04 22:39:10 626,738 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-06 02:20:03 626,738 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-05 02:21:08 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2008-05-05 05:12:56 6,291,456 ----a-w C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT
- 2008-05-04 22:35:52 6,600 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3027423067-3663782349-2357632505-1001_UserData.bin
+ 2008-05-05 05:15:40 6,608 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3027423067-3663782349-2357632505-1001_UserData.bin
- 2008-05-04 22:35:51 59,502 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-05 05:15:39 59,652 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-04 22:35:50 36,290 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-05 05:15:38 36,330 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 04:00 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 08:34 2159104 C:\Windows\System32\oobefldr.dll]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-06-01 16:40 1783400]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-20 15:25 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-11 17:43 1006264]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 11:01 65536]
"KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 12:16 65536]
"OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 07:59 118784]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-06-14 23:31 178968]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-09 06:30 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-09 06:30 8466432]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-09 06:30 81920]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 07:06 4669440 C:\Windows\RtHDVCpl.exe]
"CCUTRAYICON"="FactoryMode" []
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-05-24 16:13 71176]
"SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 05:56 54936]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-05-11 11:41 161328]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-11 11:18 1626160]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-05-11 11:18 1055792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-18 02:45 385024]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-04-22 14:01 1572608]
"Malwarebytes Anti-Malware Reboot"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" [2008-04-07 20:17 1175160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-20 15:25:18 124400]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\Windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2697011C-7C45-4C55-828C-127C53A65262}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{03A993EC-BA76-42B5-9414-B3F2E3C05533}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM
"{521742B2-C746-42CB-81F9-14254C7C0798}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server
"{D078CD8C-C57E-4BD7-B5B9-34174E56D539}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel® Viiv Media Server
"{0B0153C3-4BE9-46F4-834B-15808FC4E469}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{9E121A32-C568-46DB-B9A9-31733CF0594D}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel® Remoting Service
"{0D596C77-8C00-4FE2-BF40-8DABA3B002D7}"= TCP:9442:127.0.0.1:Intel® Viiv Media Server Discovery
"{1ED2D791-AC26-4BE3-9B62-D0F17D09FF42}"= TCP:1900:LocalSubnet:LocalSubnet:Intel® Viiv Media Server UPnP Discovery
"{E3ECE95A-3786-4C19-BB59-CE46D9B0DCA9}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9077BB87-CA58-46D2-AB9B-7BF445108DC8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{71053E66-A971-4D3B-A5AB-8CC0FE129D48}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BB03A07D-DFD6-423F-A71D-894B54B93A92}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6510870F-4360-49ED-96B2-5C89CD231EF6}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0E2AD1AC-2201-4C3F-9556-62EE8EF62A25}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{51A18114-AE13-47FC-B56A-346724ED6C9C}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{65D8C7C3-1A2A-4640-8369-206E26B0F698}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5928F6EA-4C9B-4B3E-BD4E-AC70706D87C7}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{7B756F8D-9806-4520-8A4B-C97E660951D2}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{D1968D78-6772-4FBB-B145-9BE0C14969DF}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{B1C64829-DAC1-4BF5-BDC4-6EA4A03E784A}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{A4474C59-91CF-42F7-9162-852AEF8991D0}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8A8EF203-B63F-450D-ABFE-94CF4622110C}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D595DCBF-7809-4761-8EB0-B30044992A92}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B70AB5BC-F09A-4413-BF9C-2D5F463E1B55}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1158D208-DEFA-4F8F-91C7-183045F9B3E5}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{3EA470DE-10E8-484F-A1FB-EC08C7ABCD21}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{5AEB1673-15B5-4EFD-8D45-A71136AAF321}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:StarCraft
"UDP Query User{BF25DA08-49F8-4F9E-BE1E-2DF4B1EBDED1}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:StarCraft
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-04-22 14:02]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-04-22 14:02]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-09-03 13:32]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 12:44]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\system32\drivers\ScreamingBAudio.sys [2007-08-24 16:44]
S2 IntelDHSvcConf;Intel DH Service;"C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe" [2006-05-10 12:13]
.
Contents of the 'Scheduled Tasks' folder
"2008-05-06 00:00:01 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Shea.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-06 00:46:40
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-06 0:47:50
ComboFix-quarantined-files.txt 2008-05-06 04:47:46
ComboFix2.txt 2008-05-05 05:08:25
Pre-Run: 385,174,765,568 bytes free
Post-Run: 385,145,700,352 bytes free
249 --- E O F --- 2008-05-01 05:48:48