ComboFix 09-08-10.06 - devry 08/15/2009 4:03.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.895.426 [GMT -5:00]
Running from: c:\documents and settings\devry\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\devry\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
((((((((((((((((((((((((( Files Created from 2009-07-15 to 2009-08-15 )))))))))))))))))))))))))))))))
.
2009-08-15 08:52 . 2009-08-15 08:52 -------- d-sh--w- c:\documents and settings\devry\IECompatCache
2009-08-15 08:51 . 2009-08-15 08:51 -------- d-sh--w- c:\documents and settings\devry\PrivacIE
2009-08-15 08:50 . 2009-08-15 08:50 -------- d-sh--w- c:\documents and settings\devry\IETldCache
2009-08-15 01:16 . 2009-07-03 17:09 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-08-15 01:16 . 2009-07-03 17:09 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-08-15 01:15 . 2009-08-15 01:19 -------- d-----w- c:\windows\ie8updates
2009-08-15 01:11 . 2009-07-01 07:08 101376 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-08-15 00:51 . 2009-08-15 01:10 -------- dc-h--w- c:\windows\ie8
2009-08-14 10:23 . 2009-08-14 10:23 -------- d-----w- c:\program files\ESET
2009-08-13 05:29 . 2009-08-13 05:29 -------- d-----w- c:\program files\ERUNT
2009-08-12 07:31 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 02:53 . 2009-08-12 17:10 -------- d-----w- C:\918a33bb93905ff2b83f
2009-08-12 01:40 . 2009-08-12 01:40 -------- d-----w- c:\documents and settings\devry\Application Data\Malwarebytes
2009-08-12 01:39 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-12 01:39 . 2009-08-12 01:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-12 01:39 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 01:39 . 2009-08-12 01:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-12 00:08 . 2009-08-12 02:24 -------- d-----w- C:\adab61f7192e14ffdf19a15749c0
2009-08-11 01:38 . 2009-08-11 01:38 -------- d-----w- c:\program files\Windows Defender
2009-08-09 17:35 . 2009-08-09 17:35 -------- d-----w- c:\windows\McAfee.com
2009-08-09 17:17 . 2009-08-09 17:17 1152 ----a-w- c:\windows\system32\windrv.sys
2009-08-09 17:07 . 2009-08-09 17:07 -------- d-----w- C:\32241fa13aa8c1c6fb1f98
2009-08-08 16:07 . 2009-08-11 12:05 -------- d-----w- c:\program files\Windows Live Safety Center
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-31 13:00 . 2009-07-31 13:00 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\WMTools Downloaded Files
2009-07-28 16:06 . 2009-07-28 16:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-26 17:41 . 2001-08-17 18:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-07-26 17:41 . 2001-08-17 18:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-07-26 15:42 . 2009-07-26 15:42 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-07-26 03:56 . 2009-08-05 17:43 -------- d-----w- c:\documents and settings\devry\Local Settings\Application Data\Temp
2009-07-26 03:56 . 2009-08-10 02:01 -------- d-----w- c:\documents and settings\devry\Local Settings\Application Data\Google
2009-07-26 03:55 . 2009-07-26 03:55 -------- d-----w- c:\documents and settings\devry\Local Settings\Application Data\Mozilla
2009-07-18 02:08 . 2009-08-14 19:22 -------- d-----w- c:\documents and settings\devry\Local Settings\Application Data\Paint.NET
2009-07-18 02:05 . 2009-07-18 02:05 -------- d-----w- c:\documents and settings\devry\Local Settings\Application Data\Yahoo
2009-07-18 02:03 . 2009-07-18 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-18 02:03 . 2009-05-27 00:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-07-18 02:03 . 2009-07-18 02:03 -------- d-----w- c:\program files\Yahoo!
2009-07-17 19:01 . 2009-07-17 19:01 58880 -c----w- c:\windows\system32\dllcache\atl.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-14 00:08 . 2009-08-13 05:34 -------- d-----w- c:\program files\trend micro
2009-08-12 17:02 . 2007-05-09 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-05 19:31 . 2008-08-22 14:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-08-05 09:01 . 2004-08-04 06:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 06:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-04 06:56 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 16:34 . 2009-07-11 16:34 0 ----a-w- c:\windows\nsreg.dat
2009-07-11 16:30 . 2009-07-11 16:30 -------- d-----w- c:\program files\Paint.NET
2009-07-11 16:30 . 2007-05-09 15:05 84608 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 03:02 . 2009-07-08 03:02 84608 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-07 11:46 . 2009-07-07 04:10 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-07-07 01:34 . 2007-09-01 14:36 84608 ----a-w- c:\documents and settings\devry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-03 17:09 . 2004-08-04 06:56 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-04 06:56 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 06:56 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 06:56 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 06:56 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 06:56 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 06:56 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 04:59 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 06:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2001-08-23 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-04 06:56 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 06:56 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2007-05-09 14:53 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 06:56 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 06:56 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 06:56 1291264 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-14_08.59.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-09 15:50 . 2009-01-07 23:21 26144 c:\windows\system32\spupdsvc.exe
+ 2007-05-09 17:44 . 2009-01-07 23:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 46592 c:\windows\system32\pngfilt.dll
- 2006-06-29 13:05 . 2006-06-29 13:05 23552 c:\windows\system32\normaliz.dll
+ 2006-06-29 13:05 . 2009-01-07 23:20 23552 c:\windows\system32\normaliz.dll
+ 2006-06-28 22:59 . 2009-01-07 23:20 24576 c:\windows\system32\nlsdl.dll
- 2006-06-28 22:59 . 2006-06-28 22:59 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 48128 c:\windows\system32\mshtmler.dll
- 2004-08-04 06:56 . 2006-10-17 16:28 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 45568 c:\windows\system32\mshta.exe
- 2004-08-04 06:56 . 2006-10-17 16:56 45568 c:\windows\system32\mshta.exe
+ 2006-10-17 16:58 . 2009-03-08 09:31 13312 c:\windows\system32\msfeedssync.exe
+ 2006-11-08 02:03 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 34816 c:\windows\system32\imgutil.dll
+ 2006-11-07 08:26 . 2009-03-08 09:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-04 06:56 . 2009-03-08 09:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 55808 c:\windows\system32\iernonce.dll
+ 2006-06-29 13:05 . 2009-01-07 23:20 26112 c:\windows\system32\idndl.dll
- 2006-06-29 13:05 . 2006-06-29 13:05 26112 c:\windows\system32\idndl.dll
+ 2006-10-17 16:58 . 2009-03-08 09:31 59904 c:\windows\system32\icardie.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 48128 c:\windows\system32\dllcache\mshtmler.dll
- 2004-08-04 06:56 . 2006-10-17 16:28 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2004-08-04 06:56 . 2006-10-17 16:56 45568 c:\windows\system32\dllcache\mshta.exe
+ 2004-08-04 06:56 . 2009-03-08 09:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2007-05-09 16:52 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2007-08-20 10:04 . 2009-03-08 09:31 59904 c:\windows\system32\dllcache\icardie.dll
+ 2007-05-09 14:55 . 2009-03-08 09:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2009-06-29 16:12 . 2009-03-08 09:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 18944 c:\windows\system32\corpol.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 72704 c:\windows\system32\admparse.dll
+ 2009-08-15 01:19 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-08-15 01:19 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-08-15 01:19 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-08-15 01:02 . 2009-03-08 19:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-08-15 00:52 . 2009-06-29 16:12 44544 c:\windows\ie8\pngfilt.dll
+ 2009-08-15 00:51 . 2006-10-17 16:28 48128 c:\windows\ie8\mshtmler.dll
+ 2009-08-15 00:51 . 2006-10-17 16:56 45568 c:\windows\ie8\mshta.exe
+ 2009-08-15 00:52 . 2006-10-17 16:58 12288 c:\windows\ie8\msfeedssync.exe
+ 2009-08-15 00:51 . 2009-06-29 16:12 52224 c:\windows\ie8\msfeedsbs.dll
+ 2009-08-15 00:51 . 2006-10-17 17:05 40960 c:\windows\ie8\licmgr10.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 27648 c:\windows\ie8\jsproxy.dll
+ 2009-08-15 00:51 . 2006-11-07 08:26 92672 c:\windows\ie8\inseng.dll
+ 2009-08-15 00:51 . 2006-10-17 16:57 36352 c:\windows\ie8\imgutil.dll
+ 2009-08-15 00:51 . 2006-11-07 08:26 55296 c:\windows\ie8\iesetup.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 44544 c:\windows\ie8\iernonce.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 78336 c:\windows\ie8\ieencode.dll
+ 2009-08-15 00:51 . 2009-06-29 11:07 70656 c:\windows\ie8\ie4uinit.exe
+ 2009-08-15 00:51 . 2009-06-29 16:12 63488 c:\windows\ie8\icardie.dll
+ 2009-08-15 00:51 . 2006-10-17 16:44 60416 c:\windows\ie8\hmmapi.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 17408 c:\windows\ie8\corpol.dll
+ 2009-08-15 00:51 . 2006-11-07 08:26 71680 c:\windows\ie8\admparse.dll
+ 2009-08-15 01:15 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB972636-IE8\iecompat.dll
+ 2007-05-09 16:33 . 2009-01-07 23:21 121856 c:\windows\system32\xmllite.dll
- 2007-05-09 16:33 . 2008-04-14 00:12 121856 c:\windows\system32\xmllite.dll
+ 2006-10-17 17:05 . 2009-03-08 09:34 208384 c:\windows\system32\WinFXDocObj.exe
+ 2004-08-04 06:56 . 2009-03-08 09:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 420352 c:\windows\system32\vbscript.dll
- 2004-08-04 06:56 . 2009-06-29 16:12 105984 c:\windows\system32\url.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 105984 c:\windows\system32\url.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 193536 c:\windows\system32\msrating.dll
+ 2001-08-23 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\msls31.dll
- 2001-08-23 12:00 . 2006-11-08 02:03 156160 c:\windows\system32\msls31.dll
+ 2006-11-08 02:03 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 726528 c:\windows\system32\jscript.dll
+ 2007-06-07 16:35 . 2009-08-15 09:10 229772 c:\windows\system32\inetsrv\MetaBase.bin
+ 2006-11-08 02:03 . 2009-03-08 09:22 164352 c:\windows\system32\ieui.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
+ 2006-10-17 16:27 . 2009-03-08 09:11 445952 c:\windows\system32\ieapfltr.dll
+ 2001-08-23 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-04 06:56 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 06:56 . 2009-03-08 09:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 348160 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2007-05-09 14:56 . 2009-03-08 09:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2008-05-09 10:53 . 2009-03-08 09:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-04 06:56 . 2009-06-29 16:12 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 06:56 . 2009-03-08 09:34 193536 c:\windows\system32\dllcache\msrating.dll
- 2001-08-23 12:00 . 2006-11-08 02:03 156160 c:\windows\system32\dllcache\msls31.dll
+ 2001-08-23 12:00 . 2009-03-08 09:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2007-05-09 16:52 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-05-09 10:53 . 2009-03-08 09:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2007-05-09 14:55 . 2009-03-08 19:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 06:56 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 06:56 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-05-09 16:52 . 2009-03-08 09:11 445952 c:\windows\system32\dllcache\ieapfltr.dll
+ 2001-08-23 12:00 . 2009-03-08 09:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 06:56 . 2009-03-08 09:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 06:56 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 06:56 . 2009-03-08 09:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 06:56 . 2009-03-08 09:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 06:56 . 2009-03-08 09:32 128512 c:\windows\system32\advpack.dll
+ 2009-08-15 01:15 . 2008-07-08 13:02 382840 c:\windows\ie8updates\KB972636-IE8\spuninst\updspapi.dll
+ 2009-08-15 01:15 . 2008-07-08 13:02 231288 c:\windows\ie8updates\KB972636-IE8\spuninst\spuninst.exe
+ 2009-08-15 01:19 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-08-15 01:19 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-08-15 01:19 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-08-15 01:19 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-08-15 01:19 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-08-15 01:19 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-08-15 01:19 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-08-15 01:19 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-08-15 01:19 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-08-15 00:52 . 2009-06-29 16:12 827392 c:\windows\ie8\wininet.dll
+ 2009-08-15 00:52 . 2006-10-17 17:05 206336 c:\windows\ie8\winfxdocobj.exe
+ 2009-08-15 00:52 . 2009-06-29 16:12 233472 c:\windows\ie8\webcheck.dll
+ 2009-08-15 00:52 . 2007-07-12 23:31 765952 c:\windows\ie8\vgx.dll
+ 2009-08-15 00:52 . 2008-05-09 10:53 430080 c:\windows\ie8\vbscript.dll
+ 2009-08-15 00:52 . 2009-06-29 16:12 105984 c:\windows\ie8\url.dll
+ 2009-08-15 01:02 . 2009-01-07 23:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-08-15 01:02 . 2009-01-07 23:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2009-08-15 00:51 . 2006-09-06 21:43 213216 c:\windows\ie8\spuninst.exe
+ 2009-08-15 00:52 . 2009-06-29 16:12 102912 c:\windows\ie8\occache.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 671232 c:\windows\ie8\mstime.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 193024 c:\windows\ie8\msrating.dll
+ 2009-08-15 00:51 . 2006-11-08 02:03 156160 c:\windows\ie8\msls31.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 477696 c:\windows\ie8\mshtmled.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 459264 c:\windows\ie8\msfeeds.dll
+ 2009-08-15 00:51 . 2008-05-09 10:53 512000 c:\windows\ie8\jscript.dll
+ 2009-08-15 00:51 . 2009-06-29 08:35 634632 c:\windows\ie8\iexplore.exe
+ 2009-08-15 00:52 . 2006-11-08 02:03 180736 c:\windows\ie8\ieui.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 268288 c:\windows\ie8\iertutil.dll
+ 2009-08-15 00:52 . 2006-11-08 02:03 287744 c:\windows\ie8\ieproxy.dll
+ 2009-08-15 00:51 . 2006-11-08 02:03 191488 c:\windows\ie8\iepeers.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 385024 c:\windows\ie8\iedkcs32.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 380928 c:\windows\ie8\ieapfltr.dll
+ 2009-08-15 00:51 . 2009-06-29 08:33 161792 c:\windows\ie8\ieakui.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 230400 c:\windows\ie8\ieaksie.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 153088 c:\windows\ie8\ieakeng.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 214528 c:\windows\ie8\dxtrans.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 347136 c:\windows\ie8\dxtmsft.dll
+ 2009-08-15 00:51 . 2009-06-29 16:12 124928 c:\windows\ie8\advpack.dll
+ 2009-08-15 08:51 . 2009-08-15 08:51 172032 c:\windows\ERDNT\AutoBackup\8-15-2009\Users\00000002\UsrClass.dat
+ 2009-08-15 08:51 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-15-2009\ERDNT.EXE
+ 2009-08-14 09:12 . 2009-08-14 09:12 172032 c:\windows\ERDNT\AutoBackup\8-14-2009\Users\00000002\UsrClass.dat
+ 2009-08-14 09:12 . 2005-10-20 17:02 163328 c:\windows\ERDNT\AutoBackup\8-14-2009\ERDNT.EXE
+ 2004-08-04 06:56 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2004-08-04 06:56 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2006-10-17 16:57 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2006-09-06 04:01 . 2009-02-07 02:07 3698584 c:\windows\system32\ieapfltr.dat
+ 2004-08-04 06:56 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2009-01-07 23:20 . 2009-01-07 23:20 1497088 c:\windows\system32\dllcache\shdocvw.dll
+ 2004-08-04 06:56 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2007-05-09 16:52 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2007-05-09 16:52 . 2009-02-07 02:07 3698584 c:\windows\system32\dllcache\ieapfltr.dat
+ 2009-01-07 23:20 . 2009-01-07 23:20 1022976 c:\windows\system32\dllcache\browseui.dll
+ 2009-08-15 01:19 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-08-15 01:19 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-08-15 01:19 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-08-15 00:52 . 2009-06-29 16:12 1159680 c:\windows\ie8\urlmon.dll
+ 2009-08-15 00:51 . 2009-07-19 13:33 3597824 c:\windows\ie8\mshtml.dll
+ 2009-08-15 00:51 . 2009-07-19 13:32 6067200 c:\windows\ie8\ieframe.dll
+ 2009-08-15 00:51 . 2009-06-29 08:33 2452872 c:\windows\ie8\ieapfltr.dat
+ 2009-08-15 08:51 . 2009-08-15 08:51 3457024 c:\windows\ERDNT\AutoBackup\8-15-2009\Users\00000001\NTUSER.DAT
+ 2009-08-14 09:12 . 2009-08-14 09:12 3457024 c:\windows\ERDNT\AutoBackup\8-14-2009\Users\00000001\NTUSER.DAT
+ 2006-11-08 02:03 . 2009-07-19 23:48 11067392 c:\windows\system32\ieframe.dll
+ 2007-05-09 16:52 . 2009-07-19 23:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-08-15 01:19 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-12-11 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1040384]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-30 112216]
"RoxioDragToDisc"="c:\program files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-10-30 1116920]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-01-20 159744]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"IFXSPMGT"="c:\windows\system32\ifxspmgt.exe" [2007-02-15 677408]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1282048]
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]
c:\documents and settings\devry\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-5-9 184320]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 06:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
R1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\system32\drivers\psd.sys [1/23/2007 8:07 PM 39080]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 1:56 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 1:56 AM 14336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 7:13 PM 36608]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [12/2/2006 6:17 AM 2805000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {09258F12-48E7-B18E-C414-1F48C215685F} /qb
.
Contents of the 'Scheduled Tasks' folder
2009-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1757981266-839522115-1011Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-08 03:04]
2009-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1757981266-839522115-1011UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-08 03:04]
2009-08-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
2009-08-15 c:\windows\Tasks\User_Feed_Synchronization-{6CFACA31-FD93-45FE-A06E-C5B46E156B39}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\documents and settings\devry\Application Data\Mozilla\Firefox\Profiles\8w948bkm.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "
https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-15 04:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
- - - - - - - > 'lsass.exe'(768)
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
- - - - - - - > 'explorer.exe'(1296)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\ati2evxx.exe
c:\windows\system32\agrsmsvc.exe
c:\windows\system32\IFXTCS.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\Hewlett-Packard\IAM\Bin\asghost.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\IfxPsdSv.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\scardsvr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
.
**************************************************************************
.
Completion time: 2009-08-15 4:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-15 09:14
ComboFix2.txt 2009-08-14 09:22
ComboFix3.txt 2009-08-14 09:07
ComboFix4.txt 2009-08-14 09:00
Pre-Run: 142,202,023,936 bytes free
Post-Run: 142,230,892,544 bytes free
451 --- E O F --- 2009-08-12 17:03