ComboFix 10-06-06.04 - Owner 12/04/2003 7:18.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.510.294 [GMT -8:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system\winspool.drv
.
---- Previous Run -------
.
c:\documents and settings\Owner\Application Data\0200000007673692937C.manifest
c:\documents and settings\Owner\Application Data\0200000007673692937O.manifest
c:\documents and settings\Owner\Application Data\0200000007673692937P.manifest
c:\documents and settings\Owner\Application Data\0200000007673692937S.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\chrome.manifest
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\chrome\xulcache.jar
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\defaults\preferences\xulcache.js
c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\{80404080-d88a-4160-8d1c-fed6cd0642ed}\install.rdf
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\1183218249
c:\windows\system32\unrar.exe
-- Previous Run --
c:\windows\system32\msgsvc.dll . . . is infected!!
--------
c:\windows\system32\msgsvc.dll . . . is infected!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IPRIP
-------\Service_Iprip
-------\Legacy_IPRIP
-------\Service_Iprip
((((((((((((((((((((((((( Files Created from 2003-11-04 to 2003-12-04 )))))))))))))))))))))))))))))))
.
2010-06-04 12:58 . 2003-12-04 03:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-04 12:04 . 2010-06-04 12:06 13391344 ----a-w- c:\documents and settings\All Users\Application Data\Google Updater\cache\packdata_ci_chrome_4.1.249.1064_en_setup.exe
2010-06-04 11:58 . 2010-06-04 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-06-03 07:52 . 2010-06-03 07:52 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-31 14:38 . 2010-05-31 14:38 -------- d-----w- c:\program files\iPod
2010-05-31 14:37 . 2010-05-31 14:38 -------- d-----w- c:\program files\iTunes
2010-05-31 14:37 . 2010-05-31 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-31 14:33 . 2010-05-31 14:33 -------- d-----w- c:\program files\QuickTime
2010-05-31 14:24 . 2010-05-31 14:24 -------- d-----w- c:\program files\Bonjour
2010-05-31 14:21 . 2010-05-31 14:21 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-27 01:13 . 2010-05-27 01:13 561152 ----a-w- c:\windows\AJScreensaver.scr
2010-05-16 00:11 . 2010-05-16 00:11 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2010-05-15 23:09 . 2010-05-15 23:09 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2010-05-10 08:43 . 2010-06-03 15:06 -------- d-----w- c:\program files\Windows Live Safety Center
2010-05-10 01:16 . 2010-05-10 01:16 -------- d-----w- c:\documents and settings\Owner\AppData
2010-05-10 01:12 . 2010-05-10 01:12 -------- d-----w- c:\program files\AhnLab
2010-05-03 14:18 . 2010-05-03 14:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-04-29 17:17 . 2010-04-29 17:17 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PackageAware
2010-04-28 19:45 . 2003-12-04 15:26 -------- d-----w- c:\documents and settings\Owner\Tracing
2010-04-28 19:43 . 2010-04-28 19:43 -------- d-----w- c:\program files\Microsoft
2010-04-28 19:43 . 2010-04-28 19:43 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-04-28 19:42 . 2010-04-28 19:43 -------- d-----w- c:\program files\Windows Live
2010-04-28 19:37 . 2010-04-28 19:37 -------- d-----w- c:\program files\Common Files\Windows Live
2010-04-20 07:53 . 2001-08-17 20:48 17664 -c--a-w- c:\windows\system32\dllcache\sermouse.sys
2010-04-20 07:53 . 2001-08-17 20:48 17664 ----a-w- c:\windows\system32\drivers\sermouse.sys
2010-04-17 06:12 . 2010-04-17 06:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-16 13:41 . 2006-09-28 23:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-04-16 13:41 . 2010-04-16 13:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\PassMark
2010-04-16 13:41 . 2010-04-16 13:41 57856 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{849089CF-4988-49ED-A2DD-110CD5D9D7E8}\Icon849089CF.exe
2010-04-16 13:41 . 2010-04-16 13:41 -------- d-----w- c:\program files\PerformanceTest
2010-04-16 13:08 . 2010-04-16 13:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PCSettings
2010-04-16 13:08 . 2003-12-03 00:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-04-16 13:06 . 2010-04-16 13:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-04-16 13:03 . 2003-12-04 10:15 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AskToolbar
2010-04-16 12:53 . 2010-04-16 12:53 -------- d-----w- c:\program files\Smith Micro
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-07 10:58 . 2010-04-07 10:58 -------- d-----w- c:\windows\Sun
2010-04-03 06:45 . 2006-02-28 12:00 25600 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-04-03 06:03 . 2010-04-03 06:03 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-03 06:01 . 2010-04-03 06:02 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-04-02 17:04 . 2010-06-03 22:05 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire
2010-04-02 17:04 . 2003-12-02 23:51 -------- d-----w- c:\program files\Ask.com
2010-04-02 17:03 . 2010-04-02 17:03 -------- d-----w- c:\program files\LimeWire
2010-04-01 20:05 . 2010-04-01 20:05 18432 ----a-w- c:\windows\system32\drivers\prcmondrv1041.sys
2010-03-29 19:00 . 2010-03-29 19:00 -------- d-----w- c:\documents and settings\Owner\Application Data\Symantec
2010-03-29 19:00 . 2003-12-02 09:30 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Symantec
2010-03-29 19:00 . 2010-04-28 19:45 13688 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-28 06:31 . 2010-03-28 06:31 -------- d-----w- c:\windows\ServicePackFiles
2010-03-28 00:14 . 2010-04-01 08:12 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-03-27 22:05 . 2010-03-27 22:05 190 ----a-w- c:\windows\DelIndex.BAT
2010-03-27 22:03 . 2010-03-27 22:05 -------- d-----w- c:\program files\Privacy Keeper
2010-03-27 18:03 . 2004-08-04 07:08 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-03-27 16:36 . 2010-04-03 06:01 -------- d-----w- c:\windows\system32\LogFiles
2010-03-26 21:47 . 2010-03-26 22:13 -------- d-----w- c:\windows\system32\CatRoot_bak
2010-03-26 21:45 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-03-26 21:45 . 2008-06-13 13:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-03-26 21:38 . 2009-12-08 18:53 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-03-26 21:38 . 2009-12-08 18:55 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-03-26 21:38 . 2009-12-08 18:19 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-03-26 21:38 . 2009-12-08 18:19 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-03-26 21:37 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-03-26 21:21 . 2009-01-08 02:21 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-03-26 21:14 . 2010-03-26 21:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonSystemWorks
2010-03-26 21:13 . 2010-04-16 13:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-03-26 21:09 . 2005-01-23 18:30 163840 ----a-w- c:\windows\system32\igfxres.dll
2010-03-26 21:06 . 2010-03-26 21:06 -------- d-s---w- c:\windows\system32\Microsoft
2010-03-26 21:03 . 2006-02-28 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2010-03-26 21:02 . 2006-02-28 12:00 72192 -c--a-w- c:\windows\system32\dllcache\fxscom.dll
2010-03-26 21:01 . 2010-03-30 19:28 -------- d--h--w- c:\windows\$hf_mig$
2010-03-26 21:01 . 2006-02-28 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-03-26 21:01 . 2010-03-26 21:01 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2010-03-26 20:57 . 2010-03-26 21:01 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2010-03-26 20:57 . 2006-02-28 12:00 40448 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2010-03-26 20:57 . 2006-02-28 12:00 40448 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2010-03-26 20:57 . 2006-02-28 12:00 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2010-03-26 20:57 . 2006-02-28 12:00 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2010-03-26 20:55 . 2004-08-04 08:56 32285 ----a-w- c:\windows\system32\HSFCISP2.dll
2010-03-26 20:55 . 2004-08-04 06:41 11868 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2010-03-26 20:55 . 2004-08-04 06:41 685056 ----a-w- c:\windows\system32\drivers\HSFCXTS2.sys
2010-03-26 20:55 . 2004-08-04 08:56 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2010-03-26 20:55 . 2004-08-04 06:41 1041536 ----a-w- c:\windows\system32\drivers\HSFDPSP2.sys
2010-03-26 20:55 . 2004-08-04 06:41 220032 ----a-w- c:\windows\system32\drivers\HSFBS2S2.sys
2010-03-26 20:51 . 2006-02-28 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-03-26 20:51 . 2006-02-28 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-03-26 20:51 . 2006-02-28 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-03-26 20:51 . 2006-02-28 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-03-26 20:35 . 2010-03-26 20:36 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ApplicationHistory
2010-03-26 20:33 . 2010-03-26 20:34 -------- d-----w- c:\windows\system32\URTTemp
2010-03-26 20:23 . 2010-03-26 20:23 -------- d-----w- c:\windows\system32\bits
2010-03-26 12:43 . 2010-03-26 12:49 -------- d-----w- c:\windows\PeerNet
2010-03-26 12:43 . 2010-03-26 12:43 -------- d-----w- c:\windows\Provisioning
2010-03-26 09:37 . 2010-03-26 09:37 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Identities
2010-03-25 03:12 . 2006-02-28 12:00 8192 -c--a-w- c:\windows\system32\dllcache\bitsprx2.dll
2010-03-25 03:12 . 2006-02-28 12:00 8192 ----a-w- c:\windows\system32\bitsprx2.dll
2010-03-25 03:12 . 2006-02-28 12:00 7168 -c--a-w- c:\windows\system32\dllcache\bitsprx3.dll
2010-03-25 03:12 . 2006-02-28 12:00 7168 ----a-w- c:\windows\system32\bitsprx3.dll
2010-03-25 03:12 . 2006-02-28 12:00 18944 -c--a-w- c:\windows\system32\dllcache\qmgrprxy.dll
2010-03-25 03:12 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-03-24 08:16 . 2010-03-24 08:16 -------- d-s---w- c:\documents and settings\Owner\UserData
2010-03-24 00:57 . 2004-08-04 08:56 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-03-24 00:51 . 2006-02-28 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smimsgif.dll
2010-03-24 00:51 . 2006-02-28 12:00 5632 -c--a-w- c:\windows\system32\dllcache\smierrsy.dll
2010-03-24 00:51 . 2006-02-28 12:00 15872 -c--a-w- c:\windows\system32\dllcache\smierrsm.dll
2010-03-24 00:51 . 2006-02-28 12:00 10240 -c--a-w- c:\windows\system32\dllcache\snmpstup.dll
2010-03-24 00:51 . 2006-02-28 12:00 10240 ----a-w- c:\windows\system32\wbem\snmpstup.dll
2010-03-24 00:51 . 2006-02-28 12:00 6144 -c--a-w- c:\windows\system32\dllcache\snmpmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 6144 ----a-w- c:\windows\system32\snmpmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 39936 -c--a-w- c:\windows\system32\dllcache\hostmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 39936 ----a-w- c:\windows\system32\hostmib.dll
2010-03-24 00:51 . 2006-02-28 12:00 101888 -c--a-w- c:\windows\system32\dllcache\evntagnt.dll
2010-03-24 00:51 . 2006-02-28 12:00 101888 ----a-w- c:\windows\system32\evntagnt.dll
2010-03-22 18:38 . 2010-03-22 18:38 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-03-22 17:09 . 2010-03-22 17:12 -------- d-----w- c:\program files\Microsoft Plus!
2010-03-22 01:13 . 2010-05-31 14:20 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2010-03-21 18:49 . 2010-03-21 18:49 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-03-21 18:49 . 2010-03-21 18:49 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-21 18:47 . 2010-03-21 18:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-03-21 18:47 . 2010-05-04 01:01 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2010-03-21 18:47 . 2010-03-21 18:47 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-21 10:44 . 2010-03-21 10:44 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-21 10:43 . 2010-06-04 00:12 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-21 09:40 . 2010-03-21 09:40 0 ----a-w- c:\windows\nsreg.dat
2010-03-21 09:39 . 2010-03-21 09:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2010-03-21 09:37 . 2010-04-01 20:38 -------- d-----w- c:\program files\Carbonite
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 13:58 . 2010-05-31 15:40 320 ----a-w- c:\documents and settings\Owner\udpcrawl.tmp
2010-06-04 12:17 . 2010-06-03 07:47 -------- d-----w- c:\program files\Google
2010-06-03 07:50 . 2010-06-03 07:50 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-03 07:50 . 2010-06-03 07:47 -------- d-----w- c:\program files\DivX
2010-06-03 07:50 . 2010-06-03 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-06-03 07:50 . 2010-06-03 07:50 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-06-03 07:50 . 2010-06-03 07:50 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-06-03 07:49 . 2010-06-03 07:49 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-06-03 07:49 . 2010-06-03 07:49 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-06-03 07:49 . 2010-06-03 07:49 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-06-03 07:46 . 2010-06-03 07:46 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-06-01 06:01 . 2003-12-02 19:55 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer
2010-05-31 15:36 . 2010-05-31 15:36 0 ---ha-w- c:\documents and settings\Owner\iirziqwbgt.tmp
2010-05-31 14:37 . 2003-12-02 19:48 -------- d-----w- c:\program files\Common Files\Apple
2010-04-29 23:39 . 2003-12-04 02:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 23:39 . 2003-12-04 02:18 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 18:14 . 2010-03-21 06:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-27 02:45 . 2010-03-21 06:21 77423 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-03-26 20:59 . 2010-03-21 06:19 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-03-21 09:37 . 2010-03-21 05:38 -------- d-----w- c:\program files\Java
2010-03-21 06:37 . 2010-03-21 06:37 -------- d-----w- c:\program files\Broadcom
2010-03-21 06:34 . 2010-03-21 06:34 -------- d-----w- c:\program files\Intel
2010-03-21 06:34 . 2010-03-21 06:31 -------- d-----w- c:\program files\Common Files\InstallShield
2010-03-21 06:32 . 2010-03-21 06:32 -------- d-----w- c:\program files\Analog Devices
2010-03-21 06:31 . 2010-03-21 06:31 -------- d-----w- c:\program files\Dell
2010-03-21 06:27 . 2010-03-21 06:27 2232 ----a-w- c:\windows\java\Packages\Data\D3DBXVRP.DAT
2010-03-21 06:27 . 2010-03-21 06:27 155995 ----a-w- c:\windows\java\Packages\41VBDJ97.ZIP
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\4Z7NXB1B.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\6HZ3ZHBR.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\J57739BJ.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\CV33179J.DAT
2010-03-21 06:27 . 2010-03-21 06:27 2678 ----a-w- c:\windows\java\Packages\Data\1BBXZD33.DAT
2010-03-21 06:23 . 2010-03-21 06:23 -------- d-----w- c:\program files\microsoft frontpage
2010-03-21 05:38 . 2010-03-21 05:38 -------- d-----w- c:\program files\Common Files\Java
2010-02-19 19:27 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\DivX.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2010-02-19 19:27 . 2010-02-19 19:27 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2010-02-19 19:27 . 2010-02-19 19:27 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2010-02-19 19:27 . 2010-02-19 19:27 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2010-02-19 19:27 . 2010-02-19 19:27 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2010-02-05 19:16 . 2010-02-05 19:16 94208 ----a-w- c:\windows\system32\dpl100.dll
2009-12-31 16:14 . 2006-02-28 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 18:39 . 2009-12-22 18:39 922112 ------w- c:\windows\system32\imapi2fs.dll
2009-12-22 18:39 . 2009-12-22 18:39 426496 ------w- c:\windows\system32\imapi2.dll
2009-12-22 18:39 . 2006-02-28 12:00 62592 ----a-w- c:\windows\system32\drivers\cdrom.sys
2009-12-16 12:58 . 2010-03-21 06:17 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:55 . 2006-02-28 12:00 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2004-08-03 22:59 2057728 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2006-02-28 12:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2006-02-28 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2006-02-28 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2006-02-28 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-21 16:36 . 2006-02-28 12:00 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-16 06:51 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-15 17:21 . 2006-02-28 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-10-13 10:53 . 2006-02-28 12:00 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2006-02-28 12:00 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2006-02-28 12:00 112128 ----a-w- c:\windows\system32\rastls.dll
2009-09-11 14:33 . 2006-02-28 12:00 133632 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 20:45 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:16 . 2006-02-28 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-14 12:19 . 2006-02-28 12:00 1850112 ----a-w- c:\windows\system32\win32k.sys
2009-08-07 03:24 . 2010-03-25 03:09 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 03:24 . 2010-03-25 03:09 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 03:24 . 2010-03-25 03:09 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 03:24 . 2009-08-07 03:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 03:24 . 2010-03-21 06:17 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 03:24 . 2006-02-28 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 03:23 . 2010-03-25 03:09 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 03:23 . 2010-03-21 06:17 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:11 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 04:57 . 2006-02-28 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 18:55 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:27 . 2006-02-28 12:00 1435648 ----a-w- c:\windows\system32\query.dll
2009-06-25 08:44 . 2006-02-28 12:00 724480 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:44 . 2006-02-28 12:00 59392 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:44 . 2006-02-28 12:00 56320 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:44 . 2006-02-28 12:00 298496 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:44 . 2006-02-28 12:00 168448 ----a-w- c:\windows\system32\schannel.dll
2009-06-22 11:34 . 2006-02-28 12:00 92544 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 11:50 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 06:32 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-05 07:42 . 2010-03-21 06:17 655872 ----a-w- c:\windows\system32\mstscax.dll
2009-05-18 22:17 . 2003-12-02 19:54 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-05-18 20:17 . 2009-05-18 20:17 26600 ----a-w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}\x86\x86\GEARAspiWDM.sys
2009-05-07 15:44 . 2006-02-28 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 15:11 . 2006-02-28 12:00 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2009-03-08 12:34 . 2006-02-28 12:00 914944 ----a-w- c:\windows\system32\wininet.dll
2009-03-08 12:34 . 2006-02-28 12:00 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 12:33 . 2006-02-28 12:00 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 12:33 . 2006-02-28 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 12:32 . 2006-02-28 12:00 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 12:32 . 2006-02-28 12:00 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 12:31 . 2006-02-28 12:00 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 12:31 . 2006-02-28 12:00 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-06-04 12:00 . 2010-06-04 12:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-03-28 19:11 1196936 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-03-28 1196936]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2005-01-23 126976]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-21 149280]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2005-01-23 155648]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-04 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoCloseDragDropBands"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au]
"NoAutoUpdate"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
backupExtension=Common Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 prcmondrv;prcmondrv;c:\windows\system32\drivers\prcmondrv1041.sys [4/1/2010 12:05 PM 18432]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2010 11:47 PM 135664]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [6/4/2010 3:59 AM 30192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2003-12-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-06-04 11:58]
2003-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 07:47]
2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-03 07:47]
2010-06-05 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-03-28 19:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchAssistant =
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: Contains
DPF: DownloadInformation -
DPF: InstalledVersion
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\q8niw9fo.default\extensions\
[email protected]\defaults\preferences\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
Notify-!SASWinLogon - c:\program files\SUPERAntiSpyware\SASWINLO.DLL
Notify-f4b41d2e937 - c:\windows\SYSTEM32\DINPUT832.DLL
AddRemove-EarthBound-RO FULL CLIENT - c:\documents and settings\Owner\My Documents\Ragnarok\EarthBound Ro\Uninstal.exe
AddRemove-MyProduct - c:\documents and settings\Owner\My Documents\Ragnarok\Old School RO\Uninstal.exe
AddRemove-{ED7474E0-CCD3-4730-9A66-D92C9BCA66FF} - c:\documents and settings\Owner\Local Settings\Application Data\{B67AE4AE-D3BC-4A7E-A478-AFD4EC8988DA}\ChosenRO Large Installer.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2003-12-04 07:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3524)
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2003-12-04 07:31:16 - machine was rebooted
ComboFix-quarantined-files.txt 2003-12-04 15:31
Pre-Run: 48,990,859,264 bytes free
Post-Run: 48,957,882,368 bytes free
- - End Of File - - 46E48E0CD852F44E93BC883889561365