Malwarebytes' Anti-Malware 1.11
Database version: 689
Scan type: Full Scan (C:\|)
Objects scanned: 67309
Time elapsed: 1 hour(s), 2 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Wow that was long.Ahh what the [bleep], this program is deleting tons of stuff!
ComboFix 08-04-26.5 - Peter van Gurp 2008-04-27 12:32:00.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1211 [GMT -3:00]
Running from: C:\Documents and Settings\Peter van Gurp\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\mwinsys.ini
C:\WINDOWS\System\AlxRes070927.exe
C:\WINDOWS\system32\_000111_.tmp.dll
C:\WINDOWS\system32\_000114_.tmp.dll
C:\WINDOWS\system32\_000125_.tmp.dll
C:\WINDOWS\system32\_000228_.tmp.dll
C:\WINDOWS\system32\_000232_.tmp.dll
C:\WINDOWS\system32\andt.sys
C:\WINDOWS\system32\dllcache\spoolsv.exe
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\drmgs.sys
C:\WINDOWS\system32\Indt2.sys
C:\WINDOWS\system32\inf\scrsys070927.scr
C:\WINDOWS\system32\ldpackage.dll
C:\WINDOWS\system32\model.dat
C:\WINDOWS\system32\mywebhit.ini
C:\WINDOWS\system32\mywebhit.ini.tmp
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\routing.exe
C:\WINDOWS\system32\silc_dll.dll
C:\WINDOWS\system32\tmp0_112201625566.bk
C:\WINDOWS\system32\tmp0_128096751395.bk
C:\WINDOWS\system32\tmp0_140840754365.bk
C:\WINDOWS\system32\tmp0_141251477798.bk
C:\WINDOWS\system32\tmp0_142048322506.bk
C:\WINDOWS\system32\tmp0_148521273752.bk
C:\WINDOWS\system32\tmp0_1564446357.bk
C:\WINDOWS\system32\tmp0_15886843276.bk
C:\WINDOWS\system32\tmp0_17066336957.bk
C:\WINDOWS\system32\tmp0_17143278353.bk
C:\WINDOWS\system32\tmp0_173911343187.bk
C:\WINDOWS\system32\tmp0_187974723756.bk
C:\WINDOWS\system32\tmp0_216266145664.bk
C:\WINDOWS\system32\tmp0_217983882493.bk
C:\WINDOWS\system32\tmp0_238023662943.bk
C:\WINDOWS\system32\tmp0_250199251563.bk
C:\WINDOWS\system32\tmp0_250361355691.bk
C:\WINDOWS\system32\tmp0_264397696126.bk
C:\WINDOWS\system32\tmp0_269030436330.bk
C:\WINDOWS\system32\tmp0_301721530039.bk
C:\WINDOWS\system32\tmp0_304268341384.bk
C:\WINDOWS\system32\tmp0_314710545337.bk
C:\WINDOWS\system32\tmp0_32583165158.bk
C:\WINDOWS\system32\tmp0_332026597740.bk
C:\WINDOWS\system32\tmp0_333999613617.bk
C:\WINDOWS\system32\tmp0_335031745519.bk
C:\WINDOWS\system32\tmp0_343117669088.bk
C:\WINDOWS\system32\tmp0_352459809416.bk
C:\WINDOWS\system32\tmp0_352679773798.bk
C:\WINDOWS\system32\tmp0_377138611190.bk
C:\WINDOWS\system32\tmp0_393877877227.bk
C:\WINDOWS\system32\tmp0_422363788704.bk
C:\WINDOWS\system32\tmp0_424570709824.bk
C:\WINDOWS\system32\tmp0_428705222007.bk
C:\WINDOWS\system32\tmp0_435466676815.bk
C:\WINDOWS\system32\tmp0_435890408821.bk
C:\WINDOWS\system32\tmp0_443807300369.bk
C:\WINDOWS\system32\tmp0_459834117234.bk
C:\WINDOWS\system32\tmp0_465391640652.bk
C:\WINDOWS\system32\tmp0_532225759426.bk
C:\WINDOWS\system32\tmp0_536406503950.bk
C:\WINDOWS\system32\tmp0_538005601831.bk
C:\WINDOWS\system32\tmp0_53855171737.bk
C:\WINDOWS\system32\tmp0_54122874177.bk
C:\WINDOWS\system32\tmp0_597263546383.bk
C:\WINDOWS\system32\tmp0_618075253173.bk
C:\WINDOWS\system32\tmp0_634279430667.bk
C:\WINDOWS\system32\tmp0_64630374557.bk
C:\WINDOWS\system32\tmp0_689877302464.bk
C:\WINDOWS\system32\tmp0_691188599493.bk
C:\WINDOWS\system32\tmp0_709803367220.bk
C:\WINDOWS\system32\tmp0_719728568249.bk
C:\WINDOWS\system32\tmp0_724133844709.bk
C:\WINDOWS\system32\tmp0_728378560860.bk
C:\WINDOWS\system32\tmp0_730569258972.bk
C:\WINDOWS\system32\tmp0_740288472098.bk
C:\WINDOWS\system32\tmp0_740908527449.bk
C:\WINDOWS\system32\tmp0_74709240260.bk
C:\WINDOWS\system32\tmp0_756572169059.bk
C:\WINDOWS\system32\tmp0_769796180301.bk
C:\WINDOWS\system32\tmp0_775021163813.bk
C:\WINDOWS\system32\tmp0_78904573819.bk
C:\WINDOWS\system32\tmp0_818028826619.bk
C:\WINDOWS\system32\tmp0_825750103463.bk
C:\WINDOWS\system32\tmp0_833545878359.bk
C:\WINDOWS\system32\tmp0_85429858828.bk
C:\WINDOWS\system32\tmp0_85508061187.bk
C:\WINDOWS\system32\tmp0_868464821952.bk
C:\WINDOWS\system32\tmp0_875335599626.bk
C:\WINDOWS\system32\tmp0_881924891006.bk
C:\WINDOWS\system32\tmp0_887153252113.bk
C:\WINDOWS\system32\tmp0_899195140736.bk
C:\WINDOWS\system32\tmp0_93267732606.bk
C:\WINDOWS\system32\tmp0_98109649708.bk
C:\WINDOWS\system32\tmp1_108558840675.bk
C:\WINDOWS\system32\tmp1_118280803039.bk
C:\WINDOWS\system32\tmp1_14449300703.bk
C:\WINDOWS\system32\tmp1_174861698918.bk
C:\WINDOWS\system32\tmp1_176400581139.bk
C:\WINDOWS\system32\tmp1_188475775565.bk
C:\WINDOWS\system32\tmp1_190593523680.bk
C:\WINDOWS\system32\tmp1_190818495702.bk
C:\WINDOWS\system32\tmp1_19734159630.bk
C:\WINDOWS\system32\tmp1_226285309128.bk
C:\WINDOWS\system32\tmp1_23430243050.bk
C:\WINDOWS\system32\tmp1_235045669666.bk
C:\WINDOWS\system32\tmp1_23778953751.bk
C:\WINDOWS\system32\tmp1_241129589778.bk
C:\WINDOWS\system32\tmp1_255908206190.bk
C:\WINDOWS\system32\tmp1_259996343334.bk
C:\WINDOWS\system32\tmp1_26211105991.bk
C:\WINDOWS\system32\tmp1_283707650011.bk
C:\WINDOWS\system32\tmp1_29888193474.bk
C:\WINDOWS\system32\tmp1_325574664130.bk
C:\WINDOWS\system32\tmp1_339093546727.bk
C:\WINDOWS\system32\tmp1_345124582240.bk
C:\WINDOWS\system32\tmp1_347409885272.bk
C:\WINDOWS\system32\tmp1_380530102633.bk
C:\WINDOWS\system32\tmp1_381427651356.bk
C:\WINDOWS\system32\tmp1_382213226608.bk
C:\WINDOWS\system32\tmp1_389365173983.bk
C:\WINDOWS\system32\tmp1_401975710778.bk
C:\WINDOWS\system32\tmp1_412720116938.bk
C:\WINDOWS\system32\tmp1_471106540296.bk
C:\WINDOWS\system32\tmp1_473896714263.bk
C:\WINDOWS\system32\tmp1_53842442783.bk
C:\WINDOWS\system32\tmp1_557658793916.bk
C:\WINDOWS\system32\tmp1_5805744191.bk
C:\WINDOWS\system32\tmp1_587058792074.bk
C:\WINDOWS\system32\tmp1_596293539407.bk
C:\WINDOWS\system32\tmp1_641499310815.bk
C:\WINDOWS\system32\tmp1_650715402243.bk
C:\WINDOWS\system32\tmp1_655402116752.bk
C:\WINDOWS\system32\tmp1_68129288306.bk
C:\WINDOWS\system32\tmp1_690835625338.bk
C:\WINDOWS\system32\tmp1_738470613854.bk
C:\WINDOWS\system32\tmp1_743513393996.bk
C:\WINDOWS\system32\tmp1_751221594657.bk
C:\WINDOWS\system32\tmp1_798971639543.bk
C:\WINDOWS\system32\tmp1_835880104582.bk
C:\WINDOWS\system32\tmp1_84048373704.bk
C:\WINDOWS\system32\tmp1_859103402862.bk
C:\WINDOWS\system32\tmp1_870245287816.bk
C:\WINDOWS\system32\tmp1_870906723348.bk
C:\WINDOWS\system32\tmp1_893689804843.bk
C:\WINDOWS\system32\tmp1_96749282281.bk
C:\WINDOWS\system32\tmp2_101093334711.bk
C:\WINDOWS\system32\tmp2_177450235572.bk
C:\WINDOWS\system32\tmp2_671006390660.bk
C:\WINDOWS\system32\tmp3_108771215727.bk
C:\WINDOWS\system32\tmp3_118828719530.bk
C:\WINDOWS\system32\tmp3_125980536222.bk
C:\WINDOWS\system32\tmp3_134417879251.bk
C:\WINDOWS\system32\tmp3_140235153756.bk
C:\WINDOWS\system32\tmp3_148971562650.bk
C:\WINDOWS\system32\tmp3_158498725529.bk
C:\WINDOWS\system32\tmp3_18205329054.bk
C:\WINDOWS\system32\tmp3_18638566193.bk
C:\WINDOWS\system32\tmp3_209460192105.bk
C:\WINDOWS\system32\tmp3_214936370016.bk
C:\WINDOWS\system32\tmp3_230487299028.bk
C:\WINDOWS\system32\tmp3_234389652535.bk
C:\WINDOWS\system32\tmp3_235642644278.bk
C:\WINDOWS\system32\tmp3_238605395725.bk
C:\WINDOWS\system32\tmp3_240536308162.bk
C:\WINDOWS\system32\tmp3_25634424059.bk
C:\WINDOWS\system32\tmp3_291307241381.bk
C:\WINDOWS\system32\tmp3_310954315955.bk
C:\WINDOWS\system32\tmp3_319998470242.bk
C:\WINDOWS\system32\tmp3_321407104019.bk
C:\WINDOWS\system32\tmp3_332860330269.bk
C:\WINDOWS\system32\tmp3_333390149806.bk
C:\WINDOWS\system32\tmp3_334480544835.bk
C:\WINDOWS\system32\tmp3_344030807624.bk
C:\WINDOWS\system32\tmp3_351629483019.bk
C:\WINDOWS\system32\tmp3_354113341799.bk
C:\WINDOWS\system32\tmp3_369184647104.bk
C:\WINDOWS\system32\tmp3_400871257937.bk
C:\WINDOWS\system32\tmp3_400971808870.bk
C:\WINDOWS\system32\tmp3_401515113600.bk
C:\WINDOWS\system32\tmp3_427105258.bk
C:\WINDOWS\system32\tmp3_427536393880.bk
C:\WINDOWS\system32\tmp3_456601854036.bk
C:\WINDOWS\system32\tmp3_45694733004.bk
C:\WINDOWS\system32\tmp3_476923530543.bk
C:\WINDOWS\system32\tmp3_477912428431.bk
C:\WINDOWS\system32\tmp3_48982791731.bk
C:\WINDOWS\system32\tmp3_500837382760.bk
C:\WINDOWS\system32\tmp3_524060742208.bk
C:\WINDOWS\system32\tmp3_543370354794.bk
C:\WINDOWS\system32\tmp3_547195203487.bk
C:\WINDOWS\system32\tmp3_549489841399.bk
C:\WINDOWS\system32\tmp3_554203585329.bk
C:\WINDOWS\system32\tmp3_564284320107.bk
C:\WINDOWS\system32\tmp3_566338775803.bk
C:\WINDOWS\system32\tmp3_568568112671.bk
C:\WINDOWS\system32\tmp3_57693708855.bk
C:\WINDOWS\system32\tmp3_590898727817.bk
C:\WINDOWS\system32\tmp3_60797345441.bk
C:\WINDOWS\system32\tmp3_6218826220.bk
C:\WINDOWS\system32\tmp3_628597346538.bk
C:\WINDOWS\system32\tmp3_63315780916.bk
C:\WINDOWS\system32\tmp3_647625870264.bk
C:\WINDOWS\system32\tmp3_661290685321.bk
C:\WINDOWS\system32\tmp3_698866228378.bk
C:\WINDOWS\system32\tmp3_708238614743.bk
C:\WINDOWS\system32\tmp3_730288279075.bk
C:\WINDOWS\system32\tmp3_73076670702.bk
C:\WINDOWS\system32\tmp3_73732343007.bk
C:\WINDOWS\system32\tmp3_741405605431.bk
C:\WINDOWS\system32\tmp3_74311221258.bk
C:\WINDOWS\system32\tmp3_751343694984.bk
C:\WINDOWS\system32\tmp3_756171259873.bk
C:\WINDOWS\system32\tmp3_777652341555.bk
C:\WINDOWS\system32\tmp3_782092136163.bk
C:\WINDOWS\system32\tmp3_79379649563.bk
C:\WINDOWS\system32\tmp3_815047423959.bk
C:\WINDOWS\system32\tmp3_82126170997.bk
C:\WINDOWS\system32\tmp3_845845768525.bk
C:\WINDOWS\system32\tmp3_859441873463.bk
C:\WINDOWS\system32\tmp3_860357363858.bk
C:\WINDOWS\system32\tmp3_862039793164.bk
C:\WINDOWS\system32\tmp3_876913321556.bk
C:\WINDOWS\system32\tmp3_879735654788.bk
C:\WINDOWS\system32\tmp3_886318609507.bk
C:\WINDOWS\system32\tmp3_886965535596.bk
C:\WINDOWS\system32\tmp4_10283629201.bk
C:\WINDOWS\system32\tmp4_109747581818.bk
C:\WINDOWS\system32\tmp4_126078752266.bk
C:\WINDOWS\system32\tmp4_126625309501.bk
C:\WINDOWS\system32\tmp4_130691895259.bk
C:\WINDOWS\system32\tmp4_14162552448.bk
C:\WINDOWS\system32\tmp4_142333742261.bk
C:\WINDOWS\system32\tmp4_178157169450.bk
C:\WINDOWS\system32\tmp4_17938697628.bk
C:\WINDOWS\system32\tmp4_190138836188.bk
C:\WINDOWS\system32\tmp4_196183612472.bk
C:\WINDOWS\system32\tmp4_199370479252.bk
C:\WINDOWS\system32\tmp4_201305101807.bk
C:\WINDOWS\system32\tmp4_201338196239.bk
C:\WINDOWS\system32\tmp4_240516692643.bk
C:\WINDOWS\system32\tmp4_24405424129.bk
C:\WINDOWS\system32\tmp4_262108841254.bk
C:\WINDOWS\system32\tmp4_32570977857.bk
C:\WINDOWS\system32\tmp4_334108612407.bk
C:\WINDOWS\system32\tmp4_33598629907.bk
C:\WINDOWS\system32\tmp4_342956192213.bk
C:\WINDOWS\system32\tmp4_343736449963.bk
C:\WINDOWS\system32\tmp4_346385158475.bk
C:\WINDOWS\system32\tmp4_363516101851.bk
C:\WINDOWS\system32\tmp4_3757362560.bk
C:\WINDOWS\system32\tmp4_382244232439.bk
C:\WINDOWS\system32\tmp4_382374837908.bk
C:\WINDOWS\system32\tmp4_386228567351.bk
C:\WINDOWS\system32\tmp4_399081635125.bk
C:\WINDOWS\system32\tmp4_399371696829.bk
C:\WINDOWS\system32\tmp4_431194328740.bk
C:\WINDOWS\system32\tmp4_436439857007.bk
C:\WINDOWS\system32\tmp4_446912484238.bk
C:\WINDOWS\system32\tmp4_452540879284.bk
C:\WINDOWS\system32\tmp4_456320245386.bk
C:\WINDOWS\system32\tmp4_460634250.bk
C:\WINDOWS\system32\tmp4_495142585346.bk
C:\WINDOWS\system32\tmp4_50209514351.bk
C:\WINDOWS\system32\tmp4_518145685661.bk
C:\WINDOWS\system32\tmp4_533352150702.bk
C:\WINDOWS\system32\tmp4_5383429616.bk
C:\WINDOWS\system32\tmp4_541717809030.bk
C:\WINDOWS\system32\tmp4_557419554461.bk
C:\WINDOWS\system32\tmp4_55934445647.bk
C:\WINDOWS\system32\tmp4_575999812575.bk
C:\WINDOWS\system32\tmp4_587755323066.bk
C:\WINDOWS\system32\tmp4_607660191905.bk
C:\WINDOWS\system32\tmp4_614246572026.bk
C:\WINDOWS\system32\tmp4_624254599168.bk
C:\WINDOWS\system32\tmp4_6325743300.bk
C:\WINDOWS\system32\tmp4_63260649842.bk
C:\WINDOWS\system32\tmp4_64872527695.bk
C:\WINDOWS\system32\tmp4_651875346311.bk
C:\WINDOWS\system32\tmp4_658154149638.bk
C:\WINDOWS\system32\tmp4_658598517614.bk
C:\WINDOWS\system32\tmp4_683077285387.bk
C:\WINDOWS\system32\tmp4_688026666237.bk
C:\WINDOWS\system32\tmp4_695594348833.bk
C:\WINDOWS\system32\tmp4_700701464300.bk
C:\WINDOWS\system32\tmp4_71214152876.bk
C:\WINDOWS\system32\tmp4_716720246202.bk
C:\WINDOWS\system32\tmp4_718404460691.bk
C:\WINDOWS\system32\tmp4_71903019660.bk
C:\WINDOWS\system32\tmp4_719343522761.bk
C:\WINDOWS\system32\tmp4_726907393605.bk
C:\WINDOWS\system32\tmp4_7655496039.bk
C:\WINDOWS\system32\tmp4_772784888767.bk
C:\WINDOWS\system32\tmp4_784681432363.bk
C:\WINDOWS\system32\tmp4_815305478540.bk
C:\WINDOWS\system32\tmp4_820921876886.bk
C:\WINDOWS\system32\tmp4_837991836085.bk
C:\WINDOWS\system32\tmp4_854262672522.bk
C:\WINDOWS\system32\tmp4_887817109852.bk
C:\WINDOWS\system32\tmp4_950238211.bk
C:\WINDOWS\system32\tmp4_95386479561.bk
C:\WINDOWS\system32\vtUnOebB.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PERFMONS
-------\Service_NPF
-------\Service_perfmons
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.
2010-12-29 13:24 . 2004-08-04 00:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2010-12-29 13:24 . 2004-08-04 00:07 59,264 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-27 12:31 . 2008-04-27 12:31 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-27 11:26 . 2008-04-27 11:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-27 11:26 . 2008-04-27 11:26 <DIR> d-------- C:\Documents and Settings\Peter van Gurp\Application Data\Malwarebytes
2008-04-27 11:26 . 2008-04-27 11:26 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-04-27 10:37 . 2008-04-27 10:37 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-25 16:11 . 2008-04-25 16:11 1,024 --a------ C:\.rnd
2008-04-25 16:11 . 2008-04-25 16:11 22 --a------ C:\WINDOWS\FileName
2008-04-25 16:10 . 2008-04-25 16:10 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-04-25 15:45 . 2006-03-23 19:53 442,368 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2008-04-25 15:44 . 2006-03-23 15:51 208,896 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-04-25 15:44 . 2006-02-20 08:00 1,864 --a------ C:\WINDOWS\system32\nvsmb.nvu
2008-04-25 15:43 . 2006-03-22 09:22 159,232 --a------ C:\WINDOWS\system32\fdco_l1036.dll
2008-04-25 15:43 . 2006-03-22 09:22 159,232 --a------ C:\WINDOWS\system32\fdco_l1034.dll
2008-04-25 15:43 . 2006-03-22 09:22 159,232 --a------ C:\WINDOWS\system32\fdco_l1031.dll
2008-04-25 15:43 . 2006-03-22 09:22 158,720 --a------ C:\WINDOWS\system32\fdco_l1046.dll
2008-04-25 15:43 . 2006-03-22 09:22 158,720 --a------ C:\WINDOWS\system32\fdco_l1040.dll
2008-04-25 15:43 . 2006-03-22 09:22 156,672 --a------ C:\WINDOWS\system32\fdco_l1042.dll
2008-04-25 15:43 . 2006-03-22 09:22 156,672 --a------ C:\WINDOWS\system32\fdco_l1041.dll
2008-04-25 15:43 . 2006-03-22 09:22 155,648 --a------ C:\WINDOWS\system32\fdco_l1028.dll
2008-04-25 15:43 . 2006-03-22 09:22 155,136 --a------ C:\WINDOWS\system32\fdco_l2052.dll
2008-04-25 11:10 . 2008-04-25 11:10 <DIR> d-------- C:\Program Files\ShellUploader
2008-04-20 18:50 . 2007-10-10 16:41 42,112 --a------ C:\WINDOWS\system32\drivers\motodrv.sys
2008-04-20 18:50 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motport.sys
2008-04-20 18:50 . 2007-06-18 14:18 23,680 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-04-20 18:50 . 2007-11-02 14:36 18,176 --a------ C:\WINDOWS\system32\drivers\motccgp.sys
2008-04-20 18:50 . 2007-01-22 18:33 7,680 --a------ C:\WINDOWS\system32\drivers\motccgpfl.sys
2008-04-20 18:50 . 2007-11-02 14:51 6,400 --a------ C:\WINDOWS\system32\drivers\motswch.sys
2008-04-20 18:05 . 2008-04-20 19:22 <DIR> d-------- C:\Program Files\P2KC
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motport_01005.Wdf
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgpfl_01005.Wdf
2008-04-20 11:04 . 2008-04-20 11:04 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motccgp_01005.Wdf
2008-04-20 11:03 . 2008-04-20 11:03 <DIR> d-------- C:\Program Files\Motorola
2008-04-20 10:45 . 2008-04-20 10:45 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-04-19 13:56 . 2008-04-19 13:56 <DIR> d-------- C:\Program Files\Pro Imaging Powertoys
2008-04-18 16:44 . 2008-04-27 11:57 <DIR> d-------- C:\Program Files\Microsoft Games
2008-04-15 22:08 . 2008-04-15 22:16 <DIR> d-------- C:\Program Files\Dark Messiah of Might and Magic
2008-04-15 20:39 . 2008-04-15 20:39 286,720 --a------ C:\WINDOWS\system32\pmxf.dll
2008-04-15 20:10 . 2008-04-15 20:10 712,704 --a------ C:\WINDOWS\system32\pmph.dll
2008-04-14 22:26 . 2008-04-15 15:48 368,640 --a------ C:\WINDOWS\system32\pmls.dll
2008-04-14 22:26 . 2003-05-07 14:01 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2008-04-12 14:03 . 2008-04-12 14:03 <DIR> d-------- C:\Program Files\TechSmith
2008-04-12 14:03 . 2008-04-12 14:03 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\TechSmith
2008-04-10 16:24 . 2008-04-10 16:27 <DIR> d-------- C:\Program Files\ArtMoney
2008-04-10 08:21 . 2008-04-10 08:21 <DIR> d-------- C:\Program Files\HyCam2
2008-04-09 19:44 . 2008-04-09 19:43 691,545 --a------ C:\WINDOWS\unins000.exe
2008-04-09 19:44 . 2008-04-09 19:44 2,557 --a------ C:\WINDOWS\unins000.dat
2008-04-06 23:46 . 2008-04-06 23:46 <DIR> d-------- C:\Program Files\doc2word
2008-04-06 10:59 . 2008-04-06 11:01 5,376 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd
2008-04-03 07:28 . 2008-04-03 07:28 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Skype
2008-04-02 20:25 . 2008-04-09 17:23 145 --a------ C:\WINDOWS\system32\1.tsk
2008-03-31 18:12 . 2008-03-31 18:12 268 --ah----- C:\sqmdata00.sqm
2008-03-31 18:12 . 2008-03-31 18:12 244 --ah----- C:\sqmnoopt00.sqm
2008-03-30 18:44 . 2008-03-30 19:45 <DIR> d-------- C:\Program Files\mobile PhoneTools
2008-03-30 18:44 . 2008-03-30 18:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\BVRP Software
2008-03-30 18:44 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-03-30 18:44 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-27 05:39 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\uTorrent
2008-04-27 00:03 --------- d-----w C:\Program Files\Steam
2008-04-26 20:12 --------- d-----w C:\Program Files\PC Tools AntiVirus
2008-04-25 19:40 --------- d-----w C:\Program Files\GameSpy Arcade
2008-04-25 19:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-24 20:09 --------- d-----w C:\Program Files\Avatar Sizer
2008-04-20 20:09 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Cabos
2008-04-19 14:07 --------- d-----w C:\Program Files\Photomatix
2008-04-18 20:40 --------- d-----w C:\Program Files\MagicISO
2008-04-18 01:55 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-04-16 01:07 --------- d-----w C:\Program Files\Free Download Manager
2008-04-12 17:02 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-10 10:38 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-10 01:16 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\Skype
2008-04-09 22:52 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\skypePM
2008-04-09 21:50 --------- d-----w C:\Program Files\Vstplugins
2008-04-09 21:50 --------- d-----w C:\Program Files\u-he
2008-04-09 21:50 --------- d-----w C:\Program Files\MediaCoder
2008-04-09 21:48 --------- d-----w C:\Program Files\Gadwin Systems
2008-04-09 21:47 --------- d-----w C:\Program Files\Image-Line
2008-04-09 21:47 --------- d-----w C:\Program Files\DivX
2008-04-09 21:45 --------- d-----w C:\Program Files\Autodesk
2008-04-09 21:44 --------- d-----w C:\Program Files\Apophysis 2.0
2008-04-09 03:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-06 14:01 71,184 ----a-w C:\WINDOWS\BricoPackUninst.cmd
2008-04-01 00:38 --------- d-----w C:\Program Files\Net Tools
2008-03-31 01:37 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-03-26 00:52 --------- d-----w C:\Program Files\WinPcap
2008-03-24 04:42 --------- d-----w C:\Program Files\Real Alternative
2008-03-24 04:38 --------- d-----w C:\Program Files\Media Player Classic
2008-03-24 04:38 --------- d-----w C:\Program Files\Cloudbrain
2008-03-24 03:38 --------- d-----w C:\Program Files\Alcohol Soft
2008-03-24 01:34 --------- d-----w C:\Program Files\Second Sight Software
2008-03-23 16:14 --------- d-----w C:\Program Files\AviSynth 2.5
2008-03-23 03:00 --------- d-----w C:\Program Files\Warcraft III
2008-03-23 02:02 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-03-23 02:02 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-03-22 00:11 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-03-22 00:11 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Autodesk
2008-03-21 21:13 --------- d-----w C:\Program Files\iTunes Library Updater
2008-03-21 19:58 --------- d-----w C:\Program Files\tamasoftware
2008-03-20 14:07 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\CasaPortale.de
2008-03-20 13:59 --------- d-----w C:\Program Files\PosteRazor
2008-03-19 19:41 --------- d-----w C:\Program Files\dirLock
2008-03-19 02:10 --------- d-----w C:\Program Files\MSN Messenger
2008-03-17 23:00 --------- d-----w C:\Program Files\autostitch
2008-03-17 19:16 --------- d-----w C:\Program Files\eMule
2008-03-08 19:14 4,337,664 ----a-w C:\Program Files\mplayerc.exe
2008-03-06 00:47 --------- d-----w C:\Program Files\Java
2008-03-05 01:52 --------- d-----w C:\Program Files\iTunes
2008-03-05 01:52 --------- d-----w C:\Program Files\iPod
2008-03-05 01:08 --------- d-----w C:\Program Files\Red Kawa
2008-03-05 00:58 --------- d-----w C:\Program Files\DVDVideoSoft
2008-03-05 00:58 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-03-04 12:12 --------- d-----w C:\Program Files\MP3ToIpodAudioBookConverter
2008-03-04 12:12 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\MP3toiPodAudioBookConverter
2008-03-03 02:10 3,146,183 ----a-w C:\WINDOWS\win_habbo_screensaver.SCR
2008-03-03 02:09 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\iScreensaver
2008-03-02 15:03 --------- d-----w C:\Program Files\MediaMonkey
2008-03-02 15:03 --------- d-----w C:\Program Files\AV Soft
2008-03-02 14:54 --------- d-----w C:\Program Files\TuneSleeve
2008-03-02 14:54 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-03-02 14:54 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\eSellerate
2008-03-02 14:33 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\albumart
2008-03-02 04:54 --------- d-----w C:\Program Files\QuickTime
2008-02-29 20:40 --------- d-----w C:\Program Files\Ipod Video Converter
2008-02-29 02:36 --------- d-----w C:\Program Files\SWFSOFT Flash Compiler & Decompiler
2008-02-29 02:36 --------- d-----w C:\Program Files\SWF To Image
2008-02-27 00:15 --------- d-----w C:\Documents and Settings\Peter van Gurp\Application Data\dvdcss
2008-02-08 03:18 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-01-30 15:43 5,292,066 ----a-w C:\Program Files\hl2 2008-01-30 11-43-20-31.bmp
2008-01-21 00:17 32 ----a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2007-12-29 04:26 113,503 ----a-w C:\Program Files\INSTALL.LOG
2007-12-27 04:42 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLec.DAT
2007-12-27 04:32 20 ---h--w C:\Documents and Settings\All Users.WINDOWS\Application Data\PKP_DLds.DAT
2007-12-14 01:09 38,201 ----a-w C:\Program Files\uninstall.exe
2006-10-26 09:44 2,838,528 ----a-w C:\Program Files\fraps.exe
2006-10-26 09:43 122,880 ----a-w C:\Program Files\frapslcd.dll
2006-10-26 09:43 110,592 ----a-w C:\Program Files\fraps.dll
2006-10-26 08:36 11,066 ----a-w C:\Program Files\changes.txt
2006-10-26 02:44 1,859 ----a-w C:\Program Files\README.HTM
2006-10-21 00:56 56,320 ----a-w C:\Program Files\fraps64.dll
2006-10-21 00:56 293,376 ----a-w C:\Program Files\fraps64.dat
2004-10-01 18:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2007-09-12 14:19 8,784 ----a-w C:\Program Files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-09-12 14:22 245,408 ----a-w C:\Program Files\mozilla firefox\plugins\unicows.dll
.
------- Sigcheck -------
2006-04-20 09:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 13:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2004-08-04 09:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 08:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-02-24 23:54 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-02-24 23:54 360064 482ab7f9cd41702e8f856c11cfefb02d C:\WINDOWS\system32\drivers\TCPIP.SYS
2007-06-13 07:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\explorer.exe
2007-06-13 08:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 09:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 07:23 975360 9784e0719124e4a23989aef9e7ca02d6 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 09:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2008-03-20 10:15 5724184]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 13:24 1694208]
"P2kAutostart"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SsAAD.exe"="C:\PROGRA~1\SONICS~1\SsAAD.exe" [2005-01-24 19:58 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-06-29 00:43 8466432]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-06-29 00:43 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 22:01 71216]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-03-14 22:01 54832]
"LVCOMS"="C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 10:39 98304]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2007-01-26 15:31 259440]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 09:00 15360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSecurityTab"= 1 (0x1)
"NoToolbarCustomize"= 0 (0x0)
"NoTaskMng"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.fraunhoferacm"= l3codecp.acm
"VIDC.JPGL"= jpgl.dll
"vidc.dvsd"= pdvcodec.dll
"msacm.l3fhg"= mp3fhg.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
"vidc.MP42"= MPG4c32..dll
"vidc.MP43"= MPG4c32..dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 18:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 13:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-06-29 00:43 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
-ra------ 2005-05-03 08:38 64512 C:\WINDOWS\system32\P17.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCTAVApp]
--a------ 2007-10-04 16:44 1082664 C:\Program Files\PC Tools AntiVirus\PCTAV.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PremierOpinion]
C:\windows\system32\pmropn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2007-02-27 11:39 1310720 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 04:42 36864 C:\Program Files\mobile PhoneTools\WatchDog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\winlogon.exe]
--a------ 2007-12-03 20:31 790528 C:\Documents and Settings\Peter van Gurp\My Documents\winlogon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\WINDOWS\\system32\\drivers\\etc\\nop9\\WINClock.exe"=
"C:\\Program Files\\Xfire\\xfire.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\garrysmod\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\rwalsh2\\team fortress 2\\hl2.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Documents and Settings\\Peter van Gurp\\My Documents\\winlogon.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\
000.fcl [2007-09-19 22:37]
S3 mamovec;mamovec;C:\WINDOWS\system32\Drivers\mamovec.sys [2005-06-16 19:11]
S3 mamovem;mamovem;C:\WINDOWS\system32\Drivers\mamovem.sys [2005-06-16 19:13]
S3 mamoveu;mamoveu;C:\WINDOWS\system32\DRIVERS\mamoveu.sys [2007-08-13 15:50]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-11-02 14:36]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-22 18:33]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2007-10-10 16:41]
S3 motport;Motorola USB Diagnostic Port;C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 14:18]
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys [2001-09-24 10:42]
S3 xusb20;Xbox 360 Wireless Receiver for Windows Driver Service;C:\WINDOWS\system32\DRIVERS\xusb20.sys [2006-10-13 19:48]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\setup.exe /autorun
\Shell\directx\command - H:\DirectX\dxsetup.exe
\Shell\setup\command - H:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]
\Shell\AutoRun\command - K:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\SETUP.EXE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a0e9e84-0d7f-11dd-a454-00161777a7bf}]
\Shell\AutoRun\command - H:\Startup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{43311404-4402-5425-5052-340321331144}]
C:\Documents and Settings\Peter van Gurp\My Documents\winlogon.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 16:54:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
"2007-09-23 16:54:03 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-27 12:40:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\{95808DC4-FA4A-4C74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\
000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools AntiVirus\PCTAVSvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2008-04-27 13:06:02 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-27 16:05:39
Pre-Run: 97,486,061,568 bytes free
Post-Run: 98,771,779,584 bytes free
657 --- E O F --- 2008-04-21 03:03:51