ComboFix log:
ComboFix 08-08-06.02 - Hassan 2008-08-07 12:01:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2837 [GMT 3:00]
Running from: C:\Documents and Settings\Hassan\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
C:\WINDOWS\system32\eWebControl.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.
2008-08-07 11:22 . 2008-08-07 11:22 <DIR> d-------- C:\Downloads
2008-08-07 10:26 . 2008-08-07 10:26 <DIR> d-------- C:\temp\WPDNSE
2008-08-07 09:13 . 2008-08-07 09:14 <DIR> d-------- C:\temp\{9CFD87BD-8B3A-4880-925F-B6ADA2A6D26C}
2008-08-07 09:11 . 2008-08-07 11:02 <DIR> d-------- C:\temp
2008-08-06 22:44 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-06 22:24 . 2008-08-06 22:24 <DIR> d-------- C:\Program Files\DVDVideoSoft
2008-08-06 22:24 . 2008-08-06 22:28 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
2008-08-06 22:24 . 2002-01-05 15:37 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-08-06 21:56 . 2004-08-04 15:00 180,770 --a--c--- C:\WINDOWS\system32\dllcache\c_20932.nls
2008-08-06 21:55 . 2001-08-17 22:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-08-06 21:55 . 2001-08-17 22:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-08-06 21:55 . 2001-08-17 22:36 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2008-08-06 21:55 . 2001-08-17 22:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-08-06 21:55 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2008-08-06 21:55 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2008-08-06 21:55 . 2001-08-17 14:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2008-08-06 21:55 . 2001-08-17 14:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2008-08-06 21:54 . 2008-04-14 03:09 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-08-06 21:54 . 2001-08-17 14:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2008-08-06 21:54 . 2008-04-14 03:09 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2008-08-06 21:54 . 2001-08-17 14:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-08-06 19:46 . 2008-08-06 19:46 2,111 --a------ C:\ahci64.reg
2008-08-06 17:47 . 2008-08-06 18:54 <DIR> d-------- C:\Program Files\Quick Screen Capture
2008-08-06 17:47 . 2008-08-06 17:47 <DIR> d-------- C:\MyCaptures
2008-08-05 19:11 . 2008-08-05 19:20 <DIR> d-------- C:\Program Files\Netsniffer
2008-08-04 22:55 . 2008-08-04 22:55 <DIR> d-------- C:\Program Files\PerformanceTest
2008-08-04 21:56 . 2008-08-04 21:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA
2008-08-04 16:55 . 2008-08-04 16:55 <DIR> d-------- C:\Program Files\Future Systems Solutions
2008-08-04 16:55 . 2008-08-04 16:55 <DIR> d-------- C:\Documents and Settings\Hassan\Application Data\Future Systems Solutions
2008-08-04 16:55 . 2008-08-04 16:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Future Systems Solutions
2008-08-04 13:51 . 2008-08-04 13:51 <DIR> d-------- C:\WINDOWS\system32\ENU
2008-08-04 13:51 . 2008-05-23 15:26 1,034,776 --a------ C:\WINDOWS\system32\imsmudlg.exe
2008-08-04 13:51 . 2006-11-10 09:25 319,456 --a------ C:\WINDOWS\system32\difxapi.dll
2008-08-04 10:33 . 2008-08-04 10:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-08-03 00:22 . 2008-04-14 03:12 151,552 --a------ C:\WINDOWS\system32\irftp.exe
2008-08-03 00:22 . 2008-04-14 03:12 151,552 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-08-03 00:22 . 2008-04-14 03:11 28,160 --a------ C:\WINDOWS\system32\irmon.dll
2008-08-03 00:22 . 2008-04-14 03:11 28,160 --a--c--- C:\WINDOWS\system32\dllcache\irmon.dll
2008-08-03 00:22 . 2008-04-14 03:12 8,192 --a------ C:\WINDOWS\system32\wshirda.dll
2008-08-03 00:22 . 2008-04-14 03:12 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-08-02 17:50 . 2008-08-06 21:59 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-08-02 17:22 . 2008-04-23 07:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-08-02 17:22 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-08-02 17:22 . 2007-03-08 08:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-08-02 17:22 . 2008-04-23 07:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-08-02 17:22 . 2008-04-23 07:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-08-02 17:22 . 2008-04-23 07:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-08-02 17:22 . 2008-04-23 07:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-08-02 17:22 . 2008-04-23 07:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-08-02 17:22 . 2008-04-22 10:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-08-02 17:10 . 2008-08-04 23:20 <DIR> d-------- C:\64-bit drivers
2008-08-02 17:08 . 2008-06-13 14:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-08-02 17:07 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-08-02 16:21 . 2008-08-02 16:21 13,750 --a------ C:\WINDOWS\system32\wpa.bak
2008-08-02 16:15 . 2004-08-04 15:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2008-08-02 16:14 . 2004-08-04 15:00 187,938 --a--c--- C:\WINDOWS\system32\dllcache\c_20005.nls
2008-08-02 16:13 . 2004-08-04 10:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-08-02 16:13 . 2008-08-02 16:13 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-08-02 16:13 . 2008-08-02 16:13 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-08-02 16:13 . 2008-08-02 16:13 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-08-02 16:13 . 2008-08-02 16:13 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-08-02 16:13 . 2008-08-02 16:13 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-08-02 16:13 . 2008-08-02 16:13 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-08-02 16:12 . 2004-08-04 15:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-08-02 11:39 . 2008-08-07 10:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-01 04:52 . 2008-08-01 04:52 <DIR> d-------- C:\Linksys Skype Phone
2008-08-01 04:06 . 2008-08-07 10:36 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-01 04:06 . 2008-08-01 04:06 <DIR> d-------- C:\Program Files\AVG
2008-08-01 04:06 . 2008-08-01 04:57 <DIR> d-------- C:\Documents and Settings\Hassan\Application Data\AVGTOOLBAR
2008-08-01 04:06 . 2008-08-01 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-08-01 04:06 . 2008-08-01 04:38 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-01 04:06 . 2008-08-01 04:06 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-01 04:06 . 2008-08-01 04:06 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-08-01 04:06 . 2008-08-01 04:06 23,296 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-08-01 04:06 . 2008-08-01 04:06 12,936 --a------ C:\WINDOWS\system32\drivers\avgrkx86.sys
2008-08-01 04:06 . 2008-08-01 04:06 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-01 03:55 . 2008-08-01 05:40 170,042 --a------ C:\WINDOWS\setupapi.old
2008-07-31 17:49 . 2008-07-31 17:49 <DIR> d-------- C:\Deckard
2008-07-31 17:48 . 2008-07-31 17:49 686,630 --a------ C:\Program Files\dss.exe
2008-07-31 17:30 . 2008-07-31 17:30 <DIR> d-------- C:\WINDOWS\ERUNT
2008-07-31 00:59 . 2008-07-26 12:48 195,235 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-07-31 00:17 . 2008-07-31 00:17 <DIR> d-------- C:\Documents and Settings\Hassan\Application Data\Malwarebytes
2008-07-31 00:17 . 2008-07-31 00:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-30 21:40 . 2008-07-30 21:40 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-30 19:49 . 2008-08-01 04:07 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-30 03:14 . 2008-08-06 22:41 <DIR> d-------- C:\Program Files\Panda Security
2008-07-30 03:03 . 2008-07-30 02:55 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-30 02:55 . 2008-07-30 03:04 <DIR> d-------- C:\Documents and Settings\Hassan\.housecall6.6
2008-07-30 01:10 . 2008-07-30 01:21 <DIR> d-------- C:\Documents and Settings\Hassan\Application Data\Download Manager
2008-07-29 15:09 . 2008-08-06 06:01 <DIR> d-------- C:\Program Files\Runtime Software
2008-07-29 11:59 . 2008-07-29 11:59 <DIR> d-------- C:\Program Files\Alex Feinman
2008-07-28 14:50 . 2008-07-28 14:50 <DIR> d-------- C:\WINDOWS\drivers
2008-07-28 14:50 . 2004-08-01 08:09 55,936 --a------ C:\WINDOWS\system32\drivers\ousb2hub.sys
2008-07-28 14:50 . 2004-08-01 08:09 44,928 --a------ C:\WINDOWS\system32\drivers\ousbehci.sys
2008-07-28 14:50 . 2004-09-01 14:30 9,984 --a------ C:\WINDOWS\system32\drivers\o1394b.sys
2008-07-27 22:36 . 2008-07-23 15:24 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-07-27 22:36 . 2008-07-26 12:48 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-07-27 22:36 . 2008-08-07 11:52 189,256 --a------ C:\WINDOWS\system32\nvapps.xml
2008-07-27 22:36 . 2008-07-26 12:48 18,335 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-07-27 22:31 . 2008-07-27 22:31 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-27 20:44 . 2008-07-27 20:44 <DIR> d-------- C:\Program Files\Pro Imaging Powertoys
2008-07-26 20:47 . 2008-07-26 20:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Application
2008-07-25 17:54 . 2008-07-25 17:54 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-07-25 17:54 . 2008-07-25 17:54 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-07-25 17:49 . 2008-07-25 17:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-07-25 17:27 . 2008-07-25 18:41 <DIR> d-------- C:\Program Files\Nokia
2008-07-25 17:27 . 2008-07-25 17:27 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-07-25 17:27 . 2008-07-25 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-07-25 17:27 . 2008-05-07 07:39 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-07-25 17:27 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-07-25 17:27 . 2008-05-07 07:38 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-07-25 17:27 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-07-25 17:27 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-07-25 17:27 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-07-25 17:27 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-07-25 14:39 . 2008-07-25 14:41 <DIR> d-------- C:\Program Files\DAZ
2008-07-25 14:35 . 2008-07-25 14:35 <DIR> d-------- C:\Program Files\Common Files\DAZ
2008-07-23 20:03 . 2008-07-23 20:03 <DIR> d-------- C:\Garmin
2008-07-22 15:26 . 2008-07-22 15:26 52 --a------ C:\WINDOWS\MediaGUI.INI
2008-07-22 06:44 . 2008-07-22 06:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-22 06:44 . 2008-08-02 17:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-22 06:37 . 2008-07-22 06:37 <DIR> d-------- C:\Program Files\IObit
2008-07-21 22:22 . 2008-07-21 22:22 <DIR> d-------- C:\Program Files\GnuWin32
2008-07-21 13:15 . 2008-07-21 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Memeo
2008-07-21 12:53 . 2008-07-21 12:53 364,544 --a------ C:\WINDOWS\system32\WDBtnMgr.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 08:58 --------- d-----w C:\Program Files\Trillian
2008-08-06 17:43 --------- d-----w C:\Documents and Settings\Hassan\Application Data\OpenOffice.org2
2008-08-06 02:48 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 02:48 --------- d-----w C:\Program Files\NEC DISPLAY SOLUTIONS
2008-08-04 18:31 --------- d-----w C:\Program Files\Datacolor
2008-08-04 10:36 16,608 ----a-w C:\WINDOWS\gdrv.sys
2008-08-04 09:48 --------- d-----w C:\Program Files\Intel
2008-08-04 07:48 --------- d-----w C:\Program Files\GIGABYTE
2008-08-04 07:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-31 07:21 79,960 ----a-w C:\WINDOWS\system32\drivers\jraid.sys
2008-07-30 22:19 --------- d-----w C:\Program Files\Java
2008-07-28 15:35 --------- d-----w C:\Documents and Settings\Hassan\Application Data\Skype
2008-07-28 15:31 --------- d-----w C:\Documents and Settings\Hassan\Application Data\skypePM
2008-07-27 22:28 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2008-07-26 18:41 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
2008-07-22 19:36 --------- d-----w C:\Program Files\Beyond Compare 2
2008-07-21 12:41 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-07-21 10:43 --------- d-----w C:\Program Files\Western Digital Technologies
2008-07-17 18:14 --------- d-----w C:\Program Files\Common Files\Nikon
2008-07-12 08:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-06 11:56 --------- d-----w C:\Program Files\AnswersThatWork
2008-07-06 07:31 --------- d-----w C:\Program Files\QuickTime
2008-07-06 07:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-06 06:47 --------- d-----w C:\Program Files\Skype
2008-07-06 06:47 --------- d-----w C:\Program Files\Common Files\Skype
2008-07-06 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-07-06 06:42 --------- d-----w C:\Program Files\TjInit Utility
2008-07-05 12:53 --------- d-----w C:\Program Files\OpenOffice.org 2.4
2008-07-05 07:36 --------- d-----w C:\Documents and Settings\Hassan\Application Data\MailFrontier
2008-07-05 07:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-07-05 06:10 --------- d-----w C:\Program Files\MailFrontier
2008-07-04 14:44 --------- d-----w C:\Program Files\SiSoftware
2008-07-04 08:44 --------- d-----w C:\Program Files\BreezeSys
2008-07-04 08:12 --------- d-----w C:\Program Files\Common Files\Java
2008-07-02 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-02 16:39 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-07-02 16:28 --------- d-----w C:\Program Files\CCleaner
2008-07-02 08:56 --------- d-----w C:\Program Files\DIFX
2008-07-02 07:15 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2008-07-02 07:15 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_Spyder3_01001.Wdf
2008-07-02 05:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-02 04:59 --------- d-----w C:\Program Files\Bonjour
2008-07-02 04:54 --------- d-----w C:\Program Files\Common Files\Macrovision Shared
2008-07-01 21:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-07-01 21:39 --------- d-----w C:\Program Files\MSXML 4.0
2008-07-01 20:57 --------- d-----w C:\Documents and Settings\Hassan\Application Data\Nikon
2008-06-28 11:34 815,104 ----a-w C:\Program Files\HWMonitor.exe
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-08 16:12 --------- d-----w C:\Documents and Settings\Hassan\Application Data\Scooter Software
2008-06-06 15:42 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
2008-05-31 05:57 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-05-31 05:48 558,142 ----a-w C:\WINDOWS\java\Packages\N3F5B179.ZIP
2008-05-31 05:48 155,995 ----a-w C:\WINDOWS\java\Packages\7N3JBLZR.ZIP
2008-05-16 11:01 313,888 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2007-04-28 20:49 610,304 ----a-w C:\Program Files\SmartEdge.exe
2007-01-09 16:09 2,812,575 ----a-w C:\Program Files\exiftool.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 03:12 1695232]
"Matador"="C:\PROGRA~1\MAILFR~1\mantispm.exe" [2006-01-20 10:44 894544]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 03:12 15360]
"Zinio DLM"="C:\Program Files\Zinio\ZinioReader.exe" [2008-05-01 01:48 3874886]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-07-26 12:48 13570048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-01 04:38 1235736]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 17:41 178712]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-07-26 12:48 86016]
"nwiz"="nwiz.exe" [2008-07-26 12:48 1657376 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 03:12 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:12 15360]
C:\Documents and Settings\Hassan\Start Menu\Programs\Startup\
Trillian.lnk - C:\Program Files\Trillian\trillian.exe [2008-05-19 1873280]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Spyder3Utility.lnk - C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe [2008-03-19 17:06:30 6333954]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dhcpmon32]
2004-07-09 17:59 10752 C:\WINDOWS\system32\dhcpmon32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII.SP2c\\RpcAgentSrv.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"Y:\\Old Drive G - New Volume\\emule mod\\emule\\eMule.exe"=
"C:\\Documents and Settings\\Hassan\\Application Data\\MediaServerDump\\LiveUpdate\\OLUpdate.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home XII.SP2c\\WNt500x86\\RpcSandraSrv.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3676:TCP"= 3676:TCP:messenger
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R0 AvgRkx86;avgrkx86.sys;C:\WINDOWS\system32\Drivers\avgrkx86.sys [2008-08-01 04:06]
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-01 04:38]
R1 vcdrom;Virtual CD-ROM Device Driver;Y:\Old Drive D - XPSP2\WINDOWS\system32\drivers\VCdRom.sys [2001-12-19 12:45]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-01 04:38]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-01 04:38]
R2 avgfws8;AVG8 Firewall;C:\PROGRA~1\AVG\AVG8\avgfws8.exe [2008-08-01 04:38]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-01 04:06]
R2 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe [2008-04-23 18:55]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-01 04:06]
R3 DCSCUSB;Spectrocolorimeter Driver (dcscusb.sys);C:\WINDOWS\system32\Drivers\dcscusb.sys [2006-06-13 09:15]
R3 Spyder3;Datacolor Spyder3;C:\WINDOWS\system32\DRIVERS\Spyder3.sys [2007-11-06 12:08]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-08-01 04:06]
S3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\@BIOS\markfun.w32 [2007-08-21 19:49]
S3 NDSPCIIO;NDSPCIIO;C:\WINDOWS\system32\DRIVERS\NDSPCIIO.SYS []
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2006-09-07 21:16]
S4 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2004-08-01 08:09]
S4 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2004-08-01 08:09]
S4 TJUSBDEV;TJUSBDEV.Sys TjgerJet USB Device Driver;C:\WINDOWS\system32\Drivers\TJUSBDEV.sys [2003-08-14 16:23]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\W]
\Shell\AutoRun\command - W:\autorun.exe
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Hassan\Application Data\Mozilla\Firefox\Profiles\r8bkycz5.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FireFox -: prefs.js - STARTUP.HOMEPAGE -
hxxp://cm.my.yahoo.com/**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-07 12:02:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MarkFun_NT]
"ImagePath"="\??\C:\Program Files\Gigabyte\@BIOS\markfun.w32"
.
Completion time: 2008-08-07 12:02:42
ComboFix-quarantined-files.txt 2008-08-07 09:02:40
Pre-Run: 42,997,878,784 bytes free
Post-Run: 42,980,708,352 bytes free
305 --- E O F --- 2008-08-02 18:26:47
HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:04:31 PM, on 8/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Matador] "C:\PROGRA~1\MAILFR~1\mantispm.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Zinio DLM] C:\Program Files\Zinio\ZinioReader.exe /autostart
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
O4 - Global Startup: Spyder3Utility.lnk = C:\Program Files\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
O8 - Extra context menu item: Download all with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager -
file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager -
file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 7684064475O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/f ... wflash.cabO18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: dhcpmon32 - C:\WINDOWS\SYSTEM32\dhcpmon32.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home XII.SP2c\RpcAgentSrv.exe
--
End of file - 7915 bytes