Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.231 [GMT -6:00]
Running from: c:\documents and settings\brothers\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\brothers\My Documents\cfscript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\brothers\Application Data\uTorrent
c:\documents and settings\brothers\Application Data\uTorrent\Alcohol 120% [Black] - HeartBug.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Angry Beavers.torrent
c:\documents and settings\brothers\Application Data\uTorrent\DC - Sonic Adventure 2.torrent
c:\documents and settings\brothers\Application Data\uTorrent\De Facto - Discography (3 Albums).torrent
c:\documents and settings\brothers\Application Data\uTorrent\Dexter's Lab Seasons 1-4.torrent
c:\documents and settings\brothers\Application Data\uTorrent\dht.dat
c:\documents and settings\brothers\Application Data\uTorrent\dht.dat.old
c:\documents and settings\brothers\Application Data\uTorrent\F. Scott Fitzgerald - The Great Gatsby.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Gundam Wing Episodes 1-49.torrent
c:\documents and settings\brothers\Application Data\uTorrent\In.Cold.Blood[1967]DvDrip[Eng].avi.torrent
c:\documents and settings\brothers\Application Data\uTorrent\King Crimson - Starless And Bible Black.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Live At The House Of Blues.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Magic.ISO.Maker.v5.0.Build.0166.WinAll.Cracked-CTi.torrent
c:\documents and settings\brothers\Application Data\uTorrent\MagicISO Maker 5.4 + Serial.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Marvel vs Capcom 2 [PLAYSTATION 2-ISO].rar.torrent
c:\documents and settings\brothers\Application Data\uTorrent\MARVEL vs. CAPCOM 2 (U) [CDI].torrent
c:\documents and settings\brothers\Application Data\uTorrent\Omar Rodriguez - Lopez - Calibration (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\brothers\Application Data\uTorrent\PowerISO.v4.1.Incl.Keymaker-AGAiN.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Primus - Pork Soda.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Queens_of_the_Stone_Age-Era_Vulgaris-2CD-(Limited_Edition_2CD)-2008-JUST.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Registry.Mechanic.v8.0.0.900.Incl.Keygen.Patch-FFF.zip.torrent
c:\documents and settings\brothers\Application Data\uTorrent\resume.dat
c:\documents and settings\brothers\Application Data\uTorrent\resume.dat.old
c:\documents and settings\brothers\Application Data\uTorrent\rss.dat
c:\documents and settings\brothers\Application Data\uTorrent\rss.dat.old
c:\documents and settings\brothers\Application Data\uTorrent\Sailing The Seas Of Cheese.torrent
c:\documents and settings\brothers\Application Data\uTorrent\settings.dat
c:\documents and settings\brothers\Application Data\uTorrent\settings.dat.old
c:\documents and settings\brothers\Application Data\uTorrent\Spiderman TAS (All 5 Seasons) 1994 The Animated Series spider-man.torrent
c:\documents and settings\brothers\Application Data\uTorrent\System Mechanic 8.0.0.18 Professional-MasterUploader.torrent
c:\documents and settings\brothers\Application Data\uTorrent\The Great Gatsby[1974]DvDrip[720x576]AC3[6ch][Eng]-RHooD.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Thrice-If_We_Could_Only_See_Us_Now-2005-KzT.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Thrice-Red_Sky-(EP)-2006-h8me.zip.torrent
c:\documents and settings\brothers\Application Data\uTorrent\Truman Capote - In Cold Blood - Unabridged Audio Book (64).torrent
c:\documents and settings\brothers\Application Data\uTorrent\UtopiaALL.torrent
c:\documents and settings\brothers\Application Data\uTorrent\utorrent.lng
c:\program files\uTorrent
c:\program files\uTorrent\uTorrent.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-19 to 2008-12-19 )))))))))))))))))))))))))))))))
.
2008-12-17 20:54 . 2008-12-17 20:54 <DIR> d-------- c:\program files\PowerISO
2008-12-15 21:42 . 2008-12-15 21:43 <DIR> d-------- C:\Dev-Cpp
2008-12-09 22:38 . 2008-12-10 00:23 345 --a------ c:\windows\gmer.ini
2008-12-08 22:30 . 2008-12-08 22:31 <DIR> d-------- C:\rsit
2008-12-07 17:29 . 2008-12-07 17:29 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-07 17:17 . 2008-12-07 17:17 <DIR> d-------- c:\program files\NOS
2008-12-07 17:17 . 2008-12-07 19:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-11-30 19:37 . 2008-11-30 19:37 <DIR> d-------- c:\program files\Trend Micro
2008-11-25 21:10 . 2008-11-25 21:10 <DIR> d-------- c:\program files\Windows Installer Clean Up
2008-11-25 21:10 . 2008-11-25 21:10 <DIR> d-------- c:\program files\MSECACHE
2008-11-23 00:21 . 2008-11-23 00:21 <DIR> d-------- c:\program files\Project64 1.6
2008-11-22 18:18 . 1998-06-24 02:00 164,144 --a------ c:\windows\system32\comct232.ocx
2008-11-22 18:18 . 2008-11-26 20:05 119,296 --a------ c:\windows\system32\zlib.dll
2008-11-22 18:18 . 2000-12-06 03:00 109,248 --a------ c:\windows\system32\mswinsck.ocx
2008-11-22 18:18 . 2008-01-13 17:36 91,632 --a------ c:\windows\system32\dsofile.dll
2008-11-22 18:18 . 1998-06-18 01:00 89,360 --a------ c:\windows\system32\VB5DB.DLL
2008-11-22 18:18 . 2007-04-04 19:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2008-11-22 18:18 . 1999-05-17 14:55 57,344 --------- c:\windows\system32\ADsSecurity.dll
2008-11-22 18:18 . 2002-08-09 12:18 45,056 --------- c:\windows\system32\NTSVC.ocx
2008-11-22 18:18 . 2003-01-26 14:41 40,960 --a------ c:\windows\system32\SSubTmr6.dll
2008-11-22 18:18 . 2008-01-13 20:59 36,864 --a------ c:\windows\system32\dxinputdll.dll
2008-11-22 17:43 . 2008-11-22 18:39 <DIR> d-------- c:\program files\Counter-Strike 1.6
2008-11-22 17:32 . 2008-11-22 17:32 <DIR> d-------- c:\program files\directx
2008-11-22 17:24 . 2008-11-22 17:24 <DIR> d-------- c:\program files\Fox
2008-11-22 13:08 . 2008-11-22 13:08 <DIR> d-------- c:\program files\LiveUpdate
2008-11-22 13:07 . 2008-04-13 13:45 26,112 --a------ c:\windows\system32\drivers\usbser.sys
2008-11-22 13:07 . 2008-04-13 13:45 26,112 --a------ c:\windows\system32\dllcache\usbser.sys
2008-11-22 13:06 . 2008-11-22 13:07 <DIR> d-------- c:\program files\mobile PhoneTools
2008-11-22 13:06 . 2008-11-22 13:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2008-11-22 11:19 . 2008-11-22 11:19 <DIR> d-------- c:\program files\Microsoft Works
2008-11-22 11:14 . 2008-11-22 11:14 <DIR> d-------- c:\program files\Microsoft.NET
2008-11-22 11:06 . 2008-11-22 11:16 <DIR> d-------- c:\windows\SHELLNEW
2008-11-22 09:51 . 2005-10-29 05:12 29,384 --a------ c:\windows\system32\mdimon.dll
2008-11-22 09:11 . 2008-11-22 09:23 <DIR> d-------- c:\program files\MagicISO
2008-11-22 00:46 . 2008-11-22 00:46 0 --ah----- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-11-22 00:32 . 2008-11-22 00:32 0 --ah----- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-11-22 00:21 . 2008-11-22 00:21 <DIR> d-------- c:\program files\Common Files\Motorola Shared
2008-11-22 00:21 . 2006-11-13 15:45 1,419,232 --a------ c:\windows\system32\wdfcoinstaller01005.dll
2008-11-22 00:21 . 2007-06-18 15:18 23,680 --a------ c:\windows\system32\drivers\motmodem.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-16 04:42 --------- d-----w c:\documents and settings\brothers\Application Data\Dev-Cpp
2008-12-15 04:03 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-09 00:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-12-07 23:27 --------- d-----w c:\program files\Common Files\Adobe
2008-12-04 01:52 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-04 01:52 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-12-01 04:00 --------- d-----w c:\documents and settings\brothers\Application Data\Desktopicon
2008-12-01 02:20 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-28 00:39 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 04:37 21,840 ----atw c:\windows\system32\SIntfNT.dll
2008-11-23 04:37 17,212 ----atw c:\windows\system32\SIntf32.dll
2008-11-23 04:37 12,067 ----atw c:\windows\system32\SIntf16.dll
2008-11-22 17:18 --------- d-----w c:\program files\MSBuild
2008-11-22 17:09 --------- d-----w c:\program files\Microsoft Visual Studio 8
2008-11-22 15:41 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-15 01:17 --------- d-----w c:\documents and settings\Guest\Application Data\Malwarebytes
2008-11-14 23:08 --------- d-----w c:\program files\Hp
2008-11-14 04:45 --------- d-----w c:\program files\Windows Media Connect 2
2008-11-12 05:16 --------- d-----w c:\program files\MSXML 4.0
2008-11-11 07:39 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-10 05:47 --------- d-----w c:\program files\Common Files\DirectX
2008-11-10 05:19 --------- d-----w c:\documents and settings\brothers\Application Data\iolo
2008-11-10 04:30 --------- d-----w c:\program files\WinAce
2008-11-10 04:07 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2008-11-10 04:03 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-11-02 01:39 --------- d-----w c:\documents and settings\brothers\Application Data\Move Networks
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-17 08:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 20:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 20:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-20 02:54 1,211 ----a-w c:\documents and settings\brothers\volume.exe
2008-09-20 02:53 1,211 ----a-w C:\volume.exe
1997-10-16 15:42 45,568 -c--a-w c:\documents and settings\ENGLISH\setup.exe
1996-12-19 22:03 6,128 -c--a-w c:\documents and settings\ENGLISH\_setup.dll
2007-05-23 00:14 8,784 ----a-w c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-05-23 00:17 245,408 ----a-w c:\program files\mozilla firefox\plugins\unicows.dll
2008-08-31 00:37 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008083020080831\index.dat
.
((((((((((((((((((((((((((((( snapshot@2008-12-14_21.45.00.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-26 07:24:28 124,928 -c----w c:\windows\ie7updates\KB958215-IE7\advpack.dll
+ 2008-08-26 07:24:28 347,136 -c----w c:\windows\ie7updates\KB958215-IE7\dxtmsft.dll
+ 2008-08-26 07:24:28 214,528 -c----w c:\windows\ie7updates\KB958215-IE7\dxtrans.dll
+ 2008-08-26 07:24:28 133,120 -c----w c:\windows\ie7updates\KB958215-IE7\extmgr.dll
+ 2008-08-26 07:24:28 63,488 -c----w c:\windows\ie7updates\KB958215-IE7\icardie.dll
+ 2008-08-25 08:37:59 70,656 -c----w c:\windows\ie7updates\KB958215-IE7\ie4uinit.exe
+ 2008-08-26 07:24:28 153,088 -c----w c:\windows\ie7updates\KB958215-IE7\ieakeng.dll
+ 2008-08-26 07:24:28 230,400 -c----w c:\windows\ie7updates\KB958215-IE7\ieaksie.dll
+ 2008-08-23 05:54:51 161,792 -c----w c:\windows\ie7updates\KB958215-IE7\ieakui.dll
+ 2008-08-26 07:24:28 383,488 -c----w c:\windows\ie7updates\KB958215-IE7\ieapfltr.dll
+ 2008-08-26 07:24:29 384,512 -c----w c:\windows\ie7updates\KB958215-IE7\iedkcs32.dll
+ 2008-10-03 17:41:15 6,066,176 -c----w c:\windows\ie7updates\KB958215-IE7\ieframe.dll
+ 2008-08-26 07:24:29 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\iernonce.dll
+ 2008-08-26 07:24:29 267,776 -c----w c:\windows\ie7updates\KB958215-IE7\iertutil.dll
+ 2008-08-25 08:38:00 13,824 -c----w c:\windows\ie7updates\KB958215-IE7\ieudinit.exe
+ 2008-08-23 05:56:15 635,848 -c----w c:\windows\ie7updates\KB958215-IE7\iexplore.exe
+ 2008-08-26 07:24:30 27,648 -c----w c:\windows\ie7updates\KB958215-IE7\jsproxy.dll
+ 2008-08-26 07:24:30 459,264 -c----w c:\windows\ie7updates\KB958215-IE7\msfeeds.dll
+ 2008-08-26 07:24:30 52,224 -c----w c:\windows\ie7updates\KB958215-IE7\msfeedsbs.dll
+ 2008-08-27 08:24:32 3,593,216 -c----w c:\windows\ie7updates\KB958215-IE7\mshtml.dll
+ 2008-08-26 07:24:30 477,696 -c----w c:\windows\ie7updates\KB958215-IE7\mshtmled.dll
+ 2008-08-26 07:24:30 193,024 -c----w c:\windows\ie7updates\KB958215-IE7\msrating.dll
+ 2008-08-26 07:24:30 671,232 -c----w c:\windows\ie7updates\KB958215-IE7\mstime.dll
+ 2008-08-26 07:24:30 102,912 -c----w c:\windows\ie7updates\KB958215-IE7\occache.dll
+ 2008-08-26 07:24:30 44,544 -c----w c:\windows\ie7updates\KB958215-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB958215-IE7\spuninst\updspapi.dll
+ 2008-08-26 07:24:30 105,984 -c----w c:\windows\ie7updates\KB958215-IE7\url.dll
+ 2008-08-26 07:24:31 1,159,680 -c----w c:\windows\ie7updates\KB958215-IE7\urlmon.dll
+ 2008-08-26 07:24:31 233,472 -c----w c:\windows\ie7updates\KB958215-IE7\webcheck.dll
+ 2008-08-26 07:24:31 826,368 -c----w c:\windows\ie7updates\KB958215-IE7\wininet.dll
- 2008-11-23 22:44:52 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-12-15 04:03:04 1,165,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-11-23 22:44:53 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-12-15 04:03:04 20,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-11-23 22:44:53 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-12-15 04:03:04 159,504 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-11-23 22:44:53 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-12-15 04:03:04 184,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-11-23 22:44:53 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-12-15 04:03:04 217,864 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-11-23 22:44:53 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-12-15 04:03:05 18,704 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-11-23 22:44:53 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-12-15 04:03:05 35,088 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-11-23 22:44:53 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-12-15 04:03:04 845,584 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-11-23 22:44:53 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-12-15 04:03:04 922,384 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-11-23 22:44:53 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-12-15 04:03:04 272,648 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-11-23 22:44:53 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-12-15 04:03:05 888,080 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-11-23 22:44:52 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-15 04:03:04 1,172,240 ----a-r c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-08-26 07:24:28 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-08-26 07:24:28 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-10-16 20:38:34 124,928 ------w c:\windows\system32\dllcache\advpack.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dllcache\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\dllcache\extmgr.dll
- 2008-08-26 07:24:28 63,488 ------w c:\windows\system32\dllcache\icardie.dll
+ 2008-10-16 20:38:35 63,488 ------w c:\windows\system32\dllcache\icardie.dll
- 2008-08-26 07:24:28 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-08-26 07:24:28 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ------w c:\windows\system32\dllcache\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ------w c:\windows\system32\dllcache\ieframe.dll
- 2008-08-26 07:24:29 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-08-26 07:24:29 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ------w c:\windows\system32\dllcache\iertutil.dll
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\dllcache\jsproxy.dll
- 2006-10-19 01:03:58 100,864 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2008-06-18 07:09:22 100,864 ----a-w c:\windows\system32\dllcache\logagent.exe
- 2008-08-26 07:24:30 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ------w c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ------w c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\dllcache\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\dllcache\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\dllcache\mstime.dll
- 2008-08-26 07:24:30 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\dllcache\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\dllcache\pngfilt.dll
- 2008-08-26 07:24:30 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-10-16 20:38:39 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\dllcache\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\dllcache\urlmon.dll
- 2008-08-26 07:24:31 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\dllcache\wininet.dll
- 2006-10-19 02:47:20 937,984 -c--a-w c:\windows\system32\dllcache\WMNetMgr.dll
+ 2008-06-18 11:03:08 938,496 ----a-w c:\windows\system32\dllcache\WMNetmgr.dll
- 2006-10-19 02:47:22 2,450,944 ----a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\system32\dllcache\WMVCore.dll
- 2008-08-26 07:24:28 347,136 ----a-w c:\windows\system32\dxtmsft.dll
+ 2008-10-16 20:38:34 347,136 ----a-w c:\windows\system32\dxtmsft.dll
- 2008-08-26 07:24:28 214,528 ----a-w c:\windows\system32\dxtrans.dll
+ 2008-10-16 20:38:34 214,528 ----a-w c:\windows\system32\dxtrans.dll
- 2008-08-26 07:24:28 133,120 ----a-w c:\windows\system32\extmgr.dll
+ 2008-10-16 20:38:35 133,120 ----a-w c:\windows\system32\extmgr.dll
- 2008-08-26 07:24:28 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-08-25 08:37:59 70,656 ----a-w c:\windows\system32\ie4uinit.exe
+ 2008-10-16 13:11:09 70,656 ----a-w c:\windows\system32\ie4uinit.exe
- 2008-08-26 07:24:28 153,088 ----a-w c:\windows\system32\ieakeng.dll
+ 2008-10-16 20:38:35 153,088 ----a-w c:\windows\system32\ieakeng.dll
- 2008-08-26 07:24:28 230,400 ----a-w c:\windows\system32\ieaksie.dll
+ 2008-10-16 20:38:35 230,400 ----a-w c:\windows\system32\ieaksie.dll
- 2008-08-23 05:54:51 161,792 ----a-w c:\windows\system32\ieakui.dll
+ 2008-10-15 07:04:53 161,792 ----a-w c:\windows\system32\ieakui.dll
- 2008-08-26 07:24:28 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-08-26 07:24:29 384,512 ----a-w c:\windows\system32\iedkcs32.dll
+ 2008-10-16 20:38:35 384,512 ----a-w c:\windows\system32\iedkcs32.dll
- 2008-10-03 17:41:15 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
- 2008-08-26 07:24:29 44,544 ----a-w c:\windows\system32\iernonce.dll
+ 2008-10-16 20:38:37 44,544 ----a-w c:\windows\system32\iernonce.dll
- 2008-08-26 07:24:29 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-08-25 08:38:00 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-08-26 07:24:30 27,648 ----a-w c:\windows\system32\jsproxy.dll
+ 2008-10-16 20:38:37 27,648 ----a-w c:\windows\system32\jsproxy.dll
- 2006-10-19 01:03:58 100,864 ----a-w c:\windows\system32\logagent.exe
+ 2008-06-18 07:09:22 100,864 ----a-w c:\windows\system32\logagent.exe
- 2008-08-26 07:24:30 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-08-26 07:24:30 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-08-27 08:24:32 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2008-10-17 08:08:40 3,593,216 ----a-w c:\windows\system32\mshtml.dll
- 2008-08-26 07:24:30 477,696 ----a-w c:\windows\system32\mshtmled.dll
+ 2008-10-16 20:38:38 477,696 ----a-w c:\windows\system32\mshtmled.dll
- 2008-08-26 07:24:30 193,024 ----a-w c:\windows\system32\msrating.dll
+ 2008-10-16 20:38:38 193,024 ----a-w c:\windows\system32\msrating.dll
- 2008-08-26 07:24:30 671,232 ----a-w c:\windows\system32\mstime.dll
+ 2008-10-16 20:38:39 671,232 ----a-w c:\windows\system32\mstime.dll
- 2008-08-26 07:24:30 102,912 ----a-w c:\windows\system32\occache.dll
+ 2008-10-16 20:38:39 102,912 ----a-w c:\windows\system32\occache.dll
- 2008-08-26 07:24:30 44,544 ----a-w c:\windows\system32\pngfilt.dll
+ 2008-10-16 20:38:39 44,544 ----a-w c:\windows\system32\pngfilt.dll
- 2008-07-08 13:02:01 17,272 ------w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-04-14 00:12:38 60,416 ------w c:\windows\system32\tzchange.exe
+ 2008-10-23 10:06:59 62,976 ------w c:\windows\system32\tzchange.exe
- 2008-08-26 07:24:30 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-08-26 07:24:31 1,159,680 ----a-w c:\windows\system32\urlmon.dll
+ 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-08-26 07:24:31 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-08-26 07:24:31 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
- 2006-10-19 02:47:20 937,984 ----a-w c:\windows\system32\WMNetMgr.dll
+ 2008-06-18 11:03:08 938,496 ----a-w c:\windows\system32\WMNetmgr.dll
- 2006-10-19 02:47:22 2,450,944 ----a-w c:\windows\system32\wmvcore.dll
+ 2008-06-18 11:03:14 2,458,112 ----a-w c:\windows\system32\WMVCore.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Google Update"="c:\documents and settings\brothers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-14 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 c:\windows\AGRSMMSG.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-10-04 113664]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run Registration Tool.lnk]
backup=c:\windows\pss\Run Registration Tool.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 12:39 1289000 c:\program files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 c:\program files\Hp\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2008-08-04 15:22 160800 c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-03-24 21:52 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WatchDog]
--------- 2004-08-14 04:42 36864 c:\program files\mobile PhoneTools\WatchDog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-04 98304]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2008-07-31 33792]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-07 33752]
S3 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe []
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys [2008-11-14 38496]
S3 MSHUSBVideo;NX6000/NX3000/VX5000/VX5500/VX7000 Filter Driver;c:\windows\system32\Drivers\nx6000.sys [2008-07-24 33808]
S3 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-04 118784]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe []
S3 u2kg54;BUFFALO WLI-U2-KG54 Wireless LAN Adapter Service;c:\windows\system32\DRIVERS\rt2500usb.sys [2008-09-03 139904]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8cfb34e-9723-11dd-84ad-001500248aec}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2008-10-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-18 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\brothers\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-14 22:32]
2008-12-19 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1033
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Google Search
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages
IE: Translate into English
FF - ProfilePath - c:\documents and settings\brothers\Application Data\Mozilla\Firefox\Profiles\egr4pvdx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\documents and settings\brothers\Local Settings\Application Data\Google\Update\1.2.131.27\npGoogleOneClick6.dll
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-19 01:34:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-19 1:36:35
ComboFix-quarantined-files.txt 2008-12-19 07:36:12
ComboFix2.txt 2008-12-15 03:48:21
Pre-Run: 16,515,674,112 bytes free
Post-Run: 16,501,600,256 bytes free
468 --- E O F --- 2008-12-15 04:04:30
and the scan took maybe 5 minutes, it didnt reboot, the only thing weird was the tool bar going away and all my shortcuts, dissapeared, then came back, just like last time, but im sure its normal