COMBOFIX LOG (appears the computer's date and time is now messed up - interesting):
ComboFix 09-04-30.05 - anand 03/23/2006 0:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3070.2607 [GMT -5:00]
Running from: c:\documents and settings\anand\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Outdated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\f23567.dat
c:\windows\system32\msblcd32.dll
.
((((((((((((((((((((((((( Files Created from 2006-02-23 to 2006-03-23 )))))))))))))))))))))))))))))))
.
2009-04-21 05:51 . 2009-04-21 06:34 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-21 05:51 . 2009-04-21 05:52 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-21 04:59 . 2009-04-21 04:59 -------- d-----w c:\program files\Unlocker
2009-04-21 02:02 . 2009-04-21 03:40 -------- d-----w c:\windows\BDOSCAN8
2009-04-20 03:50 . 2006-03-23 05:06 -------- d-----w c:\program files\Lavasoft
2009-04-17 16:10 . 2009-04-17 16:10 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-17 04:42 . 2009-04-17 04:42 2 ---h--w c:\windows\t55ft2832f44.dat
2009-04-17 04:42 . 2009-04-17 04:42 2 ---h--w c:\windows\t55ft2803f44.dat
2009-04-17 02:42 . 2009-04-17 02:42 2 ---h--w c:\windows\t55ft2772f44.dat
2009-04-15 15:27 . 2009-04-15 15:27 410984 ----a-w c:\windows\system32\deploytk.dll
2009-04-05 17:35 . 2009-04-05 17:35 -------- d-----w c:\documents and settings\anand\Local Settings\Application Data\Google
2009-04-03 17:30 . 2009-04-03 17:30 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-03 16:27 . 2009-04-03 16:28 -------- dc-h--w c:\windows\ie8
2009-04-03 16:24 . 2009-02-28 04:55 105984 -c--a-w c:\windows\system32\dllcache\iecompat.dll
2009-04-03 15:22 . 2009-04-03 15:29 -------- d-----w c:\documents and settings\anand\Application Data\RegTool
2009-03-23 21:27 . 2009-03-24 17:20 -------- d-----w c:\program files\Jazz_Guitar_Solos_Vol_1-4
2009-03-23 21:27 . 2009-03-23 21:27 -------- d-----w c:\program files\Roland
2009-03-23 21:26 . 2009-03-23 21:26 -------- d-----w c:\program files\PowerTracks DirectX Plugins
2009-03-23 21:02 . 2009-03-28 18:12 -------- d-----w c:\program files\bb
2009-03-22 23:25 . 2009-03-22 23:25 -------- d-----w c:\program files\Common Files\Native Instruments
2009-03-22 23:25 . 2009-03-22 23:25 -------- d-----w c:\program files\Common Files\Digidesign
2009-03-22 18:10 . 2009-03-22 18:10 -------- d-----w c:\program files\7-Zip
2009-03-10 17:08 . 2009-03-10 17:08 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-03-10 00:00 . 2009-03-10 00:00 -------- d-sh--w c:\documents and settings\anand\IECompatCache
2009-03-06 01:26 . 2009-03-06 01:26 -------- d-sh--w c:\documents and settings\anand\PrivacIE
2009-03-06 01:26 . 2009-03-06 01:26 -------- d-sh--w c:\documents and settings\anand\IETldCache
2009-03-05 16:01 . 2009-04-03 15:23 -------- d-----w c:\windows\ie8updates
2009-03-02 00:10 . 2009-03-03 04:35 -------- d-----w c:\documents and settings\anand\Application Data\U3
2009-02-25 16:50 . 2009-03-13 05:45 -------- d-----w c:\documents and settings\anand\Application Data\dvdcss
2009-02-23 20:49 . 2009-02-23 20:49 -------- d-----w c:\documents and settings\anand\Application Data\FLV Extract
2009-02-22 04:50 . 2009-02-22 04:50 -------- d-----w c:\documents and settings\anand\Application Data\Antares
2009-02-22 04:50 . 2009-03-29 05:52 -------- d-----w c:\program files\Antares Audio Technologies
2009-02-22 04:50 . 2003-06-20 18:28 1777664 ----a-w c:\windows\system32\gdiplus.dll
2009-02-15 20:07 . 2009-02-15 22:15 -------- d-----w c:\documents and settings\anand\Application Data\vlc
2009-02-15 20:06 . 2009-02-15 20:06 -------- d-----w c:\program files\VideoLAN
2009-02-03 19:12 . 2009-02-03 19:12 -------- d-----w c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-02-03 19:12 . 2009-02-03 19:12 -------- d-----w c:\program files\NCH Software
2009-02-03 19:12 . 2009-02-03 19:20 -------- d-----w c:\documents and settings\anand\Application Data\NCH Swift Sound
2009-02-03 19:11 . 2009-02-03 19:12 -------- d-----w c:\program files\NCH Swift Sound
2009-01-27 18:30 . 2009-01-27 18:30 -------- d-----w c:\program files\ViewsIncreaser.com
2009-01-20 20:09 . 2009-01-20 20:09 -------- d-----w c:\program files\Windows Resource Kits
2009-01-15 00:44 . 2009-01-15 00:44 -------- d-----w c:\program files\ffdshow
2009-01-07 23:20 . 2009-01-07 23:20 134144 -c--a-w c:\windows\system32\dllcache\sqmapi.dll
2008-11-25 00:45 . 2008-11-25 01:39 -------- d-----w c:\program files\MediaCoder
2008-11-24 23:21 . 2008-11-24 23:21 -------- d-----w c:\documents and settings\anand\Application Data\InterVideo
2008-11-24 22:58 . 2008-11-24 22:58 -------- d-----w c:\documents and settings\anand\Application Data\Ulead Systems
2008-11-24 22:57 . 2008-11-24 22:57 -------- d-----w c:\documents and settings\anand\Application Data\Corel
2008-11-24 22:57 . 2008-11-24 22:57 8 -csh--r c:\windows\system32\4C48B0F6EE.sys
2008-11-24 22:57 . 2009-03-12 16:59 2828 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-11-24 21:45 . 2002-11-22 08:57 204800 -c--a-w c:\windows\system32\IVIresizeW7.dll
2008-11-24 21:45 . 2002-11-22 08:57 188416 -c--a-w c:\windows\system32\IVIresizePX.dll
2008-11-24 21:45 . 2002-11-22 08:57 192512 -c--a-w c:\windows\system32\IVIresizeP6.dll
2008-11-24 21:45 . 2002-11-22 08:57 192512 -c--a-w c:\windows\system32\IVIresizeM6.dll
2008-11-24 21:45 . 2002-11-22 08:57 20480 ----a-w c:\windows\system32\IVIresize.dll
2008-11-24 21:45 . 2002-11-22 08:57 200704 ----a-w c:\windows\system32\IVIresizeA6.dll
2008-11-24 21:44 . 2008-11-24 21:44 -------- d-----w c:\program files\InterVideo
2008-11-24 21:42 . 2008-11-24 21:39 10368 -c--a-w c:\windows\system32\drivers\iviaspi.sys
2008-11-24 21:40 . 2008-11-24 21:40 -------- d-----w c:\program files\Common Files\InterVideo
2008-11-24 21:39 . 2008-11-24 21:39 -------- d-----w c:\program files\Common Files\Protexis
2008-11-24 21:36 . 2008-11-25 01:38 -------- d-----w c:\program files\Corel
2008-11-24 21:36 . 2008-11-24 21:38 -------- d-----w c:\program files\Common Files\Ulead Systems
2008-10-31 21:41 . 2008-10-31 21:48 -------- d-----w c:\program files\iCall
2008-10-13 19:55 . 2009-01-07 23:20 26112 ----a-w c:\windows\system32\idndl.dll
2008-10-13 19:55 . 2009-01-07 23:20 24576 ----a-w c:\windows\system32\nlsdl.dll
2008-10-13 19:55 . 2009-01-07 23:20 23552 ----a-w c:\windows\system32\normaliz.dll
2008-10-13 19:04 . 2009-02-05 17:07 -------- d-----w c:\documents and settings\anand\Local Settings\Application Data\Deployment
2008-10-10 18:42 . 2009-01-07 23:20 265720 ----a-w c:\windows\system32\msdbg2.dll
2008-10-10 16:59 . 2008-10-11 14:27 -------- d-----w c:\program files\ProxyWay
2008-10-02 00:38 . 2008-10-02 00:40 -------- d-----w c:\documents and settings\anand\.unlimitedftp
2008-09-30 21:43 . 2008-09-30 21:43 1286152 ----a-w c:\windows\system32\msxml4.dll
2008-09-07 05:38 . 2008-09-07 05:38 -------- d-----w c:\program files\Trend Micro
2008-09-07 05:06 . 2008-09-07 05:06 -------- d--h--w c:\windows\system32\GroupPolicy
2008-09-07 02:44 . 2006-03-23 05:06 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-09-07 02:22 . 2008-06-02 20:19 29576 -c--a-w c:\windows\system32\drivers\kcom.sys
2008-09-07 02:22 . 2008-08-25 16:36 40840 -c--a-w c:\windows\system32\drivers\ikfilesec.sys
2008-09-07 02:22 . 2008-08-25 16:36 81288 -c--a-w c:\windows\system32\drivers\iksyssec.sys
2008-09-07 02:22 . 2008-08-25 16:36 66952 -c--a-w c:\windows\system32\drivers\iksysflt.sys
2008-09-07 02:22 . 2008-09-07 05:13 -------- d-----w c:\program files\Spyware Doctor
2008-09-07 02:22 . 2008-09-07 02:22 -------- d-----w c:\documents and settings\anand\Application Data\PC Tools
2008-09-07 02:00 . 2008-09-03 04:58 88576 -c--a-w c:\windows\system32\AntiXPVSTFix.exe
2008-09-06 22:55 . 2007-08-14 18:04 9216 ----a-w c:\windows\system32\ffnd.exe
2008-09-06 22:42 . 2008-09-06 22:42 -------- d-----w c:\documents and settings\anand\Local Settings\Application Data\FreeFixer
2008-09-06 22:42 . 2008-09-06 22:42 -------- d-----w c:\program files\FreeFixer
2008-09-06 22:05 . 2006-07-07 18:16 69632 -c--a-w c:\windows\system32\NI_DFD_1_2_9.dll
2008-09-06 22:05 . 2008-09-06 22:05 -------- d-----w c:\program files\Digidesign
2008-09-06 22:04 . 2009-03-22 23:24 -------- d-----w c:\program files\Native Instruments
2008-09-06 21:58 . 2008-09-06 21:58 -------- d-----w c:\program files\uTorrent
2008-08-30 02:46 . 2009-04-24 22:11 -------- d-----w c:\windows\system32\CatRoot_bak
2008-07-20 23:03 . 2008-07-20 23:03 -------- d-----w c:\program files\AC3Filter
2008-07-15 21:31 . 2009-04-22 15:22 -------- d-----w c:\documents and settings\anand\Application Data\BitTorrent
2008-07-15 21:30 . 2008-07-20 05:34 -------- d-----w c:\program files\BitTorrent
2008-07-08 17:44 . 2008-07-08 17:44 -------- d-----w c:\documents and settings\All Users\Application Data\Spiralfrog
2008-06-24 21:29 . 2004-08-04 12:00 221184 -c--a-w c:\windows\system32\wmpns.dll
2008-06-21 14:43 . 2008-06-21 14:43 75 -csh--r c:\windows\CT5PRET.BIN
2008-06-21 14:41 . 2008-06-21 14:41 -------- d-----w c:\documents and settings\anand\Application Data\InstallShield
2008-06-21 03:30 . 2008-06-21 03:30 -------- d-----w c:\program files\Common Files\Reallusion
2008-06-17 04:08 . 2005-04-12 15:21 225280 -c--a-w c:\windows\system32\rewire.dll
2008-06-17 04:07 . 2008-06-17 04:09 -------- d-----w c:\program files\Image-Line
2008-06-17 03:52 . 2008-06-17 03:52 -------- d-----w c:\program files\Turbo Tube
2008-06-10 19:36 . 2008-06-21 15:31 74 -c-ha-w c:\windows\sysdws.dat
2008-06-10 19:34 . 2008-06-10 19:34 -------- d-----w c:\program files\Ulead Systems
2008-06-10 19:34 . 2008-11-24 21:41 -------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2008-06-10 17:54 . 2008-06-10 17:56 -------- d-----w c:\documents and settings\anand\Application Data\PgcEdit
2008-06-10 17:27 . 2008-06-13 13:10 272128 -c--a-w c:\windows\system32\dllcache\bthport.sys
2008-06-10 17:27 . 2008-06-13 13:10 272128 -c----w c:\windows\system32\drivers\bthport.sys
2008-06-05 19:21 . 2004-08-02 21:55 249344 -c--a-w c:\windows\fxssvc.exe
2008-06-05 19:19 . 2004-05-23 05:28 132608 -c--a-w c:\windows\fxsclntR.dll
2008-06-05 19:19 . 2004-05-23 05:28 271360 -c--a-w c:\windows\fxscomex.dll
2008-06-05 19:18 . 2003-12-06 20:37 68096 -c--a-w c:\windows\fxscom.dll
2008-06-05 19:17 . 2004-05-23 05:28 443392 ----a-w c:\windows\fxsapi.dll
2008-06-02 18:01 . 2008-06-02 18:01 -------- d-----w c:\program files\Daniusoft
2008-05-31 03:47 . 2008-05-31 03:47 128 -c--a-w c:\documents and settings\anand\Local Settings\Application Data\fusioncache.dat
2008-05-31 03:44 . 2008-07-08 18:02 -------- d-----w c:\documents and settings\anand\Local Settings\Application Data\SpiralfrogClient
2008-05-31 03:44 . 2008-06-24 21:32 -------- d-----w c:\documents and settings\anand\Local Settings\Application Data\ApplicationHistory
2008-05-31 03:44 . 2008-09-06 22:59 -------- d-----w c:\program files\SpiralFrog
2008-05-31 02:08 . 2008-05-31 02:08 -------- d-----w c:\windows\Downloaded Installations
2008-05-24 16:22 . 2008-05-27 19:16 -------- d-----w c:\program files\RS Email Spider Demo
2008-05-16 21:16 . 2008-05-25 16:24 -------- d-----w c:\program files\Rapid-Emailer
2008-05-16 21:16 . 2008-05-16 21:16 -------- d-----w c:\program files\AF Uninstalls
2008-05-03 21:17 . 2008-05-03 21:17 -------- d-----w c:\documents and settings\anand\Local Settings\Application Data\Turbo_Tube
2008-03-25 02:53 . 2008-02-28 22:09 25600 -c--a-w c:\windows\system32\dzwrapper.dll
2008-03-25 02:53 . 2008-02-28 22:04 9056256 -c--a-w c:\windows\system32\dzcore.dll
2008-03-25 02:53 . 2008-02-28 22:10 65536 -c--a-w c:\windows\system32\dzcarrara.dll
2008-03-25 02:53 . 2008-02-28 22:09 32256 -c--a-w c:\windows\system32\dzbryce6.dll
2008-03-25 02:53 . 2008-02-28 19:04 2076672 -c--a-w c:\windows\system32\dz3delight.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-28 20:49 . 2004-08-04 12:00 103424 ----a-w c:\windows\system32\szdvcup.dll
2009-04-28 01:02 . 2006-03-28 23:47 -------- d-----w c:\program files\Sound Forge
2009-04-20 03:30 . 2004-08-04 12:00 213376 -c--a-w c:\windows\system32\drivers\ndis.sys
2009-03-08 09:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:00 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-09 10:19 . 2004-08-04 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2004-08-04 12:00 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2004-08-04 12:00 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2004-08-04 12:00 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:29 . 2004-08-04 12:00 2142720 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-03 22:59 2020864 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-04 12:00 55808 ----a-w c:\windows\system32\secur32.dll
2008-12-20 22:43 . 2004-08-04 12:00 1287680 ----a-w c:\windows\system32\quartz.dll
2008-12-16 12:47 . 2004-08-04 12:00 351232 ----a-w c:\windows\system32\winhttp.dll
2008-12-11 11:57 . 2004-08-04 12:00 333184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-05 07:12 . 2004-08-04 12:00 144896 ----a-w c:\windows\system32\schannel.dll
2008-10-24 11:10 . 2004-08-04 12:00 453632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 13:01 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 19:13 . 2006-09-09 05:33 1809944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 . 2006-09-09 05:33 202776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:12 . 2006-09-09 05:33 323608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 . 2006-09-09 05:33 561688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:09 . 2006-09-09 05:33 51224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 . 2004-08-04 12:00 92696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:08 . 2006-09-09 05:33 34328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:15 . 2004-08-04 12:00 247326 ----a-w c:\windows\system32\strmdll.dll
2008-09-04 16:42 . 2004-08-04 12:00 1106944 ----a-w c:\windows\system32\msxml3.dll
2008-08-14 09:51 . 2004-08-04 12:00 138368 ----a-w c:\windows\system32\drivers\afd.sys
2008-07-07 20:32 . 2004-08-04 12:00 253952 ----a-w c:\windows\system32\es.dll
2008-06-24 23:12 . 2006-10-19 03:47 295936 ------w c:\windows\system32\wmpeffects.dll
2008-06-24 16:23 . 2004-08-04 12:00 74240 ----a-w c:\windows\system32\mscms.dll
2008-06-20 17:41 . 2004-08-04 12:00 245248 ----a-w c:\windows\system32\mswsock.dll
2008-06-20 10:45 . 2004-08-04 12:00 360320 -c--a-w c:\windows\system32\drivers\tcpip.sys
2008-06-20 09:52 . 2004-08-04 12:00 225920 -c--a-w c:\windows\system32\drivers\tcpip6.sys
2008-06-18 10:03 . 2004-08-04 12:00 938496 ----a-w c:\windows\system32\WMNetmgr.dll
2008-06-18 06:09 . 2004-08-04 12:00 100864 ----a-w c:\windows\system32\logagent.exe
2008-06-12 14:16 . 2006-09-09 05:31 161792 ----a-w c:\windows\system32\msdtcuiu.dll
2008-06-12 14:16 . 2006-09-09 05:31 956928 ----a-w c:\windows\system32\msdtctm.dll
2008-06-12 14:16 . 2006-09-09 05:31 91648 ----a-w c:\windows\system32\mtxoci.dll
2008-06-12 14:16 . 2006-09-09 05:31 58880 ----a-w c:\windows\system32\msdtclog.dll
2008-06-12 14:16 . 2006-09-09 05:31 428032 ----a-w c:\windows\system32\msdtcprx.dll
2008-06-12 14:16 . 2004-08-04 12:00 66560 ----a-w c:\windows\system32\mtxclu.dll
2008-05-08 12:28 . 2004-08-04 12:00 202752 -c--a-w c:\windows\system32\drivers\rmcast.sys
2008-04-11 18:50 . 2006-09-09 05:33 683520 -c--a-w c:\windows\system32\inetcomm.dll
2008-03-27 08:12 . 2004-08-04 12:00 151583 ----a-w c:\windows\system32\msjint40.dll
2008-02-26 11:59 . 2004-08-04 12:00 294912 ----a-w c:\windows\system32\msctf.dll
2008-02-20 05:32 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\dnsrslvr.dll
2007-12-27 17:45 . 1996-12-09 06:00 71680 -c--a-w c:\windows\ST5UNST.EXE
2007-12-18 09:51 . 2004-08-04 12:00 179584 -c--a-w c:\windows\system32\drivers\mrxdav.sys
2007-12-04 18:38 . 2004-08-04 12:00 550912 ----a-w c:\windows\system32\oleaut32.dll
2007-11-13 10:25 . 2004-08-04 12:00 20480 -c--a-w c:\windows\system32\drivers\secdrv.sys
2007-10-27 23:40 . 2004-08-04 12:00 222720 ----a-w c:\windows\system32\wmasf.dll
2007-07-09 13:09 . 2004-08-04 12:00 584192 ----a-w c:\windows\system32\rpcrt4.dll
2007-07-06 12:46 . 2004-08-04 12:00 95744 -c--a-w c:\windows\system32\mqsec.dll
2007-07-06 12:46 . 2004-08-04 12:00 660992 -c--a-w c:\windows\system32\mqqm.dll
2007-07-06 12:46 . 2004-08-04 12:00 48640 -c--a-w c:\windows\system32\mqupgrd.dll
2007-07-06 12:46 . 2004-08-04 12:00 471552 -c--a-w c:\windows\system32\mqutil.dll
2007-07-06 12:46 . 2004-08-04 12:00 47104 -c--a-w c:\windows\system32\mqdscli.dll
2007-07-06 12:46 . 2004-08-04 12:00 177152 -c--a-w c:\windows\system32\mqrt.dll
2007-07-06 12:46 . 2004-08-04 12:00 16896 -c--a-w c:\windows\system32\mqise.dll
2007-07-06 12:46 . 2004-08-04 12:00 138240 -c--a-w c:\windows\system32\mqad.dll
2007-07-06 10:05 . 2004-08-04 12:00 72960 -c--a-w c:\windows\system32\drivers\mqac.sys
2007-06-13 10:23 . 2004-08-04 12:00 1033216 ----a-w c:\windows\explorer.exe
2007-04-25 08:49 . 2008-11-24 21:39 328 -c----w c:\program files\GuideMenuSetup.iss
2007-04-23 10:32 . 2004-08-04 12:00 364160 -c--a-w c:\windows\system32\drivers\update.sys
2007-04-20 16:01 . 2007-04-20 16:01 2678 -c--a-w c:\windows\java\Packages\Data\28O5JF13.DAT
2007-04-20 16:01 . 2007-04-20 16:01 2678 -c--a-w c:\windows\java\Packages\Data\D7DRBXZ7.DAT
2007-04-20 16:01 . 2007-04-20 16:01 2678 -c--a-w c:\windows\java\Packages\Data\F7ZLV3NH.DAT
2007-04-20 16:01 . 2007-04-20 16:01 2678 -c--a-w c:\windows\java\Packages\Data\C9JH73RV.DAT
2007-04-20 16:01 . 2007-04-20 16:01 2678 -c--a-w c:\windows\java\Packages\Data\17L7NVHV.DAT
2007-04-18 16:12 . 2004-08-04 12:00 2854400 ----a-w c:\windows\system32\msi.dll
2007-04-10 21:18 . 2007-04-10 21:18 2232 -c--a-w c:\windows\java\Packages\Data\BHZJF1NZ.DAT
2007-04-10 21:18 . 2007-04-10 21:18 155995 -c--a-w c:\windows\java\Packages\24D7NVNN.ZIP
2007-04-06 03:28 . 2008-11-24 21:42 1237 -c----w c:\program files\WinDVDSetup.iss
2007-03-17 13:43 . 2004-08-04 12:00 292864 ----a-w c:\windows\system32\winsrv.dll
2007-03-08 15:36 . 2004-08-04 12:00 577536 ----a-w c:\windows\system32\user32.dll
2007-03-08 15:36 . 2004-08-04 12:00 40960 -c--a-w c:\windows\system32\mf3216.dll
2007-02-09 11:10 . 2004-08-04 12:00 574464 -c--a-w c:\windows\system32\drivers\ntfs.sys
2007-02-05 20:17 . 2004-08-04 12:00 185344 ----a-w c:\windows\system32\upnphost.dll
2006-12-04 20:21 . 2004-08-04 12:00 414720 -c--a-w c:\windows\system32\msscp.dll
2006-12-01 01:32 . 2006-09-09 12:53 -------- d-----w c:\program files\MediaFACE II
2006-11-27 23:36 . 2006-11-27 23:36 1143 -c--a-w c:\program files\uninstal.log
2006-11-01 19:17 . 2004-08-04 12:00 927504 -c--a-w c:\windows\system32\mfc40u.dll
2006-10-19 13:56 . 2004-08-04 12:00 713216 ----a-w c:\windows\system32\sxs.dll
2006-10-19 03:58 . 2005-01-28 19:44 8704 -c--a-w c:\windows\system32\wdfmgr.exe
2006-10-19 03:58 . 2005-01-28 19:44 8704 -c--a-w c:\windows\system32\uwdf.exe
2006-10-19 02:00 . 2005-01-28 19:44 38528 -c--a-w c:\windows\system32\drivers\wpdusb.sys
2006-10-16 16:15 . 2004-08-04 12:00 122880 ----a-w c:\windows\system32\oledlg.dll
.
------- Sigcheck -------
[-] 2008-04-13 19:20 182656 1DF7F42665C94B825322FAE71721130D c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys
[-] 2009-04-20 03:30 213376 29CB83D1A129D983B6B5135DA6A72EA5 c:\windows\system32\dllcache\ndis.sys
[-] 2009-04-20 03:30 213376 29CB83D1A129D983B6B5135DA6A72EA5 c:\windows\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-28_20.54.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-03-23 05:15 . 2006-03-23 05:15 16384 c:\windows\Temp\Perflib_Perfdata_464.dat
+ 2004-08-04 12:00 . 2004-08-04 12:00 43520 c:\windows\system32\wbem\proquota.exe
- 2004-08-04 12:00 . 2009-04-28 20:46 72228 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2006-03-23 05:20 72228 c:\windows\system32\perfc009.dat
- 2006-09-09 05:39 . 2009-04-21 05:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-09-09 05:39 . 2009-04-29 22:14 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-09-09 05:39 . 2009-04-21 05:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 05:39 . 2009-04-29 22:14 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2006-09-09 05:39 . 2009-04-29 22:14 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-09-09 05:39 . 2009-04-21 05:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2001-07-14 22:32 . 2001-07-14 22:32 69632 c:\windows\setupupd\temp\wsdueng.dll
- 2009-04-21 00:13 . 2007-11-30 11:18 26488 c:\windows\$hf_mig$\KB958644\update\spcustom.dll
- 2009-04-21 00:13 . 2007-11-30 11:18 17272 c:\windows\$hf_mig$\KB958644\spmsg.dll
- 2004-08-04 12:00 . 2009-04-28 20:46 425628 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2006-03-23 05:20 425628 c:\windows\system32\perfh009.dat
- 2009-04-21 00:13 . 2007-11-30 11:18 382840 c:\windows\$hf_mig$\KB958644\update\updspapi.dll
- 2009-04-21 00:13 . 2007-11-30 11:18 755576 c:\windows\$hf_mig$\KB958644\update\update.exe
- 2009-04-21 00:13 . 2007-11-30 11:18 231288 c:\windows\$hf_mig$\KB958644\spuninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC53E145-6F19-4F17-902E-798095EAAC4F}]
2004-08-04 12:00 103424 ----a-w c:\windows\system32\ufgfcpw.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="-" [X]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-05-01 602182]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-05-01 667718]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-09-28 125168]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-15 148888]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2006-05-01 73728]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-9-14 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-764903313-1208633371-1849977318-30842\Scripts\Logon\
0\
0]
"Script"=\\mmreibc.prv\SysVol\mmreibc.prv\scripts\532Agents.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Marcus & Millichap VPN Client Software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Marcus & Millichap VPN Client Software.lnk
backup=c:\windows\pss\Marcus & Millichap VPN Client Software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"NICCONFIGSVC"=2 (0x2)
"IDriverT"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Sony\\Vegas 7.0\\VegSrv70.exe"=
"c:\\Documents and Settings\\anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
R0 Lbd;Lbd; [x]
R0 ntcdrdrv;ntcdrdrv; [x]
R3 emifilt;Emagic EMI Filter Service;c:\windows\system32\drivers\emifilt.sys [2002-10-31 9984]
R3 emiload;Emagic EMI Device Firmware Loader Service;c:\windows\system32\Drivers\emiload.sys [2002-10-31 599424]
R3 NUVision;NUVision II Video Service;c:\windows\system32\DRIVERS\nuvvid2.sys [2001-10-28 153760]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S0 hqrsavbr;hqrsavbr;c:\windows\system32\drivers\hqrsavbr.sys [2004-08-04 23424]
S2 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-09-28 116464]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-01 101936]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a67b9bef-0559-11de-bef6-0015c51f4eff}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2006-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-436374069-839522115-1003.job
- c:\documents and settings\anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-05 17:35]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Trusted Zone: adobe.com\get
Trusted Zone: adobe.com\www
Trusted Zone: livemocha.com\www
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2006-03-23 00:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1757981266-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A3297DEA-CB89-027D-D41B-308A379B5644}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhndggbkamanjjcfihakcojmalmnpcmaa"=hex:66,61,62,62,62,6c,67,6e,70,66,69,62,
00,00
"maknehgkbkkhlgckmcdlfohbgc"=hex:67,61,6b,6c,6c,6d,6f,63,69,6a,6e,6c,63,6f,00,
00
.
Completion time: 2006-03-23 0:45
ComboFix-quarantined-files.txt 2006-03-23 05:45
ComboFix2.txt 2009-04-28 20:57
Pre-Run: 8,945,143,808 bytes free
Post-Run: 9,050,906,624 bytes free
374 --- E O F --- 2009-04-22 08:00