ComboFix 09-06-23.01 - root 06/24/2009 23:18.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1590 [GMT -4:00]
Running from: c:\documents and settings\root.CHANGEME\Desktop\Columbo.exe
Command switches used :: c:\documents and settings\root.CHANGEME\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.
2009-06-25 01:37 . 2009-06-25 01:37 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-23 04:56 . 2009-06-23 05:16 -------- d-----w- C:\New
2009-06-18 00:45 . 2009-06-18 00:45 -------- d-----w- c:\program files\Trend Micro
2009-06-18 00:33 . 2009-06-18 00:33 1033728 -c--a-w- c:\windows\system32\dllcache\explorer.exe
2009-06-18 00:33 . 2009-06-18 00:33 1033728 ----a-w- c:\windows\Explorer.EXE
2009-06-17 21:18 . 2009-06-25 00:50 -------- d-----w- c:\program files\WinClamAVShield
2009-06-17 21:16 . 2009-06-25 02:01 -------- d-----w- c:\documents and settings\root.CHANGEME\Application Data\Spyware Terminator
2009-06-17 21:16 . 2009-06-17 21:16 6144 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\sp_rsdel.exe
2009-06-17 21:16 . 2009-06-17 21:16 5632 ----a-w- c:\documents and settings\All Users\Application Data\Spyware Terminator\fileobjinfo.sys
2009-06-17 21:16 . 2009-06-17 21:16 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-06-17 21:16 . 2009-06-25 02:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Spyware Terminator
2009-06-17 21:16 . 2009-06-25 00:34 -------- d-----w- c:\program files\Spyware Terminator
2009-06-17 21:12 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 21:12 . 2009-06-17 21:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-17 21:12 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-17 20:11 . 2009-06-25 02:52 -------- d-----w- c:\program files\a-squared Free
2009-06-17 19:00 . 2009-06-17 19:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-17 18:50 . 2009-06-17 18:50 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-06-17 18:50 . 2009-06-17 12:11 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-06-17 18:50 . 2009-06-17 12:11 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys
2009-06-17 18:50 . 2009-06-17 12:11 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-06-17 18:50 . 2009-06-17 12:11 1261344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwd.dll
2009-06-17 18:50 . 2009-06-17 12:11 1452312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-17 12:28 . 2009-06-20 16:33 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-17 12:11 . 2009-06-17 12:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-17 12:11 . 2009-06-17 12:11 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-17 12:11 . 2009-06-17 12:11 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-17 12:11 . 2009-06-17 18:50 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-17 12:11 . 2009-06-24 14:43 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-17 12:11 . 2009-06-17 12:11 -------- d-----w- c:\program files\AVG
2009-06-17 06:38 . 2009-06-17 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\97300776
2009-06-17 06:38 . 2009-06-17 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\17290784
2009-05-31 19:51 . 2009-05-31 19:51 -------- d-----w- c:\documents and settings\root.CHANGEME\Local Settings\Application Data\Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 02:52 . 2005-08-05 18:00 -------- d-----w- c:\documents and settings\hpiccari\Application Data\Lavasoft
2009-06-25 01:04 . 2009-01-07 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-17 19:10 . 2007-07-20 13:20 -------- d-----w- c:\program files\McAfee
2009-06-17 12:08 . 2009-01-21 21:18 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-31 19:49 . 2005-01-29 01:48 68568 -c--a-w- c:\documents and settings\root.CHANGEME\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 19:45 . 2005-10-25 17:33 -------- d-----w- c:\documents and settings\All Users\Application Data\yahoo!
2009-05-31 19:45 . 2005-10-25 17:31 -------- d-----w- c:\program files\Yahoo!
2009-05-31 19:44 . 2009-04-21 14:07 -------- d-----w- c:\program files\LightSpeed
2009-05-29 00:50 . 2004-03-11 17:56 -------- d-----w- c:\documents and settings\root.CHANGEME\Application Data\AdobeUM
2009-05-24 23:23 . 2009-05-24 23:23 136 ----a-w- c:\documents and settings\root.CHANGEME\Local Settings\Application Data\fusioncache.dat
2009-05-22 01:31 . 2009-05-25 03:16 607472 ----a-w- c:\documents and settings\All Users\Application Data\yahoo!\YUpdater\yupdater.exe
2009-05-19 00:10 . 2009-05-19 00:10 -------- d-----w- c:\documents and settings\root.CHANGEME\Application Data\InstallShield Installation Information
2009-05-19 00:10 . 2009-05-19 00:10 -------- d-----w- c:\documents and settings\root.CHANGEME\Application Data\2K Games
2009-05-19 00:08 . 2009-05-19 00:08 -------- d-----w- c:\documents and settings\root.CHANGEME\Application Data\InstallShield
2009-05-07 20:57 . 2009-05-07 20:57 -------- d-----w- c:\program files\Lexmark X74-X75
2009-04-30 05:01 . 2009-04-30 05:01 -------- d-----w- c:\documents and settings\root.CHANGEME\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\17290784 ----
2009-06-17 06:47 . 2009-06-17 06:47 56 ----a-w- c:\documents and settings\All Users\Application Data\17290784\pc17290784cnf
2009-06-17 06:47 . 2009-06-17 06:48 0 ----a-w- c:\documents and settings\All Users\Application Data\17290784\pc17290784ins
2009-06-17 06:38 . 2009-06-17 06:38 64784 ----a-w- c:\documents and settings\All Users\Application Data\17290784\17290784.glu
---- Directory of c:\documents and settings\All Users\Application Data\97300776 ----
------- Sigcheck -------
[7] 2004-08-04 07:56 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\$NtServicePackUninstall$\svchost.exe
[7] 2008-04-14 09:42 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\ServicePackFiles\i386\svchost.exe
[7] 2008-04-14 09:42 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\svchost.exe
[7] 2008-04-14 09:42 14336 27C6D03BCDB8CFEB96B716F3D8BE3E18 c:\windows\system32\dllcache\cache\svchost.exe
[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2002-11-01 22:26 528896 68E1F4EF02DF52CA9C5E157045D23582 c:\windows\$NtUninstallKB824141$\user32.dll
[7] 2002-08-29 11:41 560128 DD9269230C21EE8FB7FD3FCCC3B1CFCB c:\windows\$NtUninstallKB826939$\user32.dll
[-] 2003-09-25 16:49 560128 32173306185F603E75C477E117F3BB8D c:\windows\$NtUninstallKB840987$\user32.dll
[7] 2004-08-04 07:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2004-06-17 17:58 560128 31FB2D788A9AA618452C02E8375B6DCD c:\windows\$NtUninstallKB891711$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2008-04-14 09:42 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\ServicePackFiles\i386\user32.dll
[7] 2008-04-14 09:42 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\user32.dll
[7] 2008-04-14 09:42 578560 B26B135FF1B9F60C9388B4A7D16F600B c:\windows\system32\dllcache\cache\user32.dll
[7] 2004-08-04 07:56 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\$NtServicePackUninstall$\ws2_32.dll
[-] 2001-08-23 12:00 75264 8529C295DF59B564D37A73B5629162B1 c:\windows\$NtUninstallKB817778$\ws2_32.dll
[7] 2008-04-14 09:42 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\ServicePackFiles\i386\ws2_32.dll
[7] 2008-04-14 09:42 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\ws2_32.dll
[7] 2008-04-14 09:42 82432 2CCC474EB85CEAA3E1FA1726580A3E5A c:\windows\system32\dllcache\cache\ws2_32.dll
[-] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[-] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[-] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[-] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[-] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$hf_mig$\KB925454\SP2QFE\wininet.dll
[-] 2007-01-04 14:05 665088 3FFA1573FC274E5AA7467D03941C45EE c:\windows\$hf_mig$\KB928090\SP2QFE\wininet.dll
[-] 2007-06-26 14:35 665600 E1A3DD68B5380B360A7310A64D9BB188 c:\windows\$hf_mig$\KB937143\SP2QFE\wininet.dll
[-] 2007-06-26 14:09 658944 184E47C8F7B331025E6DC92740DB188F c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-04 07:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll
[-] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB883939$\wininet.dll
[7] 2004-02-07 01:05 588288 4F64D1DF989E3AA2FAD91A2F1167B9C7 c:\windows\$NtUninstallKB889293-IE6SP1-20041111.235619$\wininet.dll
[-] 2005-07-03 02:11 658432 5B5FF992C0FA762CCF8655FC290E6E52 c:\windows\$NtUninstallKB896688$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896727$\wininet.dll
[-] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[-] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\$NtUninstallKB925454$\wininet.dll
[-] 2006-10-23 15:17 658944 6B2735ADFF5A5D3B9130CA4A794722F0 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 13:37 658944 8C393DF5234CBCBFF1EE31902D6B40AE c:\windows\$NtUninstallKB937143$\wininet.dll
[7] 2008-04-14 09:42 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\ServicePackFiles\i386\wininet.dll
[7] 2008-04-14 09:42 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\system32\wininet.dll
[7] 2008-04-14 09:42 666112 7A4F775ABB2F1C97DEF3E73AFA2FAEDD c:\windows\system32\dllcache\cache\wininet.dll
[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 06:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[7] 2008-04-14 04:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-04-14 04:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\system32\dllcache\cache\tcpip.sys
[7] 2008-04-14 04:50 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\system32\drivers\tcpip.sys
[7] 2004-08-04 07:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\$NtServicePackUninstall$\winlogon.exe
[7] 2002-08-29 11:41 516608 2246D8D8F4714A2CEDB21AB9B1849ABB c:\windows\$NtUninstallKB840987$\winlogon.exe
[7] 2008-04-14 09:42 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\ServicePackFiles\i386\winlogon.exe
[7] 2008-04-14 09:42 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\winlogon.exe
[7] 2008-04-14 09:42 507904 ED0EF0A136DEC83DF69F04118870003E c:\windows\system32\dllcache\cache\winlogon.exe
[7] 2004-08-04 06:14 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\$NtServicePackUninstall$\ndis.sys
[7] 2002-08-29 10:09 167552 3B350E5A2A5E951453F3993275A4523A c:\windows\$NtUninstallKB826942$\ndis.sys
[7] 2008-04-14 04:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\ServicePackFiles\i386\ndis.sys
[7] 2008-04-14 04:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-14 04:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\dllcache\cache\ndis.sys
[7] 2008-04-14 04:50 182656 1DF7F42665C94B825322FAE71721130D c:\windows\system32\drivers\ndis.sys
[7] 2004-08-04 06:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\$NtServicePackUninstall$\ip6fw.sys
[7] 2008-04-14 04:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\ServicePackFiles\i386\ip6fw.sys
[7] 2008-04-14 04:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\ip6fw.sys
[7] 2008-04-14 04:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\dllcache\cache\ip6fw.sys
[7] 2008-04-14 04:23 36608 3BB22519A194418D5FEC05D800A19AD0 c:\windows\system32\drivers\ip6fw.sys
[-] 2005-03-01 20:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
[-] 2007-02-28 08:38 2057600 515D30E2C90A3665A2739309334C9283 c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2002-08-29 09:04 1947904 0E8EFB15746878A9B256E75267337233 c:\windows\$NtUninstallKB826939$\ntkrnlpa.exe
[-] 2003-04-24 15:57 1949440 46AE6F2D416C39FFDCFC8BCB01203EA3 c:\windows\$NtUninstallKB840987$\ntkrnlpa.exe
[-] 2004-06-17 08:03 1954688 ED0D7A5F1138CCFD3ECAF8F6AC691F13 c:\windows\$NtUninstallKB885835_0$\ntkrnlpa.exe
[7] 2004-08-04 05:58 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 08:55 2057600 1D659BFB788ED2BA45075624B748D249 c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[7] 2008-04-14 04:01 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-14 04:01 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-14 04:01 2065792 109F8E3E3C82E337BB71B6BC9B895D61 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
[-] 2007-02-28 09:10 2180352 582A8DBAA58C3B1F176EB2817DAEE77C c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2002-08-29 10:03 2042240 B9080D97DBD631AADF9128F7316958D2 c:\windows\$NtUninstallKB826939$\ntoskrnl.exe
[-] 2003-04-24 15:57 1925760 97EC4AB4650DA6FC521CF16F8A6DDCB0 c:\windows\$NtUninstallKB840987$\ntoskrnl.exe
[-] 2004-06-17 17:22 2051584 F240DC474F8EDB2D95514D831DF069E5 c:\windows\$NtUninstallKB885835_0$\ntoskrnl.exe
[7] 2004-08-04 06:19 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 14:17 2180352 8F0DEAB1F81FB83F9C5995853CE48B9F c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[7] 2008-04-14 04:57 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-14 04:57 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\system32\ntoskrnl.exe
[7] 2008-04-14 04:57 2188928 0C89243C7C3EE199B96FCC16990E0679 c:\windows\system32\dllcache\cache\ntoskrnl.exe
[7] 2009-06-18 00:33 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\Explorer.EXE
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2002-08-29 11:41 1004032 A82B28BFC2E4455FE43022A498C0EF0A c:\windows\$NtUninstallKB820291$\explorer.exe
[7] 2004-08-04 07:56 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 09:42 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2009-06-18 00:33 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\explorer.exe
[7] 2009-06-18 00:33 1033728 12896823FB95BFB3DC9B46BCAEDC9923 c:\windows\system32\dllcache\cache\Explorer.EXE
[7] 2004-08-04 07:56 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtServicePackUninstall$\services.exe
[7] 2008-04-14 09:42 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\ServicePackFiles\i386\services.exe
[7] 2008-04-14 09:42 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\system32\services.exe
[7] 2008-04-14 09:42 108544 0E776ED5F7CC9F94299E70461B7B8185 c:\windows\system32\dllcache\cache\services.exe
[7] 2004-08-04 07:56 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\$NtServicePackUninstall$\lsass.exe
[7] 2008-04-14 09:42 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\ServicePackFiles\i386\lsass.exe
[7] 2008-04-14 09:42 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\lsass.exe
[7] 2008-04-14 09:42 13312 BF2466B3E18E970D8A976FB95FC1CA85 c:\windows\system32\dllcache\cache\lsass.exe
[7] 2004-08-04 07:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\$NtServicePackUninstall$\ctfmon.exe
[7] 2008-04-14 09:42 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\ServicePackFiles\i386\ctfmon.exe
[7] 2008-04-14 09:42 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\ctfmon.exe
[7] 2008-04-14 09:42 15360 5F1D5F88303D4A4DBC8E5F97BA967CC3 c:\windows\system32\dllcache\cache\ctfmon.exe
[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] 2004-08-04 07:56 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2008-04-14 09:42 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\ServicePackFiles\i386\spoolsv.exe
[7] 2008-04-14 09:42 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\spoolsv.exe
[7] 2008-04-14 09:42 57856 D8E14A61ACC1D4A6CD0D38AEBAC7FA3B c:\windows\system32\dllcache\cache\spoolsv.exe
[7] 2004-08-04 07:56 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\$NtServicePackUninstall$\wuauclt.exe
[7] 2008-04-14 09:42 111104 ED7262E52C31CF1625B65039102BC16C c:\windows\ServicePackFiles\i386\wuauclt.exe
[7] 2007-04-17 02:45 53080 3A83A45E7DD5276315AA20245E7C32BF c:\windows\system32\wuauclt.exe
[7] 2007-04-17 02:45 53080 3A83A45E7DD5276315AA20245E7C32BF c:\windows\system32\dllcache\wuauclt.exe
[7] 2007-04-17 02:45 53080 3A83A45E7DD5276315AA20245E7C32BF c:\windows\system32\dllcache\cache\wuauclt.exe
[7] 2004-08-04 07:56 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\$NtServicePackUninstall$\userinit.exe
[7] 2008-04-14 09:42 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\ServicePackFiles\i386\userinit.exe
[7] 2008-04-14 09:42 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\userinit.exe
[7] 2008-04-14 09:42 26112 A93AEE1928A9D7CE3E16D24EC7380F89 c:\windows\system32\dllcache\cache\userinit.exe
[7] 2004-08-04 07:56 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\$NtServicePackUninstall$\termsrv.dll
[7] 2008-04-14 09:42 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\ServicePackFiles\i386\termsrv.dll
[7] 2008-04-14 09:42 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\termsrv.dll
[7] 2008-04-14 09:42 295424 FF3477C03BE7201C294C35F684B3479F c:\windows\system32\dllcache\cache\termsrv.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\$NtServicePackUninstall$\kernel32.dll
[7] 2002-08-29 11:41 930304 8F162DC91D67D87C1A481BF602A9DAC8 c:\windows\$NtUninstallKB840987$\kernel32.dll
[7] 2004-08-04 07:56 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB935839$\kernel32.dll
[7] 2008-04-14 09:41 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\ServicePackFiles\i386\kernel32.dll
[7] 2008-04-14 09:41 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\system32\kernel32.dll
[7] 2008-04-14 09:41 989696 C24B983D211C34DA8FCC1AC38477971D c:\windows\system32\dllcache\cache\kernel32.dll
[7] 2004-08-04 07:56 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\$NtServicePackUninstall$\powrprof.dll
[7] 2008-04-14 09:42 17408 50A166237A0FA771261275A405646CC0 c:\windows\ServicePackFiles\i386\powrprof.dll
[7] 2008-04-14 09:42 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\powrprof.dll
[7] 2008-04-14 09:42 17408 50A166237A0FA771261275A405646CC0 c:\windows\system32\dllcache\cache\powrprof.dll
[7] 2004-08-04 07:56 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\$NtServicePackUninstall$\imm32.dll
[7] 2008-04-14 09:41 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\ServicePackFiles\i386\imm32.dll
[7] 2008-04-14 09:41 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\imm32.dll
[7] 2008-04-14 09:41 110080 0DA85218E92526972A821587E6A8BF8F c:\windows\system32\dllcache\cache\imm32.dll
[7] 2004-08-04 07:56 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\$NtServicePackUninstall$\sfcfiles.dll
[7] 2008-04-14 09:42 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\ServicePackFiles\i386\sfcfiles.dll
[7] 2008-04-14 09:42 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 09:42 1614848 9DD07AF82244867CA36681EA2D29CE79 c:\windows\system32\dllcache\cache\sfcfiles.dll
[7] 2004-08-04 07:56 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\$NtServicePackUninstall$\appmgmts.dll
[7] 2008-04-14 09:41 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\ServicePackFiles\i386\appmgmts.dll
[7] 2008-04-14 09:41 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\appmgmts.dll
[7] 2008-04-14 09:41 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\dllcache\appmgmts.dll
[7] 2008-04-14 09:41 167936 D8849F77C0B66226335A59D26CB4EDC6 c:\windows\system32\dllcache\cache\appmgmts.dll
[7] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\$NtServicePackUninstall$\kbdclass.sys
[7] 2008-04-14 04:09 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\ServicePackFiles\i386\kbdclass.sys
[7] 2008-04-14 04:09 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\dllcache\cache\kbdclass.sys
[7] 2008-04-14 04:09 24576 463C1EC80CD17420A542B7F36A36F128 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2003-08-01 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2003-08-01 618496]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2007-03-27 136768]
"TpHotkey"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-01-15 94208]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-20 32881]
"QCWLIcon"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2003-07-30 53248]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-02-05 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-02-05 395264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Lexmark X74-X75"="c:\program files\Lexmark X74-X75\lxbbbmgr.exe" [2002-10-14 57344]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-02-05 106496]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"TpShocks"="TpShocks.exe" - c:\windows\system32\TpShocks.exe [2003-09-04 77824]
"Mouse Suite 98 Daemon"="ICO.EXE" - c:\windows\system32\ico.exe [2003-11-20 57344]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2007-8-15 629248]
HOTSYNCSHORTCUTNAME.lnk - c:\program files\Palm\Hotsync.exe [2004-6-9 471040]
TIBCO Software Inc. VPN Client.lnk - c:\program files\Cisco Systems\VPN 3000 Client\ipsecdialer.exe [2004-4-28 1269836]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceStartMenuLogOff"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-17 12:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1469188156-960889200-926709054-21729\Scripts\Logon\0\0]
"Script"=mcafee.cmd
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk
backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sp_rssrv"=2 (0x2)
"MDM"=2 (0x2)
"McAfeeFramework"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"a2free"=2 (0x2)
"cisvc"=3 (0x3)
"LexBceS"=2 (0x2)
"avg8wd"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\FSRremoS.EXE"=
"c:\\Program Files\\Adobe\\Acrobat 6.0\\Reader\\AcroRd32.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\root.CHANGEME\\Application Data\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Civilization4.exe"=
"c:\\Documents and Settings\\root.CHANGEME\\Application Data\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Documents and Settings\\root.CHANGEME\\Application Data\\2K Games\\Firaxis Games\\Sid Meier's Civilization 4 Complete\\Warlords\\Civ4Warlords.exe"=
"c:\\WINDOWS\\system32\\TpShocks.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2/19/2004 6:11 PM 52136]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/17/2009 8:11 AM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6/17/2009 8:11 AM 108552]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [6/17/2009 5:16 PM 142592]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\TPPWR.SYS [2/19/2004 7:08 PM 15360]
R2 CVPNDRV;TIBCO Software Inc. IPsec Driver;c:\windows\system32\drivers\CVPNDrv.sys [4/28/2004 6:28 PM 263751]
R2 PPNT;PPNT;c:\windows\system32\drivers\ppnt.sys [8/3/2005 7:10 PM 13824]
R2 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2/19/2004 6:11 PM 4225]
S3 CBEN5;Xircom CardBus Ethernet 10/100 Adapter family Driver;c:\windows\system32\drivers\cben5.sys [2/23/2004 5:36 PM 46108]
S3 pelmouse;Mouse Suite Driver;c:\windows\system32\drivers\PELMOUSE.SYS [6/7/2004 12:30 PM 16384]
S3 pelusblf;USB Mouse Low Filter Driver;c:\windows\system32\drivers\pelusblf.sys [6/7/2004 12:30 PM 9216]
S3 WPC11;Instant Wireless Network PC Card V3.0 Driver;c:\windows\system32\drivers\LSWLNDS.sys [8/5/2005 11:18 AM 54083]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/17/2009 8:11 AM 298776]
.
Contents of the 'Scheduled Tasks' folder
2009-06-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-06-25 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-02-19 09:36]
.
.
------- Supplementary Scan -------
.
mStart Page =
hxxp://www.yahoo.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-24 23:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1032)
c:\windows\system32\CSGina.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(280)
c:\progra~1\WINDOW~3\wmpband.dll
c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll
.
Completion time: 2009-06-25 23:27
ComboFix-quarantined-files.txt 2009-06-25 03:26
ComboFix2.txt 2009-06-25 01:38
Pre-Run: 49,676,603,392 bytes free
Post-Run: 49,659,887,616 bytes free
368 --- E O F --- 2009-06-25 01:57