Hi Shaba,
I did what you told me to. ComboFix took a long time again. Just about when I seriously started considering looking into the process manager list, it finished and produced a log. The component running at the time was Find3M.
While I was typing up this message in chrome, three background IE windows opened up and tried to invoke the following URLs:
[http://]boruwy.cn/?wm=70159&l=1
[http://www.]nexplore.com/index.html
[http://]media2.tmlatn.com/images/defaults41/approved/404.html
Here now are the logs you asked for:
ComboFix log:ComboFix 09-08-07.09 - Nenad 08/09/2009 8:38.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.670 [GMT -4:00]
Running from: c:\documents and settings\Nenad\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Nenad\Desktop\CFScript
AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FILE ::
"c:\windows\system32\2.tmp"
"c:\windows\system32\GroupPolicy000.dat"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Katarina\Application Data\02000000bf4249e0651C.manifest
c:\documents and settings\Katarina\Application Data\02000000bf4249e0651O.manifest
c:\documents and settings\Katarina\Application Data\02000000bf4249e0651P.manifest
c:\documents and settings\Katarina\Application Data\02000000bf4249e0651S.manifest
c:\documents and settings\Nenad\Application Data\02000000bf4249e0651C.manifest
c:\documents and settings\Nenad\Application Data\02000000bf4249e0651O.manifest
c:\documents and settings\Nenad\Application Data\02000000bf4249e0651P.manifest
c:\documents and settings\Nenad\Application Data\02000000bf4249e0651S.manifest
c:\documents and settings\Nenad\Application Data\LimeWire\.AppSpecialShare\The.Adventures.Of.Indiana.Jones[Raiders.Of.The.Lost.Ark-Temple.Of.Doom-Last.Crusade]DvDrip[Eng]-aXXo.torrent.bak
c:\documents and settings\Nenad\Application Data\LimeWire\certificate\limewire.keystore
c:\documents and settings\Nenad\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Nenad\Application Data\LimeWire\downloads.dat
c:\documents and settings\Nenad\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Nenad\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Nenad\Application Data\LimeWire\filters.props
c:\documents and settings\Nenad\Application Data\LimeWire\gnutella.net
c:\documents and settings\Nenad\Application Data\LimeWire\installation.props
c:\documents and settings\Nenad\Application Data\LimeWire\library.dat
c:\documents and settings\Nenad\Application Data\LimeWire\limewire.props
c:\documents and settings\Nenad\Application Data\LimeWire\mojito.props
c:\documents and settings\Nenad\Application Data\LimeWire\promotion\promodb.backup
c:\documents and settings\Nenad\Application Data\LimeWire\promotion\promodb.data
c:\documents and settings\Nenad\Application Data\LimeWire\promotion\promodb.properties
c:\documents and settings\Nenad\Application Data\LimeWire\promotion\promodb.script
c:\documents and settings\Nenad\Application Data\LimeWire\questions.props
c:\documents and settings\Nenad\Application Data\LimeWire\responses.cache
c:\documents and settings\Nenad\Application Data\LimeWire\simpp.xml
c:\documents and settings\Nenad\Application Data\LimeWire\spam.dat
c:\documents and settings\Nenad\Application Data\LimeWire\tables.props
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme.lwtp
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\01_star.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\02_star.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\03_star.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\04_star.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\05_star.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\chat.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\dir_closed.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\dir_open.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\forward_dn.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\forward_up.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\kill.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\kill_on.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\lime.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\lw_logo.png
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\pause_dn.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\pause_up.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\play_dn.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\play_up.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\question.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\rewind_dn.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\rewind_up.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\stop_dn.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\stop_up.gif
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\theme.txt
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\version.txt
c:\documents and settings\Nenad\Application Data\LimeWire\themes\limewirePro_theme\warning.gif
c:\documents and settings\Nenad\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Nenad\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Nenad\Application Data\LimeWire\version.xml
c:\documents and settings\Nenad\Application Data\LimeWire\versions.props
c:\documents and settings\Nenad\Application Data\LimeWire\xml\data\audio.sxml2
c:\documents and settings\Nenad\Application Data\LimeWire\xml\data\video.sxml2
c:\documents and settings\Nenad\Application Data\uTorrent
c:\documents and settings\Nenad\Application Data\uTorrent\Adobe Photoshop Elements 7.torrent
c:\documents and settings\Nenad\Application Data\uTorrent\Bianca Beauchamp All Access.avi.torrent
c:\documents and settings\Nenad\Application Data\uTorrent\debian-40r6-i386-CD-1.iso.torrent
c:\documents and settings\Nenad\Application Data\uTorrent\dht.dat
c:\documents and settings\Nenad\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Nenad\Application Data\uTorrent\LimeWireWin.exe.torrent
c:\documents and settings\Nenad\Application Data\uTorrent\Rescue.Me.S05E12.Disease.HDTV.XviD-FQM.torrent
c:\documents and settings\Nenad\Application Data\uTorrent\Rescue.Me.S05E13.Torch.HDTV.XviD-FQM.torrent
c:\documents and settings\Nenad\Application Data\uTorrent\resume.dat
c:\documents and settings\Nenad\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Nenad\Application Data\uTorrent\rss.dat
c:\documents and settings\Nenad\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Nenad\Application Data\uTorrent\settings.dat
c:\documents and settings\Nenad\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Nenad\Application Data\uTorrent\Survivor - Eye of the tiger.mp3.torrent
c:\documents and settings\Nenad\Application Data\uTorrent\Terminator 2-Judgement Day(DirCut)[1991]AC-3(5.1)ENG[UKB-RG Xvid]-keltz.torrent
c:\documents and settings\Nenad\Application Data\uTorrent\Terminator 3 - Rise of the Machines(2003).DVDrip.nl.subs.NLT-Release (Xvid).torrent
c:\documents and settings\Nenad\Application Data\uTorrent\The Terminator[1984]AC-3(5.1)ENG[UKB-RG Xvid]-keltz.torrent
c:\documents and settings\Nenad\Application Data\uTorrent\utorrent.lng
c:\windows\GnuHashes.ini
c:\windows\system32\2.tmp
c:\windows\system32\3.tmp
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SystemX86
c:\windows\system32\SystemX86\245.crack.zip
c:\windows\system32\SystemX86\245.crack.zip.kwd
c:\windows\system32\SystemX86\246.keygen.zip
c:\windows\system32\SystemX86\246.keygen.zip.kwd
c:\windows\system32\SystemX86\247.serial.zip
c:\windows\system32\SystemX86\247.serial.zip.kwd
c:\windows\system32\SystemX86\248.setup.zip
c:\windows\system32\SystemX86\248.setup.zip.kwd
c:\windows\system32\SystemX86\249.music.au
c:\windows\system32\SystemX86\249.music.au.kwd
c:\windows\system32\SystemX86\250.music2.au
c:\windows\system32\SystemX86\250.music2.au.kwd
c:\windows\system32\SystemX86\251.music3.au
c:\windows\system32\SystemX86\251.music3.au.kwd
c:\windows\system32\SystemX86\252.music.snd
c:\windows\system32\SystemX86\252.music.snd.kwd
.
((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.
2009-08-08 16:05 . 2009-08-08 16:05 -------- d-----w- c:\documents and settings\Nenad\Local Settings\Application Data\Symantec
2009-08-08 05:21 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\NAVENG.SYS
2009-08-08 05:21 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\NAVEX15.SYS
2009-08-08 05:21 . 2009-02-25 09:00 371248 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\EECTRL.SYS
2009-08-08 05:21 . 2009-02-25 09:00 2414128 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\CCERASER.DLL
2009-08-08 05:21 . 2009-02-25 09:00 101936 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\ERASER.SYS
2009-08-08 05:21 . 2009-02-19 09:00 177520 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\NAVENG32.DLL
2009-08-08 05:21 . 2009-02-19 09:00 1181040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\NAVEX32A.DLL
2009-08-08 05:21 . 2008-12-05 09:52 259368 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090807.024\ECMSVR32.DLL
2009-08-04 21:26 . 2009-08-04 21:26 -------- d-----w- c:\program files\Trend Micro
2009-08-04 20:21 . 2009-08-04 20:21 -------- d-----w- c:\documents and settings\Nenad\Application Data\Malwarebytes
2009-08-04 20:21 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-04 20:21 . 2009-08-04 20:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-08-04 20:21 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-04 20:21 . 2009-08-05 02:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-01 20:46 . 2009-08-01 20:46 121856 ----a-w- c:\windows\system32\gcdef32.dll
2009-07-30 22:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-07-30 22:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-07-30 22:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-07-30 22:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-07-30 22:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-07-27 22:02 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSXpx86.sys
2009-07-27 22:02 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSvix86.sys
2009-07-27 22:02 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\Scxpx86.dll
2009-07-27 22:02 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSxpx86.dll
2009-07-27 22:02 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090722.001\IDSviA64.sys
2009-07-21 01:06 . 2009-07-21 01:06 -------- d-sh--w- c:\documents and settings\Katarina\PrivacIE
2009-07-20 01:10 . 2009-06-29 19:28 106496 ----a-w- c:\documents and settings\Nenad\Application Data\Mozilla\Plugins\npcoolirisplugin.dll
2009-07-20 01:10 . 2009-06-29 19:28 937984 ----a-w- c:\documents and settings\Nenad\Application Data\Mozilla\Firefox\Profiles\va7e7u35.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-07-20 01:10 . 2009-06-29 19:28 106496 ----a-w- c:\documents and settings\Nenad\Application Data\Mozilla\Firefox\Profiles\va7e7u35.default\extensions\piclens@cooliris.com\libs\npcoolirisplugin.dll
2009-07-20 01:10 . 2009-06-29 19:28 103424 ----a-w- c:\documents and settings\Nenad\Application Data\Mozilla\Firefox\Profiles\va7e7u35.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-07-20 01:10 . 2009-06-29 19:28 65536 ----a-w- c:\documents and settings\Nenad\Application Data\Mozilla\Firefox\Profiles\va7e7u35.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-07-20 01:10 . 2009-06-29 19:28 4734976 ----a-w- c:\documents and settings\Nenad\Application Data\Mozilla\Firefox\Profiles\va7e7u35.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-07-20 01:10 . 2009-06-29 19:28 344064 ----a-w- c:\documents and settings\Nenad\Application Data\Mozilla\Firefox\Profiles\va7e7u35.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-07-19 11:27 . 2009-07-31 19:28 -------- d-----w- c:\documents and settings\Nenad\Local Settings\Application Data\Temp
2009-07-17 19:18 . 2009-08-02 14:54 -------- d-----w- c:\documents and settings\Katarina\Local Settings\Application Data\Temp
2009-07-17 04:05 . 2009-07-17 04:05 -------- d-----w- c:\program files\iPod
2009-07-17 03:51 . 2009-07-17 03:51 75040 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-09 12:46 . 2009-02-06 14:20 -------- d-----w- c:\documents and settings\Nenad\Application Data\LimeWire
2009-08-07 22:40 . 2006-04-14 15:53 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-01 14:04 . 2009-02-02 03:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-17 04:17 . 2009-03-12 22:45 -------- d-----w- c:\program files\Safari
2009-07-17 04:05 . 2009-06-19 02:03 -------- d-----w- c:\program files\iTunes
2009-07-03 17:09 . 2006-03-04 03:33 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 00:53 . 2009-06-27 00:53 -------- d-----w- c:\documents and settings\Nenad\Application Data\Canon
2009-06-19 04:24 . 2009-02-02 06:14 -------- d-----w- c:\documents and settings\Nenad\Application Data\Apple Computer
2009-06-19 02:01 . 2009-06-19 02:00 -------- d-----w- c:\program files\QuickTime
2009-06-19 01:58 . 2009-02-02 06:09 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Apple
2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-11 11:38 . 2006-11-21 02:26 -------- d-----w- c:\program files\Java
2009-06-11 11:37 . 2009-06-11 11:37 152576 ----a-w- c:\documents and settings\Nenad\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-06-05 15:42 . 2009-03-12 23:15 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 15:42 . 2009-02-02 06:13 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-29 20:31 . 2009-06-19 01:29 65536 ----a-w- c:\documents and settings\Nenad\Application Data\Mozilla\Firefox\Profiles\va7e7u35.default\extensions\piclens@cooliris.com-trash\components\coolirisstub.dll
2009-05-29 20:31 . 2009-06-19 01:29 4616192 ----a-w- c:\documents and settings\Nenad\Application Data\Mozilla\Firefox\Profiles\va7e7u35.default\extensions\piclens@cooliris.com-trash\libs\cooliris19.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-08_16.28.05 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-09 12:32 . 2009-08-09 12:32 16384 c:\windows\Temp\Perflib_Perfdata_224.dat
- 2009-08-08 16:27 . 2009-08-08 16:27 16384 c:\windows\Temp\Perflib_Perfdata_224.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Nenad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-02 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016]
"DLPSP"="c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE" [2005-01-13 126976]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-15 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-15 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-15 114688]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-09-18 1657376]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\500c3832651]
2009-08-01 20:46 121856 ----a-w- c:\windows\system32\gcdef32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [3/20/2009 11:13 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [3/20/2009 11:13 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [3/20/2009 11:12 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users.WINDOWS\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys [7/30/2009 6:34 PM 276344]
R2 DLSDB;Dell Printer Status Database;c:\program files\Dell Printers\Additional Color Laser Software\Status Monitor\dlsdbnt.exe [4/19/2006 11:28 PM 135168]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 9:51 PM 101936]
S3 Drmuhccr6-d;Drmuhccr6-d;c:\windows\system32\drivers\nwlnkipx.sys [8/4/2004 6:00 AM 88320]
S4 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [3/20/2009 11:12 PM 115560]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1844823847-1801674531-1004Core.job
- c:\documents and settings\Nenad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-02 04:01]
2009-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1844823847-1801674531-1004UA.job
- c:\documents and settings\Nenad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-02 04:01]
2009-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1844823847-1801674531-1005Core.job
- c:\documents and settings\Katarina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-24 04:03]
2009-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1757981266-1844823847-1801674531-1005UA.job
- c:\documents and settings\Katarina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-24 04:03]
2009-08-09 c:\windows\Tasks\User_Feed_Synchronization-{4E073B3C-B0A7-42D6-A028-6E7D40EF776B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.ca/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
TCP: {D092B8F6-D1F0-46DC-97BC-84FEDD3A1E7C} = 65.39.192.198,65.39.196.215
FF - ProfilePath - c:\documents and settings\Nenad\Application Data\Mozilla\Firefox\Profiles\va7e7u35.default\
FF - component: c:\documents and settings\Nenad\Application Data\Mozilla\Firefox\Profiles\va7e7u35.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\documents and settings\Nenad\Application Data\Mozilla\plugins\npcoolirisplugin.dll
FF - plugin: c:\documents and settings\Nenad\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-09 08:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\windows\System32\gcdef32.dll
.
Completion time: 2009-08-09 9:00
ComboFix-quarantined-files.txt 2009-08-09 13:00
ComboFix2.txt 2009-08-08 16:40
Pre-Run: 36,652,486,656 bytes free
Post-Run: 36,609,503,232 bytes free
288 --- E O F --- 2009-07-31 07:00
hijackthis.logLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:01:41 AM, on 8/9/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
C:\WINDOWS\stsystra.exe
C:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Documents and Settings\Nenad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DLPSP] "c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPSP.EXE"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nenad\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 3557333390O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 3550020109O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{D092B8F6-D1F0-46DC-97BC-84FEDD3A1E7C}: NameServer = 65.39.192.198,65.39.196.215
O20 - Winlogon Notify: 500c3832651 - C:\WINDOWS\System32\gcdef32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - c:\program files\dell printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
--
End of file - 6202 bytes