Tadaima,Beast-san...
*It started about 22/9
*No,it is personal
*The old log is gone,this is a new one
ComboFix 09-10-16.02 - الاسمى 10/16/2009 0:43.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1256.966.1025.18.2038.1689 [GMT 3:00]
Running from: c:\documents and settings\الاسمى\سطح المكتب\ComboFix.exe
Command switches used :: c:\documents and settings\الاسمى\سطح المكتب\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: avast! antivirus 4.8.1356 [VPS 091016-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))
.
2009-10-15 03:55 . 2009-09-15 10:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-10-15 03:55 . 2009-09-15 10:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-10-15 03:55 . 2009-09-15 10:53 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-10-15 03:55 . 2009-09-15 10:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-15 03:55 . 2009-09-15 10:56 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-10-15 03:55 . 2009-09-15 10:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-10-15 03:55 . 2009-09-15 10:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-10-15 03:55 . 2009-09-15 10:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-10-15 03:55 . 2009-09-15 10:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
2009-10-15 03:55 . 2009-10-15 03:55 -------- d-----w- c:\program files\Alwil Software
2009-10-14 23:45 . 2009-10-14 23:45 51600 ----a-w- c:\windows\system32\RadLightMPCUninstall.exe
2009-10-11 13:27 . 2009-10-11 13:27 -------- d-----w- c:\documents and settings\الاسمى\Application Data\Software Informer
2009-10-11 13:26 . 2009-10-11 13:26 -------- d-----w- c:\program files\Software Informer
2009-10-11 13:26 . 2009-10-15 21:41 -------- d-----w- c:\documents and settings\الاسمى\Application Data\Free Download Manager
2009-10-11 13:26 . 2009-10-11 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-10-10 19:19 . 2009-10-10 19:19 -------- d-----w- c:\documents and settings\الاسمى\Application Data\WinPatrol
2009-10-07 20:20 . 2009-10-09 22:24 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-07 17:23 . 2009-10-07 17:23 -------- d-----w- c:\documents and settings\الاسمى\Application Data\AVG8
2009-10-07 17:11 . 2009-10-01 07:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-07 16:09 . 2009-10-07 16:09 -------- d-----w- c:\program files\Trend Micro
2009-10-04 21:11 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-03 17:14 . 2009-10-03 17:14 -------- d-----w- c:\windows\system32\wbem\Repository
2009-10-03 17:14 . 2009-10-03 17:14 -------- d-----w- C:\c4b7851f59969756ea756a1e85
2009-10-03 17:11 . 2009-10-03 17:11 -------- d-----w- c:\program files\PC Connectivity Solution
2009-10-03 17:10 . 2009-10-03 17:10 -------- d-----w- c:\program files\MSBuild
2009-10-03 17:10 . 2009-10-03 17:10 -------- d-----w- c:\windows\SHELLNEW
2009-10-03 17:10 . 2009-10-03 17:10 -------- d-----w- c:\program files\Microsoft Works
2009-10-03 17:08 . 2009-10-03 17:08 -------- d-----r- C:\MSOCache
2009-10-03 17:07 . 2009-10-03 17:12 -------- d-----w- c:\program files\FinalUninstaller
2009-10-03 17:06 . 2009-10-10 08:24 -------- d-----w- C:\Outerspace Software
2009-10-03 17:06 . 2009-10-03 17:06 -------- d-----w- C:\NOD
2009-10-03 17:06 . 2009-10-03 17:06 -------- d-----w- c:\program files\Gabest
2009-10-03 16:58 . 2009-10-03 17:14 -------- d-----w- c:\documents and settings\الاسمى\Application Data\PC Suite
2009-10-03 16:58 . 2009-10-03 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-10-03 16:58 . 2009-10-03 16:58 -------- d-----w- c:\documents and settings\الاسمى\Application Data\ESET
2009-10-01 22:13 . 2009-10-03 05:14 -------- d-----w- c:\documents and settings\الاسمى\Application Data\skypePM
2009-10-01 22:13 . 2009-10-01 22:13 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-10-01 22:10 . 2009-10-03 16:59 -------- d-----w- c:\documents and settings\الاسمى\Application Data\Skype
2009-10-01 22:10 . 2009-10-03 16:59 -------- d-----w- c:\program files\Google
2009-10-01 22:08 . 2009-10-03 16:59 -------- d-----w- c:\program files\Skype
2009-10-01 22:07 . 2009-10-03 16:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-01 21:27 . 2009-10-01 21:27 -------- d-----w- c:\program files\AxBx
2009-09-27 18:46 . 2009-09-27 18:46 -------- d-----w- c:\documents and settings\الاسمى\Local Settings\Application Data\Help
2009-09-26 02:30 . 2009-09-27 18:47 232 ----a-w- c:\windows\itlog.dat
2009-09-23 19:17 . 2009-09-23 19:17 -------- d-----w- c:\program files\MSBuild(2)
2009-09-23 19:08 . 2009-09-23 19:16 -------- d-----w- c:\windows\SHELLNEW(2)
2009-09-23 18:59 . 2009-10-03 17:08 -------- d-----w- c:\program files\Microsoft Office(2)
2009-09-23 18:58 . 2009-10-03 17:08 -------- d-----w- C:\MSOCache(2)
2009-09-23 16:01 . 2009-09-23 17:59 -------- d-----w- c:\program files\Java
2009-09-23 15:49 . 2009-10-03 17:11 -------- d-----w- c:\windows\system32\GroupPolicy
2009-09-23 15:08 . 2009-10-03 17:11 -------- d-----w- c:\program files\PC Connectivity Solution(2)
2009-09-23 14:41 . 2009-09-23 14:41 -------- d-----w- c:\program files\DVD-RAM
2009-09-23 13:59 . 2009-09-23 14:00 -------- d-----w- c:\windows\system32\NtmsData
2009-09-23 13:47 . 2009-09-23 13:47 -------- d-----w- c:\program files\security
2009-09-23 13:41 . 2009-09-23 13:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-09-20 06:14 . 2009-10-03 17:13 -------- d-----w- c:\windows\NiwradSoft Shell Pack
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-15 21:36 . 2001-09-19 12:00 40316 ----a-w- c:\windows\system32\perfc001.dat
2009-10-15 21:36 . 2001-09-19 12:00 251946 ----a-w- c:\windows\system32\perfh001.dat
2009-10-11 13:27 . 2009-06-14 14:18 -------- d-----w- c:\program files\Free Download Manager
2009-10-03 17:14 . 2009-09-06 17:21 -------- d-----w- c:\program files\All2Chat
2009-10-03 17:11 . 2009-09-02 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-10-03 17:11 . 2009-09-02 18:42 -------- d-----w- c:\program files\DIFX
2009-10-03 17:11 . 2009-09-02 18:41 -------- d-----w- c:\program files\Nokia
2009-10-03 17:07 . 2009-07-24 10:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-23 14:41 . 2009-06-09 17:28 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-23 14:03 . 2009-06-10 13:17 111648 ----a-w- c:\documents and settings\الاسمى\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:17 . 2004-08-03 21:55 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-08 03:17 . 2009-06-09 17:26 -------- d-----w- c:\program files\CONEXANT
2009-09-04 21:03 . 2004-08-03 21:55 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-02 18:44 . 2009-09-02 18:43 -------- d-----w- c:\documents and settings\الاسمى\Application Data\Nokia
2009-09-02 18:43 . 2009-09-02 18:43 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-09-02 18:43 . 2009-09-02 18:43 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-08-29 07:25 . 2004-08-03 21:55 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:25 . 2004-08-03 21:55 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:25 . 2004-08-03 21:55 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2004-08-03 21:55 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-05 08:59 . 2004-08-03 21:55 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 19:56 . 2004-08-03 21:49 2190720 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:26 . 2004-08-04 00:48 2067584 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-24 22:49 . 2009-07-24 22:49 45 ---h--w- c:\windows\dsez0466.dat
2009-06-14 14:16 . 2009-06-14 14:16 6710419 ----a-w- c:\program files\fdminst.exe
2009-06-10 13:20 . 2009-06-10 13:20 2398736 ----a-w- c:\program files\WLinstaller.exe
2008-12-10 13:14 . 2009-06-10 17:57 4411392 ----a-w- c:\program files\mplayerc.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-10-07_15.37.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-15 21:32 . 2009-10-15 21:32 16384 c:\windows\temp\Perflib_Perfdata_650.dat
+ 2009-06-10 13:28 . 2009-05-26 11:40 17784 c:\windows\system32\spmsg.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 44544 c:\windows\system32\pngfilt.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 44544 c:\windows\system32\pngfilt.dll
- 2001-09-19 12:00 . 2009-10-07 15:36 40326 c:\windows\system32\perfc009.dat
+ 2001-09-19 12:00 . 2009-10-15 21:36 40326 c:\windows\system32\perfc009.dat
+ 2007-08-13 15:54 . 2009-08-29 07:25 52224 c:\windows\system32\msfeedsbs.dll
- 2007-08-13 15:54 . 2009-06-29 15:56 52224 c:\windows\system32\msfeedsbs.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 27648 c:\windows\system32\jsproxy.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 27648 c:\windows\system32\jsproxy.dll
- 2007-08-13 15:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
+ 2007-08-13 15:39 . 2009-08-28 10:26 13824 c:\windows\system32\ieudinit.exe
- 2004-08-03 21:55 . 2009-06-29 15:56 44544 c:\windows\system32\iernonce.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 44544 c:\windows\system32\iernonce.dll
+ 2004-08-03 21:56 . 2009-08-28 10:26 70656 c:\windows\system32\ie4uinit.exe
- 2004-08-03 21:56 . 2009-06-29 11:07 70656 c:\windows\system32\ie4uinit.exe
- 2007-08-13 15:36 . 2009-06-29 15:56 63488 c:\windows\system32\icardie.dll
+ 2007-08-13 15:36 . 2009-08-29 07:25 63488 c:\windows\system32\icardie.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 44544 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 44544 c:\windows\system32\dllcache\pngfilt.dll
- 2009-06-12 04:54 . 2009-06-29 15:56 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-06-12 04:54 . 2009-08-29 07:25 52224 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-09-04 21:03 . 2009-09-04 21:03 58880 c:\windows\system32\dllcache\msasn1.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 27648 c:\windows\system32\dllcache\jsproxy.dll
- 2009-06-12 04:54 . 2009-06-29 11:07 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2009-06-12 04:54 . 2009-08-28 10:26 13824 c:\windows\system32\dllcache\ieudinit.exe
+ 2004-08-03 21:55 . 2009-08-29 07:25 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 44544 c:\windows\system32\dllcache\iernonce.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 78336 c:\windows\system32\dllcache\ieencode.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 78336 c:\windows\system32\dllcache\ieencode.dll
- 2004-08-03 21:56 . 2009-06-29 11:07 70656 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-03 21:56 . 2009-08-28 10:26 70656 c:\windows\system32\dllcache\ie4uinit.exe
- 2009-06-12 04:54 . 2009-06-29 15:56 63488 c:\windows\system32\dllcache\icardie.dll
+ 2009-06-12 04:54 . 2009-08-29 07:25 63488 c:\windows\system32\dllcache\icardie.dll
- 2009-06-29 15:56 . 2009-06-29 15:56 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-06-29 15:56 . 2009-08-29 07:25 17408 c:\windows\system32\dllcache\corpol.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 44544 c:\windows\ie7updates\KB974455-IE7\pngfilt.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 52224 c:\windows\ie7updates\KB974455-IE7\msfeedsbs.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 27648 c:\windows\ie7updates\KB974455-IE7\jsproxy.dll
+ 2009-10-15 04:59 . 2009-06-29 11:07 13824 c:\windows\ie7updates\KB974455-IE7\ieudinit.exe
+ 2009-10-15 04:59 . 2009-06-29 15:56 44544 c:\windows\ie7updates\KB974455-IE7\iernonce.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 78336 c:\windows\ie7updates\KB974455-IE7\ieencode.dll
+ 2009-10-15 04:59 . 2009-06-29 11:07 70656 c:\windows\ie7updates\KB974455-IE7\ie4uinit.exe
+ 2009-10-15 04:59 . 2009-06-29 15:56 63488 c:\windows\ie7updates\KB974455-IE7\icardie.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 17408 c:\windows\ie7updates\KB974455-IE7\corpol.dll
+ 2004-08-03 21:55 . 2009-04-03 09:15 485376 c:\windows\system32\wmspdmod.dll
- 2004-08-03 21:55 . 2008-04-14 15:59 485376 c:\windows\system32\wmspdmod.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 233472 c:\windows\system32\webcheck.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 233472 c:\windows\system32\webcheck.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 105984 c:\windows\system32\url.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 105984 c:\windows\system32\url.dll
+ 2001-09-19 12:00 . 2009-10-15 21:36 311938 c:\windows\system32\perfh009.dat
- 2001-09-19 12:00 . 2009-10-07 15:36 311938 c:\windows\system32\perfh009.dat
- 2004-08-03 21:55 . 2009-06-29 15:56 102912 c:\windows\system32\occache.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 102912 c:\windows\system32\occache.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 671232 c:\windows\system32\mstime.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 671232 c:\windows\system32\mstime.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 193024 c:\windows\system32\msrating.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 193024 c:\windows\system32\msrating.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 477696 c:\windows\system32\mshtmled.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 477696 c:\windows\system32\mshtmled.dll
- 2007-08-13 15:54 . 2009-06-29 15:56 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 15:54 . 2009-08-29 07:25 459264 c:\windows\system32\msfeeds.dll
+ 2007-08-13 15:34 . 2009-08-29 07:25 268288 c:\windows\system32\iertutil.dll
- 2007-08-13 15:34 . 2009-06-29 15:56 268288 c:\windows\system32\iertutil.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 385024 c:\windows\system32\iedkcs32.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 385024 c:\windows\system32\iedkcs32.dll
- 2007-07-11 09:27 . 2009-06-29 15:56 380928 c:\windows\system32\ieapfltr.dll
+ 2007-07-11 09:27 . 2009-08-29 07:25 380928 c:\windows\system32\ieapfltr.dll
- 2001-09-19 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\ieakui.dll
+ 2001-09-19 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\ieakui.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 230400 c:\windows\system32\ieaksie.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 153088 c:\windows\system32\ieakeng.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 153088 c:\windows\system32\ieakeng.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 133120 c:\windows\system32\extmgr.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 133120 c:\windows\system32\extmgr.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 214528 c:\windows\system32\dxtrans.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 214528 c:\windows\system32\dxtrans.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 347136 c:\windows\system32\dxtmsft.dll
+ 2004-08-03 21:55 . 2009-04-03 09:15 485376 c:\windows\system32\dllcache\wmspdmod.dll
- 2004-08-03 21:55 . 2008-04-14 15:59 485376 c:\windows\system32\dllcache\wmspdmod.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 832512 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 233472 c:\windows\system32\dllcache\webcheck.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 233472 c:\windows\system32\dllcache\webcheck.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 105984 c:\windows\system32\dllcache\url.dll
- 2004-08-03 21:55 . 2008-10-03 10:03 247326 c:\windows\system32\dllcache\strmdll.dll
+ 2004-08-03 21:55 . 2009-08-26 08:00 247326 c:\windows\system32\dllcache\strmdll.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 102912 c:\windows\system32\dllcache\occache.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 102912 c:\windows\system32\dllcache\occache.dll
+ 2009-06-25 08:25 . 2009-09-11 14:17 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 671232 c:\windows\system32\dllcache\mstime.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 671232 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 193024 c:\windows\system32\dllcache\msrating.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 477696 c:\windows\system32\dllcache\mshtmled.dll
+ 2009-06-12 04:54 . 2009-08-29 07:25 459264 c:\windows\system32\dllcache\msfeeds.dll
- 2009-06-12 04:54 . 2009-06-29 15:56 459264 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-09 15:43 . 2009-08-27 05:18 634648 c:\windows\system32\dllcache\iexplore.exe
+ 2009-06-12 04:54 . 2009-08-29 07:25 268288 c:\windows\system32\dllcache\iertutil.dll
- 2009-06-12 04:54 . 2009-06-29 15:56 268288 c:\windows\system32\dllcache\iertutil.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 385024 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 385024 c:\windows\system32\dllcache\iedkcs32.dll
- 2009-06-12 04:54 . 2009-06-29 15:56 380928 c:\windows\system32\dllcache\ieapfltr.dll
+ 2009-06-12 04:54 . 2009-08-29 07:25 380928 c:\windows\system32\dllcache\ieapfltr.dll
- 2001-09-19 12:00 . 2009-06-29 08:33 161792 c:\windows\system32\dllcache\ieakui.dll
+ 2001-09-19 12:00 . 2009-08-27 05:18 161792 c:\windows\system32\dllcache\ieakui.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 230400 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 153088 c:\windows\system32\dllcache\ieakeng.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 133120 c:\windows\system32\dllcache\extmgr.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 214528 c:\windows\system32\dllcache\dxtrans.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 347136 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 124928 c:\windows\system32\dllcache\advpack.dll
- 2004-08-03 21:55 . 2009-06-29 15:56 124928 c:\windows\system32\advpack.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 124928 c:\windows\system32\advpack.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 827392 c:\windows\ie7updates\KB974455-IE7\wininet.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 233472 c:\windows\ie7updates\KB974455-IE7\webcheck.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 105984 c:\windows\ie7updates\KB974455-IE7\url.dll
+ 2009-10-15 04:59 . 2009-05-26 11:40 380792 c:\windows\ie7updates\KB974455-IE7\spuninst\updspapi.dll
+ 2009-10-15 04:59 . 2009-05-26 11:40 231288 c:\windows\ie7updates\KB974455-IE7\spuninst\spuninst.exe
+ 2009-10-15 04:59 . 2009-06-29 15:56 102912 c:\windows\ie7updates\KB974455-IE7\occache.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 671232 c:\windows\ie7updates\KB974455-IE7\mstime.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 193024 c:\windows\ie7updates\KB974455-IE7\msrating.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 477696 c:\windows\ie7updates\KB974455-IE7\mshtmled.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 459264 c:\windows\ie7updates\KB974455-IE7\msfeeds.dll
+ 2009-10-15 04:59 . 2009-06-29 08:35 634632 c:\windows\ie7updates\KB974455-IE7\iexplore.exe
+ 2009-10-15 04:59 . 2009-06-29 15:56 268288 c:\windows\ie7updates\KB974455-IE7\iertutil.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 385024 c:\windows\ie7updates\KB974455-IE7\iedkcs32.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 380928 c:\windows\ie7updates\KB974455-IE7\ieapfltr.dll
+ 2009-10-15 04:59 . 2009-06-29 08:33 161792 c:\windows\ie7updates\KB974455-IE7\ieakui.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 230400 c:\windows\ie7updates\KB974455-IE7\ieaksie.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 153088 c:\windows\ie7updates\KB974455-IE7\ieakeng.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 133120 c:\windows\ie7updates\KB974455-IE7\extmgr.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 214528 c:\windows\ie7updates\KB974455-IE7\dxtrans.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 347136 c:\windows\ie7updates\KB974455-IE7\dxtmsft.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 124928 c:\windows\ie7updates\KB974455-IE7\advpack.dll
+ 2009-10-15 01:47 . 2009-08-13 13:55 1748992 c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df\GdiPlus.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 1168384 c:\windows\system32\urlmon.dll
+ 2004-08-03 21:55 . 2009-07-17 16:15 1433600 c:\windows\system32\query.dll
- 2004-08-03 21:55 . 2008-04-14 15:59 1433600 c:\windows\system32\query.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 3598336 c:\windows\system32\mshtml.dll
+ 2007-08-13 15:54 . 2009-08-29 07:25 6067200 c:\windows\system32\ieframe.dll
- 2007-08-13 15:54 . 2009-07-19 13:26 6067200 c:\windows\system32\ieframe.dll
+ 2004-08-03 21:55 . 2009-08-29 07:25 1168384 c:\windows\system32\dllcache\urlmon.dll
+ 2009-07-17 16:15 . 2009-07-17 16:15 1433600 c:\windows\system32\dllcache\query.dll
+ 2009-06-11 11:59 . 2009-08-04 19:56 2190720 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2009-06-11 11:59 . 2009-08-04 17:25 2025472 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-06-11 11:59 . 2009-02-09 11:22 2025472 c:\windows\system32\dllcache\ntkrpamp.exe
- 2009-02-10 16:03 . 2009-02-10 16:03 2067584 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-02-10 16:03 . 2009-08-04 17:26 2067584 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2009-06-11 11:59 . 2009-08-04 17:26 2146816 c:\windows\system32\dllcache\ntkrnlmp.exe
- 2009-06-11 11:59 . 2009-02-09 11:22 2146816 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2004-08-03 21:55 . 2009-08-29 07:25 3598336 c:\windows\system32\dllcache\mshtml.dll
+ 2009-06-12 04:54 . 2009-08-29 07:25 6067200 c:\windows\system32\dllcache\ieframe.dll
- 2009-06-12 04:54 . 2009-07-19 13:26 6067200 c:\windows\system32\dllcache\ieframe.dll
+ 2009-10-15 04:59 . 2009-06-29 15:56 1159680 c:\windows\ie7updates\KB974455-IE7\urlmon.dll
+ 2009-10-15 04:59 . 2009-07-19 13:26 3597824 c:\windows\ie7updates\KB974455-IE7\mshtml.dll
+ 2009-10-15 04:59 . 2009-07-19 13:26 6067200 c:\windows\ie7updates\KB974455-IE7\ieframe.dll
+ 2009-06-11 11:59 . 2009-08-04 19:56 2190720 c:\windows\Driver Cache\i386\ntoskrnl.exe
- 2009-06-11 11:59 . 2009-02-09 11:22 2025472 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-06-11 11:59 . 2009-08-04 17:25 2025472 c:\windows\Driver Cache\i386\ntkrpamp.exe
- 2009-02-10 16:03 . 2009-02-10 16:03 2067584 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-02-10 16:03 . 2009-08-04 17:26 2067584 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-06-11 11:59 . 2009-08-04 17:26 2146816 c:\windows\Driver Cache\i386\ntkrnlmp.exe
- 2009-06-11 11:59 . 2009-02-09 11:22 2146816 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-06-12 04:55 . 2009-10-02 18:01 25198016 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2005-08-01 1093632]
"ZCfgSvc.exe"="c:\windows\system32\ZCfgSvc.exe" [2006-08-03 639040]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2005-07-07 135168]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-08 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-08 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-06-08 114688]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\çںê، ں §ڑ\ںé ©ںê¤\ §ک ں颬نïé\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-9 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2006-08-03 00:20 188482 ----a-w- c:\windows\system32\LgNotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [15/10/2009 06:55 ص 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [15/10/2009 06:55 ص 20560]
.
Contents of the 'Scheduled Tasks' folder
2009-10-14 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
2009-10-15 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com.sa/IE: ت&صدير إلى Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: تحميل الفيديو بواسطة Free Download Manager -
file://c:\program files\Free Download Manager\dlfvideo.htm
IE: تحميل الكل بواسطة Free Download Manager -
file://c:\program files\Free Download Manager\dlall.htm
IE: تحميل المحددة بواسطة Free Download Manager -
file://c:\program files\Free Download Manager\dlselected.htm
IE: تحميل بواسطة Free Download Manager -
file://c:\program files\Free Download Manager\dllink.htm
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-fsm - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-16 00:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(692)
c:\windows\system32\LgNotify.dll
- - - - - - - > 'explorer.exe'(3204)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-10-15 0:47
ComboFix-quarantined-files.txt 2009-10-15 21:47
ComboFix2.txt 2009-10-07 15:38
Pre-Run: 38,234,386,432 bytes free
Post-Run: 38,198,177,792 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
358 --- E O F --- 2009-10-15 05:00
*RootRepeal report
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/16 00:54
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================
Drivers
-------------------
Name: catchme.sys
Image Path: C:\DOCUME~1\33DE~1\LOCALS~1\Temp\catchme.sys
Address: 0xAA1B3000 Size: 31744 File Visible: No Signed: -
Status: -
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xA9F6B000 Size: 98304 File Visible: No Signed: -
Status: -
Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF79C3000 Size: 8192 File Visible: No Signed: -
Status: -
Name: PROCEXP90.SYS
Image Path: C:\WINDOWS\system32\Drivers\PROCEXP90.SYS
Address: 0xF79C5000 Size: 6464 File Visible: No Signed: -
Status: -
Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9EEB000 Size: 49152 File Visible: No Signed: -
Status: -
SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb36b8
#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb3574
#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb3a52
#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb314c
#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb364e
#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb308c
#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb30f0
#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb376e
#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb372e
#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xa9fb38ae
==EOF==