Hi Airscape:
Below is the log from ComboFix
Thanks,
John
ComboFix 10-06-17.03 - Johnny Pants 06/18/2010 19:54:48.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1278.828 [GMT -5:00]
Running from: c:\documents and settings\Johnny Pants\Desktop\ComboFixdef.exe
Command switches used :: c:\documents and settings\Johnny Pants\Desktop\CFScript.txt.lnk
AV: Norton Security Suite *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Security Suite *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\win.com
.
((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.
2010-06-10 12:13 . 2010-06-10 12:13 -------- d-----w- C:\N360_BACKUP
2010-06-10 12:04 . 2010-06-10 12:04 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-06-10 12:04 . 2010-06-10 12:38 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-10 12:04 . 2010-06-10 12:04 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-06-10 12:04 . 2010-06-10 17:59 -------- d-----w- c:\windows\system32\drivers\N360
2010-06-10 12:04 . 2010-06-10 12:04 -------- d-----w- c:\program files\Norton Security Suite
2010-06-10 12:04 . 2010-06-10 12:04 -------- d-----w- c:\program files\Windows Sidebar
2010-06-10 12:01 . 2010-06-10 12:01 -------- d-----w- c:\program files\NortonInstaller
2010-06-10 12:01 . 2010-06-10 12:01 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-06-08 11:52 . 2010-06-08 11:52 -------- d-----w- c:\documents and settings\Johnny Pants\Application Data\Malwarebytes
2010-06-08 11:52 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-08 11:52 . 2010-06-08 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-08 11:52 . 2010-06-08 11:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 11:52 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 14:02 . 2010-06-07 14:02 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-06-07 12:45 . 2010-06-07 12:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-07 12:45 . 2010-06-07 12:45 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-04 02:28 . 2010-06-10 15:35 -------- d-----w- C:\!KillBox
2010-06-02 20:20 . 2010-06-10 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-06-02 20:19 . 2010-06-02 20:54 -------- d-----w- c:\documents and settings\Johnny Pants\Local Settings\Application Data\NPE
2010-06-02 14:27 . 2010-06-02 15:55 -------- d-----w- c:\documents and settings\Johnny Pants\SecurityScans
2010-06-02 02:50 . 2010-06-02 17:36 -------- d-----w- C:\System Volume Information2
2010-06-01 20:29 . 2010-06-01 20:29 388096 ----a-r- c:\documents and settings\Johnny Pants\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-01 20:29 . 2010-06-01 20:29 -------- d-----w- c:\program files\Trend Micro
2010-06-01 19:29 . 2010-06-01 19:29 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
2010-06-01 19:28 . 2010-06-01 19:28 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2010-06-01 15:50 . 2004-08-04 05:59 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-06-01 15:50 . 2004-08-04 05:59 34688 ----a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-06-01 15:49 . 2004-08-04 06:00 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-06-01 15:49 . 2004-08-04 06:00 8192 ----a-w- c:\windows\system32\dllcache\changer.sys
2010-05-21 19:35 . 2010-05-21 19:35 -------- d-----w- c:\program files\Seagate
2010-05-21 19:35 . 2010-05-21 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2010-05-21 19:31 . 2010-05-21 19:31 -------- d-----w- c:\documents and settings\Johnny Pants\Local Settings\Application Data\Downloaded Installations
2010-05-21 19:31 . 2010-05-21 19:31 -------- d-----w- c:\program files\MSXML 6.0
2010-05-21 19:31 . 2010-06-01 16:42 -------- d-----w- c:\program files\Carbonite
2010-05-21 19:31 . 2010-05-21 19:31 -------- d-sh--w- c:\windows\ftpcache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-12 04:06 . 2004-04-10 16:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-12 00:00 . 2010-06-07 12:39 112 ----a-w- c:\documents and settings\All Users\Application Data\2cV2301.dat
2010-06-10 12:04 . 2004-06-12 03:13 -------- d-----w- c:\program files\Symantec
2010-06-10 12:04 . 2010-06-10 12:04 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-10 12:04 . 2010-06-10 12:04 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-10 12:02 . 2008-07-01 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-10 11:31 . 2002-08-29 07:27 57472 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-06-08 11:17 . 2004-03-23 14:08 -------- d-----w- c:\program files\Java
2010-06-08 11:12 . 2009-11-12 18:26 -------- d-----w- c:\program files\Coupons
2010-06-08 11:04 . 2004-10-16 01:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-08 11:04 . 2004-10-16 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-08 11:01 . 2004-06-12 03:03 -------- d-----w- c:\program files\Lavasoft
2010-06-08 11:01 . 2004-10-16 01:06 -------- d-----w- c:\documents and settings\Johnny Pants\Application Data\Lavasoft
2010-06-07 12:46 . 2007-09-23 23:40 -------- d-----w- c:\program files\Google
2010-06-02 17:33 . 2007-10-23 18:08 -------- d-----w- c:\program files\Windows Media Connect 2
2010-06-01 18:46 . 2005-09-25 20:18 -------- d-----w- c:\program files\SpywareBlaster
2010-05-21 19:36 . 2007-02-12 20:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-02 05:56 . 2002-08-29 11:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:51 . 2002-08-29 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-13 09:57 . 2009-11-25 01:26 79488 ----a-w- c:\documents and settings\Johnny Pants\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-04-13 09:52 . 2004-04-02 02:56 98960 ----a-w- c:\documents and settings\Johnny Pants\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2005-04-24 02:29 . 2004-05-30 05:36 450 -c-ha-w- c:\program files\hpothb07.dat
2004-06-01 01:26 . 2004-05-30 05:36 50934 ---ha-w- c:\program files\hpothb07.tif
2004-05-30 05:37 . 2004-05-30 05:37 3005544 ----a-w- c:\program files\wedding card1.tif
2004-05-30 05:36 . 2004-05-30 05:36 9576032 ----a-w- c:\program files\wedding card.tif
2004-05-30 05:35 . 2004-05-30 05:35 9576008 ----a-w- c:\program files\Scan0001.tif
.
- Code: Select all
<pre>
c:\program files\Adobe\Reader 8.0\Reader\Reader_sl .exe
c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr .exe
c:\program files\Spybot - Search & Destroy\TeaTimer .exe
</pre>
((((((((((((((((((((((((((((( SnapShot@2010-06-16_01.33.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-18 21:02 . 2010-06-18 21:02 16384 c:\windows\Temp\Perflib_Perfdata_6d8.dat
- 2004-03-23 14:00 . 2010-03-25 18:09 54280 c:\windows\SYSTEM32\PERFC009.DAT
+ 2004-03-23 14:00 . 2010-06-17 01:33 54280 c:\windows\SYSTEM32\PERFC009.DAT
+ 2009-11-06 03:17 . 2009-11-06 03:17 11600 c:\windows\SYSTEM32\MUI\0409\mscorees.dll
+ 2010-03-05 14:57 . 2010-03-05 14:57 65536 c:\windows\SYSTEM32\DLLCACHE\asycfilt.dll
+ 2002-08-29 11:00 . 2010-03-05 14:57 65536 c:\windows\SYSTEM32\asycfilt.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2008-05-28 06:30 . 2008-05-28 06:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
- 2003-02-21 01:19 . 2003-02-21 01:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2009-12-18 10:05 . 2009-12-18 10:05 16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\ViewerPS.dll
+ 2009-12-18 13:58 . 2009-12-18 13:58 40368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\reader_sl.exe
+ 2009-12-18 10:05 . 2009-12-18 10:05 67016 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\PDFPrevHndlrShim.exe
+ 2009-12-18 10:04 . 2009-12-18 10:04 83376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\PDFPrevHndlr.dll
+ 2009-12-18 07:43 . 2009-12-18 07:43 95672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\nppdf32.dll
+ 2009-12-18 07:57 . 2009-12-18 07:57 13752 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRd32Info.exe
+ 2009-12-18 07:16 . 2009-12-18 07:16 65536 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\Acrofx32.dll
+ 2010-06-17 02:06 . 2010-06-17 02:06 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_dd86839b\System.Drawing.Design.dll
+ 2010-06-17 02:06 . 2010-06-17 02:06 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_4b448db8\CustomMarshalers.dll
+ 2010-06-17 02:06 . 2010-06-17 02:06 81920 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2004-03-23 14:00 . 2010-06-17 01:33 384596 c:\windows\SYSTEM32\PERFH009.DAT
- 2004-03-23 14:00 . 2010-03-25 18:09 384596 c:\windows\SYSTEM32\PERFH009.DAT
+ 2002-09-03 15:05 . 2010-06-17 23:54 345016 c:\windows\SYSTEM32\FNTCACHE.DAT
- 2002-09-03 15:05 . 2010-04-13 09:50 345016 c:\windows\SYSTEM32\FNTCACHE.DAT
+ 2010-04-20 05:51 . 2010-04-20 05:51 285696 c:\windows\SYSTEM32\DLLCACHE\atmfd.dll
+ 2010-03-31 19:51 . 2010-03-31 19:51 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 05:49 . 2008-05-28 05:49 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2010-03-31 19:49 . 2010-03-31 19:49 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
- 2008-05-28 06:30 . 2008-05-28 06:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2010-03-31 20:32 . 2010-03-31 20:32 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
- 2010-06-12 04:06 . 2010-06-12 04:06 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe
+ 2010-06-12 04:06 . 2010-06-17 01:58 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe
+ 2009-12-18 07:51 . 2009-12-18 07:51 372736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\pdfshell.dll
+ 2009-11-10 03:34 . 2009-11-10 03:34 448512 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\JP2KLib.dll
+ 2009-12-18 07:14 . 2009-12-18 07:14 140728 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AdobeUpdateCheck.exe
+ 2009-12-18 09:55 . 2009-12-18 09:55 738776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AdobeCollabSync.exe
+ 2009-12-18 08:21 . 2009-12-18 08:21 112048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRdIF.dll
+ 2009-12-18 13:58 . 2009-12-18 13:58 345520 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRd32.exe
+ 2009-12-18 07:17 . 2009-12-18 07:17 632240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroPDF.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_70bb1315\System.Drawing.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 192512 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_970e73af\System.Drawing.Design.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 118784 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_20c7a827\CustomMarshalers.dll
+ 2004-03-23 14:29 . 2010-04-06 09:52 2462720 c:\windows\SYSTEM32\WMVCore.dll
+ 2003-05-30 15:00 . 2010-02-05 18:40 1291264 c:\windows\SYSTEM32\quartz.dll
- 2003-05-30 15:00 . 2009-11-27 17:33 1291264 c:\windows\SYSTEM32\quartz.dll
+ 2004-03-23 14:29 . 2010-04-06 09:52 2462720 c:\windows\SYSTEM32\DLLCACHE\WMVCore.dll
+ 2002-08-29 11:00 . 2010-05-02 05:56 1850880 c:\windows\SYSTEM32\DLLCACHE\win32k.sys
- 2007-10-29 22:43 . 2009-11-27 17:33 1291264 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
+ 2007-10-29 22:43 . 2010-02-05 18:40 1291264 c:\windows\SYSTEM32\DLLCACHE\quartz.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 06:35 . 2008-05-28 06:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
- 2008-05-28 05:48 . 2008-05-28 05:48 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2010-03-31 19:50 . 2010-03-31 19:50 2527232 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2010-04-01 16:42 . 2010-04-01 16:42 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
- 2008-05-28 05:43 . 2008-05-28 05:43 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2010-04-02 18:53 . 2010-04-02 18:53 7220736 c:\windows\Installer\1a5f0c.msp
+ 2009-12-18 07:16 . 2009-12-18 07:16 1949696 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\rt3d.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 4792320 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_f321bba7\System.dll
+ 2010-06-17 02:06 . 2010-06-17 02:06 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_3bf33dab\System.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_fa0bb99c\System.Xml.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 5513216 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_b8659476\System.Xml.dll
+ 2010-06-17 02:06 . 2010-06-17 02:06 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_9631cfc7\System.Windows.Forms.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 7884800 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_4e50e8ae\System.Windows.Forms.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 2244608 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_464ea75d\System.Drawing.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 3395584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_d0cbb951\System.Design.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b5068736\System.Design.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 8908800 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_eaa7d048\mscorlib.dll
+ 2010-06-17 02:07 . 2010-06-17 02:07 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_b4532440\mscorlib.dll
+ 2010-06-17 02:06 . 2010-06-17 02:06 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-17 00:03 . 2009-10-17 00:03 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
- 2009-10-17 00:03 . 2009-10-17 00:03 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-06-17 02:06 . 2010-06-17 02:06 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2007-06-18 01:18 . 2010-05-28 19:37 32472008 c:\windows\SYSTEM32\MRT.exe
+ 2010-04-03 00:29 . 2010-04-03 00:29 11413504 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp
+ 2010-04-02 17:30 . 2010-04-02 17:30 17456640 c:\windows\Installer\1a5f28.msp
+ 2009-12-18 13:30 . 2009-12-18 13:30 13313464 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7448A0200000030\8.2.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2004-03-23 14:22 . 2004-03-23 14:22 151597 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe
2003-02-13 07:01 . 2003-02-13 07:01 155648 c:\program files\Common Files\Sonic\Update Manager\bak\sgtray.exe
2004-03-23 14:20 . 2003-08-27 01:47 204800 c:\program files\Dell\Media Experience\bak\PCMService.exe
2004-03-23 14:28 . 2004-09-23 00:20 53248 c:\program files\MUSICMATCH\MUSICMATCH Jukebox\bak\mmtask.exe
2004-03-23 14:22 . 2004-12-25 17:15 77824 c:\program files\QuickTime\bak\qttask.exe
2009-05-26 22:18 . 2009-05-26 22:18 413696 c:\program files\QuickTime\QTTask.exe
2002-07-30 16:35 . 2002-07-30 16:35 77824 c:\program files\Symantec_Client_Security\Symantec AntiVirus\bak\vptray.exe
2004-12-05 01:14 . 2003-06-11 07:52 380928 c:\program files\Visual Networks\Visual IP InSight\SBC\bak\IPClient.exe
2004-12-05 01:14 . 2003-06-11 07:52 122880 c:\program files\Visual Networks\Visual IP InSight\SBC\bak\IPMon32.exe
2002-08-09 23:09 . 2002-08-09 23:09 118784 c:\windows\bak\MXOaldr.exe
2002-08-29 11:00 . 2004-08-04 07:56 15360 c:\windows\SYSTEM32\bak\ctfmon.exe
2002-08-29 11:00 . 2004-08-04 07:56 15360 c:\windows\SYSTEM32\ctfmon.exe
1980-01-01 06:00 . 2005-01-23 15:31 126976 c:\windows\SYSTEM32\bak\hkcmd.exe
1980-01-01 06:00 . 2005-01-23 15:36 155648 c:\windows\SYSTEM32\bak\igfxtray.exe
2002-03-19 22:30 . 2002-03-19 22:30 45632 c:\windows\SYSTEM32\bak\taskswitch.exe
2004-03-23 14:20 . 2003-08-06 07:04 114741 c:\windows\SYSTEM32\dla\bak\tfswctrl.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Uniblue RegistryBooster 2"="c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [N/A]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-07-13 19:03 292128 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mmtask]
c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 22:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RCHotKey]
c:\progra~1\RINGCE~1\RINGCE~1\RCHotKey.exe [N/A]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.icd"=
"c:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\FileVOoM Pro\\FileVOoM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R0 SymDS;Symantec Data Store;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symds.sys [6/10/2010 9:43 AM 328752]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\symefa.sys [6/10/2010 9:43 AM 173104]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20100522.001\BHDrvx86.sys [6/14/2010 12:55 PM 691248]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\cchpx86.sys [6/10/2010 9:43 AM 501888]
R1 SymIRON;Symantec Iron Driver;c:\windows\SYSTEM32\DRIVERS\N360\0402000.00C\ironx86.sys [6/10/2010 9:43 AM 116784]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.2.0.12\ccsvchst.exe [6/10/2010 9:42 AM 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/10/2010 7:22 AM 102448]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20100617.005\IDSXpx86.sys [6/18/2010 4:27 PM 331640]
S2 kkkkk;Command Service;c:\windows\Sm9obm55IFBhbnRz\command.exe --> c:\windows\Sm9obm55IFBhbnRz\command.exe [?]
S4 Seti;Seti;c:\windows\seti\SRVANY.EXE [6/11/2004 10:09 PM 13312]
--- Other Services/Drivers In Memory ---
*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder
2010-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2008-01-04 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4191349867.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 22:56]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/Trusted Zone: classmates.com\www
Trusted Zone: wnemail.com
Trusted Zone: yahoo.com
Trusted Zone: yahoo.com\ad
Trusted Zone: yahoo.com\ads.auctions
Trusted Zone: yahoo.com\adserver
Trusted Zone: yahoo.com\geo
Trusted Zone: yahoo.com\geocities
Trusted Zone: yahoo.com\images
Trusted Zone: yahoo.com\java
Trusted Zone: yahoo.com\java.europe
Trusted Zone: yahoo.com\promo
Trusted Zone: yahoo.com\promotions
Trusted Zone: yahoo.com\red.clientapps
Trusted Zone: yahoo.com\srd
Trusted Zone: yahoo.com\st21
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Johnny Pants\Application Data\Mozilla\Firefox\Profiles\xikpd5yo.default\
FF - prefs.js: browser.search.selectedEngine - Google.com (in English)
FF - prefs.js: browser.startup.homepage -
hxxp://www.bing.com/FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\Johnny Pants\Application Data\Mozilla\Firefox\Profiles\xikpd5yo.default\extensions\{f2257711-226b-4529-8e1d-e82e1c55ebd8}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Johnny Pants\Application Data\Mozilla\Firefox\Profiles\xikpd5yo.default\extensions\{f2257711-226b-4529-8e1d-e82e1c55ebd8}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Johnny Pants\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Johnny Pants\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPcol308.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-18 20:04
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.2.0.12\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.2.0.12\diMaster.dll\" /prefetch:1"
.
Completion time: 2010-06-18 20:09:47
ComboFix-quarantined-files.txt 2010-06-19 01:09
ComboFix2.txt 2010-06-16 01:40
Pre-Run: 13,999,517,696 bytes free
Post-Run: 13,984,120,832 bytes free
- - End Of File - - BDD270BF3867D6615C7BCB63B15ABF72