Would allowing sed.cfexe be a good thing? Oh, and the Kaspersky Scan couldnt update and i can't go on w/o it.
<--------------------------------------------------------------------------------------------------------------->
ComboFix 07-11-19.3 - Owner 2007-11-29 22:45:59.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.160 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2007-10-28 to 2007-11-29 )))))))))))))))))))))))))))))))
.
2007-11-28 00:21 <DIR> d-------- C:\Program Files\MTV Networks
2007-11-27 21:28 <DIR> d-------- C:\WINDOWS\system32\drivers\umdf
2007-11-27 21:24 <DIR> d-------- C:\4e6daeb3996ec6e3144e85645ed9b6
2007-11-25 19:49 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-11-25 19:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-20 17:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
2007-11-20 17:34 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sunbelt Software
2007-11-20 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2007-11-20 11:29 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2007-11-19 22:47 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-19 08:01 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-19 01:52 <DIR> d--hs---- C:\Diskeeper
2007-11-19 00:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Diskeeper Corporation
2007-11-17 17:13 0 --a------ C:\WINDOWS\system32\SBRC.dat
2007-11-17 17:13 0 --a------ C:\WINDOWS\system32\SBFC.dat
2007-11-17 16:35 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sunbelt Software
2007-11-17 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sunbelt Software
2007-11-17 16:35 15,544 --a------ C:\WINDOWS\system32\drivers\sbhr.sys
2007-11-17 16:33 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-17 15:06 <DIR> d-------- C:\Program Files\Realtek AC97
2007-11-16 19:29 49,152 --a------ C:\WINDOWS\system32\ChCfg.exe
2007-11-16 19:27 10,528,768 --a------ C:\WINDOWS\system32\RTLCPL.exe
2007-11-16 19:27 147,456 --a------ C:\WINDOWS\system32\RtlCPAPI.dll
2007-11-16 19:27 141,016 --a------ C:\WINDOWS\system32\alsndmgr.wav
2007-11-07 22:14 <DIR> d-------- C:\Program Files\Norton Security Scan
2007-11-07 11:03 <DIR> d-------- C:\WINDOWS\ERUNT
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Sonic
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SampleView
2007-11-07 10:45 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\interMute
2007-11-06 21:44 <DIR> d-------- C:\Program Files\The Weather Channel FW
2007-11-06 21:44 <DIR> d-------- C:\Program Files\AskPBar
2007-11-05 17:23 <DIR> d-------- C:\Program Files\iPod
2007-11-05 17:22 <DIR> d-------- C:\Program Files\iTunes
2007-11-02 13:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-31 09:26 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-10-31 09:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-10-31 09:18 <DIR> dr-h----- C:\MSOCache
2007-10-31 08:56 <DIR> d-------- C:\Program Files\AdVantage
2007-10-31 08:54 <DIR> d-------- C:\Program Files\DAEMON Tools
2007-10-30 20:05 685,816 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2007-10-30 19:57 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2007-10-30 19:57 6,506 --a------ C:\WINDOWS\system32\ijjiSetup.log
2007-10-30 13:26 <DIR> d-------- C:\Program Files\MagicISO
2007-10-29 20:50 <DIR> d-------- C:\Program Files\NHN USA
2007-10-29 20:50 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2007-10-29 12:30 <DIR> d--h----- C:\Documents and Settings\Owner\Application Data\ijjigame
2007-10-29 12:29 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2007-10-29 12:29 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-10-29 12:29 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-10-29 12:29 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-10-29 12:29 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-10-29 12:29 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-10-29 12:29 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-10-29 12:28 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-10-29 12:16 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2007-10-29 11:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\IJJIGame
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-30 06:57 85,689,888 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-29 23:28 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-11-29 08:43 1,147,124 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-27 03:16 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-11-24 09:51 --------- d-----w C:\Program Files\Quicken
2007-11-24 09:51 --------- d-----w C:\Program Files\PC-Doctor for Windows
2007-11-24 09:51 --------- d-----w C:\Program Files\Java Web Start
2007-11-24 09:51 --------- d-----w C:\Program Files\DivX
2007-11-24 09:51 --------- d-----w C:\Program Files\9Dragons
2007-11-22 23:57 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-20 06:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-19 18:08 --------- d-----w C:\Program Files\BitComet
2007-11-19 08:49 --------- d-----w C:\Program Files\Diskeeper Corporation
2007-11-17 12:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Apple Computer
2007-11-17 03:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-07 07:44 359,808 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2007-11-07 05:46 --------- d-----w C:\Program Files\Trillian
2007-11-06 01:18 --------- d-----w C:\Program Files\QuickTime
2007-11-02 23:33 --------- d-----w C:\Program Files\MUSICMATCH
2007-11-02 21:13 --------- d-----w C:\Program Files\Lavasoft
2007-11-02 21:12 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-10-31 17:30 --------- d-----w C:\Program Files\Microsoft Works
2007-10-30 14:47 --------- d-----w C:\Documents and Settings\Owner\Application Data\MailFrontier
2007-10-30 14:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\MailFrontier
2007-10-26 19:20 4,124,352 ----a-r C:\WINDOWS\system32\drivers\alcxwdm.sys
2007-10-24 07:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-10-24 06:32 --------- d-----w C:\Program Files\Graphing Calculator Viewer
2007-10-24 06:28 --------- d-----w C:\Program Files\Tools for Enriching Calculus
2007-10-22 16:48 3,603 ----a-w C:\WINDOWS\viassary-hp.reg
2007-10-22 10:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 10:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-22 01:59 --------- d-----w C:\Program Files\Uniblue
2007-10-20 20:50 --------- d-----w C:\Program Files\Electronic Arts
2007-10-20 20:46 --------- d-----w C:\Program Files\Maxis
2007-10-20 02:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-20 02:29 --------- d-----w C:\Program Files\Apple Software Update
2007-10-20 02:28 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-20 02:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-19 17:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Uniblue
2007-10-13 10:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\Uniblue
2007-10-13 08:51 --------- d-----w C:\Program Files\MSN Messenger
2007-10-13 08:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-10-12 22:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-12 20:16 --------- d-----w C:\Program Files\PC Registry Cleaner
2007-10-11 04:45 --------- d-----w C:\Program Files\MediaMonkey
2007-10-06 00:42 --------- d-----w C:\Program Files\Java
2007-10-06 00:40 --------- d-----w C:\Program Files\Common Files\Java
2007-10-05 23:35 --------- d-----w C:\Program Files\mIRC
2007-10-04 05:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\Leadertech
2007-10-04 05:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-04 05:04 --------- d-----w C:\Program Files\Yahoo!
2007-10-04 05:04 --------- d-----w C:\Program Files\CCleaner
2007-10-04 04:46 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-10-04 04:18 --------- d-----w C:\Program Files\K-Lite Codec Pack
2007-10-04 04:14 --------- d-----w C:\Documents and Settings\Owner\Application Data\Media Player Classic
2007-10-04 03:15 --------- d-----w C:\Program Files\Spyware Doctor
2007-10-04 03:07 --------- d-----w C:\Program Files\Microsoft Plus! Digital Media Edition
2007-10-03 20:52 --------- d-----w C:\Program Files\WordPerfect Office 11
2007-10-03 20:52 --------- d-----w C:\Program Files\Ventrilo
2007-10-03 20:50 --------- d-----w C:\Program Files\Teamspeak2_RC2
2007-10-03 20:50 --------- d-----w C:\Program Files\Super Mario War
2007-10-03 20:49 --------- d-----w C:\Program Files\Real
2007-10-03 20:49 --------- d-----w C:\Program Files\PC Tools Firewall Plus
2007-10-03 20:49 --------- d-----w C:\Program Files\Opera
2007-10-03 20:41 --------- d-----w C:\Program Files\Guild Wars
2007-10-03 20:37 --------- d-----w C:\Program Files\Diablo II
2007-10-03 20:36 --------- d-----w C:\Program Files\Common Files\xing shared
2007-10-03 20:36 --------- d-----w C:\Program Files\Common Files\Vbox
2007-10-03 20:27 --------- d-----w C:\Program Files\Alwil Software
2007-10-02 16:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-10-02 07:24 --------- d-----w C:\Program Files\Common Files\Hewlett-Packard
2007-10-02 07:09 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-09-30 00:47 --------- d-----w C:\Program Files\Google
2007-09-28 18:56 --------- d-----w C:\Program Files\MSBuild
2007-09-28 18:52 --------- d-----w C:\Program Files\Reference Assemblies
2007-09-28 18:42 --------- d-----w C:\Program Files\MSXML 6.0
2007-09-28 16:28 --------- d-----w C:\Program Files\MSXML 4.0
2007-09-06 23:14 75,248 ----a-w C:\WINDOWS\zllsputility.exe
2007-09-06 23:14 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-23_14.38.44.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 07:56:58 208,896 ----a-w C:\WINDOWS\inf\unregmp2.exe
+ 2006-05-10 05:02:38 180,736 ----a-w C:\WINDOWS\inf\unregmp2.exe
- 2004-08-04 07:56:00 8,192 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-05-10 06:26:32 7,168 ----a-w C:\WINDOWS\system32\asferror.dll
+ 2006-05-10 06:26:34 267,776 ------w C:\WINDOWS\system32\Audiodev.dll
- 2004-08-04 07:56:42 286,208 ----a-w C:\WINDOWS\system32\blackbox.dll
+ 2006-05-10 04:59:14 585,216 ----a-w C:\WINDOWS\system32\blackbox.dll
- 2004-08-04 07:56:42 159,232 ----a-w C:\WINDOWS\system32\cewmdm.dll
+ 2006-05-10 06:26:34 219,648 ----a-w C:\WINDOWS\system32\CEWMDM.dll
- 2004-08-04 07:56:44 368,640 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
+ 2006-05-10 06:26:34 345,088 -c--a-w C:\WINDOWS\system32\dllcache\mpvis.dll
- 2004-08-04 07:56:58 774,144 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
+ 2006-05-10 05:02:42 1,587,712 -c--a-w C:\WINDOWS\system32\dllcache\setup_wm.exe
- 2004-08-04 07:56:48 98,304 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
+ 2006-05-10 06:26:34 87,040 -c--a-w C:\WINDOWS\system32\dllcache\wmpband.dll
- 2004-08-04 07:56:58 73,728 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
+ 2006-05-10 06:25:54 62,976 -c--a-w C:\WINDOWS\system32\dllcache\wmplayer.exe
- 2006-12-08 00:02:24 2,174,976 -c----w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-05-10 06:22:32 2,463,744 -c----w C:\WINDOWS\system32\dllcache\wmvcore.dll
+ 2006-05-10 04:58:46 646,656 ------w C:\WINDOWS\system32\drivers\umdf\wpdmtpdr.dll
+ 2006-05-10 04:58:44 40,704 ------w C:\WINDOWS\system32\drivers\wpdusb.sys
+ 2006-04-11 22:26:38 82,944 ------w C:\WINDOWS\system32\drivers\WudfPf.sys
+ 2006-04-11 22:29:18 87,808 ------w C:\WINDOWS\system32\drivers\WudfRd.sys
+ 2006-05-10 04:59:18 229,376 ------w C:\WINDOWS\system32\drmupgds.exe
- 2004-08-04 07:57:04 695,296 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-05-10 05:00:02 1,350,656 ----a-w C:\WINDOWS\system32\drmv2clt.dll
+ 2006-05-10 04:57:06 11,264 ------w C:\WINDOWS\system32\ehETW.dll
+ 2005-05-24 20:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 23:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 23:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2004-08-04 07:56:44 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll
+ 2006-05-10 06:26:32 9,728 ----a-w C:\WINDOWS\system32\LAPRXY.dll
- 2004-08-04 07:56:52 103,936 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-05-10 05:02:02 84,480 ----a-w C:\WINDOWS\system32\logagent.exe
+ 2006-01-02 19:13:32 128,648 ----a-w C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe
+ 2006-01-03 23:14:12 20,480 ----a-w C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
+ 2006-05-10 05:00:08 382,976 ------w C:\WINDOWS\system32\MFPLAT.dll
+ 2006-05-10 05:00:56 241,152 ------w C:\WINDOWS\system32\MP43DECD.dll
- 2004-08-04 07:56:44 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll
+ 2006-05-10 05:00:58 299,520 ------w C:\WINDOWS\system32\MP4SDECD.dll
- 2004-08-04 07:56:44 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll
+ 2006-05-10 05:00:58 241,152 ------w C:\WINDOWS\system32\MPG4DECD.dll
- 2004-08-04 07:56:44 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll
+ 2006-05-10 04:45:20 304,640 ------w C:\WINDOWS\system32\MSDelta.dll
- 2004-08-04 07:57:02 259,072 ----a-w C:\WINDOWS\system32\msnetobj.dll
+ 2006-05-10 06:26:34 212,480 ----a-w C:\WINDOWS\system32\msnetobj.dll
- 2004-08-04 07:56:44 52,224 ----a-w C:\WINDOWS\system32\mspmsnsv.dll
+ 2006-05-10 06:26:34 26,112 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll
- 2004-08-04 07:56:44 201,728 ----a-w C:\WINDOWS\system32\mspmsp.dll
+ 2006-05-10 06:26:34 165,376 ----a-w C:\WINDOWS\system32\MsPMSP.dll
- 2004-08-04 07:57:02 356,352 ----a-w C:\WINDOWS\system32\msscp.dll
+ 2006-05-10 04:59:20 417,280 ----a-w C:\WINDOWS\system32\MSSCP.dll
- 2004-08-04 07:56:46 245,760 ----a-w C:\WINDOWS\system32\mswmdm.dll
+ 2006-05-10 06:26:34 306,688 ----a-w C:\WINDOWS\system32\MSWMDM.dll
+ 2006-05-10 04:58:48 345,600 ------w C:\WINDOWS\system32\PortableDeviceApi.dll
+ 2006-05-10 04:58:48 101,376 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll
+ 2006-05-10 04:58:38 168,960 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll
+ 2006-05-10 04:58:50 103,424 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
+ 2006-05-10 04:58:48 188,928 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll
- 2004-08-04 07:56:46 237,568 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-05-10 06:26:34 201,728 ----a-w C:\WINDOWS\system32\qasf.dll
+ 2006-05-10 06:36:46 6,656 ------w C:\WINDOWS\system32\uWDF.exe
+ 2006-05-10 06:26:34 4,096 ------w C:\WINDOWS\system32\wdfApi.dll
+ 2006-05-10 06:36:46 6,656 ------w C:\WINDOWS\system32\WdfMgr.exe
- 2004-08-04 07:56:48 408,064 ----a-w C:\WINDOWS\system32\wmadmod.dll
+ 2006-05-10 06:26:34 705,024 ----a-w C:\WINDOWS\system32\WMADMOD.dll
- 2004-08-04 07:56:48 670,720 ----a-w C:\WINDOWS\system32\wmadmoe.dll
+ 2006-05-10 06:26:34 1,063,424 ----a-w C:\WINDOWS\system32\WMADMOE.dll
- 2004-08-04 07:56:48 230,400 ----a-w C:\WINDOWS\system32\wmasf.dll
+ 2006-05-10 06:26:34 221,696 ----a-w C:\WINDOWS\system32\WMASF.dll
- 2004-08-04 07:56:48 27,136 ----a-w C:\WINDOWS\system32\wmdmlog.dll
+ 2006-05-10 06:26:34 31,744 ----a-w C:\WINDOWS\system32\WMDMLOG.dll
- 2004-08-04 07:56:48 23,552 ----a-w C:\WINDOWS\system32\wmdmps.dll
+ 2006-05-10 06:26:34 36,864 ----a-w C:\WINDOWS\system32\WMDMPS.dll
+ 2006-05-10 06:26:34 417,280 ------w C:\WINDOWS\system32\wmdrmdev.dll
+ 2006-05-10 06:26:34 337,408 ------w C:\WINDOWS\system32\wmdrmnet.dll
+ 2006-05-10 04:59:34 513,536 ------w C:\WINDOWS\system32\wmdrmsdk.dll
- 2004-08-04 07:56:36 168,448 ----a-w C:\WINDOWS\system32\wmerror.dll
+ 2006-05-10 06:26:32 218,112 ----a-w C:\WINDOWS\system32\wmerror.dll
- 2004-08-04 07:56:48 151,552 ----a-w C:\WINDOWS\system32\wmidx.dll
+ 2006-05-10 06:26:34 155,136 ----a-w C:\WINDOWS\system32\wmidx.dll
- 2004-08-04 07:56:48 1,050,624 ----a-w C:\WINDOWS\system32\wmnetmgr.dll
+ 2006-05-10 06:26:34 992,256 ----a-w C:\WINDOWS\system32\WMNetMgr.dll
- 2007-04-30 09:22:16 4,734,976 ----a-w C:\WINDOWS\system32\wmp.dll
+ 2006-05-10 06:26:34 10,394,624 ----a-w C:\WINDOWS\system32\wmp.dll
- 2004-08-04 07:56:48 114,688 ----a-w C:\WINDOWS\system32\wmpasf.dll
+ 2006-05-10 06:26:34 237,056 ----a-w C:\WINDOWS\system32\wmpasf.dll
- 2004-08-04 07:56:48 233,472 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-05-10 06:26:34 301,056 ----a-w C:\WINDOWS\system32\wmpdxm.dll
+ 2006-05-10 06:26:34 433,152 ------w C:\WINDOWS\system32\wmpeffects.dll
+ 2006-05-10 06:26:34 1,641,472 ------w C:\WINDOWS\system32\wmpencen.dll
- 2004-08-04 07:56:38 2,940,928 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-05-10 06:26:34 7,706,112 ----a-w C:\WINDOWS\system32\wmploc.dll
+ 2006-05-10 05:00:22 546,816 ------w C:\WINDOWS\system32\wmpmde.dll
+ 2006-05-10 06:26:34 135,680 ------w C:\WINDOWS\system32\wmpps.dll
- 2004-08-04 07:56:48 102,400 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-05-10 06:26:34 97,792 ----a-w C:\WINDOWS\system32\wmpshell.dll
+ 2006-05-10 06:26:34 203,776 ------w C:\WINDOWS\system32\wmpsrcwp.dll
- 2004-08-04 07:56:48 759,296 ----a-w C:\WINDOWS\system32\wmsdmod.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll
- 2004-08-04 07:56:48 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll
- 2004-08-04 07:56:48 484,864 ----a-w C:\WINDOWS\system32\wmspdmod.dll
+ 2006-05-10 06:26:34 564,736 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll
- 2004-08-04 07:56:48 896,512 ----a-w C:\WINDOWS\system32\wmspdmoe.dll
+ 2006-05-10 06:26:34 1,280,000 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll
+ 2006-05-10 06:26:34 4,096 ------w C:\WINDOWS\system32\WMVADVD.dll
+ 2006-05-10 06:26:34 4,096 ------w C:\WINDOWS\system32\WMVADVE.DLL
- 2006-12-08 00:02:24 2,174,976 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-05-10 06:22:32 2,463,744 ----a-w C:\WINDOWS\system32\wmvcore.dll
+ 2006-05-10 05:01:06 1,463,808 ------w C:\WINDOWS\system32\WMVDECOD.dll
- 2004-08-04 07:56:48 809,984 ----a-w C:\WINDOWS\system32\wmvdmod.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll
- 2004-08-04 07:56:48 1,001,472 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-05-10 06:26:34 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll
+ 2006-05-10 05:00:58 1,455,616 ------w C:\WINDOWS\system32\WMVENCOD.dll
+ 2006-05-10 05:01:06 1,359,360 ------w C:\WINDOWS\system32\WMVSDECD.dll
+ 2006-05-10 05:00:58 770,560 ------w C:\WINDOWS\system32\WMVSENCD.dll
+ 2006-05-10 05:00:56 636,928 ------w C:\WINDOWS\system32\WMVXENCD.dll
+ 2006-05-10 04:58:50 670,208 ------w C:\WINDOWS\system32\wpd_ci.dll
+ 2006-05-10 04:58:40 35,840 ------w C:\WINDOWS\system32\wpdconns.dll
+ 2006-05-10 04:58:40 144,896 ------w C:\WINDOWS\system32\wpdmtp.dll
+ 2006-05-10 04:58:40 55,808 ------w C:\WINDOWS\system32\wpdmtpus.dll
+ 2006-05-10 04:58:54 3,745,280 ------w C:\WINDOWS\system32\WpdShext.dll
+ 2006-05-10 04:58:54 13,824 ------w C:\WINDOWS\system32\wpdshextautoplay.exe
+ 2006-05-10 04:58:54 52,224 ------w C:\WINDOWS\system32\WPDShServiceObj.dll
+ 2006-05-10 04:58:46 343,552 ------w C:\WINDOWS\system32\WPDSp.dll
+ 2006-05-10 04:58:38 13,312 ------w C:\WINDOWS\system32\wpdtrace.dll
+ 2006-04-11 22:30:44 93,752 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll
+ 2006-04-11 22:27:18 130,048 ------w C:\WINDOWS\system32\WudfHost.exe
+ 2006-04-11 22:26:44 158,208 ------w C:\WINDOWS\system32\WudfPlatform.dll
+ 2006-04-11 22:26:56 54,272 ------w C:\WINDOWS\system32\WudfSvc.dll
+ 2006-04-11 22:27:18 304,640 ------w C:\WINDOWS\system32\WUDFx.dll
- 2007-11-23 09:14:06 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
+ 2007-11-27 22:17:35 4,212 ---h--w C:\WINDOWS\system32\zllictbl.dat
- 2007-11-23 19:39:35 879,408 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
+ 2007-11-29 23:25:02 881,592 ----a-w C:\WINDOWS\system32\ZoneLabs\avsys\bases\sfdb.dat
- 2007-11-22 19:31:06 6,837,027 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-11-26 04:02:03 6,850,081 ----a-w C:\WINDOWS\system32\ZoneLabs\spyware.dat
+ 2007-11-29 23:25:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_b4.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BackupNotify"="c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [2003-06-22 20:25]
"NVIEW"="nview.dll" [2003-07-28 13:19 C:\WINDOWS\system32\nview.dll]
"Uniblue SpeedUpMyPC"="C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe" [2007-08-16 08:02]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56]
"Uniblue SpyEraser"="" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-16 01:14]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 06:16]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 15:04]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 06:07]
"CamMonitor"="c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [2002-10-07 06:23]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-06-13 22:53]
"HPHUPD05"="c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-23 02:03]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-23 01:55]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 19:02]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 07:01]
"AutoTKit"="C:\hp\bin\AUTOTKIT.EXE" [2003-06-18 18:19]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 20:42]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 23:56 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2003-07-28 13:19 C:\WINDOWS\system32\nwiz.exe]
"Sunkist2k"="C:\Program Files\Multimedia Card Reader\shwicon2k.exe" [2003-08-09 10:27]
"Reminder"="C:\Windows\Creator\Remind_XP.exe" [2003-06-17 17:13]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 15:57]
"LTMSG"="LTMSG.exe" [2003-07-14 09:52 C:\WINDOWS\ltmsg.exe]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 12:47 C:\WINDOWS\ALCXMNTR.EXE]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-24 09:13]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-09-06 15:14]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 18:51]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 C:\WINDOWS\soundman.exe]
"SBCSTray"="C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe" [2007-06-15 15:17]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 01:25]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-24 09:13]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
AutoTBar.exe [2003-06-18 18:19:08]
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 06:11:14]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2003-06-13 03:08:16]
Updates from HP.lnk - C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe [2003-08-23 19:34:35]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Program Files\Softex\OmniPass\opxpgina.dll 2003-02-21 02:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll
R0 SBHR;SBHR;C:\WINDOWS\system32\drivers\sbhr.sys
R3 SBAPIFS;SBAPIFS;\??\C:\WINDOWS\system32\drivers\sbapifs.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Start.exe
*Newly Created Service* - SBAPIFS
.
Contents of the 'Scheduled Tasks' folder
"2007-11-20 00:54:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-24 09:50:27 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2007-11-01 08:21:31 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
"2007-10-21 23:32:43 C:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************
catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-11-29 22:57:57
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-29 23:02:21
C:\ComboFix2.txt ... 2007-11-23 14:40
.
--- E O F ---