ComboFix 08-02-25.3 - Adam 2008-02-28 19:37:46.3 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.144 [GMT 11:00]
Running from: C:\Documents and Settings\Adam\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\MyWay
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\Web\default.htt
.
((((((((((((((((((((((((( Files Created from 2008-01-28 to 2008-02-28 )))))))))))))))))))))))))))))))
.
2008-02-24 16:40 . 2008-02-24 16:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-02-23 10:52 . 2008-02-23 10:52 <DIR> d-------- C:\Documents and Settings\Stevo\Application Data\Apple Computer
2008-02-23 08:02 . 2008-02-23 08:02 <DIR> d-------- C:\Documents and Settings\Emmah Stewart\Application Data\LimeWire
2008-02-21 20:32 . 2008-02-21 20:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OnlineArmor
2008-02-21 20:32 . 2008-02-21 20:32 <DIR> d-------- C:\Documents and Settings\Adam\Application Data\OnlineArmor
2008-02-21 20:30 . 2008-02-08 04:36 69,120 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\OADriver.sys
2008-02-21 20:30 . 2008-02-17 02:43 25,088 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\OAmon.sys
2008-02-21 20:30 . 2007-12-26 05:14 22,016 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\oanet.sys
2008-02-16 15:32 . 2008-02-16 15:32 <DIR> d--h----- C:\Program Files\Zero G Registry
2008-02-16 15:32 . 2008-02-16 15:32 <DIR> d-------- C:\Program Files\Britannica 8.0
2008-02-16 15:30 . 2008-02-16 15:30 <DIR> d--h----- C:\Documents and Settings\Adam\InstallAnywhere
2008-02-12 20:51 . 2008-02-12 20:51 <DIR> d-------- C:\Program Files\Tall Emu
2008-02-09 23:20 . 2008-02-09 23:20 <DIR> d-------- C:\Documents and Settings\Emmah Stewart\Application Data\Apple Computer
2008-02-09 22:26 . 2008-02-09 22:26 <DIR> d-------- C:\Program Files\Zone Labs
2008-02-09 22:14 . 2008-02-09 22:14 <DIR> d-------- C:\Documents and Settings\Adam\Application Data\Kerio
2008-02-09 22:07 . 2008-02-09 22:07 <DIR> d-------- C:\Program Files\Kerio
2008-02-07 16:15 . 2008-02-07 16:15 <DIR> d-------- C:\Documents and Settings\Adam\.idlerc
2008-02-05 22:49 . 2008-02-05 22:49 <DIR> d-------- C:\Program Files\Microsoft Synchronization Services
2008-02-05 22:49 . 2008-02-05 22:49 <DIR> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-05 22:49 . 2008-02-05 22:49 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-05 22:40 . 2008-02-05 22:41 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 9.0
2008-02-05 22:40 . 2008-02-05 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-05 22:39 . 2008-02-05 22:39 <DIR> d-------- C:\Program Files\Microsoft SDKs
2008-02-05 22:33 . 2008-02-05 22:33 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2008-02-05 22:33 . 2008-02-05 22:33 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-05 22:33 . 2008-02-05 22:33 <DIR> d-------- C:\Program Files\MSBuild
2008-02-05 22:30 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2008-02-05 22:17 . 2008-02-05 22:17 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-05 20:35 . 2008-02-05 20:35 <DIR> d-------- C:\e09ce048e2e00e4900
2008-02-03 16:46 . 2007-11-26 10:38 238,848 --a------ C:\WINDOWS\UNBOC.EXE
2008-02-03 16:46 . 2007-05-08 17:01 208,896 --a------ C:\WINDOWS\CMDLIC.DLL
2008-02-03 16:46 . 2004-08-04 12:00 22,528 --a------ C:\WINDOWS\SYSTEM32\wsock32.dlb
2008-02-03 14:49 . 2008-02-03 14:49 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-01-31 17:44 . 2008-01-31 17:44 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-31 15:44 . 2008-01-31 15:44 <DIR> d-------- C:\Documents and Settings\Stevo\Application Data\HP
2008-01-31 12:36 . 2008-01-31 12:36 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-29 20:53 . 2008-01-29 20:54 <DIR> d-------- C:\Documents and Settings\Stevo\Application Data\vlc
2008-01-29 15:53 . 2008-01-29 15:53 <DIR> d-------- C:\Documents and Settings\Adam\Application Data\Grisoft
2008-01-29 15:53 . 2007-05-30 23:10 10,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2008-01-29 15:38 . 2008-01-29 15:38 <DIR> d-------- C:\Program Files\SpywareBlaster
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-09 11:17 4,851 ----a-w C:\WINDOWS\system32\drivers\kwflower.log
2008-02-09 11:14 2,257 ----a-w C:\WINDOWS\system32\drivers\kwfupper.log
2008-02-05 11:58 173,576 ----a-w C:\Documents and Settings\Steve\Application Data\GDIPFONTCACHEV1.DAT
2008-01-27 00:56 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-01-25 10:20 --------- d-----w C:\Documents and Settings\Emmah Stewart\Application Data\Subversion
2008-01-25 10:18 --------- d-----w C:\Documents and Settings\Emmah Stewart\Application Data\OnlineArmor
2008-01-25 10:18 --------- d-----w C:\Documents and Settings\Emmah Stewart\Application Data\Grisoft
2008-01-24 12:26 --------- d-----w C:\Documents and Settings\Stevo\Application Data\Subversion
2008-01-24 12:23 --------- d-----w C:\Documents and Settings\Stevo\Application Data\OnlineArmor
2008-01-24 12:23 --------- d-----w C:\Documents and Settings\Stevo\Application Data\Grisoft
2008-01-22 02:31 --------- d-----w C:\Documents and Settings\Steve\Application Data\OnlineArmor
2008-01-21 22:13 --------- d-----w C:\Documents and Settings\sera-jane\Application Data\OnlineArmor
2008-01-20 11:37 5,607 ----a-w C:\WINDOWS\~GLH0001.TMP
2008-01-20 11:37 27,136 ----a-w C:\WINDOWS\~GLH0000.TMP
2008-01-20 11:37 155,136 ----a-w C:\WINDOWS\~GLC0000.TMP
2008-01-20 06:30 --------- d-----w C:\Program Files\COMODO
2008-01-18 10:53 --------- d-----w C:\Documents and Settings\Adam\Application Data\vlc
2008-01-15 22:58 65,024 ----a-w C:\WINDOWS\system32\drivers\kvpndrv.sys
2008-01-13 06:54 --------- d-----w C:\Documents and Settings\sera-jane\Application Data\Ahead
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\dllcache\pngfilt.dll
2008-01-09 04:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-01-09 04:20 --------- d-----w C:\Documents and Settings\Adam\Application Data\Comodo
2008-01-08 12:46 --------- d-----w C:\Program Files\TablEdit
2008-01-06 06:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-06 04:08 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-06 04:08 --------- d-----w C:\Program Files\Windows Live
2008-01-06 04:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-01-06 02:45 --------- d-----w C:\Program Files\SmartFTP Client
2008-01-06 02:44 --------- d-----w C:\Program Files\SmartFTP Client 2.5 Setup Files
2007-12-31 14:09 --------- d-----w C:\Program Files\Windows Defender
2007-12-28 01:30 --------- d-----w C:\Documents and Settings\sera-jane\Application Data\Grisoft
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\SYSTEM32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\SYSTEM32\dllcache\mrxdav.sys
2007-12-12 03:29 516,096 ----a-w C:\WINDOWS\iwexec.exe
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\SYSTEM32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\SYSTEM32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\SYSTEM32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\SYSTEM32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\SYSTEM32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\dllcache\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\oleaut32.dll
2005-07-24 08:05 1,586 ----a-w C:\Program Files\INSTALL.LOG
2004-12-24 21:03 13,824 ------w C:\WINDOWS\Internet Logs\xDB4264.TMP
2004-12-24 21:02 431,616 ------w C:\WINDOWS\Internet Logs\xDB4240.TMP
2004-12-24 20:58 9,216 ------w C:\WINDOWS\Internet Logs\xDB10D3.TMP
2004-12-24 20:51 11,264 ------w C:\WINDOWS\Internet Logs\xDBA186.TMP
2004-12-24 07:18 431,616 ------w C:\WINDOWS\Internet Logs\xDB271.TMP
2004-12-24 07:18 11,264 ------w C:\WINDOWS\Internet Logs\xDB23B0.TMP
2004-12-24 07:17 431,616 ------w C:\WINDOWS\Internet Logs\xDB2223.TMP
2004-12-24 07:17 11,264 ------w C:\WINDOWS\Internet Logs\xDB2280.TMP
2004-12-24 07:11 431,616 ------w C:\WINDOWS\Internet Logs\xDB10D4.TMP
2004-12-24 07:11 13,312 ------w C:\WINDOWS\Internet Logs\xDB1114.TMP
2004-12-24 07:05 431,616 ------w C:\WINDOWS\Internet Logs\xDBA252.TMP
2004-12-24 07:05 13,312 ------w C:\WINDOWS\Internet Logs\xDBA2A4.TMP
2004-12-24 07:02 13,824 ------w C:\WINDOWS\Internet Logs\xDB4374.TMP
2004-12-24 07:00 431,616 ------w C:\WINDOWS\Internet Logs\xDB4345.TMP
2004-12-24 01:17 431,616 ------w C:\WINDOWS\Internet Logs\xDBB0D1.TMP
2004-12-24 01:17 13,824 ------w C:\WINDOWS\Internet Logs\xDBB131.TMP
2004-12-24 01:12 14,848 ------w C:\WINDOWS\Internet Logs\xDBF1D5.TMP
2004-12-24 01:11 431,616 ------w C:\WINDOWS\Internet Logs\xDBF1A0.TMP
2004-12-23 21:45 431,616 ------w C:\WINDOWS\Internet Logs\xDB90F1.TMP
2004-12-23 21:45 13,312 ------w C:\WINDOWS\Internet Logs\xDB9120.TMP
2004-12-23 21:35 431,616 ------w C:\WINDOWS\Internet Logs\xDB7015.TMP
2004-12-23 21:35 13,824 ------w C:\WINDOWS\Internet Logs\xDBD035.TMP
2004-12-23 21:30 431,616 ------w C:\WINDOWS\Internet Logs\xDB2054.TMP
2004-12-23 21:29 11,264 ------w C:\WINDOWS\Internet Logs\xDB20A0.TMP
2004-12-23 21:26 13,824 ------w C:\WINDOWS\Internet Logs\xDBD2E0.TMP
2004-12-23 21:24 431,616 ------w C:\WINDOWS\Internet Logs\xDBD220.TMP
2004-12-23 21:18 431,616 ------w C:\WINDOWS\Internet Logs\xDB5320.TMP
2004-12-23 21:18 11,264 ------w C:\WINDOWS\Internet Logs\xDB5393.TMP
2004-12-23 06:33 11,264 ------w C:\WINDOWS\Internet Logs\xDB1375.TMP
2004-12-23 06:32 431,616 ------w C:\WINDOWS\Internet Logs\xDB1263.TMP
2004-12-23 06:32 24,064 ------w C:\WINDOWS\Internet Logs\xDB1283.TMP
2004-12-23 06:26 431,616 ------w C:\WINDOWS\Internet Logs\xDBD011.TMP
2004-12-23 06:26 431,616 ------w C:\WINDOWS\Internet Logs\xDBA132.TMP
2004-12-23 06:26 431,616 ------w C:\WINDOWS\Internet Logs\xDB9343.TMP
2004-12-23 06:26 431,616 ------w C:\WINDOWS\Internet Logs\xDB2373.TMP
2004-12-23 06:26 431,616 ------w C:\WINDOWS\Internet Logs\xDB12B0.TMP
2004-12-23 06:26 431,616 ------w C:\WINDOWS\Internet Logs\xDB10B5.TMP
2004-12-22 21:29 431,616 ------w C:\WINDOWS\Internet Logs\xDB1E4.TMP
2004-12-22 21:29 19,456 ------w C:\WINDOWS\Internet Logs\xDB233.TMP
2004-12-22 05:02 20,992 ------w C:\WINDOWS\Internet Logs\xDB32E6.TMP
2004-12-22 05:01 431,616 ------w C:\WINDOWS\Internet Logs\xDB32C3.TMP
2004-12-21 10:17 406,528 ------w C:\WINDOWS\Internet Logs\xDB3195.TMP
2004-12-21 10:17 16,896 ------w C:\WINDOWS\Internet Logs\xDB31B4.TMP
2004-12-21 03:49 22,016 ------w C:\WINDOWS\Internet Logs\xDB4311.TMP
2004-12-21 03:47 406,528 ------w C:\WINDOWS\Internet Logs\xDB42B1.TMP
2004-12-20 18:29 406,528 ------w C:\WINDOWS\Internet Logs\xDB1D2.TMP
2004-12-20 18:29 32,768 ------w C:\WINDOWS\Internet Logs\xDB224.TMP
2004-12-20 04:00 406,528 ------w C:\WINDOWS\Internet Logs\xDB1133.TMP
2004-12-20 04:00 14,336 ------w C:\WINDOWS\Internet Logs\xDB1171.TMP
2004-12-20 02:34 46,592 ------w C:\WINDOWS\Internet Logs\xDB71C5.TMP
2004-12-20 02:31 406,528 ------w C:\WINDOWS\Internet Logs\xDB7183.TMP
2004-12-19 10:28 404,480 ------w C:\WINDOWS\Internet Logs\xDBE2F6.TMP
2004-12-19 10:28 17,920 ------w C:\WINDOWS\Internet Logs\xDBE335.TMP
2004-12-19 07:28 404,480 ------w C:\WINDOWS\Internet Logs\xDBE283.TMP
2004-12-19 07:28 15,872 ------w C:\WINDOWS\Internet Logs\xDBE2A2.TMP
2004-12-19 02:16 404,480 ------w C:\WINDOWS\Internet Logs\xDB40D2.TMP
2004-12-19 02:16 13,824 ------w C:\WINDOWS\Internet Logs\xDB40F1.TMP
2004-12-19 01:36 36,864 ------w C:\WINDOWS\Internet Logs\xDBD190.TMP
1999-07-06 23:00 6 --sh--r C:\WINDOWS\@desktop@.dat
2005-05-13 06:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-06-22 04:37 45,568 --sha-r C:\WINDOWS\SYSTEM32\cygz.dll
2004-01-24 13:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\i420vfw.dll
2004-01-24 13:00 70,656 --sha-r C:\WINDOWS\SYSTEM32\yv12vfw.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN]
@={30351346-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN]
@={30351347-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN]
@={30351348-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN]
@={3035134B-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN]
@={3035134C-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN]
@={3035134D-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN]
@={3035134E-7B7D-4FCC-81B4-1E394CA267EB}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@={7D688A77-C613-11D0-999B-00C04FD655E1}
[HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}]
2007-08-26 11:40 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2007-10-26 14:34 8460288 --a------ C:\WINDOWS\SYSTEM32\SHELL32.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"msnmsgr"="C:\Documents and Settings\Adam\Desktop\msnmsgr.exe" [2007-10-18 11:34 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CAVRID"="C:\Program Files\CA\eTrust Vet Antivirus\CAVRID.exe" [2007-05-03 13:16 230928]
"SoundMan"="SOUNDMAN.EXE" [2005-10-04 14:12 90112 C:\WINDOWS\soundman.exe]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-28 19:58 177416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 09:36 256576]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2008-01-27 16:38 316728]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"OnlineArmor GUI"="C:\Program Files\Tall Emu\Online Armor\oaui.exe" [2008-02-17 02:54 5492800]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 19:48 53760 C:\WINDOWS\SYSTEM32\narrator.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 11:40:44 282624]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= C:\PROGRA~1\TALLEM~1\ONLINE~1\oaevent.dll [2008-02-17 02:54 660992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^w98Eject.exe]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\w98Eject.exe
backup=C:\WINDOWS\pss\w98Eject.exeCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-06-01 13:32 94208 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-04-12 16:25 220160 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HomeFtp]
C:\Program Files\HomeFtp\HomeFtp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-12-15 11:18 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMprocess]
C:\Program Files\IM Names\IM-svr.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 09:36 256576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-06-22 19:52 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-14 03:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 20:50 155648 C:\WINDOWS\system32\\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\PROGRA~1\YAHOO!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"Vet Alert"=C:\VET\VETMSG.EXE
"VetTray"=C:\VET\VETTRAY.EXE
"SoundMan"=SOUNDMAN.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\XLink Kai Evolution VII\\kaiLaunch.exe"=
"C:\\Program Files\\XLink Kai Evolution VII\\kaiEngine.exe"=
"C:\\Documents and Settings\\Adam\\Desktop\\msnmsgr.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R1 OADevice;OADriver;C:\WINDOWS\system32\drivers\OADriver.sys [2008-02-08 04:36]
R1 OAmon;OAmon;C:\WINDOWS\system32\drivers\OAmon.sys [2008-02-17 02:43]
R1 OAnet;OAnet;C:\WINDOWS\system32\drivers\OAnet.sys [2007-12-26 05:14]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2006-11-09 14:29]
S2 SvcOnlineArmor;Online Armor;"C:\Program Files\Tall Emu\Online Armor\oasrv.exe" [2008-02-17 02:54]
S3 DIGIRPS;Digi PortServer Driver;C:\WINDOWS\system32\DRIVERS\digirlpt.sys [2001-08-17 12:17]
S3 kvpndev;Kerio VPN adapter;C:\WINDOWS\system32\DRIVERS\kvpndrv.sys [2008-01-16 09:58]
S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;C:\WINDOWS\system32\DRIVERS\kwflower.sys []
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 WPRO_40_755;WinPcap Packet Driver (WPRO_40_755);C:\WINDOWS\system32\drivers\WPRO_40_755.sys []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e3972666-3ca6-11dc-88d8-000d6112e9d0}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
"C:\PROGRA~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
C:\WINDOWS\SYSTEM32\updcrl.exe -e -u C:\WINDOWS\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
"2008-02-06 12:00:02 C:\WINDOWS\Tasks\Tune-up Application Start.job"
"2007-07-02 21:35:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-28 08:40:52 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-28 19:44:37
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-28 19:45:58
ComboFix-quarantined-files.txt 2008-02-28 08:45:56
.
2008-02-27 06:08:35 --- E O F ---