ComboFix 08-05-15.3 - Linda 2008-05-18 9:23:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2816 [GMT -4:00]
Running from: C:\Documents and Settings\Linda\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Linda\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\mpfanvqg.dll
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\404Fix.exe
C:\WINDOWS\system32\dumphive.exe
C:\WINDOWS\system32\IEDFix.exe
C:\WINDOWS\system32\kr_done1de
C:\WINDOWS\system32\Process.exe
C:\WINDOWS\system32\SrchSTS.exe
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\system32\VACFix.exe
C:\WINDOWS\system32\VCCLSID.exe
C:\WINDOWS\system32\WS2Fix.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-17 15:52 . 2008-05-17 15:52 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-15 23:54 . 2008-05-15 23:54 1,024 --ah----- C:\Documents and Settings\Default User\NTUSER.DAT.LOG
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\system32\bits
2008-05-15 23:46 . 2008-05-15 23:46 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-15 23:43 . 2008-05-15 23:43 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-05-15 23:36 . 2008-05-15 23:36 <DIR> d-------- C:\Program Files\Uniblue
2008-05-15 23:36 . 2008-05-15 23:36 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\Uniblue
2008-05-15 22:51 . 2008-05-18 09:19 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-05-15 22:50 . 2008-05-15 22:50 <DIR> d-------- C:\Program Files\Zone Labs
2008-05-14 00:00 . 2008-05-14 00:00 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-12 19:34 . 2008-05-12 19:34 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-05-12 19:06 . 2008-05-12 19:06 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-12 19:06 . 2008-05-15 23:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-12 19:05 . 2008-05-12 19:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-12 04:40 . 2008-05-12 04:40 93,004 --a------ C:\Documents and Settings\Theme1.thmx
2008-05-12 03:08 . 2008-05-13 14:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adsl Software Limited
2008-05-12 03:08 . 2008-05-12 03:08 62,910 --a------ C:\Program Files\Uninstall.exe
2008-05-12 03:08 . 2008-05-12 03:08 0 --a------ C:\Program Files\uninstall.dat
2008-05-12 02:31 . 2008-05-12 02:56 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\TmpRecentIcons
2008-05-12 02:05 . 2008-05-12 02:05 <DIR> d-------- C:\Program Files\Windows Defender
2008-05-12 01:03 . 2008-05-17 16:00 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-05-12 01:03 . 2008-05-12 01:03 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\PC Tools
2008-05-12 01:03 . 2008-05-17 20:32 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-12 01:03 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-05-12 01:03 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-05-12 01:03 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-05-12 01:03 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-05-11 18:57 . 2008-05-11 18:57 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-05-11 18:28 . 2008-04-13 20:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-05-11 18:28 . 2008-04-13 20:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-11 18:28 . 2008-04-13 20:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-05-10 20:52 . 2008-05-10 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-05-07 19:33 . 1998-03-05 11:25 1,022,976 --a------ C:\WINDOWS\system32\SierraNW.dll
2008-05-07 19:33 . 1998-03-05 11:34 231,936 --a------ C:\WINDOWS\system32\SNWValid.dll
2008-05-07 19:32 . 2008-05-07 19:33 <DIR> d-------- C:\SIERRA
2008-05-07 19:32 . 2008-05-07 19:33 <DIR> d-------- C:\Program Files\Sierra On-Line
2008-05-07 19:32 . 1995-03-02 00:42 320,880 --a------ C:\WINDOWS\system32\MFC250.DLL
2008-05-07 19:32 . 1995-01-13 14:10 146,976 --a------ C:\WINDOWS\system32\MFCOLEUI.DLL
2008-05-07 19:32 . 1995-01-13 14:10 125,344 --a------ C:\WINDOWS\system32\MFCO250.DLL
2008-05-07 19:32 . 1995-03-01 03:32 51,920 --a------ C:\WINDOWS\system32\MFCD250.DLL
2008-05-07 19:32 . 1995-01-13 14:10 11,072 --a------ C:\WINDOWS\system32\MFCN250.DLL
2008-05-07 00:34 . 2008-05-07 00:34 <DIR> d-------- C:\Documents and Settings\Linda\WINDOWS
2008-05-07 00:34 . 2008-05-07 19:35 833 --a------ C:\WINDOWS\SIERRA.INI
2008-05-06 09:37 . 2008-05-06 09:37 0 --a------ C:\WINDOWS\Path.idx
2008-05-02 05:52 . 2008-05-02 05:52 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-05-02 05:47 . 2008-05-15 22:55 <DIR> d-------- C:\Program Files\Google
2008-05-02 05:46 . 2008-05-02 05:46 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\AdobeUM
2008-05-02 05:44 . 2008-05-02 05:44 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-05-02 05:44 . 2008-04-13 14:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-05-02 05:43 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-05-02 05:43 . 2004-09-29 12:12 278,584 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-05-02 05:43 . 2004-09-29 12:15 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-05-02 05:43 . 2004-09-29 12:09 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-05-02 05:43 . 2004-09-29 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-05-02 05:43 . 2004-09-29 12:08 61,440 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-05-02 05:43 . 2004-09-29 12:09 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-05-02 05:33 . 2008-05-02 05:33 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-05-02 05:33 . 2008-05-12 21:41 <DIR> d-------- C:\temp
2008-05-02 05:33 . 2008-05-02 05:43 <DIR> d-------- C:\Program Files\Hp
2008-05-02 03:02 . 2008-05-02 03:02 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-05-02 03:02 . 2008-05-02 03:02 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-05-01 15:32 . 2008-03-01 09:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-05-01 15:32 . 2007-04-17 05:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-05-01 15:32 . 2007-03-08 01:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-05-01 15:32 . 2008-03-01 09:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-05-01 15:32 . 2008-03-01 09:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-05-01 15:32 . 2008-03-01 09:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-05-01 15:32 . 2008-03-01 09:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-05-01 15:32 . 2008-03-01 09:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-05-01 15:32 . 2008-02-22 06:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-30 19:10 . 2008-05-14 00:00 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\U3
2008-04-30 19:09 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-30 19:09 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-30 19:09 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-30 19:06 . 2008-04-30 19:06 <DIR> d-------- C:\WINDOWS\OPTIONS
2008-04-30 19:06 . 2008-04-30 16:07 <DIR> d-------- C:\Program Files\Realtek
2008-04-30 19:06 . 2008-03-07 11:57 106,624 --a------ C:\WINDOWS\system32\drivers\Rtenicxp.sys
2008-04-30 19:06 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-04-30 19:06 . 2008-04-30 19:06 22,093 --a------ C:\WINDOWS\Ascd_tmp.ini
2008-04-30 19:06 . 2004-08-13 14:56 5,810 -ra------ C:\WINDOWS\system32\drivers\ASACPI.sys
2008-04-30 19:05 . 2008-04-30 19:05 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-04-30 19:05 . 2008-04-30 19:05 <DIR> d-------- C:\Program Files\Microsoft Works
2008-04-30 19:05 . 2007-07-31 23:39 12,536 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2008-04-30 19:03 . 2008-04-30 19:05 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-04-30 19:03 . 2008-04-30 19:03 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-04-30 19:02 . 2008-04-30 19:02 <DIR> dr-h----- C:\MSOCache
2008-04-30 19:02 . 2008-05-17 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-30 18:58 . 2008-04-30 18:58 <DIR> d-------- C:\WINDOWS\system32\FinePointLib
2008-04-30 18:58 . 2008-04-30 17:35 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-30 18:58 . 2008-04-30 17:32 <DIR> d-------- C:\Program Files\Common Files\Verizon Online
2008-04-30 18:58 . 2008-04-30 17:35 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-04-30 18:58 . 2008-04-30 19:06 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-04-30 18:58 . 2005-01-13 19:56 287,808 --a------ C:\WINDOWS\system32\VerizonUninstaller.exe
2008-04-30 18:58 . 2005-01-19 23:07 128,064 --a------ C:\WINDOWS\system32\VZGUninstall.dll
2008-04-30 18:58 . 2003-05-29 23:05 49,210 --a------ C:\WINDOWS\system32\vzServices.dll
2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-30 18:38 . 2008-04-30 18:38 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-30 18:34 . 2008-04-30 19:05 <DIR> d-------- C:\Program Files\MSBuild
2008-04-30 18:32 . 2008-05-11 18:56 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-04-30 18:32 . 2008-04-30 18:32 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-04-30 18:31 . 2008-05-12 07:15 <DIR> d-------- C:\28b4251d539d3627a5
2008-04-30 18:31 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-04-30 18:25 . 2008-04-30 18:25 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-04-30 16:39 . 2008-04-30 16:39 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-30 16:39 . 2008-04-30 16:39 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-30 16:38 . 2008-04-30 16:38 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-30 16:38 . 2008-04-30 16:38 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\ATI
2008-04-30 16:22 . 2008-04-30 16:22 670 --a------ C:\WINDOWS\setup.iss
2008-04-30 16:21 . 2008-04-30 16:22 <DIR> d-------- C:\Program Files\ASUS
2008-04-30 16:21 . 2004-02-27 03:00 962,612 --a------ C:\WINDOWS\system32\mfc42d.dll
2008-04-30 16:21 . 2004-02-17 03:00 434,252 --a------ C:\WINDOWS\system32\MSVCRTD.DLL
2008-04-30 16:21 . 2006-01-10 04:50 24,576 -ra------ C:\WINDOWS\system32\AsIO.dll
2008-04-30 16:21 . 2006-10-18 15:12 12,664 -ra------ C:\WINDOWS\system32\drivers\AsIO.sys
2008-04-30 16:21 . 2006-10-19 06:11 12,096 --a------ C:\WINDOWS\system32\drivers\AsInsHelp64.sys
2008-04-30 16:21 . 2006-10-19 06:11 10,304 --a------ C:\WINDOWS\system32\drivers\AsInsHelp32.sys
2008-04-30 16:20 . 2008-04-30 16:20 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-30 16:20 . 2008-04-30 16:20 <DIR> d-------- C:\Program Files\AMD
2008-04-30 16:20 . 2008-04-30 16:20 <DIR> d-------- C:\Documents and Settings\Linda\Application Data\InstallShield
2008-04-30 16:20 . 2006-07-02 01:39 36,864 --a------ C:\WINDOWS\system32\drivers\AmdK8.sys
2008-04-30 16:20 . 2008-04-30 16:20 22,604 --a------ C:\WINDOWS\Ascd_log.ini
2008-04-30 16:10 . 2008-04-30 16:13 <DIR> d-------- C:\Program Files\ATI Technologies
2008-04-30 16:08 . 2008-04-30 18:28 <DIR> d-------- C:\WINDOWS\system32\RTCOM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 12:09 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-05-16 03:13 1,366,528 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-05-12 23:12 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-05-12 23:12 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2008-05-12 23:12 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-04-30 22:59 155,995 ----a-w C:\WINDOWS\java\Packages\973FLBHB.ZIP
2008-04-30 21:50 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\ATI
2008-04-30 21:50 --------- d-----w C:\Program Files\Verizon Online
2008-04-30 21:42 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-30 21:42 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-30 21:42 48,768 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-04-30 21:42 110,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-30 21:42 --------- d-----w C:\Program Files\Symantec
2008-04-30 21:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-04-30 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-30 21:35 --------- d-----w C:\Program Files\Motive
2008-04-30 21:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-30 21:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-04-30 21:22 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 30,592 ------w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,800 ------w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2008-04-13 18:51 55,808 ----a-w C:\WINDOWS\system32\drivers\atmlane.sys
2008-04-13 18:51 101,120 ------w C:\WINDOWS\system32\drivers\bthpan.sys
2008-04-13 18:47 25,856 ----a-w C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-13 18:45 6,272 ----a-w C:\WINDOWS\system32\drivers\splitter.sys
2008-04-13 18:44 81,664 ----a-w C:\WINDOWS\system32\drivers\videoprt.sys
2008-04-13 18:44 799,744 ----a-w C:\WINDOWS\system32\drivers\dmboot.sys
2008-04-13 18:44 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:44 153,344 ----a-w C:\WINDOWS\system32\drivers\dmio.sys
2008-04-13 18:43 9,728 ------w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 14,208 ------w C:\WINDOWS\system32\drivers\wacompen.sys
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\28b4251d539d3627a5 ----
((((((((((((((((((((((((((((( snapshot@2008-05-17_20.39.49.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-18 00:37:25 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-18 12:08:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2007-09-06 22:03:02 4,280,176 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\
00002119030000000000000000F01FEC\12.0.6215\WRD12CNV.DLL
+ 2007-08-29 04:07:58 24,928 ----a-r C:\WINDOWS\Installer\$PatchCache$\Managed\
00002119030000000000000000F01FEC\12.0.6215\WRD12EXE.EXE
- 2008-05-17 19:44:38 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2008-05-18 03:40:32 1,165,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\accicons.exe
- 2008-05-17 19:44:39 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2008-05-18 03:40:32 20,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-05-17 19:44:39 159,504 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2008-05-18 03:40:32 159,504 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2008-05-17 19:44:39 184,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2008-05-18 03:40:32 184,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2008-05-17 19:44:39 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2008-05-18 03:40:32 217,864 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2008-05-17 19:44:39 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2008-05-18 03:40:32 18,704 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2008-05-17 19:44:39 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2008-05-18 03:40:32 35,088 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2008-05-17 19:44:39 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2008-05-18 03:40:32 845,584 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2008-05-17 19:44:39 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2008-05-18 03:40:32 922,384 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pptico.exe
- 2008-05-17 19:44:39 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
+ 2008-05-18 03:40:32 272,648 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2008-05-17 19:44:39 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2008-05-18 03:40:32 888,080 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
- 2008-05-17 19:44:38 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-05-18 03:40:32 1,172,240 ----a-r C:\WINDOWS\Installer\{91120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2008-05-18 00:37:31 13,403 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ATI\ACE\Manifest.Bin
+ 2008-05-18 12:08:44 13,403 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\ATI\ACE\Manifest.Bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-05-05 13:01 1923352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="C:\PROGRA~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2002-05-18 12:04 327680]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 17:38 52840]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2007-03-14 19:49 125632]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-12 05:33 16132608 C:\WINDOWS\RTHDCPL.exe]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11 919016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 15:35 90112]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Verizon Online Support Center.lnk - C:\Program Files\Verizon Online\bin\matcli.exe [2008-04-30 17:35:04 204800]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\Hp\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\autorun\command - E:\LaunchU3.exe -a
*Newly Created Service* - catchme
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-18 09:25:27
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-18 9:26:04
ComboFix-quarantined-files.txt 2008-05-18 13:26:01
ComboFix2.txt 2008-05-18 00:40:29
Pre-Run: 235,976,368,128 bytes free
Post-Run: 235,947,540,480 bytes free
358 --- E O F --- 2008-05-18 03:40:34
Malwarebytes' Anti-Malware 1.12
Database version: 760
Scan type: Full Scan (C:\|)
Objects scanned: 78799
Time elapsed: 16 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 9
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.bnwx (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\pvnsmfor.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{88ebbe0b-5ff8-4b84-b043-71a216374a5b} (Trojan.Vundo) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Documents and Settings\All Users\Application Data\Adsl Software Limited (Rogue.MalWarrior) -> Quarantined and deleted successfully.
Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\system32\wzghui.sys.vir (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP1\A0000003.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP11\A0012061.scr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP11\A0012062.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP13\A0015221.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP7\A0000110.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP8\A0005112.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP8\A0005113.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{E58647F5-4702-4EB7-B23C-0D1022302425}\RP8\A0005118.dll (Trojan.Zlob) -> Quarantined and deleted successfully.