Hi,
Look.txt was a completely empty file. Everything seems to be running fine, but I still seem to have that svchost process I have to kill to feel like nothing is lurking in the background of my computer.
ComboFix 08-06-08.8 - a 2008-06-13 0:13:31.2 - NTFSx86
Running from: C:\Documents and Settings\a\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\a\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\EntSver.exe
C:\WINDOWS\system32\
0FWc0Qfr.exe
C:\WINDOWS\system32\
0QzQnbGA.exe
C:\WINDOWS\system32\14xxYQZr.exe
C:\WINDOWS\system32\1FEWu4ub.exe
C:\WINDOWS\system32\1WCXJYDM.exe
C:\WINDOWS\system32\3SbkShTw.exe
C:\WINDOWS\system32\3Tuzeob6.exe
C:\WINDOWS\system32\41o5pITe.exe
C:\WINDOWS\system32\5HG55RIq.exe
C:\WINDOWS\system32\5tIS6Cbv.exe
C:\WINDOWS\system32\6aZXD3EC.exe
C:\WINDOWS\system32\6jzLnfDK.exe
C:\WINDOWS\system32\74ldQVO4.exe
C:\WINDOWS\system32\7a7Sucub.exe
C:\WINDOWS\system32\7sVZ21IP.exe
C:\WINDOWS\system32\85BjdBWy.exe
C:\WINDOWS\system32\ALv5htMB.exe
C:\WINDOWS\system32\aQfx3Mj7.exe
C:\WINDOWS\system32\asXiaDns.exe
C:\WINDOWS\system32\AueI3gqj.exe
C:\WINDOWS\system32\aulWYdE1.exe
C:\WINDOWS\system32\b3OYiPob.exe
C:\WINDOWS\system32\bMYLazBj.exe
C:\WINDOWS\system32\BrWl7UZd.exe
C:\WINDOWS\system32\cCI15p3K.exe
C:\WINDOWS\system32\cdjMPjjC.exe
C:\WINDOWS\system32\CUw7YWFD.exe
C:\WINDOWS\system32\cZKGCXo4.exe
C:\WINDOWS\system32\DRIvers\owspth.SYS
C:\WINDOWS\system32\EAZwEF1w.exe
C:\WINDOWS\system32\ECdoKuqK.exe
C:\WINDOWS\system32\EiwnxdnQ.exe
C:\WINDOWS\system32\EKwLNJBs.exe
C:\WINDOWS\system32\FHeTGhUX.exe
C:\WINDOWS\system32\Gnldn5V8.exe
C:\WINDOWS\system32\gRcMYrDy.exe
C:\WINDOWS\system32\gure4DZp.exe
C:\WINDOWS\system32\GvrHgfaN.exe
C:\WINDOWS\system32\Gxi0msZV.exe
C:\WINDOWS\system32\gylGOqql.exe
C:\WINDOWS\system32\iaXUKNRX.exe
C:\WINDOWS\system32\iCRf2fcZ.exe
C:\WINDOWS\system32\IcvfqC4J.exe
C:\WINDOWS\system32\JkjvFiE4.exe
C:\WINDOWS\system32\jnG0H7oP.exe
C:\WINDOWS\system32\KFQSGHfI.exe
C:\WINDOWS\system32\KQUnHDrW.exe
C:\WINDOWS\system32\LAt5BX42.exe
C:\WINDOWS\system32\lq2irTmC.exe
C:\WINDOWS\system32\lsQcBylH.exe
C:\WINDOWS\system32\luzeZykN.exe
C:\WINDOWS\system32\n1I6EJOf.exe
C:\WINDOWS\system32\N2vkykhJ.exe
C:\WINDOWS\system32\ncn.exe
C:\WINDOWS\system32\ndiV6MBf.exe
C:\WINDOWS\system32\nL2Qlsvx.exe
C:\WINDOWS\system32\nltuCek5.exe
C:\WINDOWS\system32\NnONUeIq.exe
C:\WINDOWS\system32\nvf66s6U.exe
C:\WINDOWS\system32\OdjAYIMa.exe
C:\WINDOWS\system32\oDZNoFeh.exe
C:\WINDOWS\system32\OqPnfIPf.exe
C:\WINDOWS\system32\pHrFClW8.exe
C:\WINDOWS\system32\PQzfDamm.exe
C:\WINDOWS\system32\pZ4d4jSq.exe
C:\WINDOWS\system32\Q22N3tjq.exe
C:\WINDOWS\system32\qdPkcMRi.exe
C:\WINDOWS\system32\qihqXB4x.exe
C:\WINDOWS\system32\QJCXYj5m.exe
C:\WINDOWS\system32\qlimqnjz.exe
C:\WINDOWS\System32\QQÒ½Éú.exe
C:\WINDOWS\system32\QRl0HpUy.exe
C:\WINDOWS\system32\rdGQfADR.exe
C:\WINDOWS\system32\rG2Xj1aS.exe
C:\WINDOWS\system32\RKh43XVk.exe
C:\WINDOWS\system32\rntaYYKT.exe
C:\WINDOWS\system32\Rp8zOZ3r.exe
C:\WINDOWS\system32\T1nKSEAC.exe
C:\WINDOWS\system32\TcoyiBGD.exe
C:\WINDOWS\system32\TfPF7qbl.exe
C:\WINDOWS\system32\tv4EBAYf.exe
C:\WINDOWS\system32\tVehfhYr.exe
C:\WINDOWS\system32\u1zbje7m.exe
C:\WINDOWS\system32\VhuTw0ot.exe
C:\WINDOWS\system32\W4KoNFAa.exe
C:\WINDOWS\system32\WBNPUbUn.exe
C:\WINDOWS\system32\WBrGHOhH.exe
C:\WINDOWS\system32\WCJxz3h3.exe
C:\WINDOWS\system32\Wh3XmbTg.exe
C:\WINDOWS\system32\wjMLXEVz.exe
C:\WINDOWS\system32\WNiqPJCD.exe
C:\WINDOWS\system32\WqavSCtp.exe
C:\WINDOWS\system32\WRKxa08a.exe
C:\WINDOWS\system32\WW55Hr5w.exe
C:\WINDOWS\system32\x0rNQcJR.exe
C:\WINDOWS\system32\X7tXhHiC.exe
c:\windows\system32\xcywzq.dll
C:\WINDOWS\system32\XH08rUv2.exe
C:\WINDOWS\system32\XK03blZm.exe
C:\WINDOWS\system32\YbF1ZsMs.exe
C:\WINDOWS\system32\zgXmjQjg.exe
C:\WINDOWS\system32\ZkaXf8fg.exe
C:\WINDOWS\system32\ZUsaCpMY.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\dosec\
C:\WINDOWS\EntSver.exe
C:\WINDOWS\system32\
0FWc0Qfr.exe
C:\WINDOWS\system32\
0QzQnbGA.exe
C:\WINDOWS\system32\14xxYQZr.exe
C:\WINDOWS\system32\1FEWu4ub.exe
C:\WINDOWS\system32\1WCXJYDM.exe
C:\WINDOWS\system32\3SbkShTw.exe
C:\WINDOWS\system32\3Tuzeob6.exe
C:\WINDOWS\system32\41o5pITe.exe
C:\WINDOWS\system32\5HG55RIq.exe
C:\WINDOWS\system32\5tIS6Cbv.exe
C:\WINDOWS\system32\6aZXD3EC.exe
C:\WINDOWS\system32\6jzLnfDK.exe
C:\WINDOWS\system32\74ldQVO4.exe
C:\WINDOWS\system32\7a7Sucub.exe
C:\WINDOWS\system32\7sVZ21IP.exe
C:\WINDOWS\system32\85BjdBWy.exe
C:\WINDOWS\system32\ALv5htMB.exe
C:\WINDOWS\system32\aQfx3Mj7.exe
C:\WINDOWS\system32\asXiaDns.exe
C:\WINDOWS\system32\AueI3gqj.exe
C:\WINDOWS\system32\aulWYdE1.exe
C:\WINDOWS\system32\b3OYiPob.exe
C:\WINDOWS\system32\bMYLazBj.exe
C:\WINDOWS\system32\BrWl7UZd.exe
C:\WINDOWS\system32\cCI15p3K.exe
C:\WINDOWS\system32\cdjMPjjC.exe
C:\WINDOWS\system32\CUw7YWFD.exe
C:\WINDOWS\system32\cZKGCXo4.exe
C:\WINDOWS\system32\EAZwEF1w.exe
C:\WINDOWS\system32\ECdoKuqK.exe
C:\WINDOWS\system32\EiwnxdnQ.exe
C:\WINDOWS\system32\EKwLNJBs.exe
C:\WINDOWS\system32\FHeTGhUX.exe
C:\WINDOWS\system32\Gnldn5V8.exe
C:\WINDOWS\system32\gRcMYrDy.exe
C:\WINDOWS\system32\gure4DZp.exe
C:\WINDOWS\system32\GvrHgfaN.exe
C:\WINDOWS\system32\Gxi0msZV.exe
C:\WINDOWS\system32\gylGOqql.exe
C:\WINDOWS\system32\iaXUKNRX.exe
C:\WINDOWS\system32\iCRf2fcZ.exe
C:\WINDOWS\system32\IcvfqC4J.exe
C:\WINDOWS\system32\JkjvFiE4.exe
C:\WINDOWS\system32\jnG0H7oP.exe
C:\WINDOWS\system32\KFQSGHfI.exe
C:\WINDOWS\system32\KQUnHDrW.exe
C:\WINDOWS\system32\LAt5BX42.exe
C:\WINDOWS\system32\lq2irTmC.exe
C:\WINDOWS\system32\lsQcBylH.exe
C:\WINDOWS\system32\luzeZykN.exe
C:\WINDOWS\system32\n1I6EJOf.exe
C:\WINDOWS\system32\N2vkykhJ.exe
C:\WINDOWS\system32\ncn.exe
C:\WINDOWS\system32\ndiV6MBf.exe
C:\WINDOWS\system32\nL2Qlsvx.exe
C:\WINDOWS\system32\nltuCek5.exe
C:\WINDOWS\system32\NnONUeIq.exe
C:\WINDOWS\system32\nvf66s6U.exe
C:\WINDOWS\system32\OdjAYIMa.exe
C:\WINDOWS\system32\oDZNoFeh.exe
C:\WINDOWS\system32\OqPnfIPf.exe
C:\WINDOWS\system32\pHrFClW8.exe
C:\WINDOWS\system32\PQzfDamm.exe
C:\WINDOWS\system32\pZ4d4jSq.exe
C:\WINDOWS\system32\Q22N3tjq.exe
C:\WINDOWS\system32\qdPkcMRi.exe
C:\WINDOWS\system32\qihqXB4x.exe
C:\WINDOWS\system32\QJCXYj5m.exe
C:\WINDOWS\system32\qlimqnjz.exe
C:\WINDOWS\system32\QRl0HpUy.exe
C:\WINDOWS\system32\rdGQfADR.exe
C:\WINDOWS\system32\rG2Xj1aS.exe
C:\WINDOWS\system32\RKh43XVk.exe
C:\WINDOWS\system32\rntaYYKT.exe
C:\WINDOWS\system32\Rp8zOZ3r.exe
C:\WINDOWS\system32\T1nKSEAC.exe
C:\WINDOWS\system32\TcoyiBGD.exe
C:\WINDOWS\system32\TfPF7qbl.exe
C:\WINDOWS\system32\tv4EBAYf.exe
C:\WINDOWS\system32\tVehfhYr.exe
C:\WINDOWS\system32\u1zbje7m.exe
C:\WINDOWS\system32\VhuTw0ot.exe
C:\WINDOWS\system32\W4KoNFAa.exe
C:\WINDOWS\system32\WBNPUbUn.exe
C:\WINDOWS\system32\WBrGHOhH.exe
C:\WINDOWS\system32\WCJxz3h3.exe
C:\WINDOWS\system32\Wh3XmbTg.exe
C:\WINDOWS\system32\wjMLXEVz.exe
C:\WINDOWS\system32\WNiqPJCD.exe
C:\WINDOWS\system32\WqavSCtp.exe
C:\WINDOWS\system32\WRKxa08a.exe
C:\WINDOWS\system32\WW55Hr5w.exe
C:\WINDOWS\system32\x0rNQcJR.exe
C:\WINDOWS\system32\X7tXhHiC.exe
c:\windows\system32\xcywzq.dll
C:\WINDOWS\system32\XH08rUv2.exe
C:\WINDOWS\system32\XK03blZm.exe
C:\WINDOWS\system32\YbF1ZsMs.exe
C:\WINDOWS\system32\zgXmjQjg.exe
C:\WINDOWS\system32\ZkaXf8fg.exe
C:\WINDOWS\system32\ZUsaCpMY.exe
----- BITS: Possible infected sites -----
hxxp://updates.swarmcast.net.
((((((((((((((((((((((((( Files Created from 2008-05-13 to 2008-06-13 )))))))))))))))))))))))))))))))
.
2008-06-10 20:37 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 15:00 . 2008-06-09 23:40 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-06-09 08:05 . 2008-06-09 08:07 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-09 08:00 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-09 07:57 . 2008-06-09 07:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-09 07:52 . 2008-06-09 07:52 <DIR> d-------- C:\_OTMoveIt
2008-06-08 17:38 . 2008-06-08 17:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-08 17:38 . 2008-06-08 17:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-08 13:06 . 2008-06-08 13:07 <DIR> d-------- C:\Documents and Settings\a\Application Data\Media Player Classic
2008-06-07 12:35 . 2008-06-07 12:35 <DIR> d-------- C:\Documents and Settings\a\Application Data\Malwarebytes
2008-06-07 12:34 . 2008-06-07 12:35 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-07 12:34 . 2008-06-07 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 12:34 . 2008-06-05 16:04 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 12:34 . 2008-06-05 16:04 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-07 11:52 . 2008-06-07 11:53 <DIR> d-------- C:\Program Files\ERUNT
2008-06-03 20:20 . 2008-06-03 20:20 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-06-03 20:20 . 2004-07-21 00:27 102,400 --a------ C:\WINDOWS\scrub2k.exe
2008-06-03 20:20 . 2004-07-21 00:27 423 --a------ C:\WINDOWS\hpw1200k.ini
2008-06-03 20:18 . 2008-06-03 20:22 383,111 --a------ C:\WINDOWS\hpbj1200.his
2008-06-03 20:18 . 2008-06-03 20:23 23,403 --a------ C:\WINDOWS\mariner.his
2008-06-03 20:18 . 2008-06-03 20:22 18,647 --a------ C:\WINDOWS\hpbj1200.ini
2008-06-03 20:18 . 2008-06-03 20:23 5,683 --a------ C:\WINDOWS\mariner.ini
2008-06-01 12:16 . 2008-06-01 12:15 225,384 -r-hs---- C:\WINDOWS\dosec
2008-05-31 12:29 . 2008-05-31 12:29 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-31 12:29 . 2008-05-31 12:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 12:28 . 2008-05-31 12:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 20:46 . 2008-05-29 20:46 245,003 --a------ C:\WINDOWS\system32\i56cnBWF.exe
2008-05-29 20:45 . 2008-05-29 20:45 247,923 --a------ C:\WINDOWS\system32\akpxx48X.exe
2008-05-29 20:44 . 2008-05-29 20:44 249,383 --a------ C:\WINDOWS\system32\utaos1dY.exe
2008-05-29 20:42 . 2008-05-29 20:42 249,383 --a------ C:\WINDOWS\system32\horpI7AJ.exe
2008-05-29 20:41 . 2008-05-29 20:41 249,383 --a------ C:\WINDOWS\system32\KIVyaL0E.exe
2008-05-29 20:40 . 2008-05-29 20:40 242,083 --a------ C:\WINDOWS\system32\kpv4RoZ6.exe
2008-05-29 20:39 . 2008-05-29 20:39 247,923 --a------ C:\WINDOWS\system32\vvI3hzfI.exe
2008-05-29 20:38 . 2008-05-29 20:38 249,383 --a------ C:\WINDOWS\system32\ghMnjQ3G.exe
2008-05-29 20:37 . 2008-05-29 20:37 249,383 --a------ C:\WINDOWS\system32\nO5w86lu.exe
2008-05-29 20:36 . 2008-05-29 20:36 249,383 --a------ C:\WINDOWS\system32\QR33pkOi.exe
2008-05-29 20:35 . 2008-05-29 20:35 249,383 --a------ C:\WINDOWS\system32\oAfYGD8z.exe
2008-05-29 20:34 . 2008-05-29 20:34 247,923 --a------ C:\WINDOWS\system32\NsAt5ihH.exe
2008-05-29 20:33 . 2008-05-29 20:33 247,923 --a------ C:\WINDOWS\system32\3nQkAfti.exe
2008-05-29 20:32 . 2008-05-29 20:32 243,543 --a------ C:\WINDOWS\system32\uGjHjqFY.exe
2008-05-29 20:31 . 2008-05-29 20:31 249,383 --a------ C:\WINDOWS\system32\Bd8Q2KCd.exe
2008-05-29 20:30 . 2008-05-29 20:30 249,383 --a------ C:\WINDOWS\system32\XnkHErI3.exe
2008-05-29 20:29 . 2008-05-29 20:29 245,003 --a------ C:\WINDOWS\system32\gAoXUv5k.exe
2008-05-29 20:28 . 2008-05-29 20:28 249,383 --a------ C:\WINDOWS\system32\IEh0cFuI.exe
2008-05-29 20:27 . 2008-05-29 20:27 249,383 --a------ C:\WINDOWS\system32\DiVCopNa.exe
2008-05-29 20:26 . 2008-05-29 20:26 243,543 --a------ C:\WINDOWS\system32\
0Lbponlm.exe
2008-05-29 20:25 . 2008-05-29 20:25 249,383 --a------ C:\WINDOWS\system32\ry1hKSHB.exe
2008-05-29 20:24 . 2008-05-29 20:24 247,923 --a------ C:\WINDOWS\system32\gcdIrDv8.exe
2008-05-29 20:23 . 2008-05-29 20:23 246,463 --a------ C:\WINDOWS\system32\abxegsQE.exe
2008-05-29 20:22 . 2008-05-29 20:22 249,383 --a------ C:\WINDOWS\system32\ik6FKcjB.exe
2008-05-29 20:21 . 2008-05-29 20:21 249,383 --a------ C:\WINDOWS\system32\MhHvCQY7.exe
2008-05-29 20:20 . 2008-05-29 20:20 249,383 --a------ C:\WINDOWS\system32\JABvaBWr.exe
2008-05-29 20:19 . 2008-05-29 20:19 249,383 --a------ C:\WINDOWS\system32\cRFr4DK0.exe
2008-05-29 20:18 . 2008-05-29 20:18 245,003 --a------ C:\WINDOWS\system32\gfex6ZWT.exe
2008-05-29 20:17 . 2008-05-29 20:17 249,383 --a------ C:\WINDOWS\system32\VcDCtgDo.exe
2008-05-29 20:16 . 2008-05-29 20:16 247,923 --a------ C:\WINDOWS\system32\TwtVngbf.exe
2008-05-29 20:15 . 2008-05-29 20:15 249,383 --a------ C:\WINDOWS\system32\DCSBkFEM.exe
2008-05-29 20:14 . 2008-05-29 20:14 242,083 --a------ C:\WINDOWS\system32\yAYCI28R.exe
2008-05-29 20:13 . 2008-05-29 20:13 247,923 --a------ C:\WINDOWS\system32\EuwfeimO.exe
2008-05-29 20:12 . 2008-05-29 20:12 249,383 --a------ C:\WINDOWS\system32\WSMLISnK.exe
2008-05-29 20:11 . 2008-05-29 20:11 247,923 --a------ C:\WINDOWS\system32\lmC8m1Vh.exe
2008-05-29 20:10 . 2008-05-29 20:10 249,383 --a------ C:\WINDOWS\system32\kc2srXLK.exe
2008-05-29 20:09 . 2008-05-29 20:09 247,923 --a------ C:\WINDOWS\system32\zh3pudz5.exe
2008-05-29 20:07 . 2008-05-29 20:07 249,383 --a------ C:\WINDOWS\system32\MyXfbFiX.exe
2008-05-29 20:06 . 2008-05-29 20:06 249,383 --a------ C:\WINDOWS\system32\GtOndiXu.exe
2008-05-29 20:05 . 2008-05-29 20:05 249,383 --a------ C:\WINDOWS\system32\twZRYCk8.exe
2008-05-29 20:04 . 2008-05-29 20:04 249,383 --a------ C:\WINDOWS\system32\DXRzbFZm.exe
2008-05-29 20:03 . 2008-05-29 20:03 249,383 --a------ C:\WINDOWS\system32\ZTwpvDdK.exe
2008-05-29 20:02 . 2008-05-29 20:02 243,543 --a------ C:\WINDOWS\system32\oCkPFPrV.exe
2008-05-29 20:00 . 2008-05-29 20:00 249,383 --a------ C:\WINDOWS\system32\y1tKANug.exe
2008-05-29 19:59 . 2008-05-29 19:59 249,383 --a------ C:\WINDOWS\system32\coO2qvEY.exe
2008-05-29 19:58 . 2008-05-29 19:58 247,923 --a------ C:\WINDOWS\system32\o6F08WAt.exe
2008-05-29 19:57 . 2008-05-29 19:57 249,383 --a------ C:\WINDOWS\system32\GDBFpUaD.exe
2008-05-29 19:56 . 2008-05-29 19:56 249,383 --a------ C:\WINDOWS\system32\u4muZxtd.exe
2008-05-29 19:55 . 2008-05-29 19:55 247,923 --a------ C:\WINDOWS\system32\FSHxkygl.exe
2008-05-29 19:54 . 2008-05-29 19:54 246,463 --a------ C:\WINDOWS\system32\idxddAyR.exe
2008-05-29 19:53 . 2008-05-29 19:53 249,383 --a------ C:\WINDOWS\system32\kdYGlwWl.exe
2008-05-29 19:52 . 2008-05-29 19:52 249,383 --a------ C:\WINDOWS\system32\m7QxlQhx.exe
2008-05-29 19:51 . 2008-05-29 19:51 249,383 --a------ C:\WINDOWS\system32\nlTUMdOS.exe
2008-05-29 19:50 . 2008-05-29 19:50 246,463 --a------ C:\WINDOWS\system32\58v3pXYy.exe
2008-05-29 19:49 . 2008-05-29 19:49 247,923 --a------ C:\WINDOWS\system32\RLxKeUii.exe
2008-05-29 19:47 . 2008-05-29 19:47 249,383 --a------ C:\WINDOWS\system32\DwHpjmtB.exe
2008-05-29 19:46 . 2008-05-29 19:46 249,383 --a------ C:\WINDOWS\system32\ZP8rg1pq.exe
2008-05-29 19:45 . 2008-05-29 19:45 247,923 --a------ C:\WINDOWS\system32\IlgWx55L.exe
2008-05-29 19:44 . 2008-05-29 19:44 249,383 --a------ C:\WINDOWS\system32\kvwsVFke.exe
2008-05-29 19:43 . 2008-05-29 19:43 247,923 --a------ C:\WINDOWS\system32\xBRQGw1V.exe
2008-05-29 19:42 . 2008-05-29 19:42 247,923 --a------ C:\WINDOWS\system32\qbYNx7Tw.exe
2008-05-29 19:41 . 2008-05-29 19:41 236,243 --a------ C:\WINDOWS\system32\pFTASKox.exe
2008-05-29 19:40 . 2008-05-29 19:40 249,383 --a------ C:\WINDOWS\system32\lVCu57pH.exe
2008-05-29 19:39 . 2008-05-29 19:39 246,463 --a------ C:\WINDOWS\system32\AQDzcIlz.exe
2008-05-29 19:38 . 2008-05-29 19:38 247,923 --a------ C:\WINDOWS\system32\iI1hIUne.exe
2008-05-29 19:37 . 2008-05-29 19:37 249,383 --a------ C:\WINDOWS\system32\ByUrITDw.exe
2008-05-29 19:36 . 2008-05-29 19:36 240,623 --a------ C:\WINDOWS\system32\XkxhasIl.exe
2008-05-29 19:35 . 2008-05-29 19:35 242,083 --a------ C:\WINDOWS\system32\RcGWseIG.exe
2008-05-29 19:34 . 2008-05-29 19:34 249,383 --a------ C:\WINDOWS\system32\1ORg3tus.exe
2008-05-29 19:32 . 2008-05-29 19:32 249,383 --a------ C:\WINDOWS\system32\E0JG4do2.exe
2008-05-29 19:31 . 2008-05-29 19:31 247,923 --a------ C:\WINDOWS\system32\2ZgFPUzr.exe
2008-05-29 19:30 . 2008-05-29 19:30 249,383 --a------ C:\WINDOWS\system32\jGawaHX2.exe
2008-05-29 19:29 . 2008-05-29 19:29 249,383 --a------ C:\WINDOWS\system32\gWLB5bNI.exe
2008-05-29 19:27 . 2008-05-29 19:27 249,383 --a------ C:\WINDOWS\system32\mx4hrrVT.exe
2008-05-29 19:25 . 2008-05-29 19:25 247,923 --a------ C:\WINDOWS\system32\xDoJwIqQ.exe
2008-05-29 19:24 . 2008-05-29 19:24 249,383 --a------ C:\WINDOWS\system32\LDoQYFBD.exe
2008-05-29 19:23 . 2008-05-29 19:23 249,383 --a------ C:\WINDOWS\system32\2NUdJXag.exe
2008-05-29 19:22 . 2008-05-29 19:22 246,463 --a------ C:\WINDOWS\system32\VY0ixMuS.exe
2008-05-29 19:21 . 2008-05-29 19:21 249,383 --a------ C:\WINDOWS\system32\JvrYuGPN.exe
2008-05-29 19:20 . 2008-05-29 19:20 249,383 --a------ C:\WINDOWS\system32\Trtss0pU.exe
2008-05-29 19:19 . 2008-05-29 19:19 249,383 --a------ C:\WINDOWS\system32\oHN74rHB.exe
2008-05-29 19:18 . 2008-05-29 19:18 249,383 --a------ C:\WINDOWS\system32\pbfIVcg7.exe
2008-05-29 19:17 . 2008-05-29 19:17 246,463 --a------ C:\WINDOWS\system32\jKupkwNY.exe
2008-05-29 19:16 . 2008-05-29 19:16 249,383 --a------ C:\WINDOWS\system32\u0NirbEO.exe
2008-05-29 19:15 . 2008-05-29 19:15 247,923 --a------ C:\WINDOWS\system32\d1fTptlc.exe
2008-05-29 19:14 . 2008-05-29 19:14 247,923 --a------ C:\WINDOWS\system32\6fmK5x3a.exe
2008-05-29 19:13 . 2008-05-29 19:13 249,383 --a------ C:\WINDOWS\system32\oxuLXRKO.exe
2008-05-29 19:12 . 2008-05-29 19:12 249,383 --a------ C:\WINDOWS\system32\C16lkoVN.exe
2008-05-29 19:11 . 2008-05-29 19:11 249,383 --a------ C:\WINDOWS\system32\ctmFcGUg.exe
2008-05-29 19:10 . 2008-05-29 19:10 249,383 --a------ C:\WINDOWS\system32\e1vG80Jo.exe
2008-05-29 19:09 . 2008-05-29 19:09 247,923 --a------ C:\WINDOWS\system32\iJDYiT2K.exe
2008-05-29 19:08 . 2008-05-29 19:08 249,383 --a------ C:\WINDOWS\system32\wcscbcXS.exe
2008-05-29 19:07 . 2008-05-29 19:07 245,003 --a------ C:\WINDOWS\system32\T0YHjG04.exe
2008-05-29 19:06 . 2008-05-29 19:06 249,383 --a------ C:\WINDOWS\system32\sMcKrYOM.exe
2008-05-29 19:05 . 2008-05-29 19:05 249,383 --a------ C:\WINDOWS\system32\CgcB1PSo.exe
2008-05-29 19:04 . 2008-05-29 19:04 245,003 --a------ C:\WINDOWS\system32\svScJ6vB.exe
2008-05-29 19:03 . 2008-05-29 19:03 247,923 --a------ C:\WINDOWS\system32\UPHhqpDV.exe
2008-05-29 19:02 . 2008-05-29 19:02 243,543 --a------ C:\WINDOWS\system32\JjKWKVzE.exe
2008-05-29 19:01 . 2008-05-29 19:01 247,923 --a------ C:\WINDOWS\system32\YJQCYFlK.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-10 21:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-09 12:00 --------- d-----w C:\Program Files\Java
2008-06-08 22:19 48,640 --sh--r C:\WINDOWS\system32\wmoptimizer.dll
2008-05-28 15:54 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-05-20 13:43 --------- d-----w C:\Program Files\iTunes
2008-05-20 13:36 --------- d-----w C:\Program Files\Last.fm
2008-05-11 11:30 431,495 --sh--r C:\WINDOWS\English.exe
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Roxio
2008-05-06 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2008-05-06 05:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield
2008-05-06 05:29 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-05-06 05:28 --------- d-----w C:\Program Files\Roxio
2008-05-06 05:24 --------- d-----w C:\Program Files\Common Files\Roxio Shared
2008-05-06 05:22 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-06 05:15 --------- d-----w C:\Program Files\Research In Motion
2008-05-06 05:15 --------- d-----w C:\Program Files\Common Files\Research In Motion
2008-05-03 14:45 221,184 ----a-w C:\WINDOWS\system32\tapi.exe
2008-05-03 00:08 --------- d-----w C:\Program Files\Autobahn
2008-05-02 18:16 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-04-30 02:12 --------- d-----w C:\Documents and Settings\a\Application Data\BitTorrent
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-21 06:56 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 11:01 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2006-02-17 16:17 3,452 ----a-w C:\Program Files\BlockedSenders.txt
2006-02-17 16:17 254 ----a-w C:\Program Files\SafeSenders.txt
.
------- Sigcheck -------
2004-08-04 04:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\ServicePackFiles\i386\svchost.exe
2004-08-04 04:56 14336 28b84d2e2bdb2e3410b3491ad41f71a4 C:\WINDOWS\system32\svchost.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-09_15.17.24.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-09 18:58:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-13 00:52:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:32:03 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 -c----w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:32:03 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 06:56:54 151,040 -c----w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:32:03 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 06:56:55 1,054,208 -c----w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:32:04 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 -c----w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:32:04 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 -c----w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:32:04 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 06:56:55 55,808 -c----w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-15 09:07:53 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
+ 2008-04-17 10:46:59 18,432 -c----w C:\WINDOWS\system32\dllcache\iedw.exe
- 2008-02-16 09:32:04 251,904 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 06:56:56 251,904 -c----w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:32:04 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 06:56:56 96,256 -c----w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:32:04 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 -c----w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 09:32:06 3,066,880 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 -c----w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:32:06 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 -c----w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:32:06 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 06:56:57 146,432 -c----w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:32:07 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 06:56:58 532,480 -c----w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:32:07 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 -c----w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2007-10-29 22:43:03 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
+ 2008-05-07 05:18:48 1,287,680 -c----w C:\WINDOWS\system32\dllcache\quartz.dll
- 2006-07-13 08:48:58 202,240 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
+ 2008-05-08 12:28:49 202,752 -c--a-w C:\WINDOWS\system32\dllcache\rmcast.sys
- 2008-02-16 09:32:08 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 -c----w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:32:08 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 -c----w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:32:08 618,496 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 06:56:58 618,496 -c----w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:32:09 666,112 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 06:56:59 666,624 -c----w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:32:04 55,808 ------w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 06:56:55 55,808 ------w C:\WINDOWS\system32\extmgr.dll
- 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 21:35:04 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2006-10-16 21:10:58 14,640 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 04:56 15360]
"AIM"="C:\Program Files\AIM\aim.exe" [2005-08-05 15:08 67160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2005-09-15 17:57 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-09-15 17:57 512000]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2005-12-20 02:57 409600]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2005-12-20 02:56 98304]
"TpShocks"="TpShocks.exe" [2005-11-07 15:14 106496 C:\WINDOWS\system32\TpShocks.exe]
"BMMGAG"="C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-02-05 05:36 106496]
"BMMMONWND"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-02-05 05:36 395264]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-12-21 13:33 48800]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe" [2005-12-21 21:45 85744]
"AGRSMMSG"="AGRSMMSG.exe" [2003-06-27 09:53 88363 C:\WINDOWS\AGRSMMSG.exe]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-08-16 08:56 236016]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 04:56 158208]
"HPWNTOOLBOX"="C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe" [2004-07-21 11:35 327680]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 04:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
MLB.TV NexDef Plug-in.lnk - C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe [2008-03-30 19:52:34 799496]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.sl_g729a"= sl_g729a.acm
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxLiveShare9"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"<NO NAME>"= :apisvc
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Autobahn\\mlb-nexdef-autobahn.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 Shockprf;Shockprf;C:\WINDOWS\system32\drivers\Shockprf.sys [2005-11-30 19:58]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 13:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2005-11-08 13:27]
R1 ShockMgr;ShockMgr;C:\WINDOWS\system32\drivers\ShockMgr.sys [2005-06-20 16:18]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2004-02-05 05:36]
R2 CcmExec;SMS Agent Host;C:\WINDOWS\system32\CCM\CcmExec.exe [2004-08-04 04:05]
S2 3800hk;°®¹úÕß°²È«Íø;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 ASP State Services;ASP State Services;C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_states\aspnet [2006-01-01 00:00]
S2 beocai;beocai;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 buyreoaky;DCOM++++ Servers Lancher;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 cwnlee;cwnlee;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 jqnjci;jqnjci;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 ManeagersSecurity;Manegers Administrativ Service;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 MSOLAP;SQL Server Analysis Services;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 oyqhhg;oyqhhg;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 QQÒ½Éú;QQQQÒ½Éú;C:\WINDOWS\System32\QQÒ½Éú.exe []
S2 rheqed;rheqed;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 umawxz;umawxz;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 WMOptimizer;Windows Media Optimizer;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 xcywzqERVEsss;xcywzqERVEsss;C:\WINDOWS\system32\SVCHOST.EXE [2004-08-04 04:56]
S2 xukybz;xukybz;C:\WINDOWS\system32\svchost.exe [2004-08-04 04:56]
S2 yqnjcixf;yqnjcixf;C:\WINDOWS\system32\DRIvers\owspth.SYS []
S3 EL3C574;FE574B-3Com 10/100 LAN PCCard Device Driver;C:\WINDOWS\system32\DRIVERS\el574nd4.sys [2001-08-17 16:10]
S3 prepdrvr;SMS Process Event Driver;C:\WINDOWS\system32\CCM\prepdrv.sys [2004-06-27 03:50]
S4 English;English;C:\WINDOWS\English.exe [2008-05-11 07:30]
S4 NC;NC;C:\WINDOWS\system32\nc.exe []
S4 NSQ;NSQ;C:\WINDOWS\System32\NSQ.exe []
S4 RedGirl;RedGirl;C:\WINDOWS\System32\RedGirl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
MSDTCSERVEsss REG_MULTI_SZ MSDTCSERVEsss
MSOLAP REG_MULTI_SZ MSOLAP
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
3800hk
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2006-02-17 17:52:42 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-13 00:19:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet005\SERVICES\Microsoftpvsy]
"ImagePath"="C:\WINDOWS\dosec"
[HKEY_LOCAL_MACHINE\system\ControlSet005\SERVICES\ASP State Services]
"ImagePath"="C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_states\aspnet"
[HKEY_LOCAL_MACHINE\system\ControlSet005\SERVICES\Microsoftpvsy]
"ImagePath"="C:\WINDOWS\dosec"
.
Completion time: 2008-06-13 0:25:04
ComboFix-quarantined-files.txt 2008-06-13 04:24:47
ComboFix2.txt 2008-06-09 19:19:02
Pre-Run: 11,101,519,872 bytes free
Post-Run: 11,076,218,880 bytes free
618 --- E O F --- 2008-06-11 12:02:55
_________________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:27, on 2008-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Connected\AgentSrv.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\CCM\CcmExec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Contribute 4\contributeieplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Contribute 4\contributeieplugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [HPWNTOOLBOX] C:\Program Files\Hewlett-Packard\hp business inkjet 1200 series\Toolbox\HPWNTBX.exe "-i"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: MLB.TV NexDef Plug-in.lnk = C:\Program Files\Autobahn\mlb-nexdef-autobahn.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupda ... 0118995668O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -
http://javadl.sun.com/webapps/download/ ... leId=21871O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: QQQQÒ½Éú (QQÒ½Éú) - Unknown owner - C:\WINDOWS\System32\QQÒ½Éú.exe (file missing)
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
--
End of file - 9804 bytes