ComboFix 08-09-20.05 - Bob 2008-09-22 21:45:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.779 [GMT 8:00]
Running from: C:\Downloads\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-22 to 2008-09-22 )))))))))))))))))))))))))))))))
.
2008-09-22 21:08 . 2008-09-22 21:08 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\IObit
2008-09-22 18:37 . 2008-09-22 18:37 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\GlarySoft
2008-09-22 18:33 . 2008-09-22 18:33 <DIR> d-------- C:\Program Files\Glary Utilities
2008-09-21 15:11 . 2008-09-21 15:12 <DIR> d-------- C:\sp3
2008-09-14 18:47 . 2008-09-14 18:47 <DIR> d-------- C:\WINDOWS\system32\Tcpipcfg.dll
2008-09-14 18:47 . 2008-09-14 18:47 <DIR> d-------- C:\WINDOWS\system32\Netiougc.exe
2008-09-14 18:47 . 2008-09-14 18:47 <DIR> d-------- C:\WINDOWS\system32\Migration
2008-09-14 18:47 . 2008-09-14 18:47 <DIR> d-------- C:\WINDOWS\system32\drivers\Netio.sys
2008-09-14 16:02 . 2008-09-14 16:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-14 15:56 . 2008-09-14 19:28 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-09-14 15:50 . 2008-09-14 15:51 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-09-12 19:57 . 2008-09-12 19:57 <DIR> d-------- C:\wutemp
2008-09-12 19:51 . 2008-09-22 11:27 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-09-12 19:51 . 2008-09-22 19:33 <DIR> d---s---- C:\WINDOWS\Downloaded Program Files
2008-09-11 18:16 . 2008-09-11 18:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-11 18:15 . 2008-09-12 21:45 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-11 18:15 . 2008-09-12 21:45 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\SUPERAntiSpyware.com
2008-09-10 20:41 . 2008-09-10 20:41 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Malwarebytes
2008-09-08 10:35 . 2008-09-08 10:35 <DIR> dr-h----- C:\Documents and Settings\Emily\Application Data\yahoo!
2008-09-07 19:28 . 2008-09-07 19:28 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-07 18:29 . 2008-09-07 18:29 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-09-07 17:54 . 2008-09-07 19:36 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-07 15:25 . 2008-09-07 15:38 <DIR> d-------- C:\Documents and Settings\Guest\Application Data\Yahoo!
2008-09-07 15:22 . 2008-09-07 15:22 <DIR> d-------- C:\Documents and Settings\Guest
2008-09-07 14:56 . 2008-09-07 14:56 <DIR> d-------- C:\f6cd90ac369181a87b69e8e7b149cc
2008-09-07 14:55 . 2008-09-07 14:55 <DIR> dr-h----- C:\AHCache
2008-09-07 14:55 . 2008-09-07 14:55 <DIR> d-------- C:\373b50dafcc9527f19568ce47c6aa907
2008-09-07 14:14 . 2008-09-07 14:14 <DIR> d-------- C:\Program Files\EPSON
2008-09-07 10:56 . 2008-09-07 10:56 <DIR> d-------- C:\Program Files\TryNewDiskWriteCopyFromCCS
2008-09-07 10:33 . 2008-09-07 10:33 230,424 --a------ C:\img2-001.raw
2008-09-07 10:30 . 2008-09-07 10:30 <DIR> d-------- C:\Documents and Settings\em gwapa\Application Data\CCS Company
2008-09-07 10:19 . 2008-09-07 10:19 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\CCS Company
2008-09-07 08:39 . 2008-04-14 05:42 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-09-07 08:39 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-09-07 08:39 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-09-07 08:39 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-09-07 08:39 . 2008-04-13 22:04 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-09-07 08:39 . 2008-04-14 05:42 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-09-07 08:39 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-09-07 08:39 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-09-07 08:37 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-09-07 08:36 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-09-07 08:35 . 2001-08-17 14:56 315,520 --a--c--- C:\WINDOWS\system32\dllcache\trid3d.dll
2008-09-07 08:34 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-09-07 08:33 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll
2008-09-07 08:32 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-09-07 08:31 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-09-07 08:30 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-09-07 08:29 . 2008-04-14 05:42 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-09-07 08:28 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-09-07 08:27 . 2008-04-14 00:01 2,023,936 --a--c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-07 08:26 . 2006-02-28 20:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2008-09-07 08:25 . 2006-02-28 20:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-09-07 08:24 . 2006-02-28 20:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-09-07 08:23 . 2006-02-28 20:00 471,102 --a--c--- C:\WINDOWS\system32\dllcache\imskdic.dll
2008-09-07 08:22 . 2006-02-28 20:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-09-07 08:21 . 2001-08-17 13:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-09-07 08:20 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-09-07 08:19 . 2001-08-17 12:17 629,952 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys
2008-09-07 08:18 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-09-07 08:17 . 2001-08-17 22:36 419,357 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-09-07 08:16 . 2006-02-28 20:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-09-07 08:15 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-09-07 08:14 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-09-07 08:13 . 2008-04-14 00:54 2,145,280 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-09-07 07:04 . 2008-09-07 07:04 <DIR> d-------- C:\Program Files\CCS Company
2008-09-07 07:02 . 2008-09-07 07:02 <DIR> d-------- C:\Program Files\QuickTime
2008-09-07 07:02 . 2008-09-07 07:02 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-07 07:02 . 2008-09-07 07:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-07 07:02 . 2008-09-07 07:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-09-06 21:27 . 2008-09-06 21:27 <DIR> d-------- C:\Program Files\Safer Networking
2008-09-06 20:10 . 2008-09-06 20:10 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-09-06 05:54 . 2008-09-06 05:54 <DIR> d--hs---- C:\found.000
2008-09-05 05:45 . 2008-09-05 05:45 <DIR> d---s---- C:\Documents and Settings\Emily\UserData
2008-09-03 18:51 . 2008-09-03 18:51 <DIR> d---s---- C:\Documents and Settings\mayem\UserData
2008-09-02 19:39 . 2008-09-02 19:39 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Microsoft Web Folders
2008-09-02 11:18 . 2008-09-07 02:05 <DIR> d-------- C:\Documents and Settings\mayem\Application Data\Yahoo!
2008-09-02 10:25 . 2008-09-03 18:51 <DIR> d-------- C:\Documents and Settings\mayem
2008-09-02 09:26 . 2008-09-07 02:34 <DIR> d-------- C:\Documents and Settings\em gwapa\Application Data\Yahoo!
2008-09-02 07:33 . 2008-09-05 05:45 <DIR> d-------- C:\Documents and Settings\Emily
2008-09-02 07:02 . 2008-09-17 21:34 <DIR> d-------- C:\Documents and Settings\em gwapa
2008-09-02 01:35 . 2008-09-02 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-09-01 20:48 . 2008-09-01 20:48 <DIR> d-------- C:\Documents and Settings\Bob\Application Data\Auslogics
2008-09-01 20:47 . 2008-09-01 20:47 <DIR> d-------- C:\Program Files\IObit
2008-09-01 19:41 . 2008-09-01 19:42 <DIR> d-------- C:\Program Files\CCleaner
2008-09-01 17:27 . 2008-09-01 17:42 49 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-01 08:09 . 2008-09-01 08:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-01 04:26 . 2008-04-14 05:39 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-09-01 04:25 . 2008-04-14 05:41 218,112 --a--c--- C:\WINDOWS\system32\dllcache\c_g18030.dll
2008-09-01 04:24 . 2008-09-01 04:24 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-09-01 04:24 . 2008-04-14 05:42 294,912 -----c--- C:\WINDOWS\system32\dllcache\dlimport.exe
2008-09-01 04:24 . 2008-04-14 05:41 35,328 --a--c--- C:\WINDOWS\system32\dllcache\iprip.dll
2008-09-01 04:24 . 2008-04-14 05:39 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbdax2.dll
2008-09-01 04:20 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\
003610_.tmp
2008-09-01 03:26 . 2008-09-01 03:28 <DIR> d-------- C:\5596aa73634f81fa46f446bd2a85
2008-09-01 03:04 . 2006-02-28 20:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-09-01 03:02 . 2006-02-28 20:00 92,416 --a--c--- C:\WINDOWS\system32\dllcache\mga.sys
2008-09-01 03:01 . 2006-02-28 20:00 195,618 --a--c--- C:\WINDOWS\system32\dllcache\c_10002.nls
2008-09-01 02:59 . 2008-07-18 22:09 215,752 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-09-01 02:59 . 2008-07-18 22:09 215,752 --a--c--- C:\WINDOWS\system32\dllcache\wuaucpl.cpl
2008-09-01 02:59 . 2006-02-28 20:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe
2008-09-01 02:59 . 2008-09-01 02:59 749 -rah----- C:\WINDOWS\WindowsShell.Manifest
2008-09-01 02:59 . 2008-09-01 02:59 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest
2008-09-01 02:59 . 2008-09-01 02:59 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest
2008-09-01 02:59 . 2008-09-01 02:59 749 -rah----- C:\WINDOWS\system32\nwc.cpl.manifest
2008-09-01 02:59 . 2008-09-01 02:59 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest
2008-09-01 02:59 . 2008-09-01 02:59 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest
2008-09-01 02:55 . 2006-02-28 20:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-09-01 02:54 . 2008-04-14 05:42 364,032 --a--c--- C:\WINDOWS\system32\dllcache\w3svc.dll
2008-09-01 02:54 . 2008-04-14 05:42 259,072 --a--c--- C:\WINDOWS\system32\dllcache\snmpcl.dll
2008-09-01 02:54 . 2008-04-14 05:41 61,440 --a--c--- C:\WINDOWS\system32\dllcache\httpod51.dll
2008-09-01 02:54 . 2008-04-14 05:42 46,592 --a--c--- C:\WINDOWS\system32\dllcache\sspifilt.dll
2008-09-01 02:54 . 2008-04-14 05:42 39,936 --a--c--- C:\WINDOWS\system32\dllcache\snmpthrd.dll
2008-09-01 02:54 . 2008-04-14 05:41 8,192 --a--c--- C:\WINDOWS\system32\dllcache\httpmb51.dll
2008-08-31 23:01 . 2006-02-28 20:00 13,107,200 --a------ C:\WINDOWS\system32\oembios.bin
2008-08-31 23:00 . 2008-04-13 22:32 4,190,352 --a--c--- C:\WINDOWS\system32\dllcache\luna.mst
2008-08-31 22:32 . 2008-08-31 22:32 <DIR> d--h-c--- C:\WINDOWS\$MSI30UninstallMSI30-KB884016$
2008-08-31 22:32 . 2008-08-31 22:32 <DIR> d-------- C:\a4080c55675477c2b8bcbbade0
2008-08-31 22:21 . 2008-04-14 00:16 19,200 --a------ C:\WINDOWS\system32\drivers\wstcodec.sys
2008-08-31 22:21 . 2008-04-14 00:16 19,200 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys
2008-08-31 22:21 . 2008-04-14 00:16 17,024 --a------ C:\WINDOWS\system32\drivers\ccdecode.sys
2008-08-31 22:21 . 2008-04-14 00:16 17,024 --a--c--- C:\WINDOWS\system32\dllcache\ccdecode.sys
2008-08-31 22:20 . 2008-04-14 00:16 85,248 --a------ C:\WINDOWS\system32\drivers\nabtsfec.sys
2008-08-31 22:20 . 2008-04-14 00:16 85,248 --a--c--- C:\WINDOWS\system32\dllcache\nabtsfec.sys
2008-08-31 22:20 . 2008-04-14 00:09 5,504 --a------ C:\WINDOWS\system32\drivers\mstee.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-21 03:54 --------- d-----w C:\Program Files\PokerStars.NET
2008-09-21 03:18 --------- d-----w C:\Documents and Settings\Bob\Application Data\Skype
2008-09-21 00:52 --------- d-----w C:\Documents and Settings\Bob\Application Data\skypePM
2008-09-15 01:59 97,928 ----a-w C:\WINDOWS\system32\drivers\avgldx86.sys
2008-09-14 10:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-09-02 11:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-09-01 11:42 --------- d-----w C:\Program Files\Yahoo!
2008-09-01 08:54 --------- d-----w C:\Program Files\Ahead
2008-08-31 02:05 --------- d-----w C:\Program Files\Microsoft Calculator Plus
2008-08-31 00:23 10,520 ----a-w C:\WINDOWS\system32\avgrsstx.dll
2008-08-30 14:50 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-28 23:46 --------- d-----w C:\Program Files\Java
2008-08-28 08:50 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-27 09:09 --------- d-----w C:\Documents and Settings\Bob\Application Data\Orbit
2008-08-24 09:41 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-08-24 01:49 --------- d-----w C:\Documents and Settings\Bob\Application Data\DNA
2008-08-24 01:27 --------- d-----w C:\Program Files\a-squared Anti-Malware
2008-08-22 14:06 --------- d-----w C:\Program Files\a-squared Free
2008-08-21 13:02 --------- d-----w C:\Documents and Settings\Bob\Application Data\BitTorrent
2008-08-21 01:15 --------- d-----w C:\Program Files\Reference Assemblies
2008-08-21 01:15 --------- d-----w C:\Program Files\MSBuild
2008-08-19 14:18 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-08-19 14:03 --------- d-----w C:\Program Files\Microsoft Corporation
2008-08-19 14:03 --------- d-----w C:\Program Files\Common Files\eSellerate
2008-08-19 14:02 --------- d-----w C:\Documents and Settings\Bob\Application Data\SmartDraw
2008-08-16 12:41 --------- d-----w C:\Program Files\ieSpell
2008-08-12 04:08 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-12 04:08 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-08-09 12:35 --------- d-----w C:\Program Files\Common Files\New Folder
2008-08-09 03:12 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-08-08 03:11 --------- d-----w C:\Program Files\HP
2008-08-07 12:03 --------- d-----w C:\Program Files\Common Files\HP
2008-08-07 07:29 --------- d-----w C:\Documents and Settings\Bob\Application Data\Comodo
2008-08-07 07:21 --------- d-----w C:\Documents and Settings\Bob\Application Data\Talkback
2008-08-07 05:00 --------- d-----w C:\Documents and Settings\Bob\Application Data\Thunderbird
2008-08-07 04:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-08-06 14:58 --------- d-----w C:\Documents and Settings\Bob\Application Data\iolo
2008-08-06 14:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-08-06 14:51 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-08-06 14:50 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-08-06 14:41 --------- d-----w C:\Program Files\Opera
2008-08-06 10:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-08-06 10:00 --------- d-----w C:\Documents and Settings\Bob\Application Data\Image Zone Express
2008-08-04 13:56 --------- d-----w C:\Program Files\Java2
2008-08-02 03:50 --------- d-----w C:\Documents and Settings\Bob\Application Data\GrabPro
2008-07-30 11:17 --------- d-----w C:\Program Files\netbeans-4.0
2008-07-30 10:52 --------- d-----w C:\Program Files\Xinox Software
2008-07-30 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\FreeRIP
2008-07-28 10:26 --------- d-----w C:\Program Files\Common Files\xing shared
2008-07-28 10:25 --------- d-----w C:\Program Files\Real
2008-07-28 10:25 --------- d-----w C:\Program Files\Common Files\Real
2008-07-26 12:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-07-26 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-07-25 13:48 --------- d-----w C:\Program Files\Google
2008-07-25 08:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-25 08:18 --------- d-----w C:\Program Files\DNA
2008-07-25 08:18 --------- d-----w C:\Program Files\BitTorrent
2008-07-25 06:23 48,367,896 -c--a-w C:\Program Files\avg_free_stf_en_8_138a1332.exe
2008-07-25 03:16 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll
2008-07-25 03:16 83,968 ----a-w C:\WINDOWS\system32\mscories.dll
2008-07-25 03:16 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll
2008-07-25 03:16 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll
2008-07-22 02:01 --------- d-----w C:\Program Files\Common Files\HTML Executable Viewer
2008-07-22 02:01 --------- d-----w C:\Documents and Settings\Bob\Application Data\HTML Executable
2008-07-18 14:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 14:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 14:10 45,768 -c--a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 14:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 14:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 14:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 14:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 14:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 14:07 210,976 -c--a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 13:50 32 -c----w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 1832272]
"Google Update"="C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-14 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-09-15 1235736]
"VX1000"="C:\WINDOWS\vVX1000.exe" [2006-12-06 707360]
"VMSnap3"="C:\WINDOWS\VMSnap3.EXE" [2006-08-30 49152]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"Domino"="C:\WINDOWS\Domino.EXE" [2006-06-28 49152]
"SmartRAM"="C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"SiSPower"="SiSPower.dll" [2007-02-28 C:\WINDOWS\system32\SiSPower.dll]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 C:\WINDOWS\RTHDCPL.exe]
"MsmqIntCert"="mqrt.dll" [2008-04-14 C:\WINDOWS\system32\mqrt.dll]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogoff"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoClose"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll, msnsspc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Mqt47.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Swb71.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Vad58.sys]
@="Driver"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg8emc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Opera\\opera.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\WINDOWS\\system32\\mqsvc.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-09-15 97928]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-09-15 231704]
R3 VX1000;VX-1000;C:\WINDOWS\system32\DRIVERS\VX1000.sys [2006-12-06 1963680]
S0 Mqt47;Mqt47;C:\WINDOWS\system32\Drivers\Mqt47.sys [ ]
S0 Swb71;Swb71;C:\WINDOWS\system32\Drivers\Swb71.sys [ ]
S0 Vad58;Vad58;C:\WINDOWS\system32\Drivers\Vad58.sys [ ]
S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Bob\Application Data\Mozilla\Firefox\Profiles\j69a38ca.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://y8.com/
FF -: plugin - C:\Documents and Settings\Bob\Local Settings\Application Data\Google\Update\1.2.131.11\npGoogleOneClick5.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
FF -: plugin - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-09-22 21:48:30
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-09-22 21:49:40
ComboFix-quarantined-files.txt 2008-09-22 13:49:34
ComboFix2.txt 2008-09-19 22:29:03
ComboFix3.txt 2008-09-07 02:11:12
Pre-Run: 19,589,701,632 bytes free
Post-Run: 19,595,829,248 bytes free
310
Unsolved 
Offline 
