All done
Combo fix log:
ComboFix 08-06-01.6 - Robert 2008-06-04 18:25:40.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.514 [GMT 1:00]
Running from: C:\Documents and Settings\Robert\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Robert\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Coupon Printer
C:\Program Files\Coupon Printer\uninstall.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-04 to 2008-06-04 )))))))))))))))))))))))))))))))
.
2008-06-03 19:44 . 2008-06-03 19:44 1,980 --a------ C:\WINDOWS\ST5UNST.000
2008-06-01 17:30 . 2008-06-01 17:59 <DIR> d-------- C:\SDFix
2008-05-30 15:25 . 2008-05-30 16:07 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\ImgBurn
2008-05-30 13:52 . 2008-05-30 13:53 <DIR> d-------- C:\Program Files\ImgBurn
2008-05-30 10:25 . 2008-05-30 10:25 <DIR> d-------- C:\Documents and Settings\Hanna\Application Data\Comodo
2008-05-29 22:12 . 2008-05-29 22:13 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\AVGTOOLBAR
2008-05-29 22:11 . 2008-05-29 22:11 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\Comodo
2008-05-29 15:48 . 2008-06-04 14:43 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-29 11:59 . 2008-05-29 11:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-29 09:48 . 2008-05-29 09:48 <DIR> d-------- C:\Program Files\COMODO
2008-05-29 09:48 . 2008-05-29 09:48 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\Comodo
2008-05-29 09:48 . 2008-05-29 09:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\comodo
2008-05-29 09:48 . 2008-05-29 10:02 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-05-29 09:48 . 2008-05-29 10:02 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-05-29 09:48 . 2008-05-29 10:02 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-05-29 08:10 . 2008-06-03 19:52 <DIR> d-------- C:\Documents and Settings\Hanna\Application Data\AVGTOOLBAR
2008-05-28 18:23 . 2008-05-28 18:23 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-05-28 18:23 . 2008-05-28 18:23 <DIR> d-------- C:\WINDOWS\system32\en
2008-05-28 18:23 . 2008-05-28 18:23 <DIR> d-------- C:\WINDOWS\l2schemas
2008-05-28 17:57 . 2008-04-14 01:12 712,704 --------- C:\WINDOWS\system32\windowscodecs.dll
2008-05-28 17:57 . 2008-04-14 01:12 346,112 --------- C:\WINDOWS\system32\windowscodecsext.dll
2008-05-28 17:57 . 2008-04-14 01:12 276,992 --------- C:\WINDOWS\system32\wmphoto.dll
2008-05-28 17:57 . 2008-04-14 01:12 69,120 --------- C:\WINDOWS\system32\wlanapi.dll
2008-05-28 17:57 . 2008-04-14 01:12 53,248 --------- C:\WINDOWS\system32\tsgqec.dll
2008-05-28 17:57 . 2008-04-14 01:12 50,688 --------- C:\WINDOWS\system32\tspkg.dll
2008-05-28 17:56 . 2008-04-14 01:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll
2008-05-28 17:56 . 2008-04-14 01:12 291,328 --------- C:\WINDOWS\system32\qagentrt.dll
2008-05-28 17:56 . 2008-04-14 01:12 290,304 --------- C:\WINDOWS\system32\rhttpaa.dll
2008-05-28 17:56 . 2008-04-14 01:12 150,528 --------- C:\WINDOWS\system32\qagent.dll
2008-05-28 17:56 . 2008-04-14 01:12 144,384 --------- C:\WINDOWS\system32\onex.dll
2008-05-28 17:56 . 2008-04-14 01:12 76,800 --------- C:\WINDOWS\system32\qutil.dll
2008-05-28 17:56 . 2008-04-14 01:12 62,464 --------- C:\WINDOWS\system32\qcliprov.dll
2008-05-28 17:56 . 2008-04-14 01:12 61,952 --------- C:\WINDOWS\system32\rasqec.dll
2008-05-28 17:56 . 2008-04-14 01:12 32,768 --------- C:\WINDOWS\system32\setupn.exe
2008-05-28 17:56 . 2008-04-13 19:40 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-05-28 17:55 . 2008-04-14 01:12 1,306,624 -----c--- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-05-28 17:55 . 2008-04-14 01:12 193,024 --------- C:\WINDOWS\system32\napmontr.dll
2008-05-28 17:55 . 2008-04-14 01:12 176,640 --------- C:\WINDOWS\system32\napstat.exe
2008-05-28 17:55 . 2008-04-14 01:12 155,136 --------- C:\WINDOWS\system32\mssha.dll
2008-05-28 17:55 . 2008-04-13 18:27 79,872 --a------ C:\WINDOWS\system32\msxml6r.dll
2008-05-28 17:55 . 2008-04-13 18:27 79,872 -----c--- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-05-28 17:55 . 2008-04-13 19:14 76,800 --------- C:\WINDOWS\system32\msshavmsg.dll
2008-05-28 17:55 . 2008-04-14 01:12 30,208 --------- C:\WINDOWS\system32\napipsec.dll
2008-05-28 17:54 . 2008-04-14 01:11 397,312 --------- C:\WINDOWS\system32\mmcex.dll
2008-05-28 17:54 . 2008-04-14 01:11 184,320 --------- C:\WINDOWS\system32\microsoft.managementconsole.dll
2008-05-28 17:54 . 2008-04-14 01:11 106,496 --------- C:\WINDOWS\system32\mmcfxcommon.dll
2008-05-28 17:54 . 2008-04-14 01:11 61,440 --------- C:\WINDOWS\system32\kmsvc.dll
2008-05-28 17:54 . 2008-04-14 01:11 37,376 --------- C:\WINDOWS\system32\l2gpstore.dll
2008-05-28 17:54 . 2008-04-14 01:12 33,792 --------- C:\WINDOWS\system32\mmcperf.exe
2008-05-28 17:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdpash.dll
2008-05-28 17:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdnepr.dll
2008-05-28 17:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdiultn.dll
2008-05-28 17:54 . 2008-04-14 01:09 6,144 --------- C:\WINDOWS\system32\kbdbhc.dll
2008-05-28 17:52 . 2008-04-14 01:11 650,752 --------- C:\WINDOWS\system32\dot3ui.dll
2008-05-28 17:51 . 2008-04-14 01:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-05-28 15:35 . 2008-05-28 15:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-28 15:28 . 2008-06-04 11:31 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-28 15:28 . 2008-05-28 15:28 <DIR> d-------- C:\Program Files\AVG
2008-05-28 15:28 . 2008-05-28 16:25 <DIR> d-------- C:\Documents and Settings\Robert\Application Data\AVGTOOLBAR
2008-05-28 15:28 . 2008-05-28 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-28 15:28 . 2008-05-28 15:28 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-28 15:28 . 2008-05-28 15:28 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-28 11:23 . 2008-05-28 11:23 <DIR> d-------- C:\Program Files\Panda Security
2008-05-26 20:49 . 2008-05-26 20:49 <DIR> d-------- C:\Documents and Settings\Natalie\Application Data\Apple Computer
2008-05-26 20:49 . 2008-06-04 17:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-26 20:49 . 2008-05-26 20:49 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-26 20:48 . 2008-05-26 20:49 <DIR> d-------- C:\Program Files\iTunes
2008-05-26 20:48 . 2008-05-26 20:48 <DIR> d-------- C:\Program Files\iPod
2008-05-26 20:44 . 2008-05-26 20:44 <DIR> d-------- C:\Program Files\Apple Software Update
2008-05-26 10:44 . 2008-05-26 10:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2008-05-23 16:51 . 2008-05-23 16:51 244 --ah----- C:\sqmnoopt02.sqm
2008-05-23 16:51 . 2008-05-23 16:51 232 --ah----- C:\sqmdata02.sqm
2008-05-18 11:53 . 2008-05-18 17:02 <DIR> d-------- C:\Program Files\Zattoo
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 17:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-06-03 21:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-03 19:52 --------- d-----w C:\Documents and Settings\Hanna\Application Data\Skype
2008-05-31 21:38 --------- d-----w C:\Documents and Settings\Robert\Application Data\GrabIt
2008-05-29 22:54 --------- d-----w C:\Documents and Settings\Natalie\Application Data\uTorrent
2008-05-29 13:39 --------- d-----w C:\Program Files\Kontiki
2008-05-28 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-28 14:36 --------- d-----w C:\Program Files\Lavasoft
2008-05-28 14:36 --------- d-----w C:\Documents and Settings\Natalie\Application Data\Lavasoft
2008-05-28 14:35 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-28 14:30 --------- d-----w C:\Program Files\Java
2008-05-28 14:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-28 14:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-28 14:20 --------- d-----w C:\Program Files\PSPHost
2008-05-28 14:15 --------- d-----w C:\Program Files\Zylom Games
2008-05-28 14:15 --------- d-----w C:\Program Files\3DO
2008-05-28 14:02 --------- d-----w C:\Documents and Settings\Robert\Application Data\Dev-Cpp
2008-05-28 10:13 --------- d-----w C:\Program Files\igLoader
2008-05-26 19:47 --------- d-----w C:\Program Files\QuickTime Alternative
2008-05-26 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-26 09:52 --------- d-----w C:\Program Files\SpeedFan
2008-05-20 19:18 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-13 15:42 --------- d-----w C:\Documents and Settings\Robert\Application Data\uTorrent
2008-05-01 15:15 --------- d-----w C:\Documents and Settings\Robert\Application Data\CoSoSys
2008-05-01 15:10 --------- d-----w C:\Documents and Settings\Robert\Application Data\U3
2008-04-29 10:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 10:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 10:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ------w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ------w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 20:10 --------- d-----w C:\Documents and Settings\Natalie\Application Data\dvdcss
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-04-13 19:18 52,480 ----a-w C:\WINDOWS\system32\drivers\i8042prt.sys
2008-04-13 19:17 83,072 ----a-w C:\WINDOWS\system32\drivers\wdmaud.sys
2008-04-13 19:17 456,576 ----a-w C:\WINDOWS\system32\drivers\mrxsmb.sys
2008-04-13 19:17 105,344 ----a-w C:\WINDOWS\system32\drivers\mup.sys
2008-04-13 19:16 49,536 ----a-w C:\WINDOWS\system32\drivers\classpnp.sys
2008-04-13 19:16 141,056 ----a-w C:\WINDOWS\system32\drivers\ks.sys
2008-04-13 19:15 64,512 ----a-w C:\WINDOWS\system32\drivers\serial.sys
2008-04-13 19:15 60,800 ----a-w C:\WINDOWS\system32\drivers\sysaudio.sys
2008-04-13 19:15 574,976 ----a-w C:\WINDOWS\system32\drivers\ntfs.sys
2008-04-13 19:15 334,848 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-04-13 19:14 63,744 ----a-w C:\WINDOWS\system32\drivers\cdfs.sys
2008-04-13 19:14 143,744 ----a-w C:\WINDOWS\system32\drivers\fastfat.sys
2008-04-13 19:00 30,080 ----a-w C:\WINDOWS\system32\drivers\modem.sys
2008-04-13 19:00 225,664 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-04-13 19:00 19,072 ----a-w C:\WINDOWS\system32\drivers\tdi.sys
2008-04-13 18:57 41,472 ----a-w C:\WINDOWS\system32\drivers\raspppoe.sys
2008-04-13 18:57 40,576 ----a-w C:\WINDOWS\system32\drivers\ndproxy.sys
2008-04-13 18:57 34,560 ----a-w C:\WINDOWS\system32\drivers\wanarp.sys
2008-04-13 18:57 20,864 ----a-w C:\WINDOWS\system32\drivers\ipinip.sys
2008-04-13 18:57 152,832 ----a-w C:\WINDOWS\system32\drivers\ipnat.sys
2008-04-13 18:57 14,336 ----a-w C:\WINDOWS\system32\drivers\asyncmac.sys
2008-04-13 18:57 10,112 ----a-w C:\WINDOWS\system32\drivers\ndistapi.sys
2008-04-13 18:56 88,320 ----a-w C:\WINDOWS\system32\drivers\nwlnkipx.sys
2008-04-13 18:56 69,120 ----a-w C:\WINDOWS\system32\drivers\psched.sys
2008-04-13 18:56 35,072 ----a-w C:\WINDOWS\system32\drivers\msgpc.sys
2008-04-13 18:56 34,688 ----a-w C:\WINDOWS\system32\drivers\netbios.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismpx.sys
2008-04-13 18:56 30,592 ----a-w C:\WINDOWS\system32\drivers\rndismp.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023x.sys
2008-04-13 18:56 12,800 ----a-w C:\WINDOWS\system32\drivers\usb8023.sys
2008-04-13 18:56 12,288 ----a-w C:\WINDOWS\system32\drivers\tunmp.sys
2008-04-13 18:55 202,624 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-04-13 18:55 14,592 ----a-w C:\WINDOWS\system32\drivers\ndisuio.sys
2008-04-13 18:54 11,264 ----a-w C:\WINDOWS\system32\drivers\irenum.sys
2008-04-13 18:53 71,552 ----a-w C:\WINDOWS\system32\drivers\bridge.sys
2008-04-13 18:53 40,320 ----a-w C:\WINDOWS\system32\drivers\nmnt.sys
2008-04-13 18:53 36,608 ----a-w C:\WINDOWS\system32\drivers\ip6fw.sys
2008-04-13 18:53 264,832 ----a-w C:\WINDOWS\system32\drivers\http.sys
2008-04-13 18:51 61,824 ----a-w C:\WINDOWS\system32\drivers\nic1394.sys
2008-04-13 18:51 60,800 ----a-w C:\WINDOWS\system32\drivers\arp1394.sys
2008-04-13 18:51 59,904 ----a-w C:\WINDOWS\system32\drivers\atmarpc.sys
2005-06-22 05:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-03_17.43.24.90 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-03 15:38:18 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-04 16:29:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 1997-01-16 00:00:00 71,680 ----a-w C:\WINDOWS\ST5UNST.EXE
+ 1997-01-16 00:00:00 29,696 ----a-w C:\WINDOWS\system32\VB5StKit.dll
+ 2008-06-04 16:30:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ca4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
2008-05-28 15:28 2050816 --a------ C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-28 15:28 2050816]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-05-28 15:28 2050816]
[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 01:12 1695232]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"SsAAD.exe"="C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe" [2006-11-02 14:43 472632]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Net-It Launcher"="C:\WINDOWS\System32\NILaunch.exe" [1998-02-05 20:16 24576]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 11:29 40960]
"SoundMan"="SOUNDMAN.EXE" [2006-03-02 07:22 577536 C:\WINDOWS\soundman.exe]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"MessengerPlus3"="C:\Program Files\MessengerPlus! 3\MsgPlus.exe" [2006-06-20 11:10 190024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"type32"="C:\Program Files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 10:46 196608]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-03-24 00:26 217088]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 23:32 53248]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 16:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 10:25 1828136]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2007-04-23 12:23 1032640]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-28 15:28 1177368]
"COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-05-31 16:05 1655552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"@"="" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 01:12 15360]
C:\Documents and Settings\Natalie\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [3/16/2005 7:16:50 PM 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [3/5/2006 4:43:54 AM 11000]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/2/2008 7:07:56 PM 125624]
VTAgentReboot.exe [10/7/2001 8:11:30 PM 143360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher 2.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher 2.lnk
backup=C:\WINDOWS\pss\Exif Launcher 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus Organizer EasyClip.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus Organizer EasyClip.lnk
backup=C:\WINDOWS\pss\Lotus Organizer EasyClip.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus QuickStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk
backup=C:\WINDOWS\pss\Lotus QuickStart.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SmartCenter.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus SmartCenter.lnk
backup=C:\WINDOWS\pss\Lotus SmartCenter.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Lotus SuiteStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus SuiteStart.lnk
backup=C:\WINDOWS\pss\Lotus SuiteStart.lnkCommon Startup
C:\WINDOWS\scvhost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a------ 2006-09-28 20:21 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-09-14 21:09 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\icq lite]
C:\WINDOWS\scvhost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
C:\WINDOWS\scvhost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Natalie\\My Documents\\utorrent.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Games\\C&C3\\RetailExe\\1.4\\cnc3game.dat"=
"C:\\Documents and Settings\\Robert\\Desktop\\vbalink180b0\\VisualBoyAdvance.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVAnts\\Tvants.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Zattoo\\zattood.exe"=
"C:\\Program Files\\Zattoo\\Zattoo2.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"80:TCP"= 80:TCP:80
"443:TCP"= 443:TCP:443
"5223:TCP"= 5223:TCP:5223
"3478:UDP"= 3478:UDP:3478
"3479:UDP"= 3479:UDP:3479
"3658:UDP"= 3658:UDP:3658
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-28 15:28]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-05-29 10:02]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-05-29 10:02]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-28 15:28]
R3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
R3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;C:\WINDOWS\system32\drivers\libusb0.sys [2005-03-09 20:50]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\O]
\Shell\AutoRun\command - O:\Play.EXE
\Shell\install\command - INSTALL\_SETUP.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a14fc7be-7717-11db-bc18-0004e25c0f3a}]
\Shell\AutoRun\command - L:\autorun6e.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{affac31a-ca70-11db-bd53-0004e25c0f3a}]
\Shell\AutoRun\command - L:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1efeccc-0302-11dc-be2a-0004e25c0f3a}]
\Shell\AutoRun\command - L:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-26 19:45:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-04 18:32:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-04 18:39:45
ComboFix-quarantined-files.txt 2008-06-04 17:39:38
ComboFix2.txt 2008-06-03 20:28:14
ComboFix3.txt 2008-06-03 16:44:01
Pre-Run: 61,466,058,752 bytes free
Post-Run: 61,539,528,704 bytes free
359 --- E O F --- 2008-05-28 08:42:27