ComboFix 08-12-21.04 - b 2008-12-25 18:08:19.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1583 [GMT 1:00]
Running from: c:\documents and settings\b\Desktop\123.exe
Command switches used :: c:\documents and settings\b\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
c:\docume~1\b\Cookies\b@888[2].txt
c:\docume~1\b\Cookies\b@888[3].txt
c:\docume~1\b\Cookies\b@inside.3wplayer[2].txt
c:\docume~1\b\Cookies\b@www.lop[1].txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ALLUSE~1\STARTM~1\Programs\3wPlayer
c:\docume~1\ALLUSE~1\STARTM~1\Programs\3wPlayer\3wPlayer.lnk
c:\docume~1\ALLUSE~1\STARTM~1\Programs\3wPlayer\Uninstall 3wPlayer.lnk
c:\docume~1\b\Cookies\b@888[2].txt
c:\docume~1\b\Cookies\b@888[3].txt
c:\docume~1\b\Cookies\b@inside.3wplayer[2].txt
c:\docume~1\b\Cookies\b@www.lop[1].txt
c:\docume~1\b\STARTM~1\Programs\Spyware Guard 2008
c:\docume~1\b\STARTM~1\Programs\Spyware Guard 2008\Spyware Guard 2008.lnk
c:\docume~1\b\STARTM~1\Programs\Spyware Guard 2008\Uninstall.lnk
c:\documents and settings\All Users\Application Data\heart nurb web part
c:\documents and settings\All Users\Application Data\part dead amok eggs
c:\documents and settings\All Users\Application Data\Winferno
c:\documents and settings\b\Application Data\Spam proxy settings
c:\documents and settings\b\Application Data\Spam proxy settings\0
c:\documents and settings\b\Application Data\Spam proxy settings\fiterfif.exe
c:\documents and settings\b\Application Data\Spam proxy settings\mgyfithi.exe
c:\documents and settings\b\Application Data\Spam proxy settings\Savepolltick.exe
c:\documents and settings\b\Application Data\Spam proxy settings\wcipksik.exe
c:\program files\3wPlayer
c:\program files\3wPlayer\3wPlayer.exe
c:\program files\3wPlayer\settings.ini
c:\program files\3wPlayer\settings.stp
c:\program files\3wPlayer\SkinCrafterDll.dll
c:\program files\3wPlayer\skins\Stylish.skf
c:\program files\3wPlayer\test.gif
c:\program files\3wPlayer\Thumbs.db
c:\program files\3wPlayer\unins000.dat
c:\program files\3wPlayer\unins000.exe
c:\program files\Spam proxy settings
c:\program files\WinSpyKiller
c:\program files\WinSpyKiller\WinSpyKiller.lic
c:\program files\WinSpyKiller\WinSpyKiller0.wk
c:\program files\WinSpyKiller\WinSpyKiller1.wk
c:\windows\system32\Dvbpws.dll
.
((((((((((((((((((((((((( Files Created from 2008-11-25 to 2008-12-25 )))))))))))))))))))))))))))))))
.
2008-12-25 13:39 . 2008-12-25 13:42 <DIR> d-------- C:\Lop SD
2008-12-17 21:46 . 2008-12-19 13:27 <DIR> d-------- C:\flashhh
2008-12-17 18:59 . 2008-12-17 18:59 <DIR> d-------- c:\windows\SHELLNEW
2008-12-17 18:59 . 2008-12-17 18:59 <DIR> d-------- c:\program files\Microsoft.NET
2008-12-17 18:59 . 2008-12-17 18:59 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-12-17 17:57 . 2008-12-17 17:57 <DIR> dr-h----- c:\documents and settings\b\Application Data\SecuROM
2008-12-17 17:56 . 2008-12-17 17:56 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-12-17 17:43 . 2008-12-17 17:43 <DIR> d-------- C:\ProgramData
2008-12-17 17:43 . 2008-12-17 17:43 5,346 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-12-14 22:13 . 2008-12-14 22:13 <DIR> d-------- c:\program files\Imagenomic
2008-12-07 12:47 . 2008-12-11 18:54 <DIR> d-------- C:\100CANON
2008-12-05 20:26 . 2008-12-05 20:26 <DIR> d-------- c:\program files\Adobe Media Player
2008-12-05 20:25 . 2008-12-05 20:25 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-05 19:28 . 2008-12-05 22:40 <DIR> d-------- C:\WinFast WorkArea
2008-12-05 18:56 . 2008-12-05 19:46 <DIR> d-------- C:\Adobe CS4
2008-12-05 14:34 . 2008-12-05 14:59 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-05 14:32 . 2008-12-05 14:32 <DIR> d-------- c:\program files\Topaz Labs
2008-12-03 22:35 . 2005-10-17 17:15 2,605,056 --a------ c:\windows\system32\BCGCBPRO800u.dll
2008-12-03 22:35 . 2005-10-17 17:07 2,600,960 --a------ c:\windows\system32\BCGCBPRO800.dll
2008-12-03 22:35 . 2004-07-26 17:16 1,568,768 --a------ c:\windows\system32\imagX7.dll
2008-12-03 22:35 . 2004-07-26 17:16 476,320 --a------ c:\windows\system32\imagXpr7.dll
2008-12-03 22:35 . 2004-07-26 17:16 471,040 --a------ c:\windows\system32\imagXRA7.dll
2008-12-03 22:35 . 2004-07-09 09:43 364,544 --a------ c:\windows\system32\TwnLib4.dll
2008-12-03 22:35 . 2004-07-26 17:16 262,144 --a------ c:\windows\system32\imagXR7.dll
2008-12-03 22:35 . 2005-12-23 17:50 32,768 --a------ c:\windows\system32\BCGPOleAcc.dll
2008-12-02 18:06 . 2008-12-13 23:07 <DIR> d-------- C:\srdjannnnnnnnnnnnnnnnnnnnnnnnnnnnnn
2008-11-30 18:00 . 2008-11-30 18:00 <DIR> d-------- c:\program files\QT Lite
2008-11-30 18:00 . 2008-11-30 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-11-30 18:00 . 2008-09-06 15:09 90,112 --a------ c:\windows\system32\QuickTimeVR.qtx
2008-11-30 18:00 . 2008-09-06 15:09 57,344 --a------ c:\windows\system32\QuickTime.qts
2008-11-25 15:36 . 2008-12-05 21:15 <DIR> d-------- C:\z
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-25 16:25 --------- d-----w c:\documents and settings\b\Application Data\WTablet
2008-12-25 01:46 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2008-12-24 12:22 --------- d-----w c:\program files\RapidTyping
2008-12-17 16:57 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-12-17 16:44 --------- d-----w c:\program files\Electronic Arts
2008-12-17 16:43 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-07 17:27 --------- d-----w c:\program files\Opera
2008-12-05 20:55 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-12-05 19:41 --------- d-----w c:\program files\Common Files\Adobe
2008-12-05 17:52 --------- d-----w c:\program files\THQ
2008-12-05 17:48 --------- d-----w c:\program files\The Witcher
2008-12-05 17:25 --------- d-----w c:\program files\ApexDC++_Gusari_XY6
2008-12-03 21:36 --------- d-----w c:\program files\Nero
2008-12-03 21:36 --------- d-----w c:\program files\Common Files\Ahead
2008-11-30 09:34 --------- d-----w c:\program files\Soulseek
2008-11-30 09:32 --------- d-----w c:\program files\Winamp
2008-11-30 09:32 --------- d-----w c:\program files\Dofus
2008-11-30 09:32 --------- d-----w c:\program files\DeskCall NG
2008-11-25 22:38 --------- d-----w c:\program files\BitComet
2008-11-22 23:01 --------- d-----w c:\program files\Valve
2008-11-22 17:43 102,400 ----a-w c:\windows\DUMP86d3.tmp
2008-11-16 21:53 --------- d-----w c:\program files\Bethesda Softworks
2008-11-16 21:53 --------- d-----w c:\documents and settings\All Users\Application Data\Fallout3
2008-11-16 21:52 --------- d-----w c:\program files\MSBuild
2008-11-16 21:50 --------- d-----w c:\program files\Reference Assemblies
2008-11-16 21:29 --------- d-----w c:\program files\DAEMON Tools Lite
2008-11-16 21:27 716,272 ----a-w c:\windows\system32\drivers\sptd.sys
2008-11-16 21:26 --------- d-----w c:\documents and settings\b\Application Data\DAEMON Tools
2008-11-14 18:31 --------- d-----w c:\documents and settings\b\Application Data\ATI
2008-11-14 18:31 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-14 18:27 --------- d-----w c:\program files\ATI Technologies
2008-11-14 18:24 --------- d-----w c:\program files\Common Files\ATI Technologies
2008-11-14 17:15 --------- d-----w c:\program files\ATI Multimedia
2008-03-24 09:25 18,424 ----a-w c:\documents and settings\b\Application Data\GDIPFONTCACHEV1.DAT
2008-02-03 19:13 22,328 ----a-w c:\documents and settings\b\Application Data\PnkBstrK.sys
2006-06-23 06:48 32,768 ----a-r c:\windows\inf\UpdateUSB.exe
2008-03-04 22:22 56 --sh--r c:\windows\system32\11709D372B.sys
2008-03-04 22:22 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-02-14 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-08-08 949376]
"BigDog303"="c:\windows\VM303_STI.EXE" [2005-10-25 61440]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-07-16 61440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE" [2008-08-15 378224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-02-01 8699904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"VIDC.AP41"= APmpg4v1.dll
"vidc.DIV3"= divxc32.dll
"VIDC.DIV4"= divxc32f.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.MJPG"= pvmjpg21.dll
"vidc.DIV2"= divxc32.dll
"msacm.divxa32"= msaud32_divx.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=c:\windows\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
backup=c:\windows\pss\GammaTray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NCProTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NCProTray.lnk
backup=c:\windows\pss\NCProTray.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 22:46 624248 c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
--a------ 2007-02-28 23:06 2321600 c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeathAdder]
--a------ 2006-12-06 21:30 159744 c:\program files\Razer\DeathAdder\razerhid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 00:06 1667584 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung Common SM]
--------- 2005-07-03 08:20 372736 c:\windows\Samsung\ComSMMgr\SSMMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-07-02 16:10 23237416 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
-ra------ 2005-10-26 16:17 159744 c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--------- 2006-07-13 06:12 729088 c:\program files\Analog Devices\SoundMAX\SMax4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
-ra------ 2006-12-18 20:34 868352 c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2008-07-16 16:57 61440 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-02-11 12:11 1266936 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 c:\program files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sunkist2k]
--a------ 2005-05-18 14:29 131072 c:\program files\Multimedia Card Reader\shwicon2k.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tarantula]
--a------ 2006-09-30 14:48 176128 c:\program files\Razer\Tarantula\razerhid.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule]
--a------ 2007-02-12 16:22 397312 c:\program files\WinFast\WFDTV\WFWIZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV]
--a------ 2007-02-12 18:16 69632 c:\program files\WinFast\WFDTV\DTVSchdl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Half Life 2\\root\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\Games\\GamerX\\HL2\\hl2.exe"=
"c:\\Program Files\\TrillianAstra\\trillian.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Opera\\Opera.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Fusion\\eyeonScript.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23388:TCP"= 23388:TCP:BitCometBeta 23388 TCP
"23388:UDP"= 23388:UDP:BitCometBeta 23388 UDP
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
R1 BIOS;BIOS;\??\c:\windows\system32\drivers\BIOS.sys [2008-02-29 13696]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2007-08-08 15424]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-11-14 93696]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"c:\program files\MSN Messenger\usnsvc.exe" [2007-01-19 97136]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;"c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe" -win32service [2008-08-15 284016]
S3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-10-12 22144]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM);c:\windows\system32\DRIVERS\SE2Ebus.sys [2007-10-30 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter;c:\windows\system32\DRIVERS\SE2Emdfl.sys [2007-10-30 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver;c:\windows\system32\DRIVERS\SE2Emdm.sys [2007-10-30 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\SE2Emgmt.sys [2007-10-30 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS);c:\windows\system32\DRIVERS\se2End5.sys [2007-10-30 18704]
S3 SE2Eobex;Sony Ericsson Device 046 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\SE2Eobex.sys [2007-10-30 86560]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM);c:\windows\system32\DRIVERS\se2Eunic.sys [2007-10-30 90800]
S3 TarFltr;Razer Tarantula USB Keyboard;c:\windows\system32\Drivers\UsbFltr.sys [2007-10-12 44800]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys []
S3 WFIOCTL;WFIOCTL;\??\c:\program files\WinFast\WFDTV\WFIOCTL.SYS [2007-11-22 9446]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{091fa559-ae08-11dc-8d84-001bfc6f11b8}]
\Shell\AutoRun\command - L:\autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dfcc45cc-133b-11dd-8e6b-ad26502480a4}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
FF - ProfilePath - c:\documents and settings\b\Application Data\Mozilla\Firefox\Profiles\aqmzz32l.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dizajnzona.com/forums/index.php?s=f9a25e7700c540583fd62500f34bc49a&showforum=32
FF - plugin: c:\program files\Google\Google Updater\2.4.1399.3742\npCIDetect13.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-25 18:09:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog303 = c:\windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'lsass.exe'(756)
c:\windows\system32\imon.dll
.
Completion time: 2008-12-25 18:10:28
ComboFix-quarantined-files.txt 2008-12-25 17:09:50
ComboFix2.txt 2008-12-25 01:52:26
ComboFix3.txt 2008-12-23 14:00:31
Pre-Run: 34.934.071.296 bytes free
Post-Run: 34,916,343,808 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
316
|