| please check this ... & reply ...
ComboFix 08-04-03.2 - Administrator 2008-04-10 6:57:03.2 - [color=red][b]FAT32[/b][/color]x86
Running from: E:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((( Files Created from 2008-03-10 to 2008-04-10 )))))))))))))))))))))))))))))))
.
2008-04-09 05:01 . 2008-04-09 05:01 <DIR> d-------- E:\Program Files\Malwarebytes' Anti-Malware
2008-04-09 05:01 . 2008-04-09 05:01 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-09 05:01 . 2008-04-09 05:01 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-04-09 00:51 . 2008-04-09 00:51 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\MyStartButton
2008-04-09 00:50 . 2008-04-09 00:50 <DIR> d-------- E:\Program Files\EKOSSoft
2008-04-08 16:58 . 2008-04-08 16:58 <DIR> d-------- E:\Program Files\Safari
2008-04-08 16:54 . 2008-04-10 06:53 54,156 --ah----- E:\WINDOWS\QTFont.qfn
2008-04-08 16:54 . 2008-04-08 16:55 1,409 --a------ E:\WINDOWS\QTFont.for
2008-04-08 16:53 . 2008-04-08 16:53 <DIR> d-------- E:\Program Files\iPod
2008-04-08 16:52 . 2008-04-08 16:52 <DIR> d-------- E:\Program Files\iTunes
2008-04-08 16:51 . 2008-04-08 16:51 <DIR> d-------- E:\Program Files\Common Files\Apple
2008-04-08 16:39 . 2008-04-08 16:39 <DIR> d-------- E:\Program Files\QuickTime
2008-04-08 16:38 . 2008-04-08 16:38 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-08 11:49 . 2008-04-08 11:49 5,074 --a------ E:\ComboFix.rar
2008-04-07 11:40 . 2008-04-07 11:40 <DIR> d--hs---- E:\FOUND.002
2008-04-06 15:00 . 2008-04-06 15:00 <DIR> d--hs---- E:\WINDOWS\ftpcache
2008-04-06 14:54 . 2008-04-06 14:54 <DIR> d-------- E:\Program Files\Pixwares
2008-04-06 14:54 . 2008-04-06 14:55 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Pixwares
2008-04-06 14:28 . 2008-04-06 14:28 <DIR> d--hs---- E:\FOUND.001
2008-04-04 00:09 . 2008-04-04 00:09 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-03 22:46 . 2008-04-03 22:46 1,131 --a------ E:\http___storage_conduit_com_72_44_CT441572_Messages_xml97456_xml.xml
2008-04-03 22:46 . 2008-04-03 22:46 645 --a------ E:\http___storage_conduit_com_72_44_CT441572_Messages_xml97456_xml_structured.xml
2008-04-03 14:44 . 2008-04-03 14:44 <DIR> d-------- E:\Documents and Settings\LocalService\Application Data\AVG7
2008-04-03 14:43 . 2008-04-03 14:43 <DIR> d-------- E:\Program Files\MobiMB Mobile Media Browser
2008-04-03 13:10 . 2008-04-03 13:10 <DIR> d-------- E:\WINDOWS\system32\NtmsData
2008-04-03 13:02 . 2008-04-03 13:02 <DIR> d--h----- E:\WINDOWS\system32\GroupPolicy
2008-04-03 12:23 . 2008-04-03 12:23 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\AVG7
2008-04-03 12:23 . 2008-04-03 12:23 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\AVG7
2008-04-03 12:06 . 2008-04-03 12:06 <DIR> d--hs---- E:\FOUND.000
2008-04-02 00:11 . 2008-02-25 08:13 <DIR> d-------- E:\Program Files\China Mobile Hardware v1.1
2008-04-01 22:45 . 2008-04-01 22:45 <DIR> d-------- E:\Program Files\Gsmminds_Tool_Bar_By_Azampk
2008-03-30 13:42 . 2008-03-30 13:42 <DIR> d-------- E:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-29 22:22 . 2008-03-29 22:22 <DIR> d-------- E:\Program Files\Everstrike Software
2008-03-29 22:22 . 2008-03-29 22:22 <DIR> d-------- E:\Program Files\Common Files\Everstrike Software
2008-03-29 11:59 . 2007-07-30 19:19 271,224 --a------ E:\WINDOWS\system32\mucltui.dll
2008-03-29 11:59 . 2007-07-30 19:19 207,736 --a------ E:\WINDOWS\system32\muweb.dll
2008-03-29 11:59 . 2007-07-30 19:19 30,072 --a------ E:\WINDOWS\system32\mucltui.dll.mui
2008-03-29 00:39 . 2007-10-17 13:53 43,816 --a------ E:\WINDOWS\system32\drivers\fssfltr.sys
2008-03-29 00:37 . 2008-03-29 00:37 <DIR> d-------- E:\Program Files\Windows Live Favorites
2008-03-29 00:27 . 2006-11-29 13:06 3,426,072 --a------ E:\WINDOWS\system32\d3dx9_32.dll
2008-03-29 00:24 . 2008-03-29 00:24 <DIR> d-------- E:\Program Files\Microsoft SQL Server Compact Edition
2008-03-29 00:11 . 2008-03-29 00:11 <DIR> d-------- E:\Program Files\Windows Live
2008-03-29 00:11 . 2008-03-29 00:11 <DIR> d--hs---- E:\Program Files\Common Files\WindowsLiveInstaller
2008-03-29 00:10 . 2008-03-29 00:10 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-28 23:37 . 2008-03-28 23:37 90,112 --a------ E:\WINDOWS\system32\QuickTimeVR.qtx
2008-03-28 23:37 . 2008-03-28 23:37 57,344 --a------ E:\WINDOWS\system32\QuickTime.qts
2008-03-24 22:29 . 2004-04-05 22:37 47,393 --------- E:\WINDOWS\NuNinst.cfg
2008-03-24 22:28 . 2008-03-24 22:28 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Ahead
2008-03-24 22:05 . 2001-07-06 18:11 569,344 -ra------ E:\WINDOWS\system32\imagr5.dll
2008-03-24 22:05 . 2001-07-06 16:14 544,768 -ra------ E:\WINDOWS\system32\imagx5.dll
2008-03-24 22:05 . 2001-07-06 21:54 283,920 -ra------ E:\WINDOWS\system32\ImagXpr5.dll
2008-03-24 18:59 . 2008-03-24 18:59 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\InstallShield
2008-03-23 20:26 . 2008-03-23 20:26 <DIR> d-------- E:\Game
2008-03-23 17:17 . 2003-01-30 06:04 1,500,160 --a------ E:\WINDOWS\system32\cc3260mt.dll
2008-03-23 17:17 . 2004-08-18 12:34 442,368 --a------ E:\WINDOWS\system32\vp6vfw.dll
2008-03-23 17:17 . 2004-08-06 13:49 265,785 --a------ E:\WINDOWS\system32\pixomatic.dll
2008-03-23 17:17 . 2004-01-06 10:43 188,416 --a------ E:\WINDOWS\system32\eax.dll
2008-03-23 17:17 . 2004-10-18 14:04 161,280 --a------ E:\WINDOWS\system32\fmod.dll
2008-03-23 17:17 . 2002-02-01 07:00 22,016 --a------ E:\WINDOWS\system32\borlndmm.dll
2008-03-21 21:26 . 2008-03-21 21:26 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Kingston
2008-03-20 20:12 . 2008-03-20 20:12 <DIR> d-------- E:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-03-20 20:07 . 2008-03-20 20:07 <DIR> d-------- E:\Program Files\Apple Software Update
2008-03-20 20:07 . 2008-03-20 20:07 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Apple
2008-03-17 11:21 . 2007-02-22 10:15 137,216 --a------ E:\WINDOWS\system32\drivers\nmwcd.sys
2008-03-17 11:21 . 2007-02-22 10:15 65,536 --a------ E:\WINDOWS\system32\nmwcdcocls.dll
2008-03-17 11:21 . 2007-02-22 10:15 12,288 --a------ E:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-03-17 11:21 . 2007-02-22 10:15 8,320 --a------ E:\WINDOWS\system32\drivers\nmwcdc.sys
2008-03-17 10:18 . 2008-03-17 10:18 <DIR> d-------- E:\Program Files\backupdrivers
2008-03-17 10:18 . 2008-03-17 10:18 21,888 --a------ E:\WINDOWS\system32\drivers\eps2kt1.sys
2008-03-17 10:18 . 2008-03-17 10:18 12,800 --a------ E:\WINDOWS\system32\drivers\smccard.sys
2008-03-17 10:18 . 2008-03-17 10:18 4,608 --a------ E:\WINDOWS\system32\R5CoInst.dll
2008-03-17 10:17 . 2008-03-17 10:17 <DIR> d-------- E:\Program Files\Software Installation Information
2008-03-17 10:17 . 2008-03-17 10:17 23,312 --a------ E:\WINDOWS\system32\_shfoldr.dll
2008-03-17 10:13 . 2007-10-06 11:36 47,744 --a------ E:\WINDOWS\system32\drivers\vserial.sys
2008-03-17 10:13 . 2007-10-06 11:35 15,264 --a------ E:\WINDOWS\system32\drivers\vsb.sys
2008-03-12 20:01 . 2008-03-12 20:01 <DIR> d-------- E:\Program Files\YahooFriend
2008-03-11 22:04 . 2008-03-11 22:04 <DIR> d-------- E:\Program Files\Cable Finder
2008-03-11 22:04 . 2000-07-15 00:00 101,888 --a------ E:\WINDOWS\system32\VB6STKIT.DLL
2008-03-11 19:24 . 2008-03-11 19:24 38 --a------ E:\WINDOWS\SYMGAMES.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-10 00:12 81,920 ----a-w E:\WINDOWS\system32\UFS2XX.DLL
2008-04-10 00:12 34,639 ----a-w E:\WINDOWS\system32\drivers\UFS2XX.SYS
2008-04-09 04:58 32 --sha-w E:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-09 04:58 32 --sha-w E:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-09 04:58 32 --sha-w E:\WINDOWS\system32\drivers\fidbox.idx
2008-04-09 04:58 32 --sha-w E:\WINDOWS\system32\drivers\fidbox.dat
2008-03-09 11:09 --------- d-----w E:\Program Files\Mayoko
2008-03-08 13:34 --------- d-----w E:\Program Files\Windows Media Connect 2
2008-03-03 11:52 33,824 ----a-w E:\WINDOWS\system32\drivers\oreans32.sys
2008-03-03 11:51 --------- d-----w E:\Documents and Settings\All Users\Application Data\TEMP
2008-03-02 09:13 --------- d-----w E:\Program Files\WIDCOMM
2008-02-24 15:47 --------- d-----w E:\Program Files\Rockstar Games
2008-02-22 09:07 91,700 ----a-w E:\WINDOWS\system32\drivers\klin.dat
2008-02-22 09:07 85,860 ----a-w E:\WINDOWS\system32\drivers\klick.dat
2008-02-22 08:06 --------- d-----w E:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-20 14:07 --------- d-----w E:\Program Files\Cruiser Suite
2008-02-20 10:45 11,752,533 ----a-w E:\Program Files\Zuma Deluxe.rar
2008-02-18 11:46 --------- d-----w E:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-02-18 11:46 --------- d-----w E:\Documents and Settings\LocalService\Application Data\MEGAUPLOADTOOLBAR
2008-02-18 11:46 --------- d-----w E:\Documents and Settings\LocalService\Application Data\ICQ Toolbar
2008-02-12 13:12 --------- d-----w E:\Program Files\s'e jumpert
2008-02-10 07:09 2,071,667 ----a-w E:\Program Files\GSM Tricks.rar
2008-02-01 05:41 586,240 ----a-w E:\WINDOWS\WLXPGSS.SCR
2008-01-29 06:32 107,368 ----a-w E:\WINDOWS\system32\GEARAspi.dll
2008-01-11 05:53 44,544 ------w E:\WINDOWS\system32\dllcache\pngfilt.dll
2007-03-13 10:43 2,397 ----a-w E:\Program Files\SWI.XML
2007-03-12 11:08 176 ----a-w E:\Documents and Settings\Program Files\license.dat
2007-02-27 12:55 94,208 ----a-w E:\Documents and Settings\Program Files\Setup.exe
2005-10-13 15:57 422,400 --sha-r E:\WINDOWS\x2.64.exe
2005-05-13 11:42 217,073 --sha-r E:\WINDOWS\meta4.exe
2005-10-24 05:43 66,560 --sha-r E:\WINDOWS\MOTA113.exe
2005-06-26 10:02 616,448 --sha-r E:\WINDOWS\system32\cygwin1.dll
2005-06-21 17:07 45,568 --sha-r E:\WINDOWS\system32\cygz.dll
2005-10-07 13:44 308,224 --sha-r E:\WINDOWS\system32\avisynth.dll
2004-01-24 18:30 70,656 --sha-r E:\WINDOWS\system32\i420vfw.dll
2004-01-24 18:30 70,656 --sha-r E:\WINDOWS\system32\yv12vfw.dll
2005-02-28 07:46 240,128 --sha-r E:\WINDOWS\system32\x.264.exe
2005-07-14 07:01 27,648 --sha-r E:\WINDOWS\system32\AVSredirect.dll
2006-04-27 04:54 2,945,024 --sha-r E:\WINDOWS\system32\Smab.dll
.
((((((((((((((((((((((((((((( snapshot@2008-04-04_ 0.02.03.09 ))))))))))))))))))))))))))))))))))))))))) . + 2008-04-08 11:25:00 102,400 ----a-r E:\WINDOWS\Installer\{585776BC-4BD6-4BD2-A19A-1D6CB44A403B}\iTunesIco.exe + 2008-04-08 11:28:58 307,200 ----a-r E:\WINDOWS\Installer\{F0E8F94D-6E68-4B35-92DF-3AA6DC6A6768}\SafariIco.exe - 2008-04-03 08:23:20 16,384 ----a-w E:\WINDOWS\system32\config\systemprofile\Cookies\index.dat + 2008-04-08 05:50:46 16,384 ----a-w E:\WINDOWS\system32\config\systemprofile\Cookies\index.dat - 2008-04-03 08:23:20 32,768 ----a-w E:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-04-08 05:50:46 32,768 ----a-w E:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2008-04-03 08:23:20 32,768 ----a-w E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-04-08 05:50:46 32,768 ----a-w E:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-01-29 06:31:28 16,168 ----a-w E:\WINDOWS\system32\drivers\GEARAspiWDM.sys + 2008-02-18 05:46:24 30,464 ----a-w E:\WINDOWS\system32\DRVSTORE\usbaapl_4351B7DAFF62FD33510D77DFAE3CF8CC82517571\usbaapl.sys + 2005-09-07 19:11:54 31,452 ----a-w E:\WINDOWS\system32\ReinstallBackups\[u]0[/u]026\DriverFiles\mtbox.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ E:\Program Files\Windows Live\Family Safety\fssbho.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"Yahoo! Pager"="E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"MsnMsgr"="E:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"WinClock"="E:\Program Files\Pixwares\WinClock\winclock.exe" [2005-07-12 01:03 430080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20 227328]
"Cmaudio"="cmicnfg.cpl" []
"NeroFilterCheck"="E:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 15:20 155648]
"IgfxTray"="E:\WINDOWS\system32\igfxtray.exe" [2003-04-07 12:49 155648]
"HotKeysCmds"="E:\WINDOWS\system32\hkcmd.exe" [2003-04-07 12:37 114688]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 06:23 54784 E:\WINDOWS\SOUNDMAN.EXE]
"Adobe Reader Speed Launcher"="E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"AVP"="E:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-01-29 23:02 200768]
"fssui"="E:\Program Files\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"QuickTime Task"="E:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 15:58 1744896]
"swg"="E:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-01 12:34 171448]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"status"= present
[HKLM\~\startupfolder\E:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=E:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 E:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
-ra------ 2003-04-07 12:37 114688 E:\WINDOWS\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ Lite]
--a------ 2006-07-11 15:36 3144800 E:\Program Files\ICQLite\ICQLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
-ra------ 2003-04-07 12:49 155648 E:\WINDOWS\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MRT]
--a------ 2008-03-05 22:00 19148408 E:\WINDOWS\system32\MRT.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
E:\Program Files\MSN Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 15:20 155648 E:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2007-03-27 15:58 1744896 E:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 13:20 227328 E:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-07-02 17:10 23237416 E:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-04-25 06:23 54784 E:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TeamViewer"="E:\Program Files\TeamViewer\TeamViewer.exe" -servicehelper
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Messenger\\MSMSGS.EXE"=
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"E:\\Program Files\\ICQLite\\ICQLite.exe"=
"E:\\Program Files\\DynGate\\DynGate.exe"=
"E:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\ODIN\\DIET\\DietOdin.exe"=
"E:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"E:\\Program Files\\Skype\\Phone\\Skype.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"E:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"E:\\WINDOWS\\System32\\mmc.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4bb80810-757b-11dc-be8a-00e02010219f}]
\Shell\Auto\command - MicrosoftPowerPoint.exe
\Shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a4ffd00-4977-11dc-a889-00e02010219f}]
\Shell\Auto\command - O:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a6bf808-95b8-11dc-beef-001320251be1}]
\Shell\Auto\command - K:\MicrosoftPowerPoint.exe
\Shell\AutoRun\command - E:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c15552c9-f74f-11dc-8046-0080bd5e768c}]
\Shell\AutoRun\command - K:\DataTraveler101R.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-04 11:47:44 E:\WINDOWS\Tasks\1-Click Maintenance.job"
- E:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-04-08 10:55:04 E:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- E:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-10 01:10:04 E:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- E:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-04-10 07:20:01 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-10 7:21:43
ComboFix-quarantined-files.txt 2008-04-10 01:51:38
ComboFix2.txt 2008-04-03 18:34:56
Pre-Run: 3,609,477,120 bytes free
Post-Run: 3,560,308,736 bytes free
.
2008-03-30 08:12:50 --- E O F ---
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Malwarebytes' Anti-Malware 1.11
Database version: 603
Scan type: Full Scan (C:\|E:\|F:\|G:\|H:\|I:\|J:\|)
Objects scanned: 174087
Time elapsed: 5 hour(s), 14 minute(s), 41 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3e1500ac-87a5-416b-a211-82e848649da9} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e7467507-dd40-4123-be49-7b7df5db80c6} (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b8c5186e-ec37-4889-9c2e-f73649ffb7bb} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{b64f4a7c-97c9-11da-8bde-f66bad1e3f3a} (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\{02ffac45-0b10-5633-4296-1801f1a36678} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\{f710fa10-2031-3106-8872-93a2b5c5c620} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\{6780a29e-6a18-0c70-1dff-1610dde00108} (Trojan.Agent) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
E:\WINDOWS\system\ext32inc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\WINDOWS\wincom27.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
E:\Documents and Settings\All Users\Start Menu\Online Security Guide.url (Rogue.Link) -> Quarantined and deleted successfully.
E:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url (Rogue.Link) -> Quarantined and deleted successfully.
regards - n - thanks
sumit lama Post Edited (cellclinic) : 12-04-2008 15:45:59 GMT | 
)
|