combofix

ComboFix 10-03-17.07 - user 03/18/2010  15:30:18.5.1 - x86

Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.979.389 [GMT -7:00]

Running from: d:\user\Desktop\ComboFix.exe

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

 * Created a new restore point

.

 

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Guest\Application Data\logs.dat

c:\documents and settings\Guest\Application Data\SQLite3.dll

c:\windows\wpe pro.INI

 

.

(((((((((((((((((((((((((   Files Created from 2010-02-18 to 2010-03-18  )))))))))))))))))))))))))))))))

.

 

2010-03-17 03:59 . 2009-03-02 23:20     49904   ----a-r-        c:\windows\system32\drivers\BVRPMPR5.SYS

2010-03-17 03:58 . 2010-03-18 03:07     --------        d-----w-        C:\Netgear

2010-03-17 03:24 . 2001-08-17 20:48     12160   -c--a-w-        c:\windows\system32\dllcache\mouhid.sys

2010-03-17 03:24 . 2001-08-17 20:48     12160   ----a-w-        c:\windows\system32\drivers\mouhid.sys

2010-03-17 03:05 . 2010-03-17 03:05     --------        d-----w-        c:\documents and settings\All Users\Application Data\Office Genuine Advantage

2010-03-15 21:22 . 2010-03-15 21:22     --------        d-----w-        d:\user\Application Data\AVS4YOU

2010-03-15 21:21 . 2010-03-15 21:22     --------        d-----w-        c:\program files\Common Files\AVSMedia

2010-03-15 21:19 . 2008-08-13 17:22     24576   ----a-w-        c:\windows\system32\msxml3a.dll

2010-03-15 21:19 . 2010-03-15 22:04     --------        d-----w-        c:\program files\AVS4YOU

2010-03-15 21:19 . 2010-03-15 21:22     --------        d-----w-        c:\documents and settings\All Users\Application Data\AVS4YOU

2010-03-15 21:04 . 2010-03-15 21:04     --------        d-----w-        d:\user\dwhelper

2010-03-14 01:50 . 2010-03-14 01:50     --------        d-----w-        c:\documents and settings\LocalService\Application Data\McAfee

2010-03-13 00:18 . 2010-03-13 00:18     --------        d-----w-        c:\program files\Common Files\Java

2010-03-06 14:17 . 2010-03-06 14:17     --------        d-----w-        c:\program files\BaroufaSoft

2010-03-06 07:04 . 2010-03-06 07:04     --------        d-----w-        c:\program files\Lame for Audacity

2010-03-06 05:35 . 2010-03-06 05:35     --------        d-----w-        c:\documents and settings\All Users\Application Data\McAfee Security Scan

2010-03-06 05:35 . 2010-03-13 23:31     --------        d-----w-        c:\program files\McAfee Security Scan

2010-03-05 02:12 . 2010-03-05 02:12     --------        d-----w-        c:\program files\Outsim

2010-03-05 02:09 . 2010-03-05 02:31     --------        d-----w-        c:\program files\Image-Line

2010-03-03 05:33 . 2010-03-03 05:33     --------        d-----w-        c:\documents and settings\All Users\Application Data\Web Page Maker

2010-02-28 11:01 . 2010-03-06 00:21     --------        d-----w-        c:\program files\Cain

2010-02-25 09:15 . 2010-02-25 09:21     --------        d-----w-        C:\WOLF3D

2010-02-24 09:40 . 2010-02-24 09:40     --------        d-----w-        c:\program files\Download Manager

2010-02-24 09:39 . 2010-02-24 09:49     --------        d-----w-        d:\user\Application Data\IGN_DLM

2010-02-22 23:49 . 2010-02-22 23:49     26112   ----a-w-        c:\windows\system32\sysdiag64.exe

2010-02-21 04:56 . 2010-02-21 04:56     56      ---ha-w-        c:\windows\system32\ezsidmv.dat

2010-02-21 04:39 . 2010-03-18 22:28     --------        d-----w-        d:\user\Application Data\Skype

2010-02-21 04:38 . 2010-02-21 04:38     --------        d-----w-        c:\program files\Common Files\Skype

2010-02-21 04:38 . 2010-02-21 04:38     --------        d-----r-        c:\program files\Skype

2010-02-21 04:38 . 2010-02-21 04:38     --------        d-----w-        c:\documents and settings\All Users\Application Data\Skype

2010-02-18 09:12 . 2010-02-18 09:12     --------        d-----w-        c:\program files\Conduit

2010-02-18 09:12 . 2010-02-22 05:56     --------        d-----w-        d:\user\Local Settings\Application Data\Hotspot_Shield

2010-02-18 09:12 . 2010-02-21 05:01     --------        d-----w-        c:\program files\Hotspot_Shield

2010-02-18 09:11 . 2010-02-18 09:12     --------        d-----w-        C:\Hotspot Shield

2010-02-18 09:11 . 2010-02-18 09:12     --------        d-----w-        c:\program files\Hotspot Shield

2010-02-17 07:46 . 2010-02-17 07:46     --------        d-----w-        c:\windows\wb

2010-02-17 06:36 . 2010-02-18 10:57     --------        d-----w-        c:\program files\Magic Swf2Gif

 

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-03-18 22:28 . 2009-11-23 03:20     --------        d-----w-        d:\user\Application Data\uTorrent

2010-03-18 22:17 . 2010-02-10 03:35     --------        d-----w-        c:\program files\Common Files\Akamai

2010-03-18 22:13 . 2009-12-02 02:42     69      ----a-w-        d:\user\jagex_runescape_preferences2.dat

2010-03-18 22:07 . 2009-12-02 02:42     41      ----a-w-        d:\user\jagex_runescape_preferences.dat

2010-03-18 22:01 . 2009-09-02 14:18     --------        d-----w-        d:\user\Application Data\skypePM

2010-03-18 09:10 . 2009-09-01 21:23     --------        d-----w-        d:\user\Application Data\gtk-2.0

2010-03-17 03:05 . 2009-12-26 02:12     8192    ----a-w-        c:\documents and settings\Guest\Application Data\SYSTEMREV.exe

2010-03-13 13:06 . 2009-06-20 21:18     --------        d-----w-        c:\documents and settings\All Users\Application Data\Microsoft Help

2010-03-06 00:33 . 2010-03-06 00:33     --------        d-----w-        c:\program files\Toontrack

2010-03-06 00:33 . 2010-03-05 02:12     --------        d-----w-        c:\program files\VstPlugins

2010-03-06 00:30 . 2010-03-06 00:30     --------        d-----w-        c:\program files\DAEMON Tools Pro

2010-03-06 00:30 . 2010-03-06 00:30     --------        d-----w-        c:\documents and settings\All Users\Application Data\DAEMON Tools Pro

2010-03-06 00:21 . 2009-12-17 03:28     --------        d-----w-        c:\program files\uTorrent

2010-03-06 00:07 . 2009-06-20 19:17     104888  ----a-w-        d:\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-03-05 23:42 . 2010-03-05 23:42     --------        d-----w-        c:\program files\Audacity

2010-03-05 23:28 . 2010-01-12 08:41     --------        d-----w-        c:\program files\SwiftKit

2010-03-05 11:47 . 2010-03-05 11:47     --------        d-----w-        c:\program files\Guitar Pro 4 Demo

2010-03-05 05:19 . 2010-03-05 05:19     --------        d-----w-        d:\user\Application Data\SynthMaker

2010-03-05 02:42 . 2010-03-05 02:42     691696  ----a-w-        c:\windows\system32\drivers\sptd.sys

2010-03-05 02:42 . 2010-03-05 02:42     --------        d-----w-        c:\documents and settings\All Users\Application Data\DAEMON Tools Lite

2010-03-05 02:42 . 2010-03-05 02:42     --------        d-----w-        d:\user\Application Data\DAEMON Tools Lite

2010-03-05 02:13 . 2010-03-05 02:13     --------        d-----w-        c:\program files\ASIO4ALL v2

2010-03-03 05:33 . 2010-01-26 13:12     --------        d-----w-        c:\program files\Web Page Maker

2010-02-27 09:15 . 2009-05-27 14:47     86327   ----a-w-        c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-02-16 13:14 . 2009-12-13 10:23     --------        d-----w-        c:\documents and settings\support\Application Data\gtk-2.0

2010-02-16 12:02 . 2010-02-10 04:51     --------        d-----w-        c:\documents and settings\All Users\Application Data\FLEXnet

2010-02-15 19:37 . 2010-02-15 19:37     --------        d-----w-        c:\documents and settings\All Users\Application Data\Messenger Plus!

2010-02-15 19:33 . 2010-02-15 19:33     --------        d-----w-        c:\program files\Messenger Plus! Live

2010-02-11 23:36 . 2010-02-11 23:36     --------        d-----w-        c:\program files\Time Stopper

2010-02-11 02:40 . 2010-02-11 02:37     --------        d-----w-        c:\program files\ManyCam 2.4

2010-02-11 02:40 . 2010-02-11 02:37     --------        d-----w-        d:\user\Application Data\ManyCam

2010-02-10 04:46 . 2009-06-20 21:25     --------        d-----w-        c:\program files\Common Files\Adobe

2010-02-10 04:44 . 2010-02-10 04:44     --------        d-----w-        c:\program files\Adobe Media Player

2010-02-10 04:36 . 2010-02-10 04:36     --------        d-----w-        c:\program files\Common Files\Macrovision Shared

2010-02-08 22:24 . 2009-12-12 10:09     --------        d-----w-        c:\program files\Cheat Engine

2010-02-08 18:13 . 2010-01-26 13:12     --------        d-----w-        d:\user\Application Data\Web Page Maker

2010-01-31 16:03 . 2009-12-26 02:11     104504  ----a-w-        c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2010-01-30 12:50 . 2009-11-18 04:04     --------        d-----w-        d:\user\Application Data\TeamViewer

2010-01-28 10:40 . 2009-06-20 21:36     411368  ----a-w-        c:\windows\system32\deploytk.dll

2010-01-28 10:40 . 2009-06-20 21:36     --------        d-----w-        c:\program files\Java

2010-01-27 07:02 . 2009-12-12 08:17     42692   ----a-w-        c:\windows\nsreg.dat

2010-01-27 06:58 . 2010-01-27 06:58     --------        d-----w-        c:\program files\Netscape

2010-01-26 15:49 . 2010-01-26 15:49     --------        d-----w-        d:\user\Application Data\Movies Extractor Scout

2010-01-26 15:49 . 2010-01-26 15:49     --------        d-----w-        c:\program files\Bytescout Movies Extractor Scout

2010-01-26 15:46 . 2010-01-26 15:46     --------        d-----w-        c:\program files\Snosh

2010-01-26 12:47 . 2010-01-26 12:47     --------        d-----w-        c:\program files\FLV to AVI

2010-01-21 20:18 . 2010-01-21 20:18     --------        d-----w-        c:\documents and settings\All Users\Application Data\Mozilla Firefox

2010-01-18 19:09 . 2009-12-12 11:33     --------        d-----w-        c:\program files\Common Files\Blizzard Entertainment

2010-01-18 03:05 . 2009-12-24 02:41     --------        d-----w-        c:\program files\NCH Software

2010-01-18 03:03 . 2009-12-24 03:50     --------        d-----w-        c:\program files\NCH Swift Sound

2010-01-08 23:42 . 2010-01-08 23:42     37376   ----a-w-        c:\windows\system32\drivers\HssDrv.sys

2010-01-08 23:42 . 2010-01-08 23:42     32768   ----a-w-        c:\windows\system32\drivers\taphss.sys

2010-01-08 05:27 . 2010-01-07 03:46     69      ----a-w-        c:\documents and settings\support\jagex_runescape_preferences2.dat

2010-01-08 05:23 . 2010-01-07 03:46     39      ----a-w-        c:\documents and settings\support\jagex_runescape_preferences.dat

2009-12-31 16:50 . 2008-04-14 12:00     353792  ----a-w-        c:\windows\system32\drivers\srv.sys

2009-12-25 09:48 . 2009-12-25 09:48     180224  ----a-w-        c:\windows\system32\WinVd32.sys

2009-12-25 09:48 . 2009-12-25 09:48     7680    ----a-w-        c:\windows\system32\WinFLsrv.exe

2009-12-25 09:48 . 2009-12-25 09:48     17984   ----a-w-        c:\windows\system32\WinFLdrv.sys

2009-12-21 19:14 . 2008-04-14 12:00     916480  ------w-        c:\windows\system32\wininet.dll

2009-12-12 22:34 . 2009-12-12 22:34     506     ----a-w-        c:\program files\Shortcut to D2-1.12A-enUS.lnk

2005-05-22 15:00 . 2005-05-22 15:00     297472  --sh--r-        c:\windows\system32\Microsoft_Update7849343\windir_4798472.exe

.

 

(((((((((((((((((((((((((((((   SnapShot_2010-03-13_03.30.50   )))))))))))))))))))))))))))))))))))))))))

.

+ 2009-07-12 03:54 . 2009-07-12 03:54   65536              c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e79c4723\vcomp.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32   49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80KOR.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32   49152              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80JPN.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ITA.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80FRA.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32   61440              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ESP.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32   57344              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80ENU.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32   65536              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80DEU.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32   45056              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHT.dll

+ 2009-07-12 03:32 . 2009-07-12 03:32   40960              c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_0ccc058c\mfc80CHS.dll

+ 2009-07-12 08:07 . 2009-07-12 08:07   57856              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80u.dll

+ 2009-07-12 08:19 . 2009-07-12 08:19   69632              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfcm80.dll

+ 2010-03-18 22:16 . 2010-03-18 22:16   16384              c:\windows\Temp\Perflib_Perfdata_6d0.dat

+ 2010-03-18 22:16 . 2010-03-18 22:16   16384              c:\windows\Temp\Perflib_Perfdata_390.dat

- 2008-04-14 12:00 . 2010-03-13 03:19   92960              c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2010-03-18 22:22   92960              c:\windows\system32\perfc009.dat

- 2010-02-17 01:26 . 2010-03-12 23:49   32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-02-17 01:26 . 2010-03-18 22:05   32768              c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2009-05-27 14:52 . 2010-03-18 22:05   32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2009-05-27 14:52 . 2010-03-12 23:49   32768              c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2010-02-27 14:03 . 2010-03-12 23:49   32768              c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2010-03-13 04:08 . 2010-03-18 22:05   32768              c:\windows\system32\config\systemprofile\Cookies\index.dat

+ 2009-06-20 21:22 . 2010-03-13 13:06   35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   35088              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe

+ 2009-06-20 21:22 . 2010-03-13 13:06   18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   18704              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

+ 2009-06-20 21:22 . 2010-03-13 13:06   20240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe

- 2009-12-28 07:04 . 2010-03-13 03:03   49152              c:\windows\.jagex_cache_32\runescape\jagmisc.dll

+ 2009-12-28 07:04 . 2010-03-18 22:03   49152              c:\windows\.jagex_cache_32\runescape\jagmisc.dll

- 2009-12-28 07:04 . 2010-03-13 03:03   94208              c:\windows\.jagex_cache_32\runescape\jaggl.dll

+ 2009-12-28 07:04 . 2010-03-17 08:06   94208              c:\windows\.jagex_cache_32\runescape\jaggl.dll

+ 2009-07-12 08:12 . 2009-07-12 08:12   632656              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll

+ 2009-07-12 08:09 . 2009-07-12 08:09   554832              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll

+ 2009-07-12 08:08 . 2009-07-12 08:08   479232              c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll

+ 2008-04-14 12:00 . 2010-03-18 22:22   501140              c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2010-03-13 03:19   501140              c:\windows\system32\perfh009.dat

+ 2009-08-03 23:07 . 2009-08-03 23:07   230768              c:\windows\system32\OGAEXEC.exe

+ 2009-08-03 23:07 . 2009-08-03 23:07   403816              c:\windows\system32\OGACheckControl.dll

+ 2009-08-03 23:07 . 2009-08-03 23:07   322928              c:\windows\system32\OGAAddin.dll

+ 2010-03-15 21:56 . 2010-03-15 21:56   331264              c:\windows\Installer\ac378e6.msi

+ 2010-03-15 21:21 . 2010-03-15 21:21   424960              c:\windows\Installer\aa23de6.msi

+ 2010-03-13 13:07 . 2010-03-13 13:07   119296              c:\windows\Installer\1ab95c6.msi

+ 2009-06-20 21:22 . 2010-03-13 13:06   888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   888080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe

+ 2009-06-20 21:22 . 2010-03-13 13:06   272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   272648              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe

+ 2009-06-20 21:22 . 2010-03-13 13:06   922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   922384              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe

+ 2009-06-20 21:22 . 2010-03-13 13:06   845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   845584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2009-06-20 21:22 . 2010-03-13 13:06   217864              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe

+ 2009-06-20 21:22 . 2010-03-13 13:06   184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   184080              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2009-06-20 21:22 . 2010-03-13 13:06   159504              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe

+ 2010-02-16 06:31 . 2010-03-17 08:06   826368              c:\windows\.jagex_cache_32\runescape\sw3d.dll

+ 2009-07-12 03:46 . 2009-07-12 03:46   1093120              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80u.dll

+ 2009-07-12 03:46 . 2009-07-12 03:46   1105920              c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\mfc80.dll

+ 2010-02-05 01:24 . 2010-02-05 01:24   9122304              c:\windows\Installer\1ab95bf.msp

+ 2010-02-21 09:00 . 2010-02-21 09:00   8480768              c:\windows\Installer\1ab95a8.msp

+ 2010-02-04 08:59 . 2010-02-04 08:59   5031936              c:\windows\Installer\1ab9591.msp

- 2009-06-20 21:22 . 2010-02-10 11:02   1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-06-20 21:22 . 2010-03-13 13:06   1172240              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe

+ 2009-06-20 21:22 . 2010-03-13 13:06   1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

- 2009-06-20 21:22 . 2010-02-10 11:02   1165584              c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe

+ 2010-03-13 13:02 . 2010-03-02 05:30   31648712              c:\windows\system32\MRT.exe

.

-- Snapshot reset to current date --

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-02-21 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

2010-02-21 05:01        2349080 ----a-w-        c:\program files\Hotspot_Shield\tbHot1.dll

 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]

2010-02-18 09:11        220208  ----a-w-        c:\program files\Hotspot Shield\hssie\HssIE.dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-02-21 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"= "c:\program files\Hotspot_Shield\tbHot1.dll" [2010-02-21 2349080]

 

[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-02-15 3883856]

"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2009-05-28 380416]

"ManyCam"="c:\program files\ManyCam 2.4\ManyCam.exe" [2009-12-19 1824040]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

"igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-10-27 1103216]

"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-03-04 319280]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-12-18 427328]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-02-23 483420]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-12-16 729088]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-16 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-16 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-16 150040]

"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2008-01-31 143360]

"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-08-04 582992]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]

"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoWorkstation\TrueImageMonitor.exe" [2008-03-11 1274744]

"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoWorkstation\TimounterMonitor.exe" [2008-03-07 884696]

"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-03-07 136472]

"SystemREV"="c:\windows\system32\SYSTEMREV.exe" [2009-12-16 8192]

"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Matrix Screen Locker.lnk - c:\program files\BaroufaSoft\Matrix Screen Locker\matrix.exe [2006-1-29 539136]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKLM\~\startupfolder\D:^user^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

path=d:\user\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

c:\windows\system32\dumprep 0 -k [X]

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2009-02-28 00:10        35696   ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnamon]

2008-06-24 21:21        16624   ----a-w-        c:\program files\Dell V105\dldnamon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dldnmon.exe]

2008-06-24 21:21        668912  ----a-w-        c:\program files\Dell V105\dldnmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 18:44        31072   ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]

2005-05-22 15:00        297472  --sh--r-        c:\windows\system32\Microsoft_Update7849343\windir_4798472.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]

2005-05-22 15:00        297472  --sh--r-        c:\windows\system32\Microsoft_Update7849343\windir_4798472.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2009-04-02 23:11        342312  ----a-w-        c:\program files\iTunes\iTunesHelper.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Livestream Procaster]

2009-10-29 01:26        6456608 ----a-w-        c:\program files\Livestream Procaster\Procaster.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]

2007-04-30 15:19        20480   ----a-w-        c:\program files\Lexmark 2500 Series\lxddamon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]

2007-06-12 02:27        291760  ----a-w-        c:\program files\Lexmark 2500 Series\lxddmon.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2009-01-05 23:18        413696  ----a-w-        c:\program files\QuickTime\QTTask.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-06-20 21:51        198160  ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]

2010-03-04 09:18        319280  ----a-w-        c:\program files\uTorrent\uTorrent.exe

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"CwAltaService20"=2 (0x2)

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\WINDOWS\\system32\\dldncoms.exe"=

"c:\\Program Files\\Dell V105\\dldnmon.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\lxddcoms.exe"=

"c:\\Program Files\\Texthelp\\Read And Write 9\\Read&Write\\RW9.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=

"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=

"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldnpswx.exe"=

"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dldnjswx.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\No-IP\\DUC20.exe"=

"c:\\Program Files\\uTorrent\\uTorrent.exe"=

"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"d:\\user\\Desktop\\Turkojan\\Client.exe"=

"c:\\QUAKE\\WINQUAKE.EXE"=

"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"d:\\user\\Desktop\\DDoSeR\\DDoSeR-v5.exe"=

"d:\\user\\Desktop\\QuakeII\\quake2.exe"=

"d:\\user\\Desktop\\UnrealTournament\\UnrealTournament\\System\\UnrealTournament.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"d:\\user\\Desktop\\Counter-Strike 1.6 p48\\hl.exe"=

"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=

"d:\\user\\My Documents\\Downloads\\wpepro09x.zip"=

"d:\\user\\My Documents\\Downloads\\WPE PRO.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

"15963:TCP"= 15963:TCP:turk

"15963:UDP"= 15963:UDP:turk2

"81:TCP"= 81:TCP:Spynet

"81:UDP"= 81:UDP:Spynet

"26000:TCP"= 26000:TCP:quake

"26000:UDP"= 26000:UDP:gg

"5353:TCP"= 5353:TCP:Adobe CSI CS4

"1098:TCP"= 1098:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

 

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 5:00 AM 14336]

R2 dldn_device;dldn_device;c:\windows\system32\dldncoms.exe -service --> c:\windows\system32\dldncoms.exe -service [?]

R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [1/8/2010 4:42 PM 285744]

R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]

R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [12/25/2009 2:48 AM 17984]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/20/2009 10:34 AM 112512]

R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [6/20/2009 10:36 AM 110080]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [1/14/2008 3:06 AM 21632]

S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/4/2010 7:42 PM 691696]

S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [6/20/2009 3:23 PM 99248]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 5:49 AM 227232]

S4 CwAltaService20;ContentWatch;c:\program files\ContentWatch\Internet Protection\cwsvc.exe --> c:\program files\ContentWatch\Internet Protection\cwsvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/10/2008 5:28 PM 47128]

S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [7/10/2008 3:49 AM 242712]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [7/10/2008 5:28 PM 369688]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

Akamai  REG_MULTI_SZ    Akamai

 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{IJS721B2-6805-V711-O235-SG31KC08XLE6}]

2005-05-22 15:00        297472  --sh--r-        c:\windows\system32\Microsoft_Update7849343\windir_4798472.exe

.

Contents of the 'Scheduled Tasks' folder

 

2010-03-14 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

 

2010-03-15 c:\windows\Tasks\McDefragTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-20 21:32]

 

2010-03-01 c:\windows\Tasks\McQcTask.job

- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-20 21:32]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1561552

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: c:\windows\system32\cwalsp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

FF - ProfilePath - d:\user\Application Data\Mozilla\Firefox\Profiles\xihsrrce.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q={searchTerms}

FF - component: d:\user\Application Data\Mozilla\Firefox\Profiles\xihsrrce.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll

FF - plugin: c:\program files\Download Manager\npfpdlm.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\np32asw.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NP32DSW.DLL

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npaudio.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npavi32.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\nplau32.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\npnul32.dll

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPQTW32.DLL

FF - plugin: c:\program files\Netscape\Communicator\Program\Plugins\NPSWF32.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

 

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency",   1600);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug",            false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight",       2);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize",       1);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight",   25);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight",     5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-03-18 15:37

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...  

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

  SystemREV = c:\windows\system32\SYSTEMREV.exe?????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

 

scanning hidden files ...  

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'lsass.exe'(1228)

c:\windows\system32\relog_ap.dll

.

Completion time: 2010-03-18  15:40:22

ComboFix-quarantined-files.txt  2010-03-18 22:40

ComboFix2.txt  2010-03-13 03:33

ComboFix3.txt  2010-02-27 10:14

ComboFix4.txt  2010-02-16 23:13

ComboFix5.txt  2010-03-18 22:28

 

Pre-Run: 5,412,827,136 bytes free

Post-Run: 5,377,724,416 bytes free

 

- - End Of File - - 4C7F1B01D673FDD729EC012E50AA9770