Thread: PC not running normal
View Single Post
Old 08-02-2008, 01:00 PM   #3 (permalink)
Rickid
Registered User
 
Join Date: Jul 2008
Posts: 8
OS: xp


Re: PC not running normal
Sorry replying so late i have been very busy i hope you can still help

ComboFix 08-08-01.05 - Owner 2008-08-03 2:41:09.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1533 [GMT -4:00]
Running from: C:\Documents and Settings\Owner.RickCPU\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner.RickCPU\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk
C:\Documents and Settings\Owner.RickCPU\Application Data\macromedia\Flash Player\#SharedObjects\EP753HQE\interclick.com
C:\Documents and Settings\Owner.RickCPU\Application Data\macromedia\Flash Player\#SharedObjects\EP753HQE\interclick.com\ud.sol
C:\Documents and Settings\Owner.RickCPU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner.RickCPU\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_FOPN


((((((((((((((((((((((((( Files Created from 2008-07-03 to 2008-08-03 )))))))))))))))))))))))))))))))
.

2008-07-28 14:12 . 2008-07-28 14:30 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-19 19:37 . 2008-07-19 19:37 <DIR> d-------- C:\Deckard
2008-07-19 19:23 . 2008-07-19 19:23 <DIR> d--h----- C:\WINDOWS\PIF
2008-07-17 08:36 . 2008-07-17 08:38 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-17 08:36 . 2008-07-17 08:38 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-17 08:36 . 2008-07-17 08:38 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-17 08:36 . 2008-07-17 08:38 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-17 08:28 . 2007-10-25 23:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-07-17 08:24 . 2008-04-13 20:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-07-17 08:23 . 2006-12-28 15:01 19,569 --a------ C:\WINDOWS\003409_.tmp
2008-07-17 08:12 . 2008-07-20 14:00 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-07-17 04:51 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-17 04:50 . 2008-07-17 04:50 <DIR> d-------- C:\Program Files\Panda Security
2008-07-13 16:37 . 2008-07-13 16:37 <DIR> d-------- C:\Program Files\FLV Player
2008-07-10 11:33 . 2008-07-10 15:08 <DIR> d-------- C:\Documents and Settings\Owner.RickCPU\.housecall6.6
2008-07-10 00:12 . 2006-08-17 09:15 34,064 --a------ C:\WINDOWS\system32\drivers\Invoker.sys
2008-07-10 00:12 . 2006-08-17 09:15 33,148 --a------ C:\WINDOWS\system32\drivers\FlexBios.sys
2008-07-09 22:52 . 2008-07-09 22:52 <DIR> d-------- C:\Program Files\Gateway
2008-07-08 20:00 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-07-08 19:59 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-07-08 19:59 . 2004-08-10 15:00 28,288 --a--c--- C:\WINDOWS\system32\dllcache\xjis.nls
2008-07-08 19:59 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-07-08 19:59 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-07-08 19:59 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-07-08 19:59 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-07-08 19:57 . 2001-08-17 13:28 701,386 --a--c--- C:\WINDOWS\system32\dllcache\wdhaalba.sys
2008-07-08 19:56 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-07-08 19:55 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-07-08 19:54 . 2004-08-10 15:00 571,392 --a------ C:\WINDOWS\system32\dllcache\tintlgnt.ime
2008-07-08 19:53 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-07-08 19:52 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-07-08 19:51 . 2004-08-03 22:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-07-08 19:50 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-07-08 19:49 . 2001-08-17 22:36 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-07-08 19:48 . 2001-08-17 14:56 210,496 --a--c--- C:\WINDOWS\system32\dllcache\s3mvirge.dll
2008-07-08 19:47 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-07-08 19:46 . 2004-08-10 15:00 482,304 --a------ C:\WINDOWS\system32\dllcache\pintlgnt.ime
2008-07-08 19:45 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-07-08 19:44 . 2004-08-10 15:00 226,816 --a------ C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-07-08 19:43 . 2004-08-10 15:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2008-07-08 19:42 . 2004-08-10 15:00 1,875,968 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.lex
2008-07-08 19:42 . 2004-08-03 22:41 1,309,184 --a--c--- C:\WINDOWS\system32\dllcache\mtlstrm.sys
2008-07-08 19:42 . 2004-08-03 22:29 452,736 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhm.sys
2008-07-08 19:42 . 2004-08-03 22:41 126,686 --a--c--- C:\WINDOWS\system32\dllcache\mtlmnt5.sys
2008-07-08 19:42 . 2001-08-17 12:50 103,296 --a--c--- C:\WINDOWS\system32\dllcache\mtxvideo.sys
2008-07-08 19:42 . 2004-08-10 15:00 98,304 --a--c--- C:\WINDOWS\system32\dllcache\msir3jp.dll
2008-07-08 19:42 . 2001-08-17 14:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-07-08 19:42 . 2001-08-17 13:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-07-08 19:42 . 2001-08-17 13:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-07-08 19:42 . 2001-08-17 14:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-07-08 19:40 . 2004-08-10 15:00 1,158,818 --a--c--- C:\WINDOWS\system32\dllcache\korwbrkr.lex
2008-07-08 19:39 . 2004-08-10 15:00 471,102 --a--c--- C:\WINDOWS\system32\dllcache\imskdic.dll
2008-07-08 19:38 . 2004-08-10 15:00 811,064 --a------ C:\WINDOWS\system32\dllcache\imjp81k.dll
2008-07-08 19:37 . 2004-08-10 15:00 13,463,552 --a------ C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-07-08 19:36 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll
2008-07-08 19:35 . 2001-08-17 12:15 455,680 --a--c--- C:\WINDOWS\system32\dllcache\fus2base.sys
2008-07-08 19:34 . 2001-08-17 13:28 634,134 --a--c--- C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-07-08 19:33 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys
2008-07-08 19:32 . 2001-08-17 22:36 419,357 --a--c--- C:\WINDOWS\system32\dllcache\dgconfig.dll
2008-07-08 19:31 . 2004-08-10 15:00 1,677,824 --a--c--- C:\WINDOWS\system32\dllcache\chsbrkr.dll
2008-07-08 19:30 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-07-08 19:29 . 2001-08-17 13:28 762,780 --a--c--- C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-07-08 19:28 . 2001-08-17 14:56 66,048 --a--c--- C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-07-08 19:28 . 2004-08-10 15:00 7,168 --a--c--- C:\WINDOWS\system32\dllcache\wamregps.dll
2008-07-08 19:28 . 2004-08-10 15:00 4,639 --a------ C:\WINDOWS\system32\dllcache\mplayer2.exe
2008-07-08 19:27 . 2004-08-10 15:00 169,984 --a--c--- C:\WINDOWS\system32\dllcache\iisui.dll
2008-07-08 19:27 . 2004-08-10 15:00 94,720 --a--c--- C:\WINDOWS\system32\dllcache\certmap.ocx
2008-07-08 19:27 . 2004-08-10 15:00 19,968 --a--c--- C:\WINDOWS\system32\dllcache\inetsloc.dll
2008-07-08 19:27 . 2004-08-10 15:00 14,336 --a--c--- C:\WINDOWS\system32\dllcache\iisreset.exe
2008-07-08 19:27 . 2004-08-10 15:00 7,680 --a--c--- C:\WINDOWS\system32\dllcache\inetmgr.exe
2008-07-08 19:27 . 2004-08-10 15:00 6,144 --a--c--- C:\WINDOWS\system32\dllcache\ftpsapi2.dll
2008-07-08 19:27 . 2004-08-10 15:00 5,632 --a--c--- C:\WINDOWS\system32\dllcache\iisrstap.dll
2008-07-08 19:17 . 2008-07-08 19:17 <DIR> d-------- C:\Program Files\Active Data Recovery Software
2008-07-06 23:55 . 2008-07-09 12:45 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-06 23:46 . 2008-07-06 23:46 <DIR> d-------- C:\WINDOWS\resources
2008-07-06 23:41 . 2008-07-19 19:52 2,226 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-06 22:24 . 2008-07-06 22:24 <DIR> d-------- C:\Program Files\AVG
2008-07-06 22:24 . 2008-07-17 04:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-07-06 22:24 . 2008-07-06 22:24 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll.old
2008-07-06 22:04 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-06 22:04 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-06 22:04 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-06 22:04 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-06 22:04 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-06 22:04 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-06 22:04 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-06 22:01 . 2008-07-06 23:49 <DIR> d-------- C:\Program Files\Registry Defender Platinum
2008-07-06 21:53 . 2008-07-06 21:53 <DIR> d-------- C:\Documents and Settings\Owner.RickCPU\Application Data\Uniblue
2008-07-06 21:50 . 2008-07-06 21:50 318,720 --a------ C:\WINDOWS\system32\wvUkJyYq.dll_old
2008-07-06 20:41 . 2008-07-09 12:41 <DIR> d-------- C:\WINDOWS\system32\778670
2008-07-06 20:09 . 2008-07-07 02:21 318 --a------ C:\WINDOWS\wininit.ini
2008-07-06 19:13 . 2008-07-17 08:45 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-06 19:13 . 2008-07-17 04:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 19:11 . 2008-07-06 21:00 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-06 19:11 . 2008-07-06 19:12 <DIR> d-------- C:\Program Files\CCleaner
2008-07-06 19:09 . 2008-07-06 19:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-06 18:14 . 2008-07-09 23:59 <DIR> d-------- C:\cabs
2008-07-06 17:42 . 2008-07-06 17:42 <DIR> d--h----- C:\recycled
2008-07-06 14:33 . 2008-07-06 14:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ADSL Software Ltd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-24 11:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-24 11:05 --------- d-----w C:\Program Files\EA GAMES
2008-07-19 20:42 --------- d-----w C:\Documents and Settings\Owner.RickCPU\Application Data\My Battle for Middle-earth(tm) II Files
2008-07-17 12:45 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-17 08:48 --------- d-----w C:\Program Files\DNA
2008-07-17 08:48 --------- d-----w C:\Documents and Settings\Owner.RickCPU\Application Data\Ludia
2008-07-17 08:46 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-07-17 08:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-07-17 08:46 --------- d-----w C:\Documents and Settings\Owner.RickCPU\Application Data\SUPERAntiSpyware.com
2008-07-16 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-26 02:18 --------- d-----w C:\Program Files\Trymedia
2008-06-26 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-26 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ludia
2008-06-25 19:04 --------- d-----w C:\Program Files\Pcsx2_0.9.4
2008-06-21 18:53 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-21 18:51 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 20:14 --------- d-----w C:\Program Files\Pure Networks
2008-06-12 19:59 --------- d-----w C:\Program Files\Microsoft Works
2008-06-12 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-12 19:57 --------- d-----w C:\Program Files\Napster
2008-06-12 19:57 --------- d-----w C:\Program Files\CyberLink
2008-06-12 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-06-12 19:09 --------- d-----w C:\Program Files\BigFix
2008-06-12 19:09 --------- d-----w C:\Documents and Settings\Owner.RickCPU\Application Data\BitTorrent
2008-06-12 19:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-12 19:05 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-12 19:05 --------- d-----w C:\Documents and Settings\Owner.RickCPU\Application Data\AOL
2008-01-28 02:44 182 -c--a-w C:\Program Files\444.txt
2007-10-04 16:30 446 -c--a-w C:\Program Files\rr.txt
2006-11-06 11:08 0 -c--a-w C:\Documents and Settings\Owner.RickCPU\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( snapshot@2008-07-20_12.30.53.84 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:08:32 100,352 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08 138,368 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42 360,960 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39 225,920 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03 138,496 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05 147,968 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05 245,248 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02 361,600 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44 225,856 ----a-w C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
+ 2008-06-17 20:12:42 114,688 ----a-w C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
+ 2008-06-17 20:23:02 202,168 ----a-w C:\WINDOWS\system32\Adobe\Director\SwDir.dll
+ 2008-06-17 20:13:22 487,424 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Control.dll
+ 2008-06-17 19:36:00 1,798,144 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\dirapi.dll
+ 2008-06-17 20:13:26 9,216 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2008-06-17 19:25:58 697,344 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gi.dll
+ 2008-06-17 19:26:00 1,145,896 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gt.exe
+ 2008-06-17 19:25:58 52,288 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\gtapi.dll
+ 2008-06-17 19:32:18 892,928 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\iml32.dll
+ 2008-06-17 20:11:56 253,952 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Plugin.dll
+ 2008-06-17 20:15:00 446,464 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\Proj.dll
+ 2008-06-17 20:22:46 439,736 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1100458.exe
+ 2008-06-17 20:15:44 114,688 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwInit.exe
+ 2008-06-17 20:11:44 94,208 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2008-06-17 19:25:58 50,808 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 1999-06-25 14:55:30 149,504 ----a-w C:\WINDOWS\system32\Adobe\Shockwave 11\UNWISE.EXE
- 2004-08-10 19:00:00 138,496 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38 138,368 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 -c--a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2004-08-10 19:00:00 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
+ 2008-06-20 17:41:10 245,248 -c--a-w C:\WINDOWS\system32\dllcache\mswsock.dll
- 2007-10-30 17:20:55 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13 360,320 -c--a-w C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30 225,664 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06 225,920 -c--a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-02-20 05:32:43 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10 148,992 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2008-07-18 21:09:43 253,472 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-07-26 07:07:00 255,064 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-01-03 23:19:34 581,632 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 03:29:22 581,632 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Control.dll
+ 2008-03-15 03:12:30 1,490,944 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\dirapiX.dll
- 2008-01-03 23:20:14 24,576 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 03:29:58 24,576 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\DynaPlayer.dll
+ 2008-03-15 03:10:06 606,208 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\iml32X.dll
- 2008-01-03 23:18:56 339,968 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
+ 2008-03-15 03:28:48 339,968 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Plugin.dll
- 2008-01-03 23:19:06 475,136 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
+ 2008-03-15 03:28:56 475,136 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\PluginPing.dll
- 2008-01-03 23:11:48 180,224 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
+ 2008-03-15 03:21:52 180,224 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\Proj.dll
- 2008-01-03 23:22:06 77,824 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 03:31:28 77,824 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwInit.exe
+ 2008-03-15 15:38:08 86,016 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwMenuX.dll
- 2008-01-03 23:22:08 98,304 -c--a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
+ 2008-03-15 03:31:28 98,304 ----a-w C:\WINDOWS\system32\Macromed\Shockwave 10\SwOnce.dll
- 2004-08-10 19:00:00 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:41:10 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
- 2007-08-11 00:46:18 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 15:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 19:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2005-09-27 03:34 169984]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-04-12 16:17 185896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Power2GoExpress]
NA [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-05-16 23:37 289088 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-10 15:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DpTsClnt]
--a------ 2008-01-30 18:16 200704 C:\Program Files\DigitalPersona\Bin\DPTSClnt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-04 15:18 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a--c--- 2007-08-03 23:33 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 19:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-26 18:35 8523776 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-26 18:35 81920 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-04-12 16:17 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-26 18:35 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"MpfService"=2 (0x2)
"McNASvc"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AOL ACS"=2 (0x2)
"Remote UI Service"=2 (0x2)
"QBFCService"=3 (0x3)
"ose"=3 (0x3)
"NVSvc"=2 (0x2)
"MPS9"=2 (0x2)
"McSysmon"=2 (0x2)
"McShield"=2 (0x2)
"McRedirector"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=2 (0x2)
"mcmscsvc"=2 (0x2)
"MCLServiceATL"=2 (0x2)
"M1 Server"=2 (0x2)
"ISSM"=2 (0x2)
"IAANTMON"=2 (0x2)
"Emproxy"=3 (0x3)
"ELService"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AlertService"=2 (0x2)
"DpHost"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"C:\\Program Files\\Electronic Arts\\The Lord of the Rings, The Rise of the Witch-king\\game.dat"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Documents and Settings\\Owner.RickCPU\\Desktop\\Command & Conquer Generals\\game.dat"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3724:TCP"= 3724:TCP:Blizzard Downloader
"6221:TCP"= 6221:TCP:Blizzard Downloader
"21469:TCP"= 21469:TCP:BitComet 21469 TCP
"21469:UDP"= 21469:UDP:BitComet 21469 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 0 (0x0)
"AllowInboundMaskRequest"= 0 (0x0)
"AllowInboundRouterRequest"= 0 (0x0)

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder

2008-07-27 C:\WINDOWS\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-07-25 16:10]

2008-08-01 C:\WINDOWS\Tasks\Norton Security Scan.job
- C:\Program Files\Norton Security Scan\Nss.exe [2008-01-09 05:08]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner.RickCPU\Application Data\Mozilla\Firefox\Profiles\nbwud6yy.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://google.com/


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-03 02:44:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-08-03 2:47:56 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-03 06:47:54
ComboFix2.txt 2008-07-20 16:31:15

Pre-Run: 144,816,222,208 bytes free
Post-Run: 145,353,740,288 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

393 --- E O F --- 2008-07-26 07:00:32


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:52, on 2008-08-03
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OWNER~1.RIC\LOCALS~1\Temp\Rar$EX00.937\HijackThis.exe
C:\DOCUME~1\OWNER~1.RIC\LOCALS~1\Temp\Rar$EX02.156\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/p.../PCPitStop.CAB
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe

--
End of file - 2596 bytes
Last edited by Rickid : 08-02-2008 at 01:03 PM.
Rickid is offline