Thread: trojans/malware
View Single Post
Old 11-15-2008, 05:10 AM   #5 (permalink)
robmop
Registered User
 
Join Date: Nov 2008
Posts: 6
OS: xp professional


Re: trojans/malware
I may have set to classic theme.

No Antivirus Pro 2009 was shown in programs.

Kapersky and Combofix logs below:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Saturday, November 15, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, November 14, 2008 20:14:58
Records in database: 1385149
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 49091
Threat name: 3
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 01:19:32


File name / Threat name / Threats count
C:\Documents and Settings\Dell User\Shared\Madonna - Hollywood (Remix).wma Infected: Trojan-Downloader.WMA.GetCodec.a 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\pebapehe.dll.vir Infected: Trojan.Win32.Agent.andb 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yanohide.dll.vir Infected: Trojan-Spy.Win32.Agent.evp 1

The selected area was scanned.






ComboFix 08-11-12.02 - Dell User 2008-11-14 1955.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.76 [GMT -5:00]
Running from: c:\documents and settings\Dell User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dell User\Desktop\CFScript.txt
* Created a new restore point

FILE ::
c:\documents and settings\All Users\Application Data\axyma.dll
c:\documents and settings\Dell User\Application Data\eber.dat
c:\documents and settings\Dell User\Application Data\ecurahawov.bat
c:\documents and settings\Dell User\Application Data\vocih.com
c:\program files\Common Files\agylob._sy
c:\program files\Common Files\ikaf.db
c:\windows\aqitixyjyr.com
c:\windows\bynarem.inf
c:\windows\ijydewijyw.com
c:\windows\risur.sys
c:\windows\system32\351aT70U.exe
c:\windows\system32\ehepabep.ini
c:\windows\system32\pebapehe.dll
c:\windows\system32\semajosu.dll
c:\windows\system32\yanohide.dll
c:\windows\system32\yanohide.dll.vir
c:\windows\system32\zowirewa.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\ulefy.lib
c:\windows\velefygova.lib
c:\windows\wysyfil.inf
c:\windows\zodicy.inf
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\axyma.dll
c:\documents and settings\All Users\Application Data\Viewpoint
c:\documents and settings\Dell User\Application Data\eber.dat
c:\documents and settings\Dell User\Application Data\ecurahawov.bat
c:\documents and settings\Dell User\Application Data\LimeWire
c:\documents and settings\Dell User\Application Data\LimeWire\.NetworkShare\LimeWireWin4.16.6.exe
c:\documents and settings\Dell User\Application Data\LimeWire\414splashfree.png
c:\documents and settings\Dell User\Application Data\LimeWire\active.mojito
c:\documents and settings\Dell User\Application Data\LimeWire\createtimes.cache
c:\documents and settings\Dell User\Application Data\LimeWire\fileurns.bak
c:\documents and settings\Dell User\Application Data\LimeWire\fileurns.cache
c:\documents and settings\Dell User\Application Data\LimeWire\filters.props
c:\documents and settings\Dell User\Application Data\LimeWire\gnutella.net
c:\documents and settings\Dell User\Application Data\LimeWire\installation.props
c:\documents and settings\Dell User\Application Data\LimeWire\library.dat
c:\documents and settings\Dell User\Application Data\LimeWire\limewire.props
c:\documents and settings\Dell User\Application Data\LimeWire\mojito.props
c:\documents and settings\Dell User\Application Data\LimeWire\questions.props
c:\documents and settings\Dell User\Application Data\LimeWire\responses.cache
c:\documents and settings\Dell User\Application Data\LimeWire\simpp.xml
c:\documents and settings\Dell User\Application Data\LimeWire\spam.dat
c:\documents and settings\Dell User\Application Data\LimeWire\tables.props
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme.lwtp
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\01_star.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\02_star.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\03_star.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\04_star.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\05_star.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\chat.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\forward_dn.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\forward_up.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\kill.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\kill_on.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\logo.png
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\notsearching.png
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\pause_dn.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\pause_up.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\play_dn.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\play_up.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\question.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\rewind_dn.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\rewind_up.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\searching.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\splash.png
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\splashpro.png
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\stop_dn.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\stop_up.gif
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\theme.txt
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\version.txt
c:\documents and settings\Dell User\Application Data\LimeWire\themes\windows_theme\warning.gif
c:\documents and settings\Dell User\Application Data\LimeWire\ttree.cache
c:\documents and settings\Dell User\Application Data\LimeWire\ttrees.cache
c:\documents and settings\Dell User\Application Data\LimeWire\ttroot.cache
c:\documents and settings\Dell User\Application Data\LimeWire\version.xml
c:\documents and settings\Dell User\Application Data\LimeWire\xml\data\audio.sxml
c:\documents and settings\Dell User\Application Data\LimeWire\xml\data\delete_me
c:\documents and settings\Dell User\Application Data\LimeWire\xml\misc\application.gif
c:\documents and settings\Dell User\Application Data\LimeWire\xml\misc\audio.gif
c:\documents and settings\Dell User\Application Data\LimeWire\xml\misc\document.gif
c:\documents and settings\Dell User\Application Data\LimeWire\xml\misc\image.gif
c:\documents and settings\Dell User\Application Data\LimeWire\xml\misc\video.gif
c:\documents and settings\Dell User\Application Data\LimeWire\xml\schemas\application.xsd
c:\documents and settings\Dell User\Application Data\LimeWire\xml\schemas\audio.xsd
c:\documents and settings\Dell User\Application Data\LimeWire\xml\schemas\document.xsd
c:\documents and settings\Dell User\Application Data\LimeWire\xml\schemas\image.xsd
c:\documents and settings\Dell User\Application Data\LimeWire\xml\schemas\video.xsd
c:\documents and settings\Dell User\Application Data\vocih.com
c:\program files\Common Files\agylob._sy
c:\program files\Common Files\ikaf.db
c:\windows\aqitixyjyr.com
c:\windows\bynarem.inf
c:\windows\ijydewijyw.com
c:\windows\risur.sys
c:\windows\system32\351aT70U.exe
c:\windows\system32\ehepabep.ini
c:\windows\system32\pebapehe.dll
c:\windows\system32\semajosu.dll
c:\windows\system32\yanohide.dll
c:\windows\system32\zowirewa.dll
c:\windows\Tasks\At1.job
c:\windows\Tasks\At10.job
c:\windows\Tasks\At11.job
c:\windows\Tasks\At12.job
c:\windows\Tasks\At13.job
c:\windows\Tasks\At14.job
c:\windows\Tasks\At15.job
c:\windows\Tasks\At16.job
c:\windows\Tasks\At17.job
c:\windows\Tasks\At18.job
c:\windows\Tasks\At19.job
c:\windows\Tasks\At2.job
c:\windows\Tasks\At20.job
c:\windows\Tasks\At21.job
c:\windows\Tasks\At22.job
c:\windows\Tasks\At23.job
c:\windows\Tasks\At24.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
c:\windows\Tasks\At5.job
c:\windows\Tasks\At6.job
c:\windows\Tasks\At7.job
c:\windows\Tasks\At8.job
c:\windows\Tasks\At9.job
c:\windows\ulefy.lib
c:\windows\velefygova.lib
c:\windows\wysyfil.inf
c:\windows\zodicy.inf

.
((((((((((((((((((((((((( Files Created from 2008-10-15 to 2008-11-15 )))))))))))))))))))))))))))))))
.

2008-11-14 00:32 . 2008-11-14 00:32 268 --ah----- C:\sqmdata14.sqm
2008-11-14 00:32 . 2008-11-14 00:32 244 --ah----- C:\sqmnoopt13.sqm
2008-11-13 23:13 . 2008-11-13 23:13 268 --ah----- C:\sqmdata10.sqm
2008-11-13 23:13 . 2008-11-13 23:13 244 --ah----- C:\sqmnoopt10.sqm
2008-11-13 23:09 . 2008-11-13 23:09 268 --ah----- C:\sqmdata09.sqm
2008-11-13 23:09 . 2008-11-13 23:09 244 --ah----- C:\sqmnoopt09.sqm
2008-11-13 22:53 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-13 22:53 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 18:26 . 2008-11-13 18:26 268 --ah----- C:\sqmdata08.sqm
2008-11-13 18:26 . 2008-11-13 18:26 244 --ah----- C:\sqmnoopt08.sqm
2008-11-13 00:43 . 2008-11-13 00:43 268 --ah----- C:\sqmdata07.sqm
2008-11-13 00:43 . 2008-11-13 00:43 244 --ah----- C:\sqmnoopt07.sqm
2008-11-12 22:32 . 2008-11-12 22:32 268 --ah----- C:\sqmdata06.sqm
2008-11-12 22:32 . 2008-11-12 22:32 244 --ah----- C:\sqmnoopt06.sqm
2008-11-12 22:28 . 2008-11-12 22:28 268 --ah----- C:\sqmdata05.sqm
2008-11-12 22:28 . 2008-11-12 22:28 244 --ah----- C:\sqmnoopt05.sqm
2008-11-12 21:31 . 2008-11-12 21:35 250 --a------ c:\windows\gmer.ini
2008-11-12 20:57 . 2008-11-12 20:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2008-11-12 20:57 . 2008-11-12 20:57 95 --a------ c:\windows\wininit.ini
2008-11-12 20:11 . 2008-11-12 20:11 <DIR> d-------- c:\documents and settings\Administrator
2008-11-12 20:09 . 2008-11-12 20:09 268 --ah----- C:\sqmdata04.sqm
2008-11-12 20:09 . 2008-11-12 20:09 244 --ah----- C:\sqmnoopt04.sqm
2008-11-12 08:18 . 2008-11-12 08:18 268 --ah----- C:\sqmdata03.sqm
2008-11-12 08:18 . 2008-11-12 08:18 244 --ah----- C:\sqmnoopt03.sqm
2008-11-11 23:39 . 2008-11-11 23:43 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-11 23:39 . 2008-11-12 08:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-11 23:25 . 2008-11-11 23:25 268 --ah----- C:\sqmdata02.sqm
2008-11-11 23:25 . 2008-11-11 23:25 244 --ah----- C:\sqmnoopt02.sqm
2008-11-11 23:01 . 2008-11-11 23:01 268 --ah----- C:\sqmdata01.sqm
2008-11-11 23:01 . 2008-11-11 23:01 244 --ah----- C:\sqmnoopt01.sqm
2008-11-11 22:58 . 2008-11-13 22:54 <DIR> dr------- c:\program files\Norton Support
2008-11-11 21:53 . 2008-11-11 21:53 268 --ah----- C:\sqmdata00.sqm
2008-11-11 21:53 . 2008-11-11 21:53 244 --ah----- C:\sqmnoopt00.sqm
2008-11-10 21:44 . 2008-11-10 21:44 <DIR> d--hs---- C:\found.000
2008-11-09 16:04 . 2008-11-09 16:04 <DIR> d-------- c:\program files\Symantec
2008-11-09 16:04 . 2008-11-09 16:07 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-09 16:04 . 2008-11-09 16:04 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2008-11-09 16:04 . 2008-11-09 16:04 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2008-11-09 16:04 . 2008-11-09 16:04 35,888 -ra------ c:\windows\system32\drivers\SymIM.sys
2008-11-09 16:04 . 2008-11-09 16:04 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2008-11-09 16:04 . 2008-11-09 16:04 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2008-11-09 16:03 . 2008-11-09 16:03 <DIR> d-------- c:\windows\system32\drivers\NAV
2008-11-09 16:03 . 2008-11-09 16:03 <DIR> d-------- c:\program files\Windows Sidebar
2008-11-09 16:03 . 2008-11-09 16:03 <DIR> d-------- c:\program files\Norton AntiVirus
2008-11-09 16:02 . 2008-11-09 16:02 <DIR> d-------- c:\program files\NortonInstaller
2008-11-09 16:02 . 2008-11-09 16:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-09 16:02 . 2008-11-09 16:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2008-11-09 16:01 . 2008-11-09 16:01 <DIR> d-------- c:\documents and settings\All Users\Symantec Temporary Files
2008-11-08 22:13 . 2008-11-08 22:13 <DIR> d-------- c:\program files\Eusing Free Registry Cleaner
2008-11-08 11:05 . 2008-11-08 11:05 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-11-08 10:58 . 2008-11-08 10:58 <DIR> d--hs---- c:\documents and settings\Dell User\PrivacIE
2008-11-08 10:53 . 2008-04-13 19:11 81,920 --a------ c:\windows\system32\ieencode.dll
2008-11-07 22:27 . 2008-11-07 22:27 <DIR> d-------- c:\program files\Trend Micro
2008-11-07 22:09 . 2008-11-07 22:09 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-07 22:09 . 2008-11-07 22:09 <DIR> d-------- c:\documents and settings\Dell User\Application Data\Malwarebytes
2008-11-07 22:09 . 2008-11-07 22:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-11-07 22:09 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-11-07 22:09 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-10-23 18:36 . 2008-10-15 11:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll
2008-10-18 18:19 . 2008-10-18 19:55 <DIR> d-------- C:\Daddys Europe Pics
2008-10-18 14:51 . 2008-10-18 16:25 <DIR> d-------- C:\Mamas Europe Pictures
2008-10-17 18:32 . 2008-08-14 05:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2008-10-17 18:32 . 2008-08-14 05:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2008-10-17 18:32 . 2008-08-14 04:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2008-10-17 18:32 . 2008-08-14 04:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2008-10-17 18:32 . 2008-09-15 07:12 1,846,400 -----c--- c:\windows\system32\dllcache\win32k.sys
2008-10-17 18:32 . 2008-09-08 05:41 333,824 -----c--- c:\windows\system32\dllcache\srv.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 01:47 --------- d-----w c:\program files\PokerStars
2008-11-08 15:34 --------- d-----w c:\program files\Google
2008-11-07 01:48 --------- d-----w c:\program files\TMG
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-21 13:24 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-09-21 13:22 --------- d-----w c:\program files\Lavasoft
2008-09-21 13:22 --------- d-----w c:\documents and settings\Dell User\Application Data\Lavasoft
2008-09-21 13:20 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-09-21 13:15 --------- d-----w c:\documents and settings\Dell User\Application Data\Move Networks
2008-09-21 04:43 --------- d-----w c:\program files\MSN Messenger
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-20 05:30 666,112 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2008-11-13_22.51.12.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-24 11:21:09 455,296 ------w c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2008-11-14 04:13:33 32,768 ----a-r c:\windows\Installer\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}\icon.exe
- 2008-07-19 02:10:48 94,920 -c--a-w c:\windows\system32\dllcache\cdm.dll
+ 2008-10-16 19:09:44 92,696 -c--a-w c:\windows\system32\dllcache\cdm.dll
- 2008-04-14 00:12:01 1,306,624 -c----w c:\windows\system32\dllcache\msxml6.dll
+ 2008-09-10 01:14:56 1,307,648 -c----w c:\windows\system32\dllcache\msxml6.dll
- 2008-07-19 02:09:44 563,912 -c--a-w c:\windows\system32\dllcache\wuapi.dll
+ 2008-10-16 19:12:20 561,688 -c--a-w c:\windows\system32\dllcache\wuapi.dll
- 2008-07-19 02:10:42 53,448 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
+ 2008-10-16 19:09:44 51,224 -c--a-w c:\windows\system32\dllcache\wuauclt.exe
- 2008-07-19 02:09:42 1,811,656 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
+ 2008-10-16 19:13:40 1,809,944 -c--a-w c:\windows\system32\dllcache\wuaueng.dll
- 2008-07-19 02:09:46 325,832 -c--a-w c:\windows\system32\dllcache\wucltui.dll
+ 2008-10-16 19:12:22 323,608 -c--a-w c:\windows\system32\dllcache\wucltui.dll
- 2008-07-19 02:10:20 36,552 -c--a-w c:\windows\system32\dllcache\wups.dll
+ 2008-10-16 19:08:58 34,328 -c--a-w c:\windows\system32\dllcache\wups.dll
- 2008-07-19 02:09:44 205,000 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-10-16 19:13:40 202,776 -c--a-w c:\windows\system32\dllcache\wuweb.dll
+ 2008-11-03 21:10:26 17,318,336 ----a-w c:\windows\system32\MRT.exe
- 2008-11-14 03:28:45 40,394 ----a-w c:\windows\system32\perfc009.dat
+ 2008-11-15 00:01:22 40,394 ----a-w c:\windows\system32\perfc009.dat
- 2008-11-14 03:28:45 312,172 ----a-w c:\windows\system32\perfh009.dat
+ 2008-11-15 00:01:22 312,172 ----a-w c:\windows\system32\perfh009.dat
+ 2008-10-16 19:08:58 34,328 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.788\wups.dll
+ 2008-10-16 19:09:44 43,544 ----a-w c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.788\wups2.dll
+ 2008-11-14 23:59:16 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_264.dat
+ 2008-09-30 21:42:08 1,286,152 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9870.0_x-ww_a32d74cf\msxml4.dll
+ 2008-09-30 21:45:12 91,656 ----a-w c:\windows\WinSxS\x86_Microsoft.MSXML2R_6bd6b9abf345378f_4.1.1.0_x-ww_2a41bceb\msxml4r.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
2008-11-09 13:30 522224 --a------ c:\program files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-06-24 4800512]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-09-04 655360]
"WG511WLU"="c:\program files\NETGEAR\WG511\Utility\WG511WLU.exe" [2004-11-09 475136]
"nwiz"="nwiz.exe" [2003-06-24 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 217193]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-03-12 113664]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\WINDOWS\\system32\\logonui.exe"=
"c:\\Program Files\\Common Files\\Apple\\Mobile Device Support\\bin\\AppleMobileDeviceService.exe"=

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1000000.07D\SYMEFA.SYS [2008-11-09 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1000000.07D\BHDrvx86.sys [2008-11-09 254512]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1000000.07D\ccHPx86.sys [2008-11-09 362544]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20081110.001\IDSxpx86.sys [2008-11-09 274808]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe /s Norton AntiVirus /m c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll [ ]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [2002-04-11 16194]
R3 Ich;Ich;c:\windows\system32\DRIVERS\Ich.sys [2002-01-13 65916]
R3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;c:\windows\system32\DRIVERS\WG511ICB.sys [2005-02-16 352256]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-14 19:10:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
Completion time: 2008-11-14 19:13:30
ComboFix-quarantined-files.txt 2008-11-15 00:13:25
ComboFix2.txt 2008-11-14 03:52:22

Pre-Run: 2,751,168,512 bytes free
Post-Run: 2,733,965,312 bytes free

348 --- E O F --- 2008-11-14 04:16:46
robmop is offline