ComboFix 09-04-20.A1 - Daki 04/20/2009 15:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1401 [GMT 2:00]
Running from: c:\documents and settings\Daki\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Daki\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\system32\wr64003.dll
c:\windows\system32\xa2404125.exe
c:\windows\system32\xa2406109.exe
c:\windows\system32\xa2416562.exe
c:\windows\system32\xa2422375.exe
c:\windows\system32\xa2467140.exe
c:\windows\system32\xa2468937.exe
c:\windows\system32\xa7224921.exe
c:\windows\system32\xa7226718.exe
c:\windows\system32\xwr64003.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\wr64003.dll
c:\windows\system32\xa2404125.exe
c:\windows\system32\xa2406109.exe
c:\windows\system32\xa2416562.exe
c:\windows\system32\xa2422375.exe
c:\windows\system32\xa2467140.exe
c:\windows\system32\xa2468937.exe
c:\windows\system32\xa7224921.exe
c:\windows\system32\xa7226718.exe
c:\windows\system32\xwr64003.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ASKSERVICE
-------\Legacy_ASKUPGRADE
-------\Service_ASKService
-------\Service_ASKUpgrade
((((((((((((((((((((((((( Files Created from 2009-03-20 to 2009-04-20 )))))))))))))))))))))))))))))))
.
2009-04-20 12:37 . 2009-04-20 12:37 -------- d-----w c:\program files\AskBardis
2009-04-20 09:04 . 2009-04-20 09:04 11 ----a-r c:\windows\amunres.lsl
2009-04-20 09:04 . 2009-04-20 10:28 -------- d-----w c:\windows\SxsCaPendDel
2009-04-18 05:20 . 2009-04-18 18:38 -------- d-----w c:\documents and settings\All Users\Application Data\Cabela's® Big Game Hunter III Saves
2009-04-18 05:18 . 2005-05-26 13:34 2297552 ----a-w c:\windows\system32\d3dx9_26.dll
2009-04-18 05:15 . 2009-04-18 05:15 -------- d-----w c:\program files\Activision Value
2009-04-16 16:21 . 2009-04-16 16:21 -------- d-----w c:\program files\Sagasoft
2009-04-16 16:09 . 2009-04-16 16:09 -------- d-----w c:\program files\MusicBrainz Picard
2009-04-16 04:36 . 2009-04-16 16:01 -------- d-----r C:\UDC Output Files
2009-04-16 03:55 . 2004-03-08 23:00 662288 ----a-w c:\windows\system32\MSCOMCT2.OCX
2009-04-16 03:55 . 2001-10-28 15:42 116224 ----a-w c:\windows\system32\pdfcmnnt.dll
2009-04-16 03:55 . 1998-06-23 23:00 137000 ----a-w c:\windows\system32\MSMAPI32.OCX
2009-04-16 03:55 . 2009-04-16 03:55 -------- d-----w c:\program files\PDFCreator
2009-04-16 03:55 . 1998-07-05 23:00 23552 ----a-w c:\windows\system32\MSMPIDE.DLL
2009-04-14 04:27 . 2009-04-14 04:27 140288 ----a-w c:\windows\system32\COMDLG32.OCX
2009-04-13 19:50 . 2009-04-13 19:50 376832 ----a-w c:\windows\suinstw4001.exe
2009-04-13 19:50 . 2009-04-13 19:50 -------- d-----w c:\program files\XIIZeal
2009-04-09 19:24 . 2009-04-09 19:27 -------- d-----w c:\windows\NV50044252.TMP
2009-04-08 19:02 . 2009-04-08 19:02 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-04-08 19:02 . 2009-04-08 19:02 -------- d-----w c:\documents and settings\Daki\Local Settings\Application Data\Downloaded Installations
2009-04-06 08:27 . 2009-04-06 08:27 -------- d-----w c:\program files\PhotomatixPro3
2009-04-04 20:29 . 2009-04-04 20:29 -------- d-----w c:\program files\Koingo Software
2009-03-30 17:52 . 2009-03-30 17:52 -------- d-----w c:\program files\Rockstar Games
2009-03-29 09:12 . 2009-03-29 09:14 -------- d-----w c:\program files\Privacy center
2009-03-29 09:12 . 2009-03-29 09:12 -------- d-----w c:\documents and settings\Daki\Application Data\Privacy center
2009-03-29 08:33 . 2009-03-29 08:33 -------- d-----w c:\documents and settings\Daki\Application Data\Uniblue
2009-03-29 08:33 . 2009-03-29 08:33 -------- d-----w c:\program files\Uniblue
2009-03-29 08:32 . 2009-03-29 08:33 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-29 07:39 . 2009-03-29 07:39 -------- d-----w c:\program files\Jufsoft
2009-03-27 09:35 . 2009-03-31 05:57 -------- d-----w c:\program files\DU Meter
2009-03-25 18:11 . 2009-03-25 18:11 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-03-25 08:07 . 2009-03-25 08:07 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-03-25 06:22 . 2009-03-25 06:22 -------- d-----w c:\documents and settings\Daki\Application Data\ABBYY
2009-03-25 06:21 . 2009-04-20 13:22 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-25 06:19 . 2009-03-25 06:22 -------- d-----w c:\documents and settings\Daki\Local Settings\Application Data\ABBYY
2009-03-25 06:19 . 2009-03-25 06:22 -------- d-----w c:\program files\ABBYY FineReader 9.0
2009-03-25 06:19 . 2009-03-25 06:19 -------- d-----w c:\documents and settings\All Users\Application Data\ABBYY
2009-03-25 05:30 . 2009-03-25 05:30 -------- d-----w c:\documents and settings\Daki\Local Settings\Application Data\MiKTeX
2009-03-25 05:30 . 2009-03-25 05:30 -------- d-----w c:\documents and settings\All Users\Application Data\MiKTeX
2009-03-25 05:26 . 2009-03-25 05:29 -------- d-----w c:\program files\MiKTeX 2.7
2009-03-25 05:14 . 2009-03-25 20:13 -------- d-----w c:\documents and settings\Daki\Application Data\WinEdt
2009-03-25 05:14 . 2009-03-25 05:14 -------- d-----w c:\program files\WinEdt Team
2009-03-24 19:49 . 2009-03-24 19:49 -------- d-----w c:\documents and settings\Daki\Application Data\Kaspersky_Key_Finder_(KKF
2009-03-23 21:32 . 2009-03-23 21:33 -------- d-----w c:\program files\AnvSoft Photo Flash Maker Professional
2009-03-23 20:12 . 2009-03-23 20:12 -------- d--h--w c:\windows\PIF
2009-03-22 20:18 . 2009-03-22 20:18 -------- d-----w c:\windows\system32\AGEIA
2009-03-22 20:18 . 2009-03-22 20:18 -------- d-----w c:\program files\AGEIA Technologies
2009-03-22 20:17 . 2009-03-27 08:03 215465 ----a-w c:\windows\system32\nvapps.nvb
2009-03-22 20:17 . 2009-03-22 20:19 -------- d-----w c:\windows\NV14523752.TMP
2009-03-22 20:17 . 2009-03-22 20:17 -------- d-----w C:\NVIDIA
2009-03-22 14:00 . 2009-04-20 09:04 -------- d-----w c:\program files\Astraware
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-20 13:22 . 2009-02-22 21:36 -------- d-----w c:\documents and settings\Daki\Application Data\Skype
2009-04-20 13:22 . 2009-03-07 12:40 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-04-20 12:33 . 2009-03-07 12:40 8881184 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-20 12:33 . 2009-03-07 12:40 72560 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-20 12:33 . 2009-03-07 12:40 655392 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-20 12:33 . 2009-03-07 12:40 5416 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-20 10:27 . 2009-02-23 07:42 -------- d-----w c:\documents and settings\Daki\Application Data\Azureus
2009-04-20 09:04 . 2009-02-26 09:39 -------- d-----w c:\program files\Microsoft ActiveSync
2009-04-20 08:57 . 2009-03-07 10:30 -------- d-----w c:\documents and settings\Daki\Application Data\skypePM
2009-04-19 13:22 . 2009-02-23 07:40 -------- d-----w c:\program files\Vuze
2009-04-16 17:36 . 2009-02-23 19:56 -------- d-----w c:\program files\Winamp
2009-04-16 17:35 . 2009-02-23 19:56 -------- d-----w c:\documents and settings\Daki\Application Data\Winamp
2009-04-09 12:30 . 2009-02-23 06:56 -------- d-----w c:\documents and settings\Daki\Application Data\uTorrent
2009-04-08 19:02 . 2009-02-22 21:25 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-07 18:51 . 2009-02-25 07:22 162816 ----a-w c:\windows\system32\fmod.dll
2009-04-05 20:55 . 2009-02-23 06:56 -------- d-----w c:\program files\uTorrent
2009-04-02 17:08 . 2009-02-23 07:09 -------- d-----w c:\program files\Buddy Icon Constructor FREE
2009-03-31 05:55 . 2009-02-22 21:03 69624 ----a-w c:\documents and settings\Daki\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 05:55 . 2009-03-19 20:32 -------- d-----w c:\program files\Google
2009-03-29 21:39 . 2009-02-23 10:33 -------- d-----w c:\documents and settings\Daki\Application Data\DAEMON Tools
2009-03-27 06:14 . 2009-02-22 21:12 453152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-22 20:18 . 2009-03-11 05:51 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-22 20:02 . 2009-02-24 22:41 -------- d-----w c:\program files\Chartcross
2009-03-22 20:01 . 2009-03-07 10:59 -------- d-----w c:\program files\Resco
2009-03-22 19:59 . 2009-03-03 09:23 -------- d-----w c:\program files\MDM
2009-03-16 21:15 . 2009-02-22 22:08 -------- d-----w c:\program files\Common Files\Adobe
2009-03-16 21:14 . 2009-03-16 21:14 -------- d-----w c:\program files\Adobe Media Player
2009-03-16 21:12 . 2009-03-16 21:12 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-12 20:29 . 2009-02-23 07:49 -------- d-----w c:\program files\JetAudio
2009-03-11 05:57 . 2009-03-11 05:51 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-11 05:51 . 2009-03-11 05:51 -------- d-----w c:\program files\Lavasoft
2009-03-07 12:53 . 2008-01-29 17:29 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-03-07 12:53 . 2009-03-07 12:40 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-03-07 12:53 . 2009-03-07 12:40 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-03-07 12:40 . 2009-03-07 12:40 -------- d-----w c:\program files\Kaspersky Lab
2009-03-07 12:39 . 2009-03-07 12:39 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-07 10:58 . 2009-03-07 10:58 -------- d-----w c:\program files\IMPlus for Skype 1.00 for PocketPC
2009-03-07 10:29 . 2009-03-07 10:29 -------- d-----w c:\program files\Common Files\Skype
2009-03-07 10:29 . 2009-02-22 21:36 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-07 10:29 . 2009-02-22 21:35 -------- d-----r c:\program files\Skype
2009-03-06 21:29 . 2009-03-06 21:29 -------- d-----w c:\program files\Handmark
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\documents and settings\Daki\Application Data\Publish Providers
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\documents and settings\Daki\Application Data\Sony
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\program files\Sony
2009-03-02 09:25 . 2009-03-02 09:25 -------- d-----w c:\program files\Sony Setup
2009-02-28 17:14 . 2009-02-28 17:14 -------- d-----w c:\program files\Crystal Player
2009-02-26 11:56 . 2009-02-26 11:56 -------- d-----w c:\program files\Soft Object Technologies Inc
2009-02-26 10:35 . 2009-02-26 10:35 -------- d-----w c:\program files\Belkin
2009-02-26 09:30 . 2009-02-26 09:18 35328 ----a-w c:\windows\system32\cygz.dll
2009-02-26 09:30 . 2009-02-26 09:18 35328 ----a-w c:\windows\cygz.dll
2009-02-26 09:30 . 2009-02-26 09:18 1126281 ----a-w c:\windows\system32\cygwin1.dll
2009-02-26 09:30 . 2009-02-26 09:18 1126281 ----a-w c:\windows\cygwin1.dll
2009-02-26 08:22 . 2009-02-26 08:22 -------- d-----w c:\program files\Padus
2009-02-26 08:16 . 2009-02-26 08:16 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-02-23 22:36 . 2009-02-23 22:36 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-02-23 22:32 . 2009-02-23 22:32 -------- d-----w c:\program files\Bonjour
2009-02-23 22:28 . 2009-02-23 22:28 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-02-23 20:19 . 2009-02-23 20:19 -------- d-----w c:\documents and settings\Daki\Application Data\AdobeUM
2009-02-23 10:38 . 2009-02-23 10:34 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-23 10:37 . 2009-02-23 10:37 -------- d-----w c:\program files\Microsoft Works
2009-02-23 10:37 . 2009-02-23 10:37 -------- d-----w c:\program files\MSBuild
2009-02-23 10:34 . 2009-02-23 10:33 -------- d-----w c:\program files\DAEMON Tools Lite
2009-02-23 10:31 . 2009-02-23 10:31 715248 ----a-w c:\windows\system32\drivers\sptd.sys
2009-02-23 10:30 . 2009-02-23 10:30 -------- d-----w c:\documents and settings\All Users\Application Data\NexonEU
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\documents and settings\All Users\Application Data\Macrovision
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\program files\Common Files\Macromedia Shared
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\program files\Common Files\Macromedia
2009-02-23 09:31 . 2009-02-23 09:31 -------- d-----w c:\program files\Macromedia
2009-02-23 09:30 . 2009-02-22 21:12 -------- d-----w c:\program files\Common Files\InstallShield
2009-02-23 07:49 . 2009-02-23 07:49 -------- d-----w c:\documents and settings\Daki\Application Data\COWON
2009-02-23 07:49 . 2009-02-23 07:49 -------- d-----w c:\program files\Common Files\COWON
2009-02-23 07:42 . 2009-02-23 07:42 -------- d-----w c:\documents and settings\All Users\Application Data\Azureus
2009-02-23 07:40 . 2009-02-23 07:40 -------- d-----w c:\program files\Common Files\i4j_jres
2009-02-23 07:02 . 2009-02-22 22:06 -------- d-----w c:\documents and settings\Daki\Application Data\Notepad++
2009-02-23 07:01 . 2009-02-23 07:01 -------- d-----w c:\program files\totalcmd
2009-02-22 22:11 . 2009-02-22 22:11 -------- d-----w c:\program files\K-Lite Codec Pack
2009-02-22 22:09 . 2009-02-22 22:09 -------- d-----w c:\documents and settings\Daki\Application Data\Media Player Classic
2009-02-22 22:06 . 2009-02-22 22:06 -------- d-----w c:\program files\Notepad++
2009-02-22 21:58 . 2009-02-22 21:58 -------- d-----w c:\program files\Yahoo!
2009-02-22 21:55 . 2009-02-22 21:55 -------- d-----w c:\program files\Microsoft
2009-02-22 21:55 . 2009-02-22 21:54 -------- d-----w c:\program files\Windows Live
2009-02-22 21:53 . 2009-02-22 21:53 -------- d-----w c:\documents and settings\All Users\Application Data\Hagel Technologies
2009-02-22 21:47 . 2009-02-22 21:47 -------- d-----w c:\program files\Common Files\Windows Live
2009-02-22 21:27 . 2009-02-22 21:23 15600 ----a-w c:\windows\gdrv.sys
2009-02-22 21:26 . 2009-02-22 21:25 429 ----a-w C:\RHDSetup.log
2009-02-22 21:26 . 2009-02-22 21:25 206 ----a-w C:\csb.log
2009-02-22 21:25 . 2009-02-22 21:25 -------- d-----w c:\program files\Realtek
2009-02-22 21:25 . 2009-02-22 21:25 315392 ----a-w c:\windows\HideWin.exe
2009-02-22 21:25 . 2009-02-22 21:25 -------- d-----w c:\program files\DIFX
2009-02-22 21:24 . 2009-02-22 21:24 -------- d-----w c:\documents and settings\Daki\Application Data\InstallShield
2009-02-22 21:22 . 2009-02-22 21:22 -------- d-----w c:\program files\Microsoft IntelliPoint
2009-02-22 21:22 . 2009-02-22 21:22 -------- d-----w c:\program files\Microsoft IntelliType Pro
2009-02-22 21:15 . 2009-02-22 21:15 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-02-22 21:03 . 2009-02-22 20:58 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-02-22 20:59 . 2009-02-22 20:59 -------- d-----w c:\program files\microsoft frontpage
2009-02-22 20:56 . 2009-02-22 20:56 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-04-20_12.34.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-20 13:22 . 2009-04-20 13:22 16384 c:\windows\temp\Perflib_Perfdata_b64.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-27 24103720]
"DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2007-10-17 979968]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-01-03 486856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"Google Update"="c:\documents and settings\Daki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-08 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2006-07-07 576320]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2006-07-07 600896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-03-07 206088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Daki\Start Menu\Programs\Startup\
Yahoo! Widget Engine.lnk - c:\program files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-7-20 2913584]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BTTray.lnk - c:\program files\Belkin\Bluetooth Software\BTTray.exe [2004-10-1 565309]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\nexon\Combat Arms EU\CombatArms.exe"= c:\nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe
"c:\nexon\Combat Arms EU\Engine.exe"= c:\nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe
"c:\\Nexon\\Combat Arms EU\\NMService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R2 gupdate1c9ad20ae6b4396;Google Update Service (gupdate1c9ad20ae6b4396);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-03-07 33808]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;c:\program files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-24 566560]
S2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
.
Contents of the 'Scheduled Tasks' folder
2009-04-20 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 08:06]
2009-04-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-789336058-1801674531-1003.job
- c:\documents and settings\Daki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-08 06:38]
.
- - - - ORPHANS REMOVED - - - -
BHO-{44A83728-E814-36DF-BB0D-9ADEA2485013} - c:\windows\system32\xwr64003.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Daki\Application Data\Mozilla\Firefox\Profiles\yr3dw3ez.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=971163&p=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\documents and settings\Daki\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-04-20 15:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASKService]
"ImagePath"="c:\program files\AskBarDis\bar\bin\AskService.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASKUpgrade]
"ImagePath"="c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1112)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-20 15:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-20 13:24
ComboFix2.txt 2009-04-20 12:36
Pre-Run: 21,585,268,736 bytes free
Post-Run: 20,694,192,128 bytes free
323