(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Share ----
2009-03-29 16:14 425984 --a------ c:\share\123\123 Previews.lrdata\thumbnail-cache.db
2009-03-29 16:13 54384 --a------ c:\share\123\123 Previews.lrdata\3\3F0D\3F0DA113-9CC0-4603-B02A-F255739CA2E8-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 49200 --a------ c:\share\123\123 Previews.lrdata\4\495A\495A0CEA-A330-437D-B0EA-3DC9FCEE0C8C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 47792 --a------ c:\share\123\123 Previews.lrdata\3\36EB\36EB9C0E-5943-4900-B397-E4B07CC59479-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 46448 --a------ c:\share\123\123 Previews.lrdata\8\8C9D\8C9D79D2-179B-49EB-8E42-5C1E102E67E2-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 43344 --a------ c:\share\123\123 Previews.lrdata\1\18A8\18A8DE76-D334-4A32-80A3-6395FB4423A8-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 42256 --a------ c:\share\123\123 Previews.lrdata\1\11A4\11A4DE69-938B-46EF-B045-60E94AA647D6-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 41280 --a------ c:\share\123\123 Previews.lrdata\E\E0F4\E0F4A186-902F-438A-AA45-A6566892A31C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 39776 --a------ c:\share\123\123 Previews.lrdata\F\FE39\FE393920-6C34-4446-B6A2-CFB431936E00-8865ddc80544b1a7b3f0a5961fe3a476-83.lr-preview.noindex
2009-03-29 16:13 39280 --a------ c:\share\123\123 Previews.lrdata\2\2C58\2C580518-E7CF-42A7-83F1-2E209D6DBDED-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 38944 --a------ c:\share\123\123 Previews.lrdata\7\7D59\7D5965F5-250C-4BD1-921B-B37C7D1123AC-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 38880 --a------ c:\share\123\123 Previews.lrdata\
0\
0E9D\
0E9D74C9-9430-47DC-8366-7FEFA3CE9EC6-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 37360 --a------ c:\share\123\123 Previews.lrdata\1\175A\175A2FAF-105A-4564-AFC1-60FD285482B0-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 36880 --a------ c:\share\123\123 Previews.lrdata\B\BA74\BA74BC1C-F0B5-487E-90C0-C83D84219E9C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 35056 --a------ c:\share\123\123 Previews.lrdata\C\C79C\C79C3BF6-7041-4CF3-8679-421E706DFA9A-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 30288 --a------ c:\share\123\123 Previews.lrdata\2\2A77\2A7703B5-0001-4EDC-9AF1-5B922E3B6BC9-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 29920 --a------ c:\share\123\123 Previews.lrdata\5\543A\543AF073-5962-4CE9-94E7-DDB83E2B8E4C-8865ddc80544b1a7b3f0a5961fe3a476-94.lr-preview.noindex
2009-03-29 16:13 26160 --a------ c:\share\123\123 Previews.lrdata\B\B799\B799A05A-0344-4530-8845-3DDA4FB22752-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
2009-03-29 16:13 26000 --a------ c:\share\123\123 Previews.lrdata\5\55A9\55A95D90-56F9-4E6F-8525-2613D24DF5BA-8865ddc80544b1a7b3f0a5961fe3a476-95.lr-preview.noindex
---- Directory of C:\XPSetup ----
2009-04-04 00:08 10 --------- c:\xpsetup\WIN51IC.SP2
2009-04-04 00:07 10 --------- c:\xpsetup\WIN51IC.SP1
2009-04-04 00:07 10 --------- c:\xpsetup\WIN51IC
2009-04-04 00:05 10 --------- c:\xpsetup\WIN51
2008-07-06 22:06 89088 --------- c:\xpsetup\i386\filterpipelineprintproc.dll
2008-07-06 22:06 765440 --------- c:\xpsetup\i386\mxdwdrv.dll
2008-07-06 22:06 1676288 --------- c:\xpsetup\i386\xpssvcs.dll
2008-07-06 22:06 10929 --------- c:\xpsetup\i386\msxpsdrv.cat
2008-06-19 15:33 72 --------- c:\xpsetup\i386\msxpsinc.ppd
2008-06-19 15:33 2204 --------- c:\xpsetup\i386\msxpsdrv.inf
2008-06-19 11:03 73 --------- c:\xpsetup\i386\msxpsinc.gpd
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-11-03 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-11-03 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-11-03 134656]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-02-03 949376]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-03-30 1213320]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-03-31 2277232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-04-06 401040]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-09 c:\windows\RTHDCPL.EXE]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Kimina\Start Menu\Programs\Startup\
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-08-29 360448]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 11 (0xb)
"GreyMSIAds"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\Program Files\\Family Tree Maker 2009\\FTM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\SoulseekNS\\slsk.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
S1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [2009-03-31 115056]
S1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009-02-03 15424]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-27 179856]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-27 15504]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-03-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51]
2009-04-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1214440339-2052111302-839522115-1004.job
- c:\documents and settings\Kimina\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-07 17:38]
2009-04-07 c:\windows\Tasks\Malwarebytes' Scheduled Scan for Kimina.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]
2009-04-08 c:\windows\Tasks\Malwarebytes' Scheduled Update for Kimina.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-04-06 15:32]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.bigpond.com/internet/mybigpond/IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {E1C2CA2F-B009-43DB-AAEB-3433D7E8F1E7} = 61.9.211.33,61.9.211.1
FF - ProfilePath - c:\documents and settings\Kimina\Application Data\Mozilla\Firefox\Profiles\aba8c5y6.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.bigpond.com/internet/mybigpond/FF - plugin: c:\documents and settings\Kimina\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-09 09:04:33
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-04-09 9:07:11 - machine was rebooted [Kimina]
ComboFix-quarantined-files.txt 2009-04-08 23:07:09
ComboFix2.txt 2009-04-08 15:48:56
ComboFix3.txt 2009-04-06 16:22:36
Pre-Run: 180,738,424,832 bytes free
Post-Run: 180,724,666,368 bytes free
323 --- E O F --- 2009-03-20 00:13:17