Re: Do I have a virus?

**justinob** · **justinob** on 31st December 2009, 12:36 am

ComboFix 09-12-29.06 - Justino Binalinbing 12/30/2009 16:21:06.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.509 [GMT -8:00]
Running from: c:\documents and settings\Justino Binalinbing\Desktop\commy.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Cheat Engine\dbk32.sys

.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.

2009-12-30 23:48 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\2c0d9a04.dll
2009-12-30 23:48 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\2b7f89de.dll
2009-12-30 23:03 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\380ac2c0.dll
2009-12-30 23:03 . 2008-04-14 00:12 82432 ---h-tw- c:\windows\system32\f86fb80.dll
2009-12-26 05:00 . 2009-10-26 13:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-12-26 05:00 . 2008-06-20 17:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-12-26 05:00 . 2008-06-20 17:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2009-12-26 03:24 . 2009-12-26 03:24 -------- d-----w- c:\program files\SP36869
2009-12-26 02:36 . 2009-12-26 02:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-26 02:27 . 2006-12-11 19:05 2732032 ------w- c:\windows\system32\NETw3r32.dll
2009-12-26 02:27 . 2006-12-11 19:05 1711488 ----a-w- c:\windows\system32\drivers\NETw3x32.sys
2009-12-26 02:27 . 2006-12-11 19:05 561152 ------w- c:\windows\system32\NETw3c32.dll
2009-12-09 00:09 . 2009-12-09 00:09 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\GTek
2009-12-06 20:24 . 2009-12-06 20:24 -------- d-----w- c:\program files\Trend Micro
2009-12-05 19:28 . 2009-12-05 19:29 -------- d-----w- c:\program files\CCleaner
2009-12-05 19:06 . 2009-12-06 22:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-05 19:06 . 2009-12-06 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-05 19:03 . 2009-12-05 19:05 -------- d-----w- c:\program files\SpywareBlaster
2009-12-03 20:18 . 2009-12-03 20:18 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-12-03 02:00 . 2009-12-03 02:00 -------- d-----w- c:\program files\ESET
2009-12-03 01:54 . 2009-12-03 01:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 00:30 . 2009-10-13 05:38 -------- d-----w- c:\program files\Cheat Engine
2009-12-29 19:47 . 2009-03-11 06:33 -------- d-----w- c:\program files\McAfee
2009-12-04 05:28 . 2009-09-14 23:15 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\HpUpdate
2009-12-02 07:37 . 2009-01-09 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-24 19:30 . 2009-04-10 20:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-22 23:34 . 2009-10-17 20:24 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2009-11-16 04:51 . 2009-11-16 04:42 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\Reg Tool
2009-11-16 04:32 . 2008-12-03 03:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-16 04:31 . 2009-11-16 04:31 -------- d-----w- c:\program files\Java
2009-11-15 23:17 . 2009-11-15 23:17 -------- d-----w- c:\program files\Adobe Media Player
2009-11-15 23:16 . 2006-09-17 07:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-15 23:10 . 2009-11-15 23:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-12 05:21 . 2009-11-12 05:16 -------- d-----w- c:\program files\Jumi
2009-11-05 02:35 . 2009-11-05 02:35 45056 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe1_08C2044E9E9840058E3CE438A10501EC.exe
2009-11-05 02:35 . 2009-11-05 02:35 45056 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe_08C2044E9E9840058E3CE438A10501EC.exe
2009-11-05 02:35 . 2009-11-05 02:35 10134 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\ARPPRODUCTICON.exe
2009-11-05 01:54 . 2008-12-03 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-11-04 03:26 . 2009-11-04 03:26 85504 ----a-w- c:\windows\Inherit.exe
2009-11-04 03:26 . 2008-10-04 02:52 -------- d-----w- c:\program files\iTunes
2009-11-04 03:25 . 2008-10-04 02:52 -------- d-----w- c:\program files\iPod
2009-11-04 03:15 . 2009-11-04 03:15 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-04 00:50 . 2007-07-24 23:58 95616 ----a-w- c:\windows\junction.exe
2009-10-29 07:45 . 2004-08-04 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 21:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 21:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 18:30 . 2008-12-03 02:16 71384 ----a-w- c:\documents and settings\Justino Binalinbing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 10:30 . 2004-08-04 21:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 21:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 21:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-10-28_02.43.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-30 22:22 . 2009-12-30 22:22 16384 c:\windows\temp\Perflib_Perfdata_6bc.dat
+ 2008-12-04 23:56 . 2009-10-28 15:07 46080 c:\windows\system32\tzchange.exe
- 2008-12-04 23:56 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2007-11-01 12:45 . 2007-11-01 12:45 69632 c:\windows\system32\TWUNK_32.EXE
+ 2007-11-01 12:45 . 2007-11-01 12:45 48560 c:\windows\system32\TWUNK_16.EXE
+ 2007-11-01 12:45 . 2007-11-01 12:45 77312 c:\windows\system32\TWAIN_32.DLL
+ 2006-03-27 16:07 . 2009-12-26 05:08 71462 c:\windows\system32\perfc009.dat
- 2006-03-27 16:07 . 2009-10-16 21:41 71462 c:\windows\system32\perfc009.dat
+ 2007-08-14 02:54 . 2009-10-29 07:45 55296 c:\windows\system32\msfeedsbs.dll
- 2007-08-14 02:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
- 2004-08-04 21:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 21:00 . 2009-10-29 07:45 25600 c:\windows\system32\jsproxy.dll
+ 2009-10-30 04:15 . 2009-09-10 21:54 38224 c:\windows\system32\drivers\mbamswissarmy.sys
+ 2009-10-30 04:15 . 2009-09-10 21:53 19160 c:\windows\system32\drivers\mbam.sys
+ 2009-06-20 07:33 . 2009-10-29 07:45 12800 c:\windows\system32\dllcache\xpshims.dll
- 2009-06-20 07:33 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 75776 c:\windows\system32\dllcache\strmfilt.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:\windows\system32\dllcache\raschap.dll
- 2008-08-26 07:24 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2008-08-26 07:24 . 2009-10-29 07:45 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 21:00 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 21:00 . 2009-10-29 07:45 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-10-21 05:38 . 2009-10-21 05:38 25088 c:\windows\system32\dllcache\httpapi.dll
+ 2008-12-03 00:57 . 2009-12-30 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-03 00:57 . 2009-10-27 23:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-28 04:04 . 2009-12-30 23:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-03 00:57 . 2009-10-27 23:12 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-08-12 05:13 . 2006-12-11 19:05 53248 c:\windows\iwlandrvxpver.dll
- 2006-08-12 05:13 . 2006-03-14 18:02 53248 c:\windows\iwlandrvxpver.dll
+ 2009-11-03 04:19 . 2009-11-03 04:19 22528 c:\windows\Installer\1b4e7.msi
+ 2009-11-15 23:17 . 2009-11-15 23:17 23552 c:\windows\Installer\155fef.msi
+ 2009-11-15 23:10 . 2009-11-15 23:10 26112 c:\windows\Installer\155f97.msi
+ 2009-11-25 00:38 . 2009-11-25 00:38 32768 c:\windows\Installer\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}\icon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 23040 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 27136 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 11264 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 12288 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-12-26 02:27 . 2009-07-03 17:09 12800 c:\windows\ie8updates\KB976325-IE8\xpshims.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 55296 c:\windows\ie8updates\KB976325-IE8\msfeedsbs.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 25600 c:\windows\ie8updates\KB976325-IE8\jsproxy.dll
+ 2009-11-25 00:41 . 2009-07-14 11:03 46080 c:\windows\$NtUninstallKB976098-v2$\tzchange.exe
+ 2009-11-25 00:41 . 2009-10-29 02:03 16896 c:\windows\$NtUninstallKB976098-v2$\spuninst\tzchange.dll
+ 2009-11-25 00:41 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973687\update\spcustom.dll
+ 2009-11-25 00:41 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973687\spmsg.dll
+ 2009-11-12 04:29 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB969947\update\spcustom.dll
+ 2009-11-12 04:29 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB969947\spmsg.dll
+ 2006-08-12 05:11 . 2009-12-26 02:29 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 4096 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-07-12 09:12 . 2009-07-12 09:12 632656 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
+ 2009-07-12 09:09 . 2009-07-12 09:09 554832 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
+ 2009-07-12 09:08 . 2009-07-12 09:08 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcm80.dll
+ 2006-06-05 22:14 . 2006-06-05 22:14 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
+ 2006-06-05 22:14 . 2006-06-05 22:14 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 22:14 . 2006-06-05 22:14 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2004-08-04 21:00 . 2009-08-25 09:17 354816 c:\windows\system32\winhttp.dll
+ 2006-03-27 16:07 . 2009-12-26 05:08 441692 c:\windows\system32\perfh009.dat
- 2006-03-27 16:07 . 2009-10-16 21:41 441692 c:\windows\system32\perfh009.dat
- 2004-08-04 21:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
+ 2004-08-04 21:00 . 2009-10-29 07:45 206848 c:\windows\system32\occache.dll
+ 2008-07-31 18:16 . 2008-07-31 18:16 947472 c:\windows\system32\msjava.dll
+ 2007-08-14 02:54 . 2009-10-29 07:45 594432 c:\windows\system32\msfeeds.dll
- 2007-08-14 02:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2009-11-16 04:32 . 2009-11-16 04:32 149280 c:\windows\system32\javaws.exe
+ 2009-11-16 04:32 . 2009-11-16 04:32 145184 c:\windows\system32\javaw.exe
+ 2009-11-16 04:32 . 2009-11-16 04:32 145184 c:\windows\system32\java.exe
+ 2005-07-03 10:11 . 2009-10-29 07:45 184320 c:\windows\system32\iepeers.dll
- 2005-07-03 10:11 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 21:00 . 2009-10-29 07:45 387584 c:\windows\system32\iedkcs32.dll
- 2004-08-04 21:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 21:00 . 2009-10-28 14:40 173056 c:\windows\system32\ie4uinit.exe
- 2006-03-27 16:03 . 2009-10-16 00:42 283720 c:\windows\system32\FNTCACHE.DAT
+ 2006-03-27 16:03 . 2009-11-12 04:53 283720 c:\windows\system32\FNTCACHE.DAT
+ 2009-12-26 05:00 . 2009-11-11 12:26 557056 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2c32.dll
+ 2009-12-26 05:00 . 2008-06-20 17:32 663552 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5c32.dll
+ 2009-12-26 02:27 . 2006-12-11 19:05 646656 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3c64.dll
+ 2009-12-26 02:27 . 2006-12-11 19:05 561152 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3c32.dll
+ 2008-12-04 23:56 . 2009-10-29 07:45 916480 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:\windows\system32\dllcache\winhttp.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:\windows\system32\dllcache\rastls.dll
+ 2007-08-14 02:44 . 2009-10-29 07:45 206848 c:\windows\system32\dllcache\occache.dll
- 2007-08-14 02:44 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-10-13 10:30 . 2009-10-13 10:30 270336 c:\windows\system32\dllcache\oakley.dll
+ 2008-08-26 07:24 . 2009-10-29 07:45 594432 c:\windows\system32\dllcache\msfeeds.dll
- 2008-08-26 07:24 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-06-20 07:33 . 2009-10-29 07:45 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2009-06-20 07:33 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
- 2008-12-04 23:56 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2008-12-04 23:56 . 2009-10-29 07:45 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2007-08-14 02:39 . 2009-10-29 07:45 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2007-08-14 02:39 . 2009-10-28 14:40 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2007-08-14 02:39 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\system32\dllcache\http.sys
+ 2009-12-26 02:36 . 2009-12-26 02:36 245760 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-25 00:38 . 2009-11-25 00:38 429568 c:\windows\Installer\f75da.msi
+ 2009-11-05 02:35 . 2009-11-05 02:35 550912 c:\windows\Installer\cb465b.msi
+ 2009-11-04 03:18 . 2009-11-04 03:18 796672 c:\windows\Installer\8afba4.msi
+ 2009-09-09 23:40 . 2009-09-09 23:40 632320 c:\windows\Installer\2d7067.msp
+ 2009-12-04 05:25 . 2009-12-04 05:25 816640 c:\windows\Installer\1f76fa4.msi
+ 2009-11-04 03:27 . 2009-11-04 03:27 102400 c:\windows\Installer\{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}\iTunesIco.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 409600 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 286720 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 249856 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 794624 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2006-08-12 05:11 . 2009-12-26 02:29 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2006-08-12 05:11 . 2009-10-16 21:33 135168 c:\windows\Installer\{91120409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-12-04 05:25 . 2009-12-04 05:25 102400 c:\windows\Installer\{74DC0593-6BC6-4001-AD5F-D810AFB68D86}\NewShortcut1_47F36D92E58E456DB73C3382737E4C42.exe
+ 2009-12-26 02:27 . 2009-07-03 17:09 915456 c:\windows\ie8updates\KB976325-IE8\wininet.dll
+ 2009-12-26 02:27 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB976325-IE8\spuninst\updspapi.dll
+ 2009-12-26 02:27 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB976325-IE8\spuninst\spuninst.exe
+ 2009-12-26 02:27 . 2009-07-03 17:09 206848 c:\windows\ie8updates\KB976325-IE8\occache.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 594432 c:\windows\ie8updates\KB976325-IE8\msfeeds.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 246272 c:\windows\ie8updates\KB976325-IE8\ieproxy.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 184320 c:\windows\ie8updates\KB976325-IE8\iepeers.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 386048 c:\windows\ie8updates\KB976325-IE8\iedkcs32.dll
+ 2009-12-26 02:27 . 2009-07-03 11:01 173056 c:\windows\ie8updates\KB976325-IE8\ie4uinit.exe
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:\windows\Driver Cache\i386\http.sys
+ 2009-11-25 00:41 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB976098-v2$\spuninst\updspapi.dll
+ 2009-11-25 00:41 . 2009-05-26 11:40 231288 c:\windows\$NtUninstallKB976098-v2$\spuninst\spuninst.exe
+ 2009-11-25 00:41 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB973687$\spuninst\updspapi.dll
+ 2009-11-25 00:41 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973687$\spuninst\spuninst.exe
+ 2009-11-12 04:29 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB969947$\spuninst\updspapi.dll
+ 2009-11-12 04:29 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB969947$\spuninst\spuninst.exe
+ 2009-11-25 00:41 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB973687\update\updspapi.dll
+ 2009-11-25 00:41 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973687\update\update.exe
+ 2009-11-25 00:41 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973687\spuninst.exe
+ 2009-11-12 04:29 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB969947\update\updspapi.dll
+ 2009-11-12 04:29 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB969947\update\update.exe
+ 2009-11-12 04:29 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB969947\spuninst.exe
+ 2009-07-21 08:03 . 2009-07-21 08:03 1348432 c:\windows\WinSxS\x86_Microsoft.MSXML2_6bd6b9abf345378f_4.20.9876.0_x-ww_a621d1d5\msxml4.dll
+ 2004-08-04 21:00 . 2009-08-14 13:21 1850624 c:\windows\system32\win32k.sys
+ 2004-08-04 21:00 . 2009-10-29 07:45 1208832 c:\windows\system32\urlmon.dll
- 2004-08-04 21:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2008-12-06 09:46 . 2009-07-31 18:05 1372672 c:\windows\system32\msxml6.dll
+ 2009-07-21 08:05 . 2009-07-21 08:05 1348432 c:\windows\system32\msxml4.dll
+ 2004-08-04 21:00 . 2009-07-31 04:35 1172480 c:\windows\system32\msxml3.dll
+ 2004-08-04 21:00 . 2009-10-29 07:45 5940736 c:\windows\system32\mshtml.dll
- 2007-08-14 02:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
+ 2007-08-14 02:34 . 2009-10-29 07:45 1985536 c:\windows\system32\iertutil.dll
+ 2009-12-26 05:00 . 2009-11-11 12:26 2216064 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n51.sys
+ 2009-12-26 05:00 . 2009-11-11 12:26 2212352 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\w29n50.sys
+ 2009-12-26 05:00 . 2009-11-11 12:26 2732032 c:\windows\system32\DRVSTORE\w29n51_AEF466EE116FDF742A02BFF75E6143DB4A91003C\Netw2r32.dll
+ 2009-12-26 05:00 . 2009-10-26 13:47 4221952 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5x32.sys
+ 2009-12-26 05:00 . 2008-06-20 17:33 2756608 c:\windows\system32\DRVSTORE\netw5x32_82B9AE35153F0147942779E59FCCBAEDA8F5CF94\NETw5r32.dll
+ 2009-12-26 02:27 . 2006-12-11 19:05 2056704 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3x64.sys
+ 2009-12-26 02:27 . 2006-12-11 19:05 1711488 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3x32.sys
+ 2009-12-26 02:27 . 2006-12-11 19:05 2628096 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3r64.dll
+ 2009-12-26 02:27 . 2006-12-11 19:05 2732032 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3r32.dll
+ 2009-12-26 02:27 . 2006-12-11 19:05 1706752 c:\windows\system32\DRVSTORE\netw39x5_5141F197023A2B6445613A88DC7CF47353D18D69\NETw3k32.sys
+ 2008-12-04 23:57 . 2009-08-14 13:21 1850624 c:\windows\system32\dllcache\win32k.sys
+ 2008-12-04 23:56 . 2009-10-29 07:45 1208832 c:\windows\system32\dllcache\urlmon.dll
- 2008-12-04 23:56 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-06 09:46 . 2009-07-31 18:05 1372672 c:\windows\system32\dllcache\msxml6.dll
+ 2008-12-04 23:56 . 2009-07-31 04:35 1172480 c:\windows\system32\dllcache\msxml3.dll
+ 2008-12-04 23:56 . 2009-10-29 07:45 5940736 c:\windows\system32\dllcache\mshtml.dll
+ 2008-08-26 07:24 . 2009-10-29 07:45 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2008-08-26 07:24 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
- 2009-10-13 05:38 . 2007-12-27 00:30 1970176 c:\windows\system32\d3dx9.dll
+ 2009-10-13 05:38 . 2007-12-27 01:30 1970176 c:\windows\system32\d3dx9.dll
+ 2009-10-22 20:46 . 2009-10-22 20:46 6821888 c:\windows\Installer\b17cd.msp
+ 2009-10-07 02:40 . 2009-10-07 02:40 7681024 c:\windows\Installer\b17bb.msp
+ 2009-10-22 20:28 . 2009-10-22 20:28 5521408 c:\windows\Installer\b17a9.msp
+ 2009-11-04 03:27 . 2009-11-04 03:27 4454912 c:\windows\Installer\8b0345.msi
+ 2009-11-16 05:25 . 2009-11-16 05:25 2435584 c:\windows\Installer\42efbd.msi
+ 2009-11-16 05:13 . 2009-11-16 05:13 1767936 c:\windows\Installer\42ef93.msi
+ 2009-11-16 06:45 . 2009-11-16 06:45 2435584 c:\windows\Installer\3a58b.msi
+ 2009-11-16 06:42 . 2009-11-16 06:42 1767936 c:\windows\Installer\3a582.msi
+ 2009-11-20 23:00 . 2009-11-20 23:00 5521408 c:\windows\Installer\2d7079.msp
+ 2009-12-17 06:58 . 2009-12-17 06:58 5382144 c:\windows\Installer\2d7056.msp
+ 2009-11-15 23:20 . 2009-11-15 23:20 4057088 c:\windows\Installer\155ff5.msi
+ 2009-11-15 23:16 . 2009-11-15 23:16 3285504 c:\windows\Installer\155fe4.msi
+ 2009-11-15 23:15 . 2009-11-15 23:15 3178496 c:\windows\Installer\155fdf.msi
+ 2009-11-15 23:14 . 2009-11-15 23:14 3075072 c:\windows\Installer\155fda.msi
+ 2009-11-15 23:14 . 2009-11-15 23:14 3089408 c:\windows\Installer\155fd5.msi
+ 2009-11-15 23:14 . 2009-11-15 23:14 3078656 c:\windows\Installer\155fd0.msi
+ 2009-11-15 23:13 . 2009-11-15 23:13 3146240 c:\windows\Installer\155fcb.msi
+ 2009-11-15 23:13 . 2009-11-15 23:13 3083776 c:\windows\Installer\155fc6.msi
+ 2009-11-15 23:12 . 2009-11-15 23:12 3076096 c:\windows\Installer\155fbf.msi
+ 2009-11-15 23:12 . 2009-11-15 23:12 3079680 c:\windows\Installer\155fba.msi
+ 2009-11-15 23:12 . 2009-11-15 23:12 3087360 c:\windows\Installer\155fb5.msi
+ 2009-11-15 23:11 . 2009-11-15 23:11 3094016 c:\windows\Installer\155fb0.msi
+ 2009-11-15 23:11 . 2009-11-15 23:11 3831808 c:\windows\Installer\155fab.msi
+ 2009-11-15 23:10 . 2009-11-15 23:10 3073024 c:\windows\Installer\155fa5.msi
+ 2009-11-15 23:10 . 2009-11-15 23:10 3110912 c:\windows\Installer\155f9e.msi
+ 2009-11-15 23:09 . 2009-11-15 23:09 3150848 c:\windows\Installer\155f7f.msi
+ 2009-11-15 23:09 . 2009-11-15 23:09 3273216 c:\windows\Installer\155f77.msi
+ 2009-11-15 23:08 . 2009-11-15 23:08 3186176 c:\windows\Installer\155f72.msi
+ 2009-11-15 23:08 . 2009-11-15 23:08 3228160 c:\windows\Installer\155f6d.msi
+ 2009-11-15 23:08 . 2009-11-15 23:08 3070976 c:\windows\Installer\155f68.msi
+ 2009-11-15 23:06 . 2009-11-15 23:06 3174400 c:\windows\Installer\155f63.msi
+ 2009-11-16 04:32 . 2009-11-16 04:32 1757696 c:\windows\Installer\13b2ae.msi
+ 2009-12-26 02:27 . 2009-07-03 17:09 1208832 c:\windows\ie8updates\KB976325-IE8\urlmon.dll
+ 2009-12-26 02:27 . 2009-07-19 13:18 5937152 c:\windows\ie8updates\KB976325-IE8\mshtml.dll
+ 2009-12-26 02:27 . 2009-07-03 17:09 1985536 c:\windows\ie8updates\KB976325-IE8\iertutil.dll
+ 2009-12-04 05:25 . 2009-12-04 05:25 1729024 c:\windows\Hewlett-Packard\Setup Files\HP Software Update\{2CA9E997-73DA-4996-BEF1-58DABC19657C}\HP Update.msi
+ 2009-11-25 00:41 . 2008-09-10 01:14 1307648 c:\windows\$NtUninstallKB973687$\msxml6.dll
+ 2009-11-25 00:41 . 2008-09-04 17:15 1106944 c:\windows\$NtUninstallKB973687$\msxml3.dll
+ 2009-11-12 04:29 . 2009-04-17 12:26 1847168 c:\windows\$NtUninstallKB969947$\win32k.sys
+ 2009-11-25 00:26 . 2009-07-31 04:24 1447424 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml6.dll
+ 2009-11-25 00:26 . 2009-07-31 04:24 1172480 c:\windows\$hf_mig$\KB973687\SP3QFE\msxml3.dll
+ 2009-08-14 12:19 . 2009-08-14 12:19 1859712 c:\windows\$hf_mig$\KB969947\SP3QFE\win32k.sys
+ 2008-12-05 06:53 . 2009-12-01 20:06 25966024 c:\windows\system32\MRT.exe
+ 2007-08-14 02:54 . 2009-10-29 07:45 11069952 c:\windows\system32\ieframe.dll
+ 2008-10-03 17:41 . 2009-10-29 07:45 11069952 c:\windows\system32\dllcache\ieframe.dll
+ 2009-12-26 02:27 . 2009-07-20 01:48 11067392 c:\windows\ie8updates\KB976325-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-20 68856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-05 2923192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="c:\documents and settings\Justino Binalinbing\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-27 687976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57961:TCP"= 57961:TCP:Pando Media Booster
"57961:UDP"= 57961:UDP:Pando Media Booster
"59115:TCP"= 59115:TCP:Pando Media Booster
"59115:UDP"= 59115:UDP:Pando Media Booster
"56514:TCP"= 56514:TCP:Pando Media Booster
"56514:UDP"= 56514:UDP:Pando Media Booster
"56664:TCP"= 56664:TCP:Pando Media Booster
"56664:UDP"= 56664:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/11/2009 10:37 PM 93320]
S2 gupdate1c9e3ee33015cfe;Google Update Service (gupdate1c9e3ee33015cfe);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 5:54 PM 133104]
S3 Flash1;Flash1;c:\program files\SP36869\winphlash\FLASH1.sys [3/1/2006 5:54 PM 3456]
S3 maxD20081102;maxD20081102; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-12-30 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-04 11:05]

2009-11-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5c3cc42995c2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:53]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:53]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-03-11 19:22]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-03-11 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
FF - ProfilePath - c:\documents and settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Justino Binalinbing\Desktop\HijackThis.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-30 16:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????c????????@???????@

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-12-30 16:34:42
ComboFix-quarantined-files.txt 2009-12-31 00:34
ComboFix2.txt 2009-10-28 02:48

Pre-Run: 19,831,078,912 bytes free
Post-Run: 19,826,909,184 bytes free

- - End Of File - - 13001769BBD950F86DB0BB7A0574C2D3

**Dr Jay** · **Dr Jay** on 31st December 2009, 3:10 am

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:

ADS::
C:\Documents and Settings\All Users\Application Data\TEMP:7631EA83
C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

File::
C:\WINDOWS\SMINST\Recguard.exe

FCopy::
c:\windows\ServicePackFiles\i386\eventlog.dll | C:\windows\system32\eventlog.dll

NetSvc::
maxD20081102
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

**justinob** · **justinob** on 2nd January 2010, 12:05 am

ComboFix 09-12-31.A1 - Justino Binalinbing 01/01/2010 15:50:47.4.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.541 [GMT -8:00]
Running from: c:\documents and settings\Justino Binalinbing\Desktop\commy.exe
Command switches used :: c:\documents and settings\Justino Binalinbing\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"c:\windows\SMINST\Recguard.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\eventlog.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2010-01-01 12:15 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\eventlog.dll
2010-01-01 12:15 . 2008-04-14 00:11 56320 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-12-26 05:00 . 2009-10-26 13:47 4221952 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
2009-12-26 05:00 . 2008-06-20 17:33 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
2009-12-26 05:00 . 2008-06-20 17:32 663552 ----a-w- c:\windows\system32\NETw5c32.dll
2009-12-26 03:24 . 2009-12-26 03:24 -------- d-----w- c:\program files\SP36869
2009-12-26 02:36 . 2009-12-26 02:36 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-12-26 02:27 . 2006-12-11 19:05 2732032 ------w- c:\windows\system32\NETw3r32.dll
2009-12-26 02:27 . 2006-12-11 19:05 1711488 ----a-w- c:\windows\system32\drivers\NETw3x32.sys
2009-12-26 02:27 . 2006-12-11 19:05 561152 ------w- c:\windows\system32\NETw3c32.dll
2009-12-09 00:09 . 2009-12-09 00:09 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\GTek
2009-12-06 20:24 . 2009-12-06 20:24 -------- d-----w- c:\program files\Trend Micro
2009-12-05 19:28 . 2009-12-05 19:29 -------- d-----w- c:\program files\CCleaner
2009-12-05 19:06 . 2009-12-06 22:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-05 19:06 . 2009-12-06 22:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-05 19:03 . 2009-12-05 19:05 -------- d-----w- c:\program files\SpywareBlaster
2009-12-03 20:18 . 2009-12-03 20:18 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-12-03 02:00 . 2009-12-03 02:00 -------- d-----w- c:\program files\ESET
2009-12-03 01:54 . 2009-12-03 01:54 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 00:30 . 2009-10-13 05:38 -------- d-----w- c:\program files\Cheat Engine
2009-12-29 19:47 . 2009-03-11 06:33 -------- d-----w- c:\program files\McAfee
2009-12-04 05:28 . 2009-09-14 23:15 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\HpUpdate
2009-12-02 07:37 . 2009-01-09 07:11 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-24 19:30 . 2009-04-10 20:29 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-22 23:34 . 2009-10-17 20:24 -------- d-----w- c:\program files\Stellar Phoenix Photo Recovery
2009-11-16 04:51 . 2009-11-16 04:42 -------- d-----w- c:\documents and settings\Justino Binalinbing\Application Data\Reg Tool
2009-11-16 04:32 . 2008-12-03 03:05 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-16 04:31 . 2009-11-16 04:31 -------- d-----w- c:\program files\Java
2009-11-15 23:17 . 2009-11-15 23:17 -------- d-----w- c:\program files\Adobe Media Player
2009-11-15 23:16 . 2006-09-17 07:20 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-15 23:10 . 2009-11-15 23:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-12 05:21 . 2009-11-12 05:16 -------- d-----w- c:\program files\Jumi
2009-11-05 02:35 . 2009-11-05 02:35 45056 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe1_08C2044E9E9840058E3CE438A10501EC.exe
2009-11-05 02:35 . 2009-11-05 02:35 45056 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\MapleStory.exe_08C2044E9E9840058E3CE438A10501EC.exe
2009-11-05 02:35 . 2009-11-05 02:35 10134 ----a-r- c:\documents and settings\Justino Binalinbing\Application Data\Microsoft\Installer\{08C2044E-9E98-4005-8E3C-E438A10501EC}\ARPPRODUCTICON.exe
2009-11-05 01:54 . 2008-12-03 03:43 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-11-04 03:26 . 2009-11-04 03:26 85504 ----a-w- c:\windows\Inherit.exe
2009-11-04 03:26 . 2008-10-04 02:52 -------- d-----w- c:\program files\iTunes
2009-11-04 03:25 . 2008-10-04 02:52 -------- d-----w- c:\program files\iPod
2009-11-04 03:15 . 2009-11-04 03:15 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-04 00:50 . 2007-07-24 23:58 95616 ----a-w- c:\windows\junction.exe
2009-10-29 07:45 . 2004-08-04 21:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 21:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 21:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 21:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-14 18:30 . 2008-12-03 02:16 71384 ----a-w- c:\documents and settings\Justino Binalinbing\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-13 10:30 . 2004-08-04 21:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 21:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 21:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 -c--a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 -c--a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-12-31_00.31.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-01 23:29 . 2010-01-01 23:29 16384 c:\windows\temp\Perflib_Perfdata_6c0.dat
+ 2008-12-03 00:57 . 2010-01-01 23:38 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-03 00:57 . 2009-12-30 23:02 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-31 03:28 . 2010-01-01 23:38 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-10-28 04:04 . 2009-12-30 23:02 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-20 68856]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2009-11-05 2923192]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-15 454656]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-17 61952]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-04-01 761946]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-04-12 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-03-23 131072]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 40960]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-08 1176808]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-16 149280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SymLnch"="c:\documents and settings\Justino Binalinbing\Application Data\Symantec\Layouts\Norton Internet Security\15.0\SymAllLanguages\NIS_RETAIL\20070828\Support\SymLnch\SymLnch.exe" [2007-08-27 687976]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57961:TCP"= 57961:TCP:Pando Media Booster
"57961:UDP"= 57961:UDP:Pando Media Booster
"59115:TCP"= 59115:TCP:Pando Media Booster
"59115:UDP"= 59115:UDP:Pando Media Booster
"56514:TCP"= 56514:TCP:Pando Media Booster
"56514:UDP"= 56514:UDP:Pando Media Booster
"56664:TCP"= 56664:TCP:Pando Media Booster
"56664:UDP"= 56664:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [3/11/2009 10:37 PM 93320]
S2 gupdate1c9e3ee33015cfe;Google Update Service (gupdate1c9e3ee33015cfe);c:\program files\Google\Update\GoogleUpdate.exe [6/2/2009 5:54 PM 133104]
S3 Flash1;Flash1;c:\program files\SP36869\winphlash\FLASH1.sys [3/1/2006 5:54 PM 3456]
S3 maxD20081102;maxD20081102; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-10-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-03-04 11:05]

2010-01-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5c3cc42995c2.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:53]

2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-03 01:53]

2009-08-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-03-11 19:22]

2009-08-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2009-03-11 19:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
FF - ProfilePath - c:\documents and settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Justino Binalinbing\Application Data\Mozilla\Firefox\Profiles\vxipa4zv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-RecGuard - c:\windows\SMINST\RecGuard.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-01 15:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe?????? ???@???????????????@? ????c????????@???????@

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2588)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-01 16:03:32
ComboFix-quarantined-files.txt 2010-01-02 00:03
ComboFix2.txt 2009-12-31 00:34
ComboFix3.txt 2009-10-28 02:48

Pre-Run: 20,275,879,936 bytes free
Post-Run: 20,264,464,384 bytes free

- - End Of File - - 144CED8DC44FAC3E31C0B5931DF12503

**Dr Jay** · **Dr Jay** on 2nd January 2010, 12:24 am

Please do a scan with Kaspersky Online Scanner

Click on the Accept button and install any components it needs.

The program will install and then begin downloading the latest definition files.
After the files have been downloaded on the left side of the page in the Scan section select My Computer.
This will start the program and scan your system.
The scan will take a while, so be patient and let it run.
Once the scan is complete, click on View scan report
Now, click on the Save Report as button.
Save the file to your desktop.
Copy and paste that information in your next post.

**justinob** · **justinob** on 2nd January 2010, 2:01 pm

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 2, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, January 02, 2010 05:44:20
Records in database: 3397396
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
E:\

Scan statistics:
Objects scanned: 135539
Threats found: 7
Infected objects found: 17
Suspicious objects found: 0
Scan duration: 04:29:18

File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\040F3BB6.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D0548E4.exe Infected: Trojan.Win32.Genome.ecoj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D0548E4.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22E34FDA.exe Infected: Trojan.Win32.Genome.ecoj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\22E34FDA.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57395D14.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57C2407D.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57EA3852.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\58357DFF.exe Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\02C00000\47EBE58D.VBN Infected: Hoax.Win32.Renos.kd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04140000\471C0A36.VBN Infected: Hoax.Win32.Renos.kd 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A140000\4AFFE5B6.VBN Infected: Packed.Win32.Black.a 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A240000\4AA7FF4A.VBN Infected: Trojan-Downloader.Win32.Zlob.nak 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A580000\4AFD6C11.VBN Infected: VirTool.Win32.Patcher.i 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0A7C0000\4FFE106C.VBN Infected: Trojan-Downloader.Win32.Delf.dct 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0AC40000\4FEF6622.VBN Infected: Trojan-Downloader.Win32.Delf.dct 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0E640000\4F7FC9F9.VBN Infected: Trojan-Downloader.JS.Agent.nw 1

Selected area has been scanned.

**Dr Jay** · **Dr Jay** on 2nd January 2010, 2:30 pm

Please download ATF Cleaner by Atribune.

ATF-Cleaner.exe

Main

Select All

Empty Selected

If you use Firefox browser

Firefox

Select All

Empty Selected

NOTE:

No

If you use Opera browser

Opera

Select All

Empty Selected

NOTE:

No

Click Exit on the Main menu to close the program.

==

Download Security Check by screen317 from SpywareInfoforum.org or Changelog.fr.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Also tell me how your computer is running.

**justinob** · **justinob** on 3rd January 2010, 5:20 am

What if I use Google Chrome?

**Dr Jay** · **Dr Jay** on 3rd January 2010, 10:10 am

ATF Cleaner is not supported. No big deal.

In Chrome, go to Tool> Options. Click Personal Stuff. Then click Clear Browsing Data. Make sure at least Empty Cache is checked.

**justinob** · **justinob** on 4th January 2010, 6:29 am

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
McAfee SecurityCenter
``````````````````````````````
Anti-malware/Other Utilities Check:
SpywareBlaster 4.2
CCleaner
Java(TM) 6 Update 17
Adobe Flash Player 10
Adobe Reader 9.1.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VIRUSS~1 mcshield.exe
McAfee VIRUSS~1 mcsysmon.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

**Dr Jay** · **Dr Jay** on 4th January 2010, 7:22 am

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

SpywareBlaster
SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found here.
Spybot - Search & Destroy.
Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).

NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Securing your computer

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
hpHosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.

Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:

Firefox may be downloaded from here: http://www.getfirefox.com
Opera is available here: http://www.opera.com/download/

Thank you for choosing GeekPolice. Please see this page if you would like to leave feedback or contribute to our site. Do you have any more questions?