Here it is :
ComboFix 08-04-16.5 - al 2008-04-17 18:03:36.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.50 [GMT 2:00]
Running from: C:\Documents and Settings\al\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\al\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\17PHolmes1753.exe
C:\WINDOWS\mrofinu1753.exe
C:\WINDOWS\mrofinu1753.exe.tmp
C:\WINDOWS\system32\ceLUwyxx.ini
C:\WINDOWS\system32\ceLUwyxx.ini2
C:\WINDOWS\system32\ddcAqQIc.dll
C:\WINDOWS\system32\hgGvuUOH.dll
C:\WINDOWS\system32\iifeeFYP.dll
C:\WINDOWS\system32\setup.ini
C:\WINDOWS\system32\xxywULec.dll
C:\WINDOWS\system32\yayvULcY.dll
.
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.
2008-04-17 15:26 . 2008-04-17 15:26 <DIR> d-------- C:\Deckard
2008-04-17 04:20 . 2008-04-17 04:20 <DIR> d-------- C:\Documents and Settings\al\Application Data\Malwarebytes
2008-04-17 04:19 . 2008-04-17 04:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-17 04:19 . 2008-04-17 04:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-17 04:18 . 2008-04-17 04:18 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-04-16 05:54 . 2008-04-16 05:54 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-16 05:54 . 2008-04-16 05:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-16 05:53 . 2008-04-16 05:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 04:44 . 2008-04-15 04:44 <DIR> d-------- C:\Program Files\NinjaSurfing
2008-04-15 04:44 . 2008-04-15 04:44 125 --a------ C:\ioSpecial.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 21:54 90,112 ----a-w C:\WINDOWS\DUMP4e96.tmp
2008-03-07 00:52 --------- d-----w C:\Documents and Settings\al\Application Data\Apple Computer
2008-03-06 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-03-02 02:14 --------- d-----w C:\Program Files\Soulseek
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-04-11 14:57 288576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [2002-07-12 17:33 1581056 C:\WINDOWS\mixer.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-04-26 09:45 401408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcAqQIc]
ddcAqQIc.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
--a------ 2007-06-19 16:02 958535 C:\Program Files\NinjaSurfing\nsurfing.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1753.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\System32\\MMC.EXE"=
"C:\\Program Files\\ApexDC++\\ApexDC.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Ipref\\Ipref.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);C:\WINDOWS\system32\DRIVERS\k510bus.sys [2006-02-17 21:34]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k510mdfl.sys [2006-02-17 21:34]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\k510mdm.sys [2006-02-17 21:34]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\k510mgmt.sys [2006-02-17 21:34]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\k510obex.sys [2006-02-17 21:34]
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys [2008-04-07 20:17]
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-08-17 13:47]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-17 18:17:44
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE 2007\AAWSERVICE.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\File Manager\SendToDevice.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
.
**************************************************************************
.
Completion time: 2008-04-17 18:23:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-17 16:22:50
Pre-Run: 2,815,139,840 bytes free
Post-Run: 2,736,308,224 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, April 17, 2008 10:43:18 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/04/2008
Kaspersky Anti-Virus database records: 712584
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 32181
Number of viruses found: 2
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 03:32:51
Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\al\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\al\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\al\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\al\Local Settings\History\History.IE5\MSHist012008041720080418\index.dat Object is locked skipped
C:\Documents and Settings\al\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\al\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\al\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\al\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\al\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\al\My Documents\Download_mbam-setup.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\Documents and Settings\al\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\al\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\TlibCmnDlgs_log.txt Object is locked skipped
C:\Documents and Settings\al\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\al\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\HookStarter_log.txt Object is locked skipped
C:\Documents and Settings\al\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\appLauncher_all_log.txt Object is locked skipped
C:\Documents and Settings\al\Application Data\Sony Ericsson\Teleca\Telecalib\Logging\Application logs\DM_log.txt Object is locked skipped
C:\System Volume Information\_restore{1AF4712D-2BDA-496E-9064-CBC0F4A2B89A}\RP122\A0080225.exe Infected: not-a-virus:Downloader.Win32.WinFixer.fs skipped
C:\System Volume Information\_restore{1AF4712D-2BDA-496E-9064-CBC0F4A2B89A}\RP124\A0080259.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nnp skipped
C:\System Volume Information\_restore{1AF4712D-2BDA-496E-9064-CBC0F4A2B89A}\RP124\A0080260.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nnp skipped
C:\System Volume Information\_restore{1AF4712D-2BDA-496E-9064-CBC0F4A2B89A}\RP124\A0080261.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nnp skipped
C:\System Volume Information\_restore{1AF4712D-2BDA-496E-9064-CBC0F4A2B89A}\RP124\A0080262.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.nnp skipped
C:\System Volume Information\_restore{1AF4712D-2BDA-496E-9064-CBC0F4A2B89A}\RP124\change.log Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcAqQIc.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.nnp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hgGvuUOH.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.nnp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifeeFYP.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.nnp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\yayvULcY.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.nnp skipped
D:\System Volume Information\_restore{1AF4712D-2BDA-496E-9064-CBC0F4A2B89A}\RP124\change.log Object is locked skipped
Scan process completed.
Deckard's System Scanner v20071014.68
Run by al on 2008-04-17 22:48:20
Computer is in Normal Mode.
--------------------------------------------------------------------------------
Total Physical Memory: 176 MiB (512 MiB recommended).
-- HijackThis (run as al.exe) --------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:49:07, on 17.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\al\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\al.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Anonymizer Proxy - {0DB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} - C:\Program Files\NinjaSurfing\ProxyNew.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1204943577529
O20 - Winlogon Notify: ddcAqQIc - ddcAqQIc.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
--
End of file - 4180 bytes
-- Files created between 2008-03-17 and 2008-04-17 -----------------------------
2008-04-17 22:48:46 0 d-------- C:\Program Files\Trend Micro
2008-04-17 18:35:35 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-17 18:35:31 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-17 18:35:23 0 d-------- C:\WINDOWS\LastGood
2008-04-17 18:03:02 0 d-------- C:\cmdcons
2008-04-17 17:57:19 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-17 17:57:18 68096 --a------ C:\WINDOWS\zip.exe
2008-04-17 17:57:18 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-17 17:57:18 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-17 17:57:18 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-17 17:57:18 98816 --a------ C:\WINDOWS\sed.exe
2008-04-17 17:57:18 80412 --a------ C:\WINDOWS\grep.exe
2008-04-17 17:57:18 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-17 17:38:29 0 d-------- C:\WINDOWS\setup.pss
2008-04-17 04:20:57 0 d-------- C:\Documents and Settings\al\Application Data\Malwarebytes
2008-04-17 04:19:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-17 04:19:16 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-17 04:18:44 0 d-------- C:\Program Files\Common Files\Download Manager
2008-04-17 03:16:13 0 d-------- C:\WINDOWS\pss
2008-04-16 05:54:35 0 d-------- C:\Program Files\Lavasoft
2008-04-16 05:54:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-16 05:53:10 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 04:44:19 0 d-------- C:\Program Files\NinjaSurfing
-- Find3M Report ---------------------------------------------------------------
2008-03-08 23:27:12 2404 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-03-07 02:52:32 0 d-------- C:\Documents and Settings\al\Application Data\Apple Computer
2008-03-02 04:14:02 0 d-------- C:\Program Files\Soulseek
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"C-Media Mixer"="Mixer.exe" [12.07.2002 17:33 C:\WINDOWS\mixer.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [26.04.2007 09:45]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 00:56]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [11.04.2008 14:57]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcAqQIc]
ddcAqQIc.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ninja Surfing]
"C:\Program Files\NinjaSurfing\nsurfing.exe" /tray
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu1753.exe 61A847B5BBF72813359E3B466188719AB689201522886B092CBD44BD8689220221DD3257
-- End of Deckard's System Scanner: finished at 2008-04-17 22:50:31 ------------