Thread: Can't find a file/folder
View Single Post
  #6 (permalink)  
Old 28-06-2009, 07:56 AM
xero's Avatar
xero xero is offline
Elite Member
New Recruit
  
Join Date: Apr 2007
Posts: 202
xero is quite a big dealxero is quite a big dealxero is quite a big dealxero is quite a big dealxero is quite a big dealxero is quite a big dealxero is quite a big dealxero is quite a big dealxero is quite a big dealxero is quite a big dealxero is quite a big deal
Re: Can't find a file/folder
Hi Neal,
Here is the Combofix log, let me know if you see any wascally wabbits in the bushes.
ComboFix 09-06-26.02 - Russell Chapman 28/06/2009 14:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.411 [GMT 8:00]
Running from: c:\documents and settings\Russell Chapman\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Russell Chapman\Application Data\inst.exe
c:\windows\Help\agt0405.hlp
c:\windows\Help\agt0408.hlp
c:\windows\Help\agt0415.hlp
c:\windows\Help\agt0419.hlp
c:\windows\system32\systeminfo3.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-26 14:47 . 2008-05-28 11:13 2097152 ----a-w- c:\temp\autorun.bin
2009-06-26 14:47 . 2008-05-20 09:59 1570816 ----a-w- c:\temp\TSDNWIN.exe
2009-06-26 14:46 . 2009-06-26 14:46 -------- d-----w- c:\program files\ACW
2009-06-26 01:10 . 2009-06-26 01:10 3561743 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-25 13:30 . 2009-06-25 13:30 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
2009-06-25 06:19 . 2009-06-25 06:20 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\vlc
2009-06-25 02:24 . 2009-06-25 02:24 -------- d-----w- c:\documents and settings\Russell Chapman\dwhelper
2009-06-24 07:52 . 2005-03-22 16:00 65536 ----a-w- c:\windows\system32\CNAB3SMK.DLL
2009-06-24 07:52 . 2005-03-22 16:00 57344 ----a-w- c:\windows\system32\CNAB3RPK.EXE
2009-06-24 07:52 . 2005-03-22 16:00 28672 ----a-w- c:\windows\system32\CNAB3PTU.DLL
2009-06-24 07:52 . 2005-03-22 16:00 28672 ----a-w- c:\windows\system32\CNAB3LMK.DLL
2009-06-24 07:52 . 2005-03-22 16:00 135168 ----a-w- c:\windows\system32\CNAB3EMU.DLL
2009-06-24 07:38 . 2009-06-24 07:38 -------- d-----w- C:\spoolerlogs
2009-06-24 00:10 . 2003-11-06 06:09 2108068 ----a-w- c:\windows\system32\cl32.dll
2009-06-24 00:10 . 2003-01-26 05:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2009-06-24 00:10 . 2009-06-24 10:17 -------- d-----w- c:\program files\Westnet Usage Grabber
2009-06-23 23:59 . 2008-04-13 21:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-06-23 14:37 . 2004-05-02 08:47 23040 ----a-r- c:\windows\system32\drivers\GVCplDrv.sys
2009-06-23 04:57 . 2009-06-23 04:57 -------- d-----w- c:\program files\Common Files\iulab
2009-06-23 04:57 . 2009-06-23 04:57 -------- d-----w- c:\program files\iuLAB
2009-06-22 09:38 . 2009-06-22 09:38 -------- d-----w- c:\program files\MSXML 4.0
2009-06-22 07:42 . 2008-04-13 16:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-06-21 17:26 . 2007-09-21 07:53 600 ----a-w- c:\documents and settings\Russell Chapman\Application Data\uTorrent\IP filter ozzy µpdater.bat
2009-06-21 17:26 . 2007-09-09 07:58 90624 ----a-w- c:\documents and settings\Russell Chapman\Application Data\uTorrent\UnRAR.exe
2009-06-21 17:23 . 2007-09-21 13:01 577 ----a-w- c:\documents and settings\Russell Chapman\Application Data\uTorrent\IP filter µpdater.bat
2009-06-21 17:23 . 2005-10-17 03:12 112128 ----a-w- c:\documents and settings\Russell Chapman\Application Data\uTorrent\wget.exe
2009-06-21 17:23 . 2005-04-13 04:57 64000 ----a-w- c:\documents and settings\Russell Chapman\Application Data\uTorrent\ssleay32.dll
2009-06-21 17:23 . 2005-04-13 04:56 343040 ----a-w- c:\documents and settings\Russell Chapman\Application Data\uTorrent\libeay32.dll
2009-06-21 17:23 . 2009-06-21 17:23 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\BitTorrent
2009-06-21 17:23 . 2007-09-21 13:01 577 ----a-w- c:\documents and settings\Russell Chapman\Application Data\BitTorrent\IP filter µpdater.bat
2009-06-21 17:23 . 2007-09-21 07:53 600 ----a-w- c:\documents and settings\Russell Chapman\Application Data\BitTorrent\IP filter ozzy µpdater.bat
2009-06-21 17:23 . 2007-09-09 07:58 90624 ----a-w- c:\documents and settings\Russell Chapman\Application Data\BitTorrent\UnRAR.exe
2009-06-21 17:23 . 2005-10-17 03:12 112128 ----a-w- c:\documents and settings\Russell Chapman\Application Data\BitTorrent\wget.exe
2009-06-21 17:23 . 2005-04-13 04:57 64000 ----a-w- c:\documents and settings\Russell Chapman\Application Data\BitTorrent\ssleay32.dll
2009-06-21 17:23 . 2005-04-13 04:56 343040 ----a-w- c:\documents and settings\Russell Chapman\Application Data\BitTorrent\libeay32.dll
2009-06-21 17:17 . 2009-06-25 02:24 -------- d-----w- C:\Downloads
2009-06-21 17:13 . 2009-06-21 17:13 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\Chestah Software
2009-06-21 17:09 . 2009-06-21 17:09 -------- d-----w- c:\program files\AviSynth 2.5
2009-06-21 17:03 . 2009-06-21 17:03 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\ScanSoft
2009-06-21 17:03 . 2009-06-21 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-06-21 17:03 . 2009-06-21 17:03 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-06-21 17:02 . 2009-06-21 17:02 -------- d-----w- c:\program files\ScanSoft
2009-06-21 17:01 . 2009-06-21 17:01 -------- d-----w- c:\program files\Common Files\CANON
2009-06-21 17:01 . 2001-08-17 13:59 3072 ----a-w- c:\windows\system32\drivers\audstub.sys
2009-06-21 17:00 . 2008-04-13 16:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-28 06:35 . 2009-06-21 10:11 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-28 06:31 . 2009-06-21 15:54 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-28 06:31 . 2009-06-21 15:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-28 06:21 . 2009-06-21 15:45 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\Free Download Manager
2009-06-28 05:34 . 2009-06-21 12:26 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-28 00:13 . 2009-06-21 15:49 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\uTorrent
2009-06-26 01:10 . 2009-06-21 15:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-25 07:04 . 2009-06-21 12:33 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\Vso
2009-06-25 01:25 . 2009-06-21 15:40 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\AccurateRip
2009-06-24 10:50 . 2009-06-21 15:51 -------- d-----w- c:\program files\VideoLAN
2009-06-24 10:18 . 2009-06-21 14:51 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\Ahead
2009-06-24 09:54 . 2009-06-21 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-06-24 07:53 . 2009-06-21 16:27 -------- d-----w- c:\program files\Canon
2009-06-24 07:45 . 2009-06-21 09:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-23 14:40 . 2009-06-21 09:32 -------- d-----w- c:\program files\GIGABYTE
2009-06-21 16:59 . 2009-06-21 16:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ
2009-06-21 16:58 . 2009-06-21 16:58 -------- d--h--w- c:\program files\CanonBJ
2009-06-21 16:47 . 2009-06-21 16:47 -------- d-----w- c:\program files\VeryPDF PDF2Word v3.0
2009-06-21 16:41 . 2009-06-21 16:41 -------- d-----w- c:\program files\Fear-Otaku Software
2009-06-21 16:28 . 2009-06-21 13:07 101384 ----a-w- c:\documents and settings\Russell Chapman\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-21 16:24 . 2009-06-21 16:23 -------- d-----w- c:\program files\QuarkXPress
2009-06-21 16:22 . 2009-06-21 16:22 -------- d-----w- c:\program files\CCleaner
2009-06-21 16:17 . 2009-06-21 16:04 -------- d-----w- c:\program files\Common Files\InterVideo
2009-06-21 16:17 . 2009-06-21 16:17 -------- d-----w- c:\program files\InterVideo
2009-06-21 16:17 . 2009-06-21 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-06-21 16:17 . 2009-06-21 09:38 -------- d-----w- c:\program files\Common Files\InstallShield
2009-06-21 16:16 . 2009-06-21 16:10 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\Ulead Systems
2009-06-21 16:16 . 2009-06-21 10:58 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-06-21 16:13 . 2009-06-21 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-06-21 16:11 . 2009-06-21 16:01 -------- d-----w- c:\program files\Ulead Systems
2009-06-21 16:05 . 2009-06-21 16:05 -------- d-----w- c:\program files\SmartSound Software
2009-06-21 16:05 . 2009-06-21 16:05 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-06-21 16:05 . 2009-06-21 16:05 -------- d-----w- c:\program files\QuickTime
2009-06-21 16:04 . 2009-06-21 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-21 16:04 . 2009-06-21 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-06-21 16:02 . 2009-06-21 16:02 -------- d-----w- c:\program files\Windows Media Components
2009-06-21 15:49 . 2009-06-21 15:49 -------- d-----w- c:\program files\uTorrent
2009-06-21 15:49 . 2009-06-21 15:49 -------- d-----w- c:\program files\Unlocker
2009-06-21 15:47 . 2009-06-21 15:47 -------- d-----w- c:\program files\VS Revo Group
2009-06-21 15:47 . 2009-06-21 15:47 -------- d-----w- c:\program files\Xiph.Org
2009-06-21 15:46 . 2009-06-21 15:46 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\Malwarebytes
2009-06-21 15:46 . 2009-06-21 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-21 15:45 . 2009-06-21 15:45 -------- d-----w- c:\program files\Free Download Manager
2009-06-21 15:45 . 2009-06-21 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeDownloadManager.ORG
2009-06-21 15:39 . 2009-06-21 15:39 -------- d-----w- c:\program files\Illustrate
2009-06-21 15:39 . 2009-06-21 15:39 -------- d-----w- c:\program files\Microsoft Corporation
2009-06-21 15:39 . 2009-06-21 15:39 -------- d-----w- c:\program files\ERUNT
2009-06-21 15:37 . 2009-06-21 15:34 -------- d-----w- c:\program files\DVDlabPro2
2009-06-21 15:32 . 2009-06-21 15:32 -------- d-----w- c:\program files\Womble Multimedia
2009-06-21 15:30 . 2009-06-21 15:30 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\LEAPS
2009-06-21 15:26 . 2009-06-21 15:26 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\Pegasys Inc
2009-06-21 15:22 . 2009-06-21 15:20 -------- d-----w- c:\program files\Pegasys Inc
2009-06-21 15:22 . 2009-06-21 15:22 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2009-06-21 15:22 . 2009-06-21 15:22 33408 ----a-w- c:\windows\system32\drivers\CDRBSDRV.SYS
2009-06-21 15:22 . 2009-06-21 15:22 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2009-06-21 15:18 . 2009-06-21 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\MAGIX
2009-06-21 15:18 . 2009-06-21 15:16 -------- d-----w- c:\program files\MAGIX
2009-06-21 15:17 . 2009-06-21 15:17 -------- d-----w- c:\program files\Common Files\xara
2009-06-21 15:15 . 2009-06-21 15:15 -------- d-----w- c:\program files\DVD Shrink
2009-06-21 15:15 . 2009-06-21 15:15 -------- d-----w- c:\program files\DVD Decrypter
2009-06-21 15:08 . 2009-06-21 14:48 -------- d-----w- c:\program files\Common Files\Ahead
2009-06-21 15:07 . 2009-06-21 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-06-21 15:07 . 2009-06-21 15:07 -------- d-----w- c:\program files\Nero
2009-06-21 14:50 . 2009-06-21 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-06-21 14:39 . 2009-06-21 12:54 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-21 13:31 . 2009-06-21 13:31 -------- d-----w- c:\program files\Common Files\Vbox
2009-06-21 13:30 . 2009-06-21 13:26 -------- d-----w- c:\program files\Macromedia
2009-06-21 13:29 . 2009-06-21 13:28 -------- d-----w- c:\program files\Common Files\Macromedia
2009-06-21 13:06 . 2009-06-21 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-21 13:03 . 2009-06-21 13:03 -------- d-----w- c:\program files\Bonjour
2009-06-21 12:55 . 2009-06-21 12:55 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-21 12:51 . 2009-06-21 12:47 -------- d-----w- c:\program files\coolpro2
2009-06-21 12:49 . 2009-06-21 12:49 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\Syntrillium
2009-06-21 12:43 . 2009-06-21 12:40 -------- d-----w- c:\program files\CyberLink
2009-06-21 12:39 . 2009-06-21 12:39 10128 ----a-w- c:\documents and settings\All Users\Application Data\DVDXStudio\CloneDVD4\MainApp.dll
2009-06-21 12:39 . 2009-06-21 12:38 -------- d-----w- c:\program files\CloneDVD
2009-06-21 12:38 . 2009-06-21 12:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DVDXStudio
2009-06-21 12:37 . 2009-06-21 12:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-06-21 12:35 . 2009-06-21 12:35 -------- d-----w- c:\program files\SlySoft
2009-06-21 12:33 . 2009-06-21 12:33 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-06-21 12:33 . 2009-06-21 12:33 47360 ----a-w- c:\documents and settings\Russell Chapman\Application Data\pcouffin.sys
2009-06-21 12:33 . 2009-06-21 12:33 47360 ----a-w- c:\documents and settings\Russell Chapman\Application Data\pcouffin.sys
2009-06-21 12:33 . 2009-06-21 12:32 -------- d-----w- c:\program files\VSO
2009-06-21 12:26 . 2009-06-21 12:26 -------- d-----w- c:\documents and settings\Russell Chapman\Application Data\Thunderbird
2009-06-21 12:25 . 2009-06-21 12:25 0 ----a-w- c:\windows\nsreg.dat
2009-06-21 11:38 . 2009-06-21 11:38 -------- d-----w- c:\program files\MSECache
2009-06-21 11:38 . 2009-06-21 11:38 -------- d-----w- c:\program files\Microsoft Math Add-in for Word 2007
2009-06-21 11:36 . 2009-06-21 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-06-21 11:32 . 2009-06-21 11:19 -------- d-----w- c:\program files\Microsoft Works
2009-06-21 11:19 . 2009-06-21 10:03 -------- d-----w- c:\program files\MSBuild
2009-06-21 11:18 . 2009-06-21 11:18 -------- d-----w- c:\program files\Microsoft.NET
2009-06-21 11:16 . 2009-06-21 11:16 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-06-21 11:03 . 2009-06-21 11:03 -------- d-----w- c:\program files\PowerISO
2009-06-21 10:58 . 2009-06-21 10:58 -------- d-----w- c:\program files\WinFast
2009-06-21 10:21 . 2009-06-21 10:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-06-21 10:18 . 2009-06-21 09:38 -------- d-----w- c:\program files\ATI Technologies
2009-06-21 10:16 . 2009-06-21 10:16 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-06-21 10:16 . 2009-06-21 10:16 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-06-21 10:16 . 2009-06-21 10:16 168208 ----a-w- c:\windows\system32\guard32.dll
2009-06-21 10:16 . 2009-06-21 10:16 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2009-05-29 2931648]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-07 125368]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-06-21 1794320]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2007-11-16 90112]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2007-11-15 2850816]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11 SE DVD\uvPL.exe" [2007-04-12 341488]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-29 155648]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-09-22 14854144]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\Russell Chapman\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Westnet Usage Grabber.lnk - c:\program files\Westnet Usage Grabber\wug.exe [2009-6-24 458752]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe [2009-6-21 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-6-21 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\CNAB3RPK.EXE"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [21/06/2009 6:16 PM 132640]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [21/06/2009 6:16 PM 24096]
R1 wfcxacap;WinFast TV PCI Audio Capture Driver;c:\windows\system32\drivers\wfcxacap.sys [21/06/2009 6:51 PM 9856]
R2 wfcxatun;WinFast TV Analog Tuner Driver;c:\windows\system32\drivers\wfcxatun.sys [21/06/2009 6:51 PM 31744]
R2 WFCXVCAP;WinFast TV Video Capture Driver;c:\windows\system32\drivers\wfcxvcap.sys [21/06/2009 6:51 PM 167040]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [21/06/2009 6:15 PM 101936]
R3 wfcxdtun;WinFast DTV BDA Tuner/Demod Driver;c:\windows\system32\drivers\wfcxdtun.sys [21/06/2009 6:51 PM 21248]
R3 wfcxtcap;WinFast DTV BDA Transport Stream Capture Driver;c:\windows\system32\drivers\wfcxtcap.sys [21/06/2009 6:51 PM 15872]
R3 wfcxxbar;WinFast TV Crossbar Driver;c:\windows\system32\drivers\wfcxxbar.sys [21/06/2009 6:51 PM 10496]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [7/10/2007 8:48 PM 116664]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [21/06/2009 6:58 PM 9446]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
FF - ProfilePath - c:\documents and settings\Russell Chapman\Application Data\Mozilla\Firefox\Profiles\rsbtzxag.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-28 14:46
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-515967899-1897051121-725345543-1004\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{ABCA10D1-EEEB-A201-3264-E99DD75230D7}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"pacjionnkecdacfhijhbjeolfimdafji"=hex:6a,61,6f,6e ,6c,67,68,6c,63,70,70,6d,70,
65,66,67,61,67,61,6d,00,00
"oamakmfnkcebingnhafklcgkolmmfm"=hex:6a,61,6f,6e,6 c,67,68,6c,63,70,70,6d,70,65,
66,67,61,67,61,6d,00,00
"kaejojpjambnnfdambiflp"=hex:62,61,61,6f,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(888)
c:\windows\system32\guard32.dll
.
Completion time: 2009-06-28 14:48
ComboFix-quarantined-files.txt 2009-06-28 06:48

Pre-Run: 57,247,240,192 bytes free
Post-Run: 57,227,448,320 bytes free

284

Thank you
Reply With Quote