ComboFix 08-06-10.5 - cirillo 2008-06-12 15:34:02.13 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.351.1033.18.1502 [GMT 2:00] Running from: C:\Documents and Settings\cirillo\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\cirillo\Desktop\CFScript1.txt * Created a new restore point FILE :: C:\Documents and Settings\cirillo\Application Data\Microsoft\dtsc\19496.exe C:\WINDOWS\system32\{e692aedc-0bbe-cde8-bca4-209e8f717a52}.dll C:\WINDOWS\system32\bfqeabca.dll C:\WINDOWS\system32\hooakdxw.exe C:\WINDOWS\system32\ntcxajxk.dll C:\WINDOWS\system32\qlioydit.exe C:\WINDOWS\system32\slshknkl.dll C:\WINDOWS\system32\svbmfnfs.dll C:\WINDOWS\system32\twlpthna.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\984bcf09\ . ((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 ))))))))))))))))))))))))))))))) . 2008-06-12 10:20 . 2008-06-12 10:20 d-------- C:\Documents and Settings\cirillo\Application Data\Funk Software 2008-06-12 10:14 . 2008-06-12 10:14 491,599 --a------ C:\WINDOWS\system32\odGinaLibrary.dll 2008-06-12 10:14 . 2008-06-12 10:14 143,427 --a------ C:\WINDOWS\system32\odyGina.dll 2008-06-12 10:14 . 2008-06-12 10:14 122,949 --a------ C:\WINDOWS\system32\odyEvent.dll 2008-06-12 10:13 . 2008-06-12 10:14 d-------- C:\Program Files\Common Files\Juniper Networks 2008-06-12 10:13 . 2008-06-12 10:13 d-------- C:\Program Files\Common Files\Funk Software 2008-06-12 10:13 . 2008-06-12 10:13 d-------- C:\Documents and Settings\All Users\Application Data\Juniper Networks 2008-06-12 10:13 . 2008-06-12 10:14 82 --a------ C:\WINDOWS\init.ini 2008-06-12 01:06 . 2008-06-12 01:06 d-------- C:\Documents and Settings\LocalService\Application Data\Juniper Networks 2008-06-12 00:23 . 2008-06-12 00:23 d--h----- C:\WINDOWS\PIF 2008-06-12 00:03 . 2008-06-12 00:03 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-06-11 00:42 . 2008-06-11 00:42 d-------- C:\Program Files\McAfee 2008-06-11 00:42 . 2008-06-11 00:42 d-------- C:\Program Files\Common Files\McAfee 2008-06-11 00:42 . 2008-06-11 00:43 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-06-11 00:42 . 2008-01-24 20:50 171,400 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys 2008-06-11 00:42 . 2008-01-24 20:50 72,936 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys 2008-06-11 00:42 . 2008-01-24 20:50 64,232 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys 2008-06-11 00:42 . 2008-01-24 20:50 52,104 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys 2008-06-11 00:42 . 2008-01-24 20:50 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys 2008-06-10 18:12 . 2008-06-10 18:12 d-------- C:\Documents and Settings\cirillo\Application Data\IObit 2008-06-10 17:58 . 2008-06-10 17:58 d-------- C:\Program Files\IObit 2008-06-10 14:19 . 2004-03-22 15:17 24,816 --a------ C:\WINDOWS\system32\mdimon.dll 2008-06-10 14:18 . 2008-06-10 14:18 d-------- C:\Program Files\Common Files\L&H 2008-06-07 19:21 . 2008-06-07 19:21 d-------- C:\Program Files\Wide Angle Software 2008-06-04 21:19 . 2008-06-04 21:20 d-------- C:\Program Files\Dicionário de Sinônimos -completo- 2008-06-04 21:18 . 2008-06-04 21:19 258,048 --------- C:\WINDOWS\Setup1.exe 2008-06-04 21:18 . 2008-06-04 21:18 73,216 --a------ C:\WINDOWS\ST6UNST.EXE 2008-06-02 05:26 . 2008-06-02 05:28 d-------- C:\Program Files\EPSON 2008-06-02 05:26 . 2001-05-21 02:16 61,598 --a------ C:\WINDOWS\system32\EBPMON2.DLL 2008-06-02 05:26 . 2001-03-29 02:21 57,344 --a------ C:\WINDOWS\system32\ECBTEG.DLL 2008-06-02 05:26 . 2000-09-14 02:03 145 --a------ C:\WINDOWS\system32\EBPPORT.DAT 2008-06-02 05:25 . 2008-06-02 05:25 d-------- C:\epson 2008-05-25 23:31 . 2008-02-12 10:29 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll 2008-05-25 23:31 . 2001-08-17 22:37 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe 2008-05-25 23:31 . 2001-08-17 22:37 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe 2008-05-25 23:31 . 2001-08-17 22:36 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll 2008-05-25 23:31 . 2004-08-03 22:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys 2008-05-25 23:31 . 2008-02-11 22:50 19,200 --a--c--- C:\WINDOWS\system32\dllcache\wstcodec.sys 2008-05-25 23:31 . 2008-02-12 10:29 18,944 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll 2008-05-25 23:31 . 2001-08-17 12:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys 2008-05-25 23:31 . 2004-08-03 22:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys 2008-05-25 23:31 . 2001-08-17 22:37 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe 2008-05-25 23:29 . 2001-08-17 13:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys 2008-05-25 23:28 . 2001-08-17 22:36 216,064 --a--c--- C:\WINDOWS\system32\dllcache\um34scan.dll 2008-05-25 23:27 . 2001-08-17 22:36 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll 2008-05-25 23:26 . 2001-08-17 14:56 172,768 --a--c--- C:\WINDOWS\system32\dllcache\t2r4disp.dll 2008-05-25 23:25 . 2001-08-17 12:18 285,760 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys 2008-05-25 23:24 . 2001-08-17 14:56 147,200 --a--c--- C:\WINDOWS\system32\dllcache\smidispb.dll 2008-05-25 23:23 . 2001-08-17 14:56 252,032 --a--c--- C:\WINDOWS\system32\dllcache\sis300iv.dll 2008-05-25 23:22 . 2001-08-17 22:36 386,560 --a--c--- C:\WINDOWS\system32\dllcache\sgiul50.dll 2008-05-25 23:22 . 2001-08-17 12:19 36,480 --a--c--- C:\WINDOWS\system32\dllcache\sfmanm.sys 2008-05-25 23:22 . 2001-08-17 13:48 17,664 --a--c--- C:\WINDOWS\system32\dllcache\sermouse.sys 2008-05-25 23:22 . 2001-08-17 13:52 11,648 --a--c--- C:\WINDOWS\system32\dllcache\scsiprnt.sys 2008-05-25 23:22 . 2008-02-11 23:01 11,520 --a--c--- C:\WINDOWS\system32\dllcache\scsiscan.sys 2008-05-25 23:22 . 2001-08-17 13:53 6,912 --a--c--- C:\WINDOWS\system32\dllcache\seaddsmc.sys 2008-05-25 23:19 . 2001-08-17 14:56 182,272 --a--c--- C:\WINDOWS\system32\dllcache\s3mt3d.dll 2008-05-25 23:18 . 2001-08-17 13:28 899,146 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys 2008-05-25 23:17 . 2008-02-12 10:27 259,328 --a--c--- C:\WINDOWS\system32\dllcache\perm3dd.dll 2008-05-25 23:16 . 2001-08-17 14:05 351,616 --a--c--- C:\WINDOWS\system32\dllcache\ovcodek2.sys 2008-05-25 23:15 . 2008-02-11 22:35 2,065,792 --a--c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-05-25 23:15 . 2001-08-17 12:50 198,144 --a--c--- C:\WINDOWS\system32\dllcache\nv3.sys 2008-05-25 23:15 . 2001-08-17 22:36 123,776 --a--c--- C:\WINDOWS\system32\dllcache\nv3.dll 2008-05-25 23:15 . 2001-08-17 12:49 51,552 --a--c--- C:\WINDOWS\system32\dllcache\ntgrip.sys 2008-05-25 23:13 . 2004-08-03 22:31 132,695 --a--c--- C:\WINDOWS\system32\dllcache\netwlan5.sys 2008-05-25 23:13 . 2001-08-17 12:20 126,080 --a--c--- C:\WINDOWS\system32\dllcache\nm5a2wdm.sys 2008-05-25 23:13 . 2001-08-17 12:20 87,040 --a--c--- C:\WINDOWS\system32\dllcache\nm6wdm.sys 2008-05-25 23:13 . 2001-08-17 12:11 65,278 --a--c--- C:\WINDOWS\system32\dllcache\netflx3.sys 2008-05-25 23:13 . 2001-08-17 12:50 39,264 --a--c--- C:\WINDOWS\system32\dllcache\neo20xx.sys 2008-05-25 23:13 . 2001-08-17 12:12 32,840 --a--c--- C:\WINDOWS\system32\dllcache\ngrpci.sys 2008-05-25 23:13 . 2008-02-11 22:45 28,672 --a--c--- C:\WINDOWS\system32\dllcache\nscirda.sys 2008-05-25 23:13 . 2001-08-17 13:47 9,344 --a--c--- C:\WINDOWS\system32\dllcache\ntapm.sys 2008-05-25 23:13 . 2001-08-17 13:53 7,552 --a--c--- C:\WINDOWS\system32\dllcache\nsmmc.sys 2008-05-25 23:11 . 2001-08-17 12:50 320,384 --a--c--- C:\WINDOWS\system32\dllcache\mgaum.sys 2008-05-25 23:10 . 2001-08-17 13:28 802,683 --a--c--- C:\WINDOWS\system32\dllcache\ltsm.sys 2008-05-25 23:09 . 2008-02-12 10:28 253,952 --a--c--- C:\WINDOWS\system32\dllcache\kdsusd.dll 2008-05-25 23:08 . 2001-08-17 22:36 372,824 --a--c--- C:\WINDOWS\system32\dllcache\iconf32.dll 2008-05-25 23:07 . 2008-02-12 10:28 702,845 --a--c--- C:\WINDOWS\system32\dllcache\i81xdnt5.dll 2008-05-25 23:06 . 2001-08-17 13:28 907,456 --a--c--- C:\WINDOWS\system32\dllcache\hcf_msft.sys 2008-05-25 23:05 . 2001-08-17 14:56 1,733,120 --a--c--- C:\WINDOWS\system32\dllcache\g400d.dll 2008-05-25 23:04 . 2001-08-17 12:17 629,952 --a--c--- C:\WINDOWS\system32\dllcache\eqn.sys 2008-05-25 23:03 . 2001-08-17 12:14 952,007 --a--c--- C:\WINDOWS\system32\dllcache\diwan.sys 2008-05-25 23:02 . 2001-08-17 22:36 614,429 --a--c--- C:\WINDOWS\system32\dllcache\digiview.exe 2008-05-25 23:01 . 2001-08-17 12:13 980,034 --a--c--- C:\WINDOWS\system32\dllcache\cicap.sys 2008-05-25 23:00 . 2001-08-17 13:28 871,388 --a--c--- C:\WINDOWS\system32\dllcache\bcmdm.sys 2008-05-25 22:59 . 2008-02-11 23:34 2,188,928 --a--c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-05-20 22:54 . 2008-05-20 22:54 d-------- C:\Program Files\SystemRequirementsLab 2008-05-15 13:30 . 2008-05-15 13:30 d-------- C:\Program Files\Common Files\Skype 2008-05-15 13:30 . 2008-05-15 13:30 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-14 16:22 . 2008-05-14 16:22 d-------- C:\spoolerlogs . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-12 08:13 --------- d-----w C:\Program Files\Juniper Networks 2008-06-11 22:28 --------- d-----w C:\Documents and Settings\cirillo\Application Data\uTorrent 2008-06-11 22:25 --------- d-----w C:\Documents and Settings\cirillo\Application Data\UseNeXT 2008-06-11 22:03 --------- d-----w C:\Program Files\Google 2008-06-11 21:03 --------- d-----w C:\Documents and Settings\cirillo\Application Data\Skype 2008-06-11 21:02 --------- d-----w C:\Documents and Settings\cirillo\Application Data\skypePM 2008-06-10 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2008-06-10 17:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Network Associates 2008-06-10 12:46 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-06-10 12:43 --------- d-----w C:\Program Files\Microsoft ActiveSync 2008-06-09 13:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-25 22:18 5 ----a-w C:\WINDOWS\system32\drivers\DELL_LAT_D820.MRK 2008-05-25 22:18 5 ----a-w C:\WINDOWS\system32\drivers\1028_DELL_LAT_D820.MRK 2008-05-13 18:22 26,800 ----a-w C:\Documents and Settings\cirillo\Application Data\GDIPFONTCACHEV1.DAT 2008-05-13 10:58 35,296 ----a-w C:\WINDOWS\system32\drivers\Dvd43.sys 2008-05-08 20:24 --------- d-----w C:\Program Files\Common Files\Network Associates 2008-05-08 11:46 --------- d-----w C:\Documents and Settings\cirillo\Application Data\LimeWire 2008-05-07 15:50 --------- d-----w C:\Documents and Settings\cirillo\Application Data\idxscm 2008-05-05 16:44 --------- d-----w C:\Program Files\IDX-SCM 2008-05-05 15:03 --------- d-----w C:\Documents and Settings\cirillo\Application Data\iPassConnect 2008-05-05 14:22 --------- d-----w C:\Program Files\Common Files\Aladdin Shared 2008-05-05 14:16 21,419 ----a-w C:\WINDOWS\system32\drivers\iPassP.sys 2008-05-05 14:16 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-05 14:16 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Juniper Networks 2008-05-05 14:16 --------- d-----w C:\Program Files\Neoteris 2008-05-05 14:16 --------- d-----w C:\Program Files\iPass 2008-05-05 14:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\iPass 2008-05-05 14:07 --------- d-----w C:\Program Files\Common Files\ActivCard 2008-04-29 08:21 --------- d-----w C:\Program Files\UseNeXT 2008-04-27 20:11 --------- d-----w C:\Program Files\Cisco Systems 2008-04-27 20:03 --------- d-----w C:\Documents and Settings\cirillo\Application Data\U3 2008-04-27 19:33 --------- d-----w C:\Program Files\sysutil 2008-04-24 21:03 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-04-24 21:02 --------- d-----w C:\Program Files\Skype 2008-04-24 21:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-04-24 16:56 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-04-24 16:55 --------- d-----w C:\Program Files\Windows Live Favorites 2008-04-24 16:53 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-24 16:53 --------- d-----w C:\Program Files\Windows Live 2008-04-24 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-16 07:00 --------- d-----w C:\Program Files\uTorrent 2008-03-01 13:26 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008030120080302\index.dat . ((((((((((((((((((((((((((((( snapshot_2008-06-10_16.08.55.98 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-10 13:55:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-12 10:01:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-06-12 08:14:46 25,214 ----a-r C:\WINDOWS\Installer\{D120D8F1-4811-4E9B-A023-018E74E6B1CB}\ARPPRODUCTICON.exe + 2008-06-12 08:14:46 25,214 ----a-r C:\WINDOWS\Installer\{D120D8F1-4811-4E9B-A023-018E74E6B1CB}\OdysseyConfig.exe - 2008-01-27 23:31:39 34,308 ----a-w C:\WINDOWS\system32\BASSMOD.dll + 2008-06-10 22:38:53 34,308 ----a-w C:\WINDOWS\system32\BASSMOD.dll + 2006-11-14 16:49:54 398,720 ----a-w C:\WINDOWS\system32\drivers\jnprna.sys + 2006-01-23 13:19:32 254,208 ----a-w C:\WINDOWS\system32\drivers\odFIPS.sys + 2006-12-15 12:12:12 82,010 ----a-w C:\WINDOWS\system32\odSendPacket.dll - 2008-06-10 13:59:22 71,584 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-06-12 10:06:25 71,584 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-06-10 13:59:22 441,518 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-06-12 10:06:25 441,518 ----a-w C:\WINDOWS\system32\perfh009.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 18:45 1052672] "Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-12-30 12:23 1365504] "DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 13:39 1289000] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-12 00:03 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-11-17 04:03 8495104] "WiSEversionInfoCopy"="C:\Program Files\Juniper Networks\copyVersionInfo.vbs" [2007-05-23 15:45 2097] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "ShowLOMControl"="" [] "DVD43"="C:\PROGRA~1\DVDIDL~1\DVDIdlePro.exe" [2006-10-26 16:58 260096] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2007-07-20 17:55 1228800] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-02-12 11:30 110592 C:\WINDOWS\system32\bthprops.cpl] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 14:13 176128] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 11:22 405504] "ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.exe" [2008-01-24 20:50 111952] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-11-17 04:03 81920] "NVHotkey"="nvHotkey.dll" [2007-11-17 04:03 86016 C:\WINDOWS\system32\nvhotkey.dll] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 06:20 122940] "Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [2007-03-16 19:10 1392640] "OdTray.exe"="C:\Program Files\Juniper Networks\Odyssey Access Client\OdTray.exe" [2006-12-15 14:08 1028160] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-12 11:29 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "TSClientMSIUninstaller"="cmd.exe" [2008-02-12 11:29 389120 C:\WINDOWS\system32\cmd.exe] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [11/18/2005 5:46:00 PM 1724416] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [1/24/2008 3:01:35 PM 24576] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [4/10/2008 12:45:22 PM 789008] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveSearch"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\PROGRA~1\DVDIDL~1\DVDShell.dll [2004-10-09 16:18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OdysseyClient] odyEvent.dll 2008-06-12 10:14 122949 C:\WINDOWS\system32\odyEvent.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Inicialização rápida do HP Photosmart Premier.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Inicialização rápida do HP Photosmart Premier.lnk backup=C:\WINDOWS\pss\Inicialização rápida do HP Photosmart Premier.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares] C:\Program Files\Ares\Ares.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTCoreManager] --a------ 2007-03-12 10:36 69632 C:\Program Files\Common Files\Aladdin Shared\eToken\etCoreMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eTMonitor] --a------ 2007-03-12 10:43 73728 C:\Program Files\Common Files\Aladdin Shared\eToken\StoreSyncExe.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] --a------ 2006-02-19 02:41 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Le Petit Robert Hyperappel] --a------ 2001-10-11 13:11 22560 C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI] --a------ 2007-10-25 10:04 136512 C:\Program Files\McAfee\Common Framework\UdaterUI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Windows Installer] C:\Documents and Settings\cirillo\Application Data\Microsoft\dtsc\19496.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Network Associates Error Reporting Service] C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2007-11-17 04:03 8495104 C:\WINDOWS\system32\NvCpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2007-11-17 04:03 1626112 C:\WINDOWS\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistrySmart] C:\Program Files\RegistrySmart\RegistrySmart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-04-23 17:45 22058792 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "LBTServ"=3 (0x3) "seclogon"=2 (0x2) "aawservice"=2 (0x2) "MDM"=2 (0x2) "EACSys"=3 (0x3) "EACSvrMngr"=2 (0x2) "Neoteris Setup Service"=2 (0x2) "UPS"=3 (0x3) "CiSvc"=3 (0x3) "LmHosts"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\LMabcoms.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\WINDOWS\\system32\\java.exe"= "C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 odFips;odFips;C:\WINDOWS\system32\drivers\odFips.sys [2006-01-23 15:19] R2 JuniperAccessService;Juniper Unified Network Service;C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2006-12-11 19:12] R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2007-03-06 06:10] R3 Dvd43;Dvd43;C:\WINDOWS\system32\DRIVERS\Dvd43.sys [2008-05-13 12:58] R3 eTSCFLT;eToken SmartCard Upper Class Filter Driver;C:\WINDOWS\system32\DRIVERS\eTSCFLT.sys [2006-11-27 18:20] R3 jnprna;Juniper Network Agent Miniport;C:\WINDOWS\system32\DRIVERS\jnprna.sys [2006-11-14 18:49] S3 EacService;Juniper TNC Endpoint Assessment;C:\Program Files\Common Files\Juniper Networks\TNC Client\jTnccService.exe [2006-12-15 22:42] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ba9eca73-caba-11dc-ab7e-0015c509e104}] \Shell\AutoRun\command - G:\LaunchU3.exe -a *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\WiSE] wscript.exe "C:\Program Files\Juniper Networks\switchToSmartcard.vbs" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D3973444-9417-46D1-A555-6CF9B8062839}] msiexec /fuo {D3973444-9417-46D1-A555-6CF9B8062839} [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E480200A-9A85-40B5-99E8-95A2A76D19F3}] msiexec /fu {E480200A-9A85-40B5-99E8-95A2A76D19F3} /qn . Contents of the 'Scheduled Tasks' folder "2008-06-12 13:03:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-05-12 01:30:00 C:\WINDOWS\Tasks\RegistrySmart Scheduled Scan.job" - C:\Program Files\RegistrySmart\RegistrySmart.ex - C:\Program Files\RegistrySmart . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-12 15:35:39 Windows 5.1.2600 Service Pack 3, v.3311 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv] "ImagePath"="\??\C:\DOCUME~1\cirillo\LOCALS~1\Temp\mc29.tmp" . Completion time: 2008-06-12 15:36:13 ComboFix-quarantined-files.txt 2008-06-12 13:36:10 ComboFix2.txt 2008-06-11 22:58:44 ComboFix3.txt 2008-06-11 22:51:29 ComboFix4.txt 2008-06-10 22:00:02 ComboFix5.txt 2008-06-10 14:09:09 Pre-Run: 27,653,685,248 bytes free Post-Run: 27,647,504,384 bytes free 346 --- E O F --- 2008-03-27 11:13:03