part-2
2010-02-23 14:55 . 2004-08-03 19:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-23 13:21 . 2003-03-18 20:20 1060864 ----a-w- c:\windows\system32\MFC71.dll
2010-02-23 13:21 . 2003-03-18 19:14 499712 ----a-w- c:\windows\system32\MSVCP71.dll
2010-02-23 13:21 . 2003-02-21 03:42 348160 ----a-w- c:\windows\system32\MSVCR71.dll
2010-02-23 10:56 . 2010-02-23 17:25 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2010-02-23 10:56 . 2010-02-23 10:56 -------- d-----w- c:\program files\NCH Software
2010-02-23 10:56 . 2010-03-01 13:53 -------- d-----w- c:\documents and settings\Daksh\Application Data\NCH Swift Sound
2010-02-23 10:49 . 2010-02-23 10:49 1078 ----a-r- c:\documents and settings\Daksh\Application Data\Microsoft\Installer\{76EFAC4F-1712-401F-B2AE-590B170C9BCE}\_60c11ac7.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-05 20:13 . 2010-02-23 00:59 -------- d-----w- c:\documents and settings\Daksh\Application Data\uTorrent
2010-03-05 11:26 . 2009-04-16 20:43 84632 ------w- c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\UrlRule.dll
2010-03-05 11:26 . 2009-04-16 20:43 125592 ------w- c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\SecScan.dll
2010-03-05 11:26 . 2009-04-16 20:43 92824 ------w- c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\SecEx.dll
2010-03-05 11:26 . 2009-04-16 20:43 424560 ------w- c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\runiep.dll
2010-03-05 11:26 . 2009-04-16 20:43 207512 ------w- c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\rsdialog.dll
2010-03-05 11:26 . 2009-04-16 20:43 215704 ------w- c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\pweb.dll
2010-03-05 11:26 . 2009-04-16 20:43 744088 ------w- c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\ptools.dll
2010-03-05 11:26 . 2009-04-16 20:43 809624 ------w- c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\pscan.dll
2010-03-05 11:25 . 2009-04-16 20:43 297584 ------w- c:\documents and settings\Daksh\Application Data\Thinstall\Rising PC Doctor\%ProgramFilesDir%\Rising\AntiSpyware\KakaMgr.dll
2010-03-05 09:09 . 2010-02-23 00:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-04 23:55 . 2004-08-03 19:56 1281536 ----a-w- c:\windows\system32\ole32.dll
2010-03-04 23:34 . 2010-02-23 03:59 12328 ----a-w- c:\documents and settings\Daksh\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 23:21 . 2010-02-22 22:35 22748 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-25 06:48 . 2010-02-22 22:38 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-02-23 11:13 . 2010-02-23 11:13 32768 ----a-w- c:\windows\Help\ItzilzIm.dll
2010-02-23 03:44 . 2010-02-23 03:44 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-23 03:43 . 2010-02-23 03:43 -------- d-----w- c:\program files\C-Media 3D Audio
2010-02-23 02:23 . 2010-02-23 02:23 -------- d-----w- c:\documents and settings\Daksh\Application Data\SUPERAntiSpyware.com
2010-02-23 02:23 . 2010-02-23 02:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-23 00:14 . 2010-02-23 00:14 10134 ----a-r- c:\documents and settings\Daksh\Application Data\Microsoft\Installer\{4C933A3B-6201-4C90-AB28-598561131C06}\_05672270EB30CCA6FD3838.exe
2010-02-23 00:14 . 2010-02-23 00:14 16958 ----a-r- c:\documents and settings\Daksh\Application Data\Microsoft\Installer\{4C933A3B-6201-4C90-AB28-598561131C06}\_8C792585F69A42291AD1A1.exe
2010-02-23 00:14 . 2010-02-23 00:14 16958 ----a-r- c:\documents and settings\Daksh\Application Data\Microsoft\Installer\{4C933A3B-6201-4C90-AB28-598561131C06}\_6FEFF9B68218417F98F549.exe
2010-02-23 00:14 . 2010-02-23 00:14 16958 ----a-r- c:\documents and settings\Daksh\Application Data\Microsoft\Installer\{4C933A3B-6201-4C90-AB28-598561131C06}\_15D66DCE894BB3F91E0E6F.exe
2010-02-22 23:50 . 2010-02-22 23:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-22 23:50 . 2010-02-22 23:50 -------- d-----w- c:\program files\Java
2010-02-22 23:50 . 2010-02-22 23:50 152576 ----a-w- c:\documents and settings\Daksh\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-02-22 22:54 . 2010-02-22 22:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-22 22:39 . 2010-02-22 22:39 -------- d-----w- c:\program files\microsoft frontpage
.
<pre>
c:\program files\Java\jre6\bin\jusched .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Run StartupMonitor"="StartupMonitor.exe" [2000-05-20 86016]
"avast5"="e:\useful~1\ANTIVI~2\avastUI.exe" [2010-02-11 2756488]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
cmicnfg.cpl [N/A]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\ACTIVE DOWNLOADS\\uTORRENTS\\uTorrent.exe"=
"c:\\ODIN\\Diet\\DietOdin.exe"=
"e:\\TEST DOWNLOADS\\ANTI VIRUS MALWARE-REMOVEIT-\\Program Files\\InCode Solutions\\RemoveIT Pro v4 - SE\\removeit.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [3/5/2010 5:33 AM 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [3/5/2010 5:33 AM 19024]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys --> c:\windows\system32\drivers\SBREDrv.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\12.tmp --> c:\windows\system32\12.tmp [?]
S3 SASENUM;SASENUM;
S3 SbieDrv;SbieDrv;e:\useful crucial utilities folder\SANDBOXIE\SbieDrv.sys [2/3/2010 4:10 PM 115432]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.freeware365.com/desktop/folderguide.htm
TCP: {66A4DF95-55B1-4AC1-9006-CE521313193D} = 202.56.215.6,202.56.230.6
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-06 01:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\12.tmp"
.
Completion time: 2010-03-06 01:54:14
ComboFix-quarantined-files.txt 2010-03-05 20:24
Pre-Run: 37,365,747,712 bytes free
Post-Run: 37,338,963,968 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0E934A1A39777670895CC9D914CA9547