Sorry - bumped again cuz I think I'm so many pages down you can't see me.... here's the latest
ComboFix 09-07-29.03 - sperry 07/29/2009 19:03.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1007.568 [GMT -4]
Running from: c:\downloads\FromCDBurn\Combo-Fix.exe
Command switches used :: c:\documents and settings\sperry\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\sperry\Local Settings\Application Data\AskToolbar
c:\documents and settings\sperry\Local Settings\Application Data\AskToolbar\cache.dat
c:\documents and settings\sperry\Local Settings\Application Data\AskToolbar\config.xml
c:\program files\Ask.com
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\UpdateTask.exe
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-29 )))))))))))))))))))))))))))))))
.
2009-07-25 16:13 . 2009-07-25 16:13 -------- d-----w- c:\documents and settings\sperry\Application Data\Malwarebytes
2009-07-25 16:12 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-25 16:12 . 2009-07-25 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-25 16:12 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-25 16:12 . 2009-07-25 16:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-25 16:00 . 2009-07-25 16:00 -------- d-----w- c:\program files\Trend Micro
2009-07-18 07:59 . 2009-07-18 07:59 -------- d-----w- c:\documents and settings\sperry\Local Settings\Application Data\Temp
2009-07-16 17:22 . 2009-07-16 17:22 -------- d-----w- c:\program files\MSECache
2009-07-15 14:50 . 2009-07-15 14:50 -------- d-----w- C:\WhitePapers
2009-07-15 13:30 . 2007-12-11 19:36 245760 ----a-w- c:\windows\system32\WlanApp.dll
2009-07-15 13:30 . 2007-11-21 22:36 217088 ----a-w- c:\windows\system32\aIPH.dll
2009-07-15 13:30 . 2007-10-08 23:13 262144 ----a-w- c:\windows\system32\wnicapi.dll
2009-07-15 13:30 . 2008-01-02 14:24 692224 ----a-w- c:\windows\system32\ANIWZCS2.dll
2009-07-15 13:30 . 2006-09-26 17:49 45115 ----a-w- c:\windows\system32\ANICtl.dll
2009-07-15 13:30 . 2005-10-27 12:55 49152 ----a-w- c:\windows\system32\JJAKEn.dll
2009-07-15 13:30 . 2005-10-19 22:19 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2009-07-15 13:30 . 2005-10-19 22:19 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2009-07-15 13:29 . 2009-07-15 13:30 -------- d-----w- c:\program files\ANI
2009-07-15 13:29 . 2007-11-21 22:46 36864 ----a-w- c:\windows\system32\ANIOApi.dll
2009-07-15 13:29 . 2007-05-12 20:39 48128 ----a-w- c:\windows\system32\ANIO64.sys
2009-07-15 13:29 . 2007-05-12 20:39 28195 ----a-w- c:\windows\system32\ANIO.sys
2009-07-15 13:29 . 2007-05-12 20:39 11904 ----a-w- c:\windows\system32\anio4.sys
2009-07-15 13:29 . 2009-07-15 13:29 -------- d-----w- c:\program files\Airlink101
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-29 16:11 . 2008-01-11 00:21 -------- d-----w- c:\program files\LogMeIn
2009-07-29 15:28 . 2009-03-16 19:58 0 ----a-w- c:\documents and settings\sperry\Local Settings\Application Data\prvlcl.dat
2009-07-29 02:39 . 2009-03-24 00:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-26 02:18 . 2008-06-30 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Avg8
2009-07-24 21:32 . 2009-04-30 13:19 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-20 15:18 . 2008-05-09 01:51 -------- d-----w- c:\documents and settings\sperry\Application Data\Skype
2009-07-20 12:56 . 2008-05-09 01:52 -------- d-----w- c:\documents and settings\sperry\Application Data\skypePM
2009-07-19 17:54 . 2008-01-10 22:29 56632 ----a-w- c:\documents and settings\sperry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-15 13:30 . 2008-01-11 00:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 16:12 . 2006-02-28 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2006-02-28 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-24 17:51 . 2008-02-05 18:27 -------- d-----w- c:\program files\Google
2009-06-17 12:58 . 2008-06-30 04:30 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:55 . 2006-02-28 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 00:18 . 2009-06-15 00:18 390664 ----a-w- c:\documents and settings\sperry\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-12 12:09 . 2008-06-30 04:30 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-05 12:43 . 2008-01-22 16:15 -------- d-----w- c:\program files\Wisdom-soft
2009-06-03 19:27 . 2006-02-28 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-05-13 19:39 . 2008-01-23 22:29 1563008 ----a-w- c:\windows\WRSetup.dll
2009-05-10 12:56 . 2008-06-30 04:30 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-07 15:44 . 2006-02-28 12:00 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-03-10 11:55 . 2008-09-06 02:43 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-02-05 18:28 . 2008-02-05 18:28 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]
[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
2009-07-19 12:50 2215960 ----a-w- c:\program files\Wisdom-soft\tbWis1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6dfc55bb-bfff-485a-9709-90c3fdf6db58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]
[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6DFC55BB-BFFF-485A-9709-90C3FDF6DB58}"= "c:\program files\Wisdom-soft\tbWis1.dll" [2009-07-19 2215960]
[HKEY_CLASSES_ROOT\clsid\{6dfc55bb-bfff-485a-9709-90c3fdf6db58}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-08-03 63048]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-05-13 6345840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-10 12:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-18 13:09 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"QuickBooksDB18"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"QBFCService"=3 (0x3)
"QBCFMonitorService"=2 (0x2)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9ac1514b39476"=2 (0x2)
"GoogleDesktopManager"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"igfxpers"=c:\windows\system32\igfxpers.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1583:TCP"= 1583:TCP:Pervasive DBEngine
"3351:TCP"= 3351:TCP:Pervasive DBEngine
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [2/25/2009 3:24 PM 29808]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6/30/2008 12:30 AM 327688]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/30/2008 12:30 AM 298776]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/3/2007 4:09 PM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [1/10/2008 8:22 PM 47640]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [3/31/2009 6:07 PM 1205760]
R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [11/15/2007 9:18 PM 572416]
S4 gupdate1c9ac1514b39476;Google Update Service (gupdate1c9ac1514b39476);c:\program files\Google\Update\GoogleUpdate.exe [3/23/2009 8:11 PM 133104]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 QuickBooksDB18;QuickBooksDB18;c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 --> c:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB18 [?]
.
Contents of the 'Scheduled Tasks' folder
2009-07-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-23 00:09]
2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 00:11]
2009-07-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-24 00:11]
.
- - - - ORPHANS REMOVED - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.makerent.com/uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: cafepress.com\www
Trusted Zone: pens.com\www
Trusted Zone: rivhsa.org\www
FF - ProfilePath - c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage -
hxxp://www.makerent.comFF - prefs.js: keyword.URL -
hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=WBR&o=13993&locale=en_US&q=FF - component: c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\sperry\Application Data\Mozilla\Firefox\Profiles\qwt7blsh.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: content.switch.threshold - 650000
FF - user.js: nglayout.initialpaint.delay - 300
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-29 19:09
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\sperry\LOCALS~1\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1172)
c:\windows\system32\LMIinit.dll
.
Completion time: 2009-07-29 19:10
ComboFix-quarantined-files.txt 2009-07-29 23:10
ComboFix2.txt 2009-07-29 18:34
Pre-Run: 40,604,241,920 bytes free
Post-Run: 40,641,503,232 bytes free
216 --- E O F --- 2009-07-29 16:10
Last edited by skhpa101 on 30th July 2009, 12:04 am; edited 1 time in total (Reason for editing : bump new combo fix log)