Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.224 [GMT -4:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\Combo-Fix.exe
AV: Norton 360 *On-access scanning enabled* (Updated) {A5F1BC7C-EA33-4247-961C-0217208396C4}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton 360 *enabled* {371C0A40-5A0C-4AD2-A6E5-69C02037FBF3}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Images
c:\images\DirCfg.ini
c:\program files\Common
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Install.txt
c:\windows\Installer\df9f1.msp
c:\windows\kb913800.exe
c:\windows\system32\18467.exe
c:\windows\system32\41.exe
c:\windows\system32\6334.exe
c:\windows\system32\bincd32.dat
c:\windows\system32\FInstall.sys
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\Install.txt
c:\windows\system32\kdpini.dll
c:\windows\system32\netsdk.sys
c:\windows\system32\wispex.html
D:\Autorun.inf
----- BITS: Possible infected sites -----
hxxp://download.yimg.com.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_kbiwkmfuukfhmc
-------\Legacy_NETSDK
-------\Service_kbiwkmfuukfhmc
-------\Service_netsdk
((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.
2009-09-12 15:26 . 2009-03-31 15:23 39200 ----a-w- c:\windows\system32\drivers\TfSysMon.sys
2009-09-12 15:26 . 2009-03-31 15:23 33056 ----a-w- c:\windows\system32\drivers\TfNetMon.sys
2009-09-12 15:26 . 2009-03-31 15:23 12576 ----a-w- c:\windows\system32\drivers\TfKbMon.sys
2009-09-12 15:26 . 2009-03-31 15:23 51488 ----a-w- c:\windows\system32\drivers\TfFsMon.sys
2009-09-09 21:52 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-01 22:32 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-01 22:31 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-01 22:31 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-01 22:31 . 2009-09-01 22:32 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-01 22:31 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-01 22:31 . 2009-09-14 12:27 -------- d-----w- c:\program files\Spyware Doctor
2009-09-01 22:31 . 2009-09-12 15:32 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-01 22:31 . 2009-09-01 22:31 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\PC Tools
2009-09-01 22:31 . 2009-09-15 12:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-01 21:48 . 2009-09-01 21:48 -------- d-----w- C:\0de76ee21061f88991ef77fd89e4
2009-08-31 17:23 . 2009-08-31 17:23 273935 ----a-w- c:\windows\system32\aebacebfafaedde.dll
2009-08-31 10:26 . 2009-08-31 10:26 163840 ----a-w- c:\windows\svchasts.exe
2009-08-25 21:13 . 2009-08-25 21:13 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2009-08-24 21:44 . 2009-08-24 21:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-22 21:38 . 2009-08-22 21:38 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-22 20:42 . 2009-08-22 20:42 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-08-22 20:08 . 2009-08-22 20:08 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-08-22 19:55 . 2009-08-22 19:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPQ
2009-08-22 19:43 . 2009-08-22 19:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-22 19:43 . 2009-08-22 19:43 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 12:02 . 2009-02-03 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-15 12:02 . 2006-09-12 01:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-14 19:19 . 2007-11-02 04:37 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-12 15:37 . 2007-02-02 21:55 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\WeatherBug
2009-08-23 06:16 . 2009-08-23 06:15 110574 ----a-w- c:\windows\~DF63BC.tmp
2009-08-23 06:15 . 2009-08-23 06:06 110574 ----a-w- c:\windows\~DFD7E1.tmp
2009-08-23 05:23 . 2009-05-10 12:48 -------- d-----w- c:\program files\'Malewarebytes' Anti-Malware'
2009-08-22 15:50 . 2009-08-22 15:50 296462 ----a-w- c:\windows\~DFEFB9.tmp
2009-08-21 23:59 . 2008-12-25 02:31 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\BitTorrent
2009-08-14 19:00 . 2006-09-12 01:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-14 18:59 . 2009-08-14 18:59 -------- d-----w- c:\program files\eBay
2009-08-14 10:58 . 2009-09-01 22:31 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-06 07:49 . 2006-09-12 01:28 45536 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-06 07:17 . 2009-08-06 07:17 -------- d-----w- c:\program files\MSBuild
2009-08-06 07:17 . 2009-08-06 07:17 -------- d-----w- c:\program files\Reference Assemblies
2009-08-05 09:01 . 2004-08-10 04:00 204800 ------w- c:\windows\system32\mswebdvd.dll
2009-08-03 17:36 . 2009-05-10 12:48 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-03 17:36 . 2009-05-10 12:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-31 20:42 . 2009-07-31 20:42 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\KodakCredentialStore
2009-07-31 19:24 . 2009-07-31 19:24 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Skinux
2009-07-31 19:17 . 2009-07-31 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-07-31 19:15 . 2009-07-31 19:14 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\ArcSoft
2009-07-31 19:15 . 2009-07-31 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-07-31 19:14 . 2009-07-31 19:13 -------- d-----w- c:\program files\Common Files\ArcSoft
2009-07-31 19:13 . 2009-07-31 19:13 -------- d-----w- c:\program files\ArcSoft
2009-07-31 19:12 . 2009-07-31 18:16 -------- d-----w- c:\program files\Kodak
2009-07-31 19:10 . 2009-07-31 18:19 -------- d-----w- c:\program files\Common Files\Kodak
2009-07-17 19:01 . 2004-08-10 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 18:26 . 2009-07-15 18:26 49152 ----a-r- c:\windows\system32\inetwh32.dll
2009-07-15 18:26 . 2009-07-15 18:26 1044480 ----a-r- c:\windows\system32\roboex32.dll
2009-07-13 14:08 . 2004-08-10 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-10 04:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2004-08-10 04:00 730112 ------w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-10 04:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-10 04:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-10 04:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-10 04:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-10 04:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-10 11:00 92928 ------w- c:\windows\system32\drivers\ksecdd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2006-04-07 1343488]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-06-30 2836376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-26 267064]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-12 180269]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-07-10 195072]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-06-14 16239616]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-03 77312]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-05-09 1519616]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\5577497\Program\Compaq Connections.exe [2006-9-11 36903]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2009-7-10 323584]
ymetray.lnk - c:\program files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe [2007-1-26 54776]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aebacebfafaedde]
2009-08-31 17:23 273935 ----a-w- c:\windows\system32\aebacebfafaedde.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/1/2009 6:31 PM 206256]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [9/12/2009 11:26 AM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [9/12/2009 11:26 AM 39200]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [9/1/2009 6:32 PM 159600]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [9/11/2009 8:46 AM 102448]
R3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [9/1/2009 6:31 PM 64392]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [9/12/2009 11:26 AM 33056]
S0 bbaeec9b7011df3982c8237517cd3e15;bbaeec9b7011df3982c8237517cd3e15;c:\windows\system32\bbaeec9b7011df3982c8237517cd3e15.sys --> c:\windows\system32\bbaeec9b7011df3982c8237517cd3e15.sys [?]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [1/12/2008 10:32 PM 23888]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
*NewlyCreated* - EVDOSERVER
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-16 22:11]
2009-09-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 18:05]
2009-09-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-03 18:05]
2009-09-15 c:\windows\Tasks\User_Feed_Synchronization-{B37FEFBC-FD89-4275-949A-ED107B49DFB2}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktopuSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mSearch Bar =
hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/yme/*http://www.yahoo.com/ext/search/search.htmlmWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext =
hxxp://www.comcast.net/uSearchURL,(Default) =
hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.comIE: &Yahoo! Search -
file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Yahoo! &Dictionary -
file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps -
file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS -
file:///c:\program files\Yahoo!\Common/ycsms.htm
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: trymedia.com
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} -
hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-PCDrProfiler - (no file)
AddRemove-Win Police Pro - c:\program files\Windows Police Pro\AntiSpyware_Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-15 08:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-905739999-803018164-1412106516-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,72,a6,5a,5b,3d,4c,f4,40,98,76,2a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,72,a6,5a,5b,3d,4c,f4,40,98,76,2a,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(976)
c:\windows\system32\aebacebfafaedde.dll
c:\windows\system32\Wininet.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
c:\program files\Spyware Doctor\TFEngine\TFNI.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
- - - - - - - > 'lsass.exe'(1044)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
- - - - - - - > 'explorer.exe'(4304)
c:\windows\system32\WININET.dll
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
c:\docume~1\COMPAQ~1\LOCALS~1\Temp\IadHide5.dll
c:\program files\Spyware Doctor\TFEngine\TFNI.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE
c:\program files\Spyware Doctor\TFEngine\TFService.exe
c:\progra~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\TEMP\t4m0_436554816484.bk.old
c:\windows\system32\sofatnet.exe
c:\windows\system32\lsm32.sys
.
**************************************************************************
.
Completion time: 2009-09-15 8:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-15 12:39
Pre-Run: 130,531,045,376 bytes free
Post-Run: 130,484,686,848 bytes free
360 --- E O F --- 2009-09-12 07:01