Hello. Here's the log:
ComboFix 09-09-28.01 - Jessica 09/29/2009 19:20.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.110 [GMT -4:00]
Running from: c:\documents and settings\Jessica\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jessica\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
FILE ::
"C:\mlhlsvq.exe"
"c:\program files\Common Files\ekogep._sy"
"c:\windows\system32\calc.dll"
"c:\windows\system32\drivers\a0367ed0.sys"
"c:\windows\system32\gazizisa.dll"
"c:\windows\system32\nqpibfqp.dat"
"c:\windows\system32\vgcdtasa.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\11818124
c:\documents and settings\All Users\Application Data\11818284
C:\mlhlsvq.exe
c:\program files\Common Files\ekogep._sy
c:\windows\system32\drivers\a0367ed0.sys
c:\windows\system32\gazizisa.dll
c:\windows\system32\nqpibfqp.dat
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_antippolice_
-------\Service_a0367ed0
-------\Service_antippolice_
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.
2009-09-29 15:30 . 2009-09-29 15:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-29 15:22 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-29 15:22 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\McAfee.com
2009-09-29 15:17 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-28 22:36 . 2009-09-28 22:36 -------- d-----w- c:\documents and settings\Jessica\Application Data\McAfee
2009-09-28 18:36 . 2009-09-28 18:36 -------- d-----w- c:\program files\ERUNT
2009-09-28 00:27 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 00:27 . 2009-09-28 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 00:27 . 2009-09-28 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 00:27 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 00:03 . 2009-09-28 00:03 -------- d-----w- c:\program files\Trend Micro
2009-09-17 19:18 . 2009-09-17 19:18 -------- d-----w- C:\Webroot
2009-09-13 03:21 . 2005-07-06 20:16 428032 ----a-w- c:\windows\WRServices.dll
2009-09-04 07:10 . 2009-09-04 07:12 -------- d-----w- C:\18bed3b494b7996a92
2009-09-04 07:09 . 2009-09-04 07:43 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-01 07:04 . 2009-09-01 07:04 -------- d-----w- c:\windows\ServicePackFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 22:41 . 2007-08-08 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-29 18:23 . 2007-08-08 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 17:37 . 2007-08-08 21:20 -------- d-----w- c:\program files\McAfee
2009-09-29 15:13 . 2007-08-08 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-16 20:03 . 2008-08-06 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-13 03:26 . 2007-08-08 21:43 -------- d-----w- c:\program files\IrfanView
2009-09-12 02:57 . 2007-10-19 02:18 -------- d-----w- c:\documents and settings\Jessica\Application Data\Move Networks
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-29_01.37.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-09-29 01:29 71462 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-09-29 23:13 71462 c:\windows\system32\perfc009.dat
+ 2007-08-07 01:11 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-07 01:11 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-29 20:04 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-29 14:58 . 2009-09-29 14:58 53248 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000002\UsrClass.dat
- 2004-08-04 12:00 . 2009-09-29 01:29 441692 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-09-29 23:13 441692 c:\windows\system32\perfh009.dat
+ 2009-09-29 14:58 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2009\ERDNT.EXE
+ 2009-09-29 14:58 . 2009-09-29 14:58 3624960 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
c:\documents and settings\Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jessica^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Jessica\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2009 11:26 AM 203280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/20/2009 7:38 AM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/6/2007 9:18 PM 231424]
.
Contents of the 'Scheduled Tasks' folder
2009-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-08 00:39]
2009-09-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]
2009-09-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1<mpl=default<mplcache=2&hl=en
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 19:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-29 19:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 23:39
ComboFix2.txt 2009-09-29 01:42
Pre-Run: 46,489,882,624 bytes free
Post-Run: 46,496,727,040 bytes free
221 --- E O F --- 2009-09-09 07:02
ComboFix 09-09-28.01 - Jessica 09/29/2009 19:20.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.110 [GMT -4:00]
Running from: c:\documents and settings\Jessica\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jessica\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
FILE ::
"C:\mlhlsvq.exe"
"c:\program files\Common Files\ekogep._sy"
"c:\windows\system32\calc.dll"
"c:\windows\system32\drivers\a0367ed0.sys"
"c:\windows\system32\gazizisa.dll"
"c:\windows\system32\nqpibfqp.dat"
"c:\windows\system32\vgcdtasa.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\11818124
c:\documents and settings\All Users\Application Data\11818284
C:\mlhlsvq.exe
c:\program files\Common Files\ekogep._sy
c:\windows\system32\drivers\a0367ed0.sys
c:\windows\system32\gazizisa.dll
c:\windows\system32\nqpibfqp.dat
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_antippolice_
-------\Service_a0367ed0
-------\Service_antippolice_
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.
2009-09-29 15:30 . 2009-09-29 15:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-29 15:22 . 2009-07-08 17:44 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-29 15:22 . 2009-07-08 17:44 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-29 15:22 . 2009-07-16 16:32 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-29 15:21 . 2009-09-29 15:22 -------- d-----w- c:\program files\McAfee.com
2009-09-29 15:17 . 2009-07-08 17:43 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-28 22:36 . 2009-09-28 22:36 -------- d-----w- c:\documents and settings\Jessica\Application Data\McAfee
2009-09-28 18:36 . 2009-09-28 18:36 -------- d-----w- c:\program files\ERUNT
2009-09-28 00:27 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 00:27 . 2009-09-28 02:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 00:27 . 2009-09-28 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 00:27 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 00:03 . 2009-09-28 00:03 -------- d-----w- c:\program files\Trend Micro
2009-09-17 19:18 . 2009-09-17 19:18 -------- d-----w- C:\Webroot
2009-09-13 03:21 . 2005-07-06 20:16 428032 ----a-w- c:\windows\WRServices.dll
2009-09-04 07:10 . 2009-09-04 07:12 -------- d-----w- C:\18bed3b494b7996a92
2009-09-04 07:09 . 2009-09-04 07:43 -------- d-----w- c:\windows\SxsCaPendDel
2009-09-01 07:04 . 2009-09-01 07:04 -------- d-----w- c:\windows\ServicePackFiles
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 22:41 . 2007-08-08 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-29 18:23 . 2007-08-08 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 17:37 . 2007-08-08 21:20 -------- d-----w- c:\program files\McAfee
2009-09-29 15:13 . 2007-08-08 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-16 20:03 . 2008-08-06 18:46 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-13 03:26 . 2007-08-08 21:43 -------- d-----w- c:\program files\IrfanView
2009-09-12 02:57 . 2007-10-19 02:18 -------- d-----w- c:\documents and settings\Jessica\Application Data\Move Networks
2009-08-05 09:11 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 04:53 . 2004-08-04 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-17 18:55 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-08 17:44 . 2009-07-08 17:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-29_01.37.08 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 12:00 . 2009-09-29 01:29 71462 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-09-29 23:13 71462 c:\windows\system32\perfc009.dat
+ 2007-08-07 01:11 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-07 01:11 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-09-29 20:04 . 2009-09-29 20:10 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-08-07 01:11 . 2009-09-29 01:01 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-09-29 14:58 . 2009-09-29 14:58 53248 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000002\UsrClass.dat
- 2004-08-04 12:00 . 2009-09-29 01:29 441692 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-09-29 23:13 441692 c:\windows\system32\perfh009.dat
+ 2009-09-29 14:58 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\9-29-2009\ERDNT.EXE
+ 2009-09-29 14:58 . 2009-09-29 14:58 3624960 c:\windows\ERDNT\AutoBackup\9-29-2009\Users\00000001\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-07-17 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-08 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-07-10 645328]
c:\documents and settings\Jessica\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Find Fast.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk
backup=c:\windows\pss\Microsoft Find Fast.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Jessica^Start Menu^Programs^Startup^Webshots.lnk]
path=c:\documents and settings\Jessica\Start Menu\Programs\Startup\Webshots.lnk
backup=c:\windows\pss\Webshots.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"Viewpoint Manager Service"=2 (0x2)
"MpfService"=2 (0x2)
"McSysmon"=3 (0x3)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"mcmscsvc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"hpqwmi"=3 (0x3)
"gusvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Java\\jre1.5.0_02\\bin\\javaw.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/29/2009 11:26 AM 203280]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/20/2009 7:38 AM 24652]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [8/6/2007 9:18 PM 231424]
.
Contents of the 'Scheduled Tasks' folder
2009-09-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
2009-09-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-08 00:39]
2009-09-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]
2009-09-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-09-29 01:26]
.
.
------- Supplementary Scan -------
.
uStart Page = https://www.google.com/accounts/ServiceLogin?service=mail&passive=true&rm=false&continue=http%3A%2F%2Fmail.google.com%2Fmail%2F%3Fui%3Dhtml%26zy%3Dl&bsv=zpwhtygjntrz&scc=1<mpl=default<mplcache=2&hl=en
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
Trusted Zone: internet
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 19:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3696)
c:\windows\system32\WININET.dll
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-09-29 19:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-29 23:39
ComboFix2.txt 2009-09-29 01:42
Pre-Run: 46,489,882,624 bytes free
Post-Run: 46,496,727,040 bytes free
221 --- E O F --- 2009-09-09 07:02