ComboFix Log:
ComboFix 09-10-23.01 - Administrator 10/24/2009 11:48.1.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.802 [GMT -5:00]
Running from: c:\documents and settings\Administrator\desktop\commy.exe
Command switches used :: /stepdel
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Start Menu\Programs\Windows Police Pro
c:\documents and settings\Merlin\Start Menu\Programs\Windows Police Pro
c:\program files\AdvancedVirusRemover
c:\program files\Windows Police Pro
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858
c:\recycler\S-1-5-21-0823906687-9603902155-275191836-6971
c:\recycler\S-1-5-21-2841344863-9824998207-125976383-7598
c:\windows\system32\bcmwl5.inf
c:\windows\system32\Desktop_.ini
c:\windows\system32\images
c:\windows\system32\jasosise.exe
c:\windows\system32\ziperame.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\csrss.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\lsass.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\services.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\svchost.exe
c:\docume~1\ADMINI~1\LOCALS~1\Temp\taskmgr.exe
c:\documents and settings\Administrator\Desktop\Windows Police Pro.lnk
c:\documents and settings\Administrator\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
c:\documents and settings\Merlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Merlin\Desktop\Windows Police Pro.lnk
c:\documents and settings\Merlin\Start Menu\Advanced Virus Remover.lnk
c:\documents and settings\Merlin\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
c:\program files\AdvancedVirusRemover\PAVRM.exe
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\program files\Windows Police Pro\winivsetup.exe
C:\qdgavjh.exe
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\Desktop.ini
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858\Desktop.ini
c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1858\port88.exe
c:\recycler\S-1-5-21-0823906687-9603902155-275191836-6971\Desktop.ini
c:\recycler\S-1-5-21-0823906687-9603902155-275191836-6971\wnzip32.exe
c:\recycler\S-1-5-21-2841344863-9824998207-125976383-7598\Desktop.ini
c:\windows\msa.exe
c:\windows\svchast.exe
c:\windows\system32\6to4v32.dll
c:\windows\system32\bijukotu.dll
c:\windows\system32\bincd32.dat
c:\windows\system32\certstore.dat
c:\windows\system32\critical_warning.html
c:\windows\system32\drivers\glaide32.sys
c:\windows\system32\fegezofo.dll
c:\windows\system32\fepkd53qo7.dll
c:\windows\system32\fufakili.dll
c:\windows\system32\gosge7.dll
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\isasdk.sys
c:\windows\system32\iycrmtarub.dll
c:\windows\system32\kosagiti.dll
c:\windows\system32\lugesate.dll
c:\windows\system32\mea8blp5.dll
c:\windows\system32\nuar.old
c:\windows\system32\plkmn2o0.dll
c:\windows\system32\plUGie.dll
c:\windows\system32\pobojohe.dll
c:\windows\system32\pump.exe
c:\windows\system32\r4j6ipfyl.dll
c:\windows\system32\rush4imjo3.dll
c:\windows\system32\serubifa.dll
c:\windows\system32\skynet.dat
c:\windows\system32\sysnet.dat
c:\windows\system32\tonepopo.dll
c:\windows\system32\ulwbgxt.dll
c:\windows\system32\vapuhonu.dll
c:\windows\system32\vk71h9t9.dll
c:\windows\system32\winhelper.dll
c:\windows\system32\winupdate.exe
c:\windows\system32\wispex.html
c:\windows\system32\wvdk6.dll
c:\windows\system32\xi94dzad.dll
c:\windows\system32\xmBSen6iii.dll
c:\windows\system32\xmgrf.dll
c:\windows\system32\yuwelete.dll
c:\windows\system32\zu09qz2x4.dll
c:\windows\system32\zzxjret.dll
c:\windows\wf3.dat
c:\windows\wf4.dat
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\system32\dllcache\eventlog.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_ANTIPOL
-------\Legacy_GLAIDE32
-------\Legacy_ISASDK
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_6to4
-------\Service_AntiPol
-------\Service_glaide32
-------\Service_isasdk
((((((((((((((((((((((((( Files Created from 2009-09-24 to 2009-10-24 )))))))))))))))))))))))))))))))
.
2009-10-03 17:42 . 2009-10-03 17:43 79360 ----a-w- C:\hsjcyle.exe
2009-10-03 17:28 . 2009-10-03 17:43 192951 ----a-w- C:\ituycggj.exe
2009-10-03 17:28 . 2009-10-03 17:42 9728 ----a-w- C:\luqnovd.exe
2009-10-03 17:27 . 2009-10-03 17:27 161280 ----a-w- C:\uheu.exe
2009-10-03 17:27 . 2009-10-03 17:43 51200 ----a-w- C:\dkvyax.exe
2009-10-03 17:27 . 2009-10-03 17:42 43520 ----a-w- C:\rmnkbgw.exe
2009-10-03 17:26 . 2009-10-03 17:27 161280 ----a-w- C:\faluw.exe
2009-10-03 17:25 . 2009-10-03 17:26 43520 ----a-w- C:\ejpjqdnw.exe
2009-10-03 03:28 . 2009-10-03 17:25 9728 ----a-w- C:\qhhi.exe
2009-10-03 03:28 . 2009-10-03 17:26 192951 ----a-w- C:\bxim.exe
2009-10-02 03:46 . 2009-10-02 03:46 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-10-02 03:45 . 2009-10-02 03:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-10-02 03:44 . 2009-10-02 03:44 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-10-02 03:07 . 2009-10-03 17:31 131731 ----a-w- c:\windows\system32\dbsinit.exe
2009-10-02 03:01 . 2009-10-02 03:01 -------- d-----w- c:\program files\Trend Micro
2009-10-02 02:38 . 2009-10-02 02:38 -------- d-----w- c:\documents and settings\Merlin\Application Data\6857436442
2009-10-02 02:38 . 2009-10-02 02:38 -------- d-----w- c:\documents and settings\Merlin\Application Data\2497265022
2009-10-02 02:32 . 2009-10-02 02:32 52736 ----a-w- C:\hyvt.exe
2009-10-02 02:32 . 2009-10-02 02:32 45568 ----a-w- C:\uekw.exe
2009-10-02 02:32 . 2009-10-24 16:38 0 ----a-r- c:\windows\win32k.sys
2009-10-02 02:32 . 2009-10-02 02:32 201200 ----a-w- C:\gsrilums.exe
2009-10-02 02:31 . 2009-10-02 02:32 79360 ----a-w- C:\qkfd.exe
2009-10-02 02:31 . 2009-10-02 02:32 245760 ----a-w- C:\utksugvj.exe
2009-10-02 02:31 . 2009-10-02 02:31 9728 ----a-w- C:\uxgjlq.exe
2009-09-30 04:56 . 2009-09-30 04:56 -------- d-----w- c:\documents and settings\Merlin\Application Data\Malwarebytes
2009-09-30 04:56 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 04:56 . 2009-10-03 05:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 04:56 . 2009-09-30 04:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 04:56 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
------- Sigcheck -------
Cryptography Services Error !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-24 68856]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-05-25 321344]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2008-11-04 196608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-1-16 565248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
BHO-{bd9d5f1c-6c71-422f-ba86-86142ccbcf73} - lugesate.dll
HKCU-Run-12CFG214-K641-12SF-N85P - c:\recycler\S-1-5-21-0243936033-3052116371-381863308-1811\vsbntlo.exe
HKCU-Run-PopRock - c:\docume~1\Merlin\LOCALS~1\Temp\b.exe
HKLM-Run-nupusijiw - c:\windows\system32\tonepopo.dll
HKLM-Run-nevahedopi - pobojohe.dll
AddRemove-HijackThis - c:\documents and settings\Merlin\Desktop\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-24 11:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\progra~1\AVG\AVG8\avgwdsvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Acer\Acer VCM\RS_Service.exe
c:\progra~1\AVG\AVG8\avgemc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\commy\CF1171.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\progra~1\LAUNCH~1\LManager.exe
c:\program files\Acer\Acer eRecovery Management\NotificationLauncher.exe
c:\progra~1\AVG\AVG8\avgtray.exe
c:\program files\Windows Defender\MSASCui.exe
c:\program files\Common Files\Real\Update_OB\realsched.exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Java\jre6\bin\jusched.exe
c:\windows\system32\igfxext.exe
c:\program files\iTunes\iTunesHelper.exe
c:\documents and settings\Merlin\Application Data\2497265022\2497265022.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\docume~1\Merlin\LOCALS~1\Temp\RtkBtMnt.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AVG\AVG8\avgupd.exe
c:\commy\PEV.cfxxe
.
**************************************************************************
.
Completion time: 2009-10-24 12:00 - machine was rebooted [Merlin]
Pre-Run: 136,693,600,256 bytes free
Post-Run: 136,107,671,552 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Add remove programs Log:
2007 Microsoft Office Suite Service Pack 1 (SP1)
AAC Decoder
Acer eRecovery Management
Acer ScreenSaver
Acer VCM
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9.1.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
AutoUpdate
AVG Free 8.5
BitTorrent
Bonjour
Broadcom Driver v4.170.25.12_Foxconn Installation Program
Choice Guard
Compatibility Pack for the 2007 Office system
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DNA
ffdshow [rev 3026] [2009-07-05]
Google Toolbar for Internet Explorer
H.264 Decoder
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB932716-v2)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel(R) Graphics Media Accelerator Driver
Intel
Matrix Storage Manager
iTunes
Java(TM) 6 Update 15
Junk Mail filter update
Launch Manager
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MKV Splitter
MSVCRT
MSXML 4.0 SP2 (KB954430)
OpenOffice.org 3.1
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Synaptics Pointing Device Driver
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB946691)
Update for Windows Internet Explorer 8 (KB969497)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
USB2.0 Card Reader Software
VC80CRTRedist - 8.0.50727.762
WebCam
WebFldrs XP
Windows Defender
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Xvid 1.2.2 final uninstall