ComboFix 09-11-24.02 - Mike 11/24/2009 17:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.582 [GMT -6:00]
Running from: c:\documents and settings\Mike\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Mike\Application Data\iniasd.txt
c:\documents and settings\Mike\Application Data\inst.exe
c:\documents and settings\Mike\Cookies\feki.ban
c:\documents and settings\Mike\Cookies\ososo._sy
c:\program files\Common Files\opyrykego.vbs
c:\program files\Fast Browser Search\IE\1.bat
c:\program files\Fast Browser Search\IE\about.html
c:\program files\Fast Browser Search\IE\affid.dat
c:\program files\Fast Browser Search\IE\basis.xml
c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe
c:\program files\Fast Browser Search\IE\error.html
c:\program files\Fast Browser Search\IE\FBSPlugin.dll
c:\program files\Fast Browser Search\IE\fbsProtection.xml
c:\program files\Fast Browser Search\IE\FbsSearchProvider.xml
c:\program files\Fast Browser Search\IE\FbsSearchProviderIE8.exe
c:\program files\Fast Browser Search\IE\fbstoolbar.jar
c:\program files\Fast Browser Search\IE\fbstoolbar.manifest
c:\program files\Fast Browser Search\IE\icons.bmp
c:\program files\Fast Browser Search\IE\info.txt
c:\program files\Fast Browser Search\IE\local.xml
c:\program files\Fast Browser Search\IE\logobg.bmp
c:\program files\Fast Browser Search\IE\MTWBtoolbar.html
c:\program files\Fast Browser Search\IE\search.bmp
c:\program files\Fast Browser Search\IE\SearchGuardPlus.exe
c:\program files\Fast Browser Search\IE\SearchGuardPlus.ico
c:\program files\Fast Browser Search\IE\SGPU.ico
c:\program files\Fast Browser Search\IE\sgpUpdater.exe
c:\program files\Fast Browser Search\IE\sgpUpdater.xml
c:\program files\Fast Browser Search\IE\SGPUpdaterS.exe
c:\program files\Fast Browser Search\IE\tbhelper.dll
c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js
c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js
c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js
c:\program files\Fast Browser Search\IE\Toolbar Help.htm
c:\program files\Fast Browser Search\IE\uninstall.exe
c:\program files\Fast Browser Search\IE\uninstalSGP.exe
c:\program files\Fast Browser Search\IE\uninstalSGPU.exe
c:\program files\Fast Browser Search\IE\update.exe
c:\program files\Fast Browser Search\IE\version.txt
c:\program files\INSTALL.LOG
c:\windows\hojaf._sy
c:\windows\system32\_004433_.tmp.dll
c:\windows\system32\_004434_.tmp.dll
c:\windows\system32\_004435_.tmp.dll
c:\windows\system32\_004436_.tmp.dll
c:\windows\system32\_004442_.tmp.dll
c:\windows\system32\_004443_.tmp.dll
c:\windows\system32\_004444_.tmp.dll
c:\windows\system32\_004445_.tmp.dll
c:\windows\system32\_004446_.tmp.dll
c:\windows\system32\_004447_.tmp.dll
c:\windows\system32\_004448_.tmp.dll
c:\windows\system32\_004449_.tmp.dll
c:\windows\system32\_004450_.tmp.dll
c:\windows\system32\_004451_.tmp.dll
c:\windows\system32\_004452_.tmp.dll
c:\windows\system32\_004454_.tmp.dll
c:\windows\system32\_004455_.tmp.dll
c:\windows\system32\_004456_.tmp.dll
c:\windows\system32\_004458_.tmp.dll
c:\windows\system32\_004461_.tmp.dll
c:\windows\system32\_004462_.tmp.dll
c:\windows\system32\_004465_.tmp.dll
c:\windows\system32\_004466_.tmp.dll
c:\windows\system32\_004467_.tmp.dll
c:\windows\system32\_004468_.tmp.dll
c:\windows\system32\_004469_.tmp.dll
c:\windows\system32\_004470_.tmp.dll
c:\windows\system32\_004471_.tmp.dll
c:\windows\system32\_004472_.tmp.dll
c:\windows\system32\_004474_.tmp.dll
c:\windows\system32\_004475_.tmp.dll
c:\windows\system32\_004476_.tmp.dll
c:\windows\system32\_004477_.tmp.dll
c:\windows\system32\_004478_.tmp.dll
c:\windows\system32\_004479_.tmp.dll
c:\windows\system32\_004480_.tmp.dll
c:\windows\system32\_004481_.tmp.dll
c:\windows\system32\_004482_.tmp.dll
c:\windows\system32\_004483_.tmp.dll
c:\windows\system32\_004484_.tmp.dll
c:\windows\system32\_004487_.tmp.dll
c:\windows\system32\_004488_.tmp.dll
c:\windows\system32\_004489_.tmp.dll
c:\windows\system32\_004491_.tmp.dll
c:\windows\system32\_004492_.tmp.dll
c:\windows\system32\_004493_.tmp.dll
c:\windows\system32\_004494_.tmp.dll
c:\windows\system32\_004495_.tmp.dll
c:\windows\system32\_004497_.tmp.dll
c:\windows\system32\_004500_.tmp.dll
c:\windows\system32\_004501_.tmp.dll
c:\windows\system32\_004505_.tmp.dll
c:\windows\system32\_004506_.tmp.dll
c:\windows\system32\_004508_.tmp.dll
c:\windows\system32\_004510_.tmp.dll
c:\windows\system32\_004511_.tmp.dll
c:\windows\system32\_004513_.tmp.dll
c:\windows\system32\_004514_.tmp.dll
c:\windows\system32\_004515_.tmp.dll
c:\windows\system32\_004516_.tmp.dll
c:\windows\system32\_004519_.tmp.dll
c:\windows\system32\_004520_.tmp.dll
c:\windows\system32\_004521_.tmp.dll
c:\windows\system32\_004522_.tmp.dll
c:\windows\system32\_004523_.tmp.dll
c:\windows\system32\_004528_.tmp.dll
c:\windows\system32\_004530_.tmp.dll
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dataset.dll
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\jiho.vbs
c:\windows\system32\o4Patch.exe
c:\windows\system32\payojuvi.exe
c:\windows\system32\Process.exe
c:\windows\system32\SET4AA.tmp
c:\windows\system32\SET58C.tmp
c:\windows\system32\SET63F.tmp
c:\windows\system32\SET75E.tmp
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sstray.exe
c:\windows\system32\VACFix.exe
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
c:\windows\Tasks\bupehcph.job
-- Previous Run --
c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
--------
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS
((((((((((((((((((((((((( Files Created from 2009-10-25 to 2009-11-25 )))))))))))))))))))))))))))))))
.
2009-11-24 12:04 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-11-24 12:04 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-11-24 11:40 . 2009-11-24 23:53 -------- d-----w- C:\Combo-Fix
2009-11-23 15:36 . 2009-11-23 15:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-11-23 14:41 . 2009-11-23 14:41 119756 ----a-w- c:\windows\system32\pnpiknt.dll
2009-11-23 14:41 . 2009-11-23 14:41 2486272 ----a-w- c:\windows\system32\patalime.dll
2009-11-23 14:41 . 2009-11-23 14:41 1052672 ----a-w- c:\windows\system32\avifecat.exe
2009-11-23 14:41 . 2009-11-23 14:41 1327104 ----a-w- c:\windows\system32\vgaboipv.dll
2009-11-23 14:41 . 2009-11-23 14:41 1024000 ----a-w- c:\windows\system32\olebodev.dll
2009-11-23 02:12 . 2004-05-20 16:11 172032 ----a-w- c:\windows\system32\nvuaudio.exe
2009-11-22 18:15 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-22 18:15 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-22 18:05 . 2009-11-22 18:05 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-22 17:43 . 2009-11-22 17:42 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-22 12:08 . 2009-11-22 12:08 -------- d-----w- c:\program files\Trend Micro
2009-11-20 01:24 . 2009-11-20 01:24 0 ----a-w- c:\windows\nsreg.dat
2009-11-20 01:23 . 2009-11-20 01:23 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Mozilla
2009-11-12 23:15 . 2009-11-12 23:17 -------- d-----w- C:\$AVG
2009-11-12 23:14 . 2009-11-16 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-10 21:58 . 2009-11-10 21:58 -------- d-----w- c:\documents and settings\Mike\Local Settings\Application Data\Yahoo!
2009-11-07 02:05 . 2009-11-07 02:05 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 23:54 . 2008-01-19 23:16 -------- d-----w- c:\program files\Steam
2009-11-24 23:50 . 2008-07-26 13:05 154962 ----a-w- c:\windows\system32\webohker32.dll
2009-11-24 09:10 . 2009-09-04 13:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-24 09:10 . 2009-09-13 20:18 -------- d-----w- c:\program files\Microsoft Works
2009-11-23 01:40 . 2008-01-20 14:28 -------- d-----w- c:\program files\Google
2009-11-22 18:15 . 2009-01-22 18:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-22 18:11 . 2008-01-22 01:00 -------- d-----w- c:\program files\BitLord
2009-11-22 18:09 . 2008-05-11 19:47 -------- d-----w- c:\program files\FrostWire
2009-11-22 17:47 . 2008-01-19 21:44 -------- d-----w- c:\program files\Java
2009-11-21 21:04 . 2008-02-24 15:01 -------- d-----w- c:\documents and settings\Mike\Application Data\Vso
2009-11-16 02:53 . 2008-10-05 21:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-12 23:15 . 2008-08-17 12:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-12 23:15 . 2008-08-17 12:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-12 23:15 . 2008-08-17 12:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-12 23:15 . 2008-08-17 12:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-12 23:14 . 2008-06-08 18:02 -------- d-----w- c:\program files\AVG
2009-11-03 02:42 . 2009-10-02 17:31 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-20 03:47 . 2009-10-20 03:47 -------- d-----r- c:\documents and settings\Guest\Application Data\Brother
2009-10-20 03:30 . 2009-10-20 03:30 -------- d-----w- c:\documents and settings\Guest\Application Data\ScanSoft
2009-10-20 03:28 . 2009-10-20 03:28 -------- d-----w- c:\documents and settings\Guest\Application Data\PC-FAX TX
2009-10-14 17:29 . 2009-10-14 17:29 -------- d-----w- c:\documents and settings\Guest\Application Data\Yahoo!
2009-10-11 12:31 . 2009-06-11 16:24 -------- d-----w- c:\program files\Common Files\Motive
2009-10-05 04:00 . 2009-10-05 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-05 03:30 . 2008-06-18 00:05 -------- d-----w- c:\program files\Yahoo!
2009-10-02 17:43 . 2009-10-02 17:43 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Desktop Search
2009-10-02 17:43 . 2009-10-02 17:43 -------- d-----w- c:\documents and settings\Guest\Application Data\Malwarebytes
2009-09-30 13:09 . 2009-01-22 16:12 -------- d-----w- c:\program files\Windows Live Safety Center
2009-09-27 13:17 . 2009-09-27 13:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-09-27 12:22 . 2009-09-27 12:22 71776 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-27 12:22 . 2009-09-27 12:22 -------- d-----w- c:\documents and settings\Guest\Application Data\AT&T
2009-09-25 10:54 . 2009-09-25 10:54 12911 ----a-w- c:\windows\qevasityj.dat
2009-09-25 10:54 . 2009-09-25 10:54 11669 ----a-w- c:\documents and settings\Mike\Application Data\sefu.dat
2009-09-25 10:54 . 2009-09-25 10:54 11451 ----a-w- c:\program files\Common Files\yxuxasox._sy
2009-09-25 02:36 . 2008-01-23 22:56 57 ----a-w- c:\documents and settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BR_cat.bat
2009-09-25 02:16 . 2008-01-23 22:59 50 ----a-w- c:\windows\system32\bridf06a.dat
2009-09-18 12:30 . 2008-01-19 18:57 71776 ----a-w- c:\documents and settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-11 14:18 . 2008-07-26 13:05 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-31 20:42 . 2009-08-31 20:42 14892 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2007-09-16 00:28 . 2007-11-22 12:23 54512984 ----a-w- c:\program files\GoogleSketchUpProWEN.exe
2009-08-17 04:42 . 2009-08-17 04:42 3 --sha-w- c:\windows\system32\bivulota.dll
.
------- Sigcheck -------
[7] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\steam\steam.exe" [2009-10-24 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 622592]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2008-09-19 1529856]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"BellSouthWCC_McciTrayApp"="c:\program files\BellSouthWCC\McciTrayApp.exe" [2006-03-10 543232]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 77824]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\IUWmLnPcy.exe" [2009-11-16 1312080]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-11-13 2020120]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-22 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2006-10-27 434528]
c:\documents and settings\Mike\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\Guest\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"Libancap"= {52B2767C-4F36-4CAD-A2AC-F79419FE618D} - c:\windows\system32\olebodev.dll [2009-11-23 1024000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-12 23:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wwSecSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"idsvc"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\counter-strike\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\condition zero\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\zombie panic! source\\hl2.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\day of defeat\\hl.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\ricochet\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\kant40@knology.net\\opposing force\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\call of juarez - bound in blood sp demo\\CoJBiBDemo_x86.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Steam\\steamapps\\common\\fuel - demo\\FUEL.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\ATT-SST\\McciTrayApp.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgtray.exe"=
"c:\\WINDOWS\\system32\\searchindexer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/17/2008 6:35 AM 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/17/2008 6:35 AM 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/12/2009 5:14 PM 285392]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 4:45 AM 13088]
R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [4/19/2008 9:21 AM 598856]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [1/19/2008 12:59 PM 20160]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [1/20/2008 3:56 PM 11596]
.
Contents of the 'Scheduled Tasks' folder
2009-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.htmluInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.comIE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Mike\Start Menu\Programs\IMVU\Run IMVU.lnk
Trusted Zone: motive.com\patttbc.att
Trusted Zone: turbotax.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} -
hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cabDPF: {FC11A119-C2F7-46F4-9E32-937ABA26816E} -
file:///E:/CDVIEWER/CdViewer.cabFF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\cja22u8f.default\
FF - plugin: c:\documents and settings\Mike\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\Plugins\npybrowserplus_2.4.17.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
SafeBoot-serfing.sys
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuaudio.exe UninstallGUI
AddRemove-Steam App 10 - c:\program files\Steam\steam.exe
steam://uninstall/10AddRemove-Steam App 100 - c:\program files\Steam\steam.exe
steam://uninstall/100AddRemove-Steam App 12850 - c:\program files\Steam\steam.exe
steam://uninstall/12850AddRemove-Steam App 20 - c:\program files\Steam\steam.exe
steam://uninstall/20AddRemove-Steam App 215 - c:\program files\Steam\steam.exe
steam://uninstall/215AddRemove-Steam App 220 - c:\program files\Steam\steam.exe
steam://uninstall/220AddRemove-Steam App 240 - c:\program files\Steam\steam.exe
steam://uninstall/240AddRemove-Steam App 30 - c:\program files\Steam\steam.exe
steam://uninstall/30AddRemove-Steam App 320 - c:\program files\Steam\steam.exe
steam://uninstall/320AddRemove-Steam App 33290 - c:\program files\Steam\steam.exe
steam://uninstall/33290AddRemove-Steam App 50 - c:\program files\Steam\steam.exe
steam://uninstall/50AddRemove-Steam App 60 - c:\program files\Steam\steam.exe
steam://uninstall/60AddRemove-Steam App 80 - c:\program files\Steam\steam.exe
steam://uninstall/80**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-24 18:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\.srf\PersistentHandler]
@DACL=(02 0000)
@="{eec97550-47a9-11cf-b952-00aa0051fe20}"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\olebodev.dll
c:\windows\system32\vgaboipv.dll
c:\windows\system32\hnetcfg.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\delabdde\pnposmic\dborpol.dll
- - - - - - - > 'explorer.exe'(3844)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\olebodev.dll
c:\windows\system32\vgaboipv.dll
c:\program files\Bonjour\mdnsNSP.dll
c:\windows\system32\delabdde\pnposmic\dborpol.dll
.
Completion time: 2009-11-24 18:16
ComboFix-quarantined-files.txt 2009-11-25 00:15
Pre-Run: 68,492,820,480 bytes free
Post-Run: 68,464,914,432 bytes free
- - End Of File - - B8510F08818E223B1B75F34FAFB6049A