ComboFix 10-01-04.01 - Administrator 01/11/2010 9:59.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.745 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
AV: Norton Internet Security *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\msimg32.dll
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.
2010-01-11 17:10 . 2010-01-11 17:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Tific
2010-01-11 17:10 . 2010-01-11 17:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Tific
2010-01-11 16:59 . 2010-01-11 16:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-11 16:55 . 2010-01-11 16:55 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-11 16:24 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-11 16:24 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-11 16:24 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-11 16:24 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-11 16:24 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-11 16:24 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-11 16:24 . 2010-01-11 16:25 -------- d-----w- c:\windows\ie8updates
2010-01-11 16:24 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-11 16:21 . 2010-01-11 16:49 -------- dc-h--w- c:\windows\ie8
2010-01-11 16:17 . 2010-01-11 16:17 46640 ----a-w- c:\windows\system32\msln.exe
2010-01-11 02:13 . 2010-01-11 17:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-11 02:13 . 2010-01-11 02:13 -------- d-----w- c:\program files\Windows Sidebar
2010-01-11 02:13 . 2010-01-11 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-11 01:05 . 2010-01-11 01:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-11 01:05 . 2010-01-08 00:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-11 01:05 . 2010-01-11 01:05 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-11 01:05 . 2010-01-11 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-11 01:05 . 2010-01-08 00:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-11 01:00 . 2010-01-11 01:00 -------- d-----w- c:\program files\backups
2010-01-11 00:57 . 2010-01-11 00:55 5115824 ----a-w- C:\mbam-setup.exe
2010-01-10 20:00 . 2009-10-12 20:34 388096 ----a-w- c:\program files\HiJackThis.exe
2010-01-10 19:59 . 2009-10-12 20:34 388096 ----a-w- C:\HiJackThis.exe
2010-01-08 19:22 . 2010-01-08 19:22 -------- d-----w- c:\windows\LMI2B.tmp
2010-01-08 18:50 . 2010-01-08 18:50 -------- d-----w- c:\windows\LMI64.tmp
2010-01-08 18:37 . 2010-01-11 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-01-07 21:57 . 2010-01-07 21:57 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 21:57 . 2010-01-07 21:57 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-22 20:02 . 2009-12-22 20:02 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 20:01 . 2010-01-10 20:01 5896 ----a-w- c:\program files\hijackthis.log
2010-01-10 19:06 . 2007-11-16 16:45 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2009-12-31 22:41 . 2007-11-15 22:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\SolidDocuments
2009-12-23 22:59 . 2007-07-20 02:38 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-20 16:30 . 2007-08-22 19:15 -------- d-----w- c:\program files\Google
2009-12-11 18:52 . 2007-10-03 19:03 -------- d-----w- c:\program files\SureThing
2009-11-11 22:20 . 2009-11-11 22:20 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-11 22:20 . 2009-11-11 13:27 79488 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-10-29 07:45 . 2010-01-11 16:24 916480 ------w- c:\windows\system32\SETF4A.tmp
2009-10-29 07:45 . 2006-06-23 18:33 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2010-01-11 16:24 1208832 ------w- c:\windows\system32\SETF4B.tmp
2009-10-29 07:45 . 2010-01-11 16:24 5940736 ------w- c:\windows\system32\SETF4D.tmp
2009-10-29 07:45 . 2010-01-11 16:24 594432 ------w- c:\windows\system32\SETF4F.tmp
2009-10-29 07:45 . 2010-01-11 16:24 55296 ------w- c:\windows\system32\SETF4E.tmp
2009-10-29 07:45 . 2010-01-11 16:24 1985536 ------w- c:\windows\system32\SETF52.tmp
2009-10-29 07:45 . 2010-01-11 16:24 11069952 ------w- c:\windows\system32\SETF54.tmp
2009-10-21 05:38 . 2004-08-04 07:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2007-10-25 20:11 . 2007-10-25 20:11 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-11-27 12:54 . 2008-08-26 18:00 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-06-06 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-06-06 118784]
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe" [2004-03-17 61952]
"SoundMan"="SOUNDMAN.EXE" [2004-06-17 69632]
"AlcWzrd"="ALCWZRD.EXE" [2004-06-17 2550272]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-27 30192]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2008-3-18 972064]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/8/2007 12:29 PM 24652]
S2 gupdate1c9cf3b23be1ce;Google Update Service (gupdate1c9cf3b23be1ce);c:\program files\Google\Update\GoogleUpdate.exe [5/7/2009 9:41 AM 133104]
S2 Parclass;Parclass;c:\windows\system32\drivers\PARCLASS.SYS [7/19/2007 7:12 PM 20272]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [10/15/2007 10:29 AM 30192]
.
Contents of the 'Scheduled Tasks' folder
2010-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 17:40]
2010-01-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-07 17:40]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\038acx1m.default\
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3256)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-01-11 10:08:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-11 18:08
Pre-Run: 224,390,660,096 bytes free
Post-Run: 224,700,239,872 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - E8087FFB5A9C5172CA0D1F29C3B78D53