ComboFix 10-01-16.04 - Owner 01/23/2010 17:37:05.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1574 [GMT -7:00]
Running from: c:\documents and settings\Owner.YOUR-6D2449B0BF\Desktop\ComboFix.exe
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\OWNER~1.YOU\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Owner.YOUR-6D2449B0BF\iexplore.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\dbsinit.exe
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\program files\Windows Police Pro\tmp\wispex.html
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\recycler\S-1-5-21-668744880-1094256247-3318867120-500
c:\windows\kb913800.exe
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\svchast.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\bennuar.old
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro
c:\windows\system32\config\systemprofile\Start Menu\Programs\Windows Police Pro\Windows Police Pro.lnk
c:\windows\system32\ddDEsot.dll
c:\windows\system32\desot.exe
c:\windows\system32\drivers\gasfkytltivfmp.sys
c:\windows\system32\drivers\gasfkywykoyeoj.sys
c:\windows\system32\gasfkydudqlvqj.dat
c:\windows\system32\gasfkyibevpyro.dll
c:\windows\system32\gasfkyqjdaiyjn.dll
c:\windows\system32\gasfkyrsnkyeqh.dat
c:\windows\system32\gasfkyuoewpore.dll
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\sdra64.exe
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
H:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gasfkytnkrjnkv
-------\Legacy_gasfkytnkrjnkv
-------\Legacy_AntipPolice_
-------\Service_AntipPolice_
((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Owner.YOUR-6D2449B0BF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-09-03 133104]
"zoazo"="c:\documents and settings\Owner.YOUR-6D2449B0BF\zoazo.exe" [2009-09-22 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-08-22 169984]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"SoundMan"="SOUNDMAN.EXE" [2005-09-26 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"nwiz"="nwiz.exe" [2005-09-18 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-09-18 86016]
"HostManager"="c:\program files\Common Files\AOL\1250925120\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-03 149280]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-09 305440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2009-8-22 2168360]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1250925120\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 WUSB54GSC;WUSB54GSC;c:\program files\Linksys\WUSB54GSC\WLService.exe [9/2/2009 10:53 PM 53307]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1194877678-1098551118-231934743-1006Core.job
- c:\documents and settings\Owner.YOUR-6D2449B0BF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-03 06:01]
2010-01-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1194877678-1098551118-231934743-1006UA.job
- c:\documents and settings\Owner.YOUR-6D2449B0BF\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-03 06:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5084
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5084
uInternet Connection Wizard,ShellNext = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GM5084
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-23 17:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Linksys\WUSB54GSC\WUSB54GSC.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\eHome\ehmsas.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\progra~1\COMMON~1\AOL\125092~1\EE\AOLHOS~1.EXE
c:\progra~1\COMMON~1\AOL\125092~1\EE\AOLServiceHost.exe
c:\documents and settings\Owner.YOUR-6D2449B0BF\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\HP Software Update\HPWUCli.exe
.
**************************************************************************
.
Completion time: 2010-01-23 17:48:30 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-24 00:48
Pre-Run: 300,613,787,648 bytes free
Post-Run: 300,780,220,416 bytes free
- - End Of File - - 1E34C22B411F9060C009C0E9147EF080