B.
Here's the log:
ComboFix 10-06-08.02 - User1 06/09/2010 0:33.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.198 [GMT -4:00]
Running from: H:Combo-Fix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.
2010-05-27 03:49 . 2010-05-27 03:49 -------- d-----w- c:windowssystem32wbemRepository
2010-05-27 03:48 . 2010-05-27 03:48 -------- d-----w- c:program filesLavasoft
2010-05-27 03:48 . 2010-05-27 03:48 -------- d-----w- c:windows E6AB9FC76C2431B9C066C1CFFFEA8EB.TMP
2010-05-27 03:48 . 2010-05-27 03:48 -------- d-----w- c:program filesCommon FilesWise Installation Wizard
2010-05-27 03:39 . 2010-05-27 03:39 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-05-27 03:24 . 2010-05-27 03:39 -------- d-----w- C:Combo-Fix(3)
2010-05-27 02:39 . 2010-05-27 03:40 -------- d-----w- C:RECYCLER(3)
2010-05-23 01:08 . 2010-05-27 03:40 -------- d-----w- C:RECYCLER(2)
2010-05-23 01:08 . 2010-05-27 03:40 -------- d-----w- C:Combo-Fix(2)
2010-05-21 01:54 . 2010-05-21 01:55 -------- d-----w- C:Inetpub
2010-05-20 23:53 . 2010-05-20 23:53 -------- d-----w- c:documents and settingsUser2Local SettingsApplication DataYahoo
2010-05-20 23:53 . 2010-05-20 23:53 -------- d-----w- c:documents and settingsUser2Local SettingsApplication DataGoogle
2010-05-20 23:53 . 2010-05-20 23:53 -------- d-----w- c:documents and settingsUser2Application DataYahoo!
2010-05-18 01:07 . 2010-05-18 01:07 -------- d-----w- c:documents and settingsUser2Local SettingsApplication DataPCHealth
2010-05-15 14:51 . 2010-05-15 14:51 -------- d-----w- c:documents and settingsUser2Application DataMalwarebytes
2010-05-15 14:25 . 2010-05-27 03:47 -------- d-----w- c:program filesa-squared Free
2010-05-13 18:19 . 2010-02-26 23:51 6870864 ---ha-w- c:documents and settingsUser1Application Datamjusbspin00000setup.exe
2010-05-13 18:19 . 2010-02-26 23:45 743872 ---ha-w- c:documents and settingsUser1Application Datamjusbspar00000install.exe
2010-05-13 11:54 . 2010-05-13 12:15 -------- d-----w- c:windowssystem32MpEngineStore
2010-05-13 02:27 . 2010-05-13 02:27 210816 -c--a-w- c:windowssystem32dllcachendis.sys
2010-05-13 02:26 . 2010-05-21 01:27 -------- d-----w- c:documents and settingsUser1Local SettingsApplication Datalrcldabqi
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-27 03:47 . 2007-06-09 05:39 -------- d-----w- c:program filesSpybot - Search & Destroy
2010-05-27 03:39 . 2007-06-09 05:39 -------- d-----w- c:documents and settingsAll UsersApplication DataSpybot - Search & Destroy
2010-05-22 23:35 . 2009-02-05 16:41 -------- d-----w- c:program filesCallWave
2010-05-22 01:39 . 2008-08-05 23:49 -------- d-----w- c:documents and settingsAll UsersApplication Dataavg8
2010-05-13 18:20 . 2009-06-26 23:08 -------- d-----w- c:documents and settingsUser1Application Datamjusbsp
2010-05-13 11:51 . 2010-03-22 16:28 -------- d-----w- c:documents and settingsAll UsersApplication DataMicrosoft Help
2010-05-11 15:49 . 2007-06-09 05:40 55352 ----a-w- c:documents and settingsUser1Local SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-09 23:00 . 2009-07-01 23:21 -------- d-----w- c:documents and settingsUser1Application DataLimeWire
2010-05-08 23:14 . 2010-05-08 23:14 -------- d-----w- c:program filesStarfield
2010-05-06 14:36 . 2009-10-03 15:57 221568 ------w- c:windowssystem32MpSigStub.exe
2010-05-04 12:20 . 2009-12-04 04:53 -------- d-----w- c:documents and settingsUser1Application DataMGI
2010-04-29 19:39 . 2009-10-15 01:58 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-04-29 19:39 . 2009-10-15 01:58 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-04-14 03:53 . 2010-04-14 03:53 -------- d-----w- c:program filesTrueSwitch
2010-03-15 13:05 . 2010-03-15 13:05 118784 ----a-w- c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginThinShimsrpnpshimwmp.dll
2010-03-15 13:05 . 2010-03-15 13:05 118784 ----a-w- c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginThinShimsrpnpshimswf.dll
2010-03-15 13:05 . 2010-03-15 13:05 118784 ----a-w- c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginThinShimsrpnpshimrp.dll
2010-03-15 13:05 . 2010-03-15 13:05 118784 ----a-w- c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginThinShimsrpnpshimqt.dll
2010-03-15 13:05 . 2010-03-15 13:05 118784 ----a-w- c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExtComponentsnprpffbrowserrecordext.dll
2010-03-15 13:05 . 2010-03-15 13:05 300616 ----a-w- c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginCommonrpmainbrowserrecordplugin.dll
2010-03-15 13:05 . 2010-03-15 13:05 118784 ----a-w- c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginChromeHookrpchromebrowserrecordhelper.dll
2010-03-15 13:05 . 2010-03-15 13:05 329312 ----a-w- c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginIErpbrowserrecordplugin.dll
2010-03-15 13:02 . 2007-06-09 05:38 499712 ----a-w- c:windowssystem32msvcp71.dll
2010-03-15 13:02 . 2007-06-09 05:38 348160 ----a-w- c:windowssystem32msvcr71.dll
2010-03-11 12:38 . 2004-08-04 01:07 832512 ----a-w- c:windowssystem32wininet.dll
2010-03-11 12:38 . 2004-08-04 01:07 78336 ----a-w- c:windowssystem32ieencode.dll
2010-03-11 12:38 . 2004-08-04 01:07 17408 ------w- c:windowssystem32corpol.dll
2009-10-06 23:20 . 2009-10-06 23:20 56832 --sha-r- c:windowssystem32mfszwmz.dll
2008-04-02 12:59 . 2008-04-01 15:48 2159392 --sha-w- c:windowssystem32driversfidbox.dat
.
------- Sigcheck -------
[-] 2010-05-13 02:27 . 09925C49086F2785C061418F7FCA406F . 210816 . . [------] . . c:windowssystem32dllcachendis.sys
[7] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:windowsServicePackFilesi386ndis.sys
[7] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:windows$NtServicePackUninstall$ndis.sys
c:windowsSystem32driversndis.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"cdloader"="c:documents and settingsUser1Application Datamjusbspcdloader2.exe" [2010-02-26 50520]
"Weather"="c:program filesAWSWeatherBugWeather.exe" [BU]
"DW6"="c:program filesThe Weather Channel FWDesktopDesktopWeather.exe" [BU]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2009-12-20 39408]
"Messenger (Yahoo!)"="c:progra~1Yahoo!MessengerYahooMessenger.exe" [2009-11-10 5244216]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 544768]
"AMTDeviceService"="c:program filesAMT Media ManagerAMTDeviceService.exe" [2009-01-21 184320]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader 9.0ReaderReader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:program filesCommon FilesAdobeARM1.0AdobeARM.exe" [2010-03-24 952768]
"TkBellExe"="c:program filesCommon FilesRealUpdate_OBrealsched.exe" [2010-03-15 202256]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2008-11-04 435096]
c:documents and settingsAll UsersStart MenuProgramsStartup
CallWave.lnk - c:program filesCallWaveIAM.exe [2009-2-5 1940544]
VIA RAID TOOL.lnk - c:program filesVIARAIDraid_tool.exe [2007-6-9 565248]
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetcontrolsession manager]
BootExecute REG_MULTI_SZ autocheck autochk * smrgdf c:documents and settingsUser1Application Dataiolo\0lsdelete
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@="Service"
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWinDefend]
@="Service"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregiTunesHelper]
2007-06-01 20:51 257088 ----a-w- c:program filesiTunesiTunesHelper.exe
[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"c:\Program Files\iTunes\iTunes.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"%windir%\system32\sessmgr.exe"=
"c:\Program Files\QuickTime\QuickTimePlayer.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\Program Files\LimeWire\LimeWire.exe"=
"c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"=
"c:\Program Files\Mozilla Firefox\firefox.exe"=
"c:\Program Files\CallWave\IAM.exe"=
"c:\Documents and Settings\User1\Application Data\mjusbsp\magicJack.exe"=
R0 viasraid;viasraid;c:windowssystem32driversviasraid.sys [6/9/2007 3:23 AM 77312]
R2 a2free;a-squared Free Service;c:program filesa-squared Freea2service.exe [5/15/2010 10:25 AM 1872320]
R2 WinDefend;Windows Defender;c:program filesWindows DefenderMsMpEng.exe [11/3/2006 7:19 PM 13592]
R2 wwEngineSvc;Window Washer Engine;c:program filesWebrootWasherWasherSvc.exe [1/30/2008 9:34 AM 388936]
S3 isaxbox;isaxbox;??c:windowssystem32isaxbox.sys --> c:windowssystem32isaxbox.sys [?]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-06-09 c:windowsTasksMP Scheduled Scan.job
- c:program filesWindows DefenderMpCmdRun.exe [2006-11-03 23:20]
2010-06-09 c:windowsTasksRealUpgradeLogonTaskS-1-5-21-117609710-879983540-725345543-1003.job
- c:program filesRealRealUpgraderealupgrade.exe [2010-02-25 02:09]
2010-05-13 c:windowsTasksRealUpgradeScheduledTaskS-1-5-21-117609710-879983540-725345543-1003.job
- c:program filesRealRealUpgraderealupgrade.exe [2010-02-25 02:09]
2010-06-09 c:windowsTasksWGASetup.job
- c:windowssystem32KB905474wgasetup.exe [2009-04-10 03:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.aol.com/uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office12EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {{4444FF7E-2019-4df0-B7FD-B7F20FE02417} - {ccdc304a-4095-46a4-8b66-2b5cb3dfca3c} -
Trusted Zone: turbotax.com
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} -
DPF: Web-Based Email Tools - hxxp://email.secureserver.net/Download.CAB
FF - ProfilePath - c:documents and settingsUser1Application DataMozillaFirefoxProfilesaqsjgtw3.default
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:documents and settingsAll UsersApplication DataRealRealPlayerBrowserRecordPluginFirefoxExtcomponentsnprpffbrowserrecordext.dll
FF - plugin: c:program filesMozilla FirefoxpluginsnpCouponPrinter.dll
FF - plugin: c:program filesMozilla Firefoxpluginsnpwbe.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - truec:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 00:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(276)
c:windowssystem32WININET.dll
c:windowssystem32Ati2evxx.dll
- - - - - - - > 'lsass.exe'(344)
c:windowssystem32WININET.dll
- - - - - - - > 'explorer.exe'(3204)
c:windowssystem32WININET.dll
c:program filesCallWaveCWIdle.dll
c:windowssystem32ieframe.dll
c:windowssystem32WPDShServiceObj.dll
c:windowssystem32PortableDeviceTypes.dll
c:windowssystem32PortableDeviceApi.dll
.
Completion time: 2010-06-09 00:49:16
ComboFix-quarantined-files.txt 2010-06-09 04:49
ComboFix2.txt 2010-06-09 03:06
ComboFix3.txt 2010-05-22 23:42
Pre-Run: 55,854,080,000 bytes free
Post-Run: 55,817,322,496 bytes free
- - End Of File - - E33EB7DE76941C05FC65E80D8AF173F9