ComboFix 09-07-23.01 - Frank 07/23/2009 13:56.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.345 [GMT -4:00]
Running from: c:\documents and settings\Frank\My Documents\Combo-Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr0.dat
c:\docume~1\ALLUSE~1\APPLIC~1\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\sFX
c:\program files\sFX\SfX.DlL
c:\program files\sFX\sfX.sYs
c:\windows\010112010146118114.dat
c:\windows\0101120101464849.dat
c:\windows\934fdfg34fgjf23
c:\windows\Installer\9902e64.msi
c:\windows\pp10.exe
c:\windows\system32\drivers\UACbwqvdltobl.sys
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjyirjlktli.dll
c:\windows\system32\UACkewmixmyxp.dll
c:\windows\system32\UACltqfworpib.dll
c:\windows\system32\UACmpqjnsdrpw.dat
c:\windows\system32\UACoduxfuyuvl.dll
----- BITS: Possible infected sites -----
hxxp://dna65.fastaccess.com.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_UACd.sys
-------\Legacy_SFX
-------\Legacy_SFXDRV
-------\Service_sfx
-------\Service_sFxdrv
((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.
2009-07-22 18:45 . 2009-07-22 18:55 1520 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-07-22 18:13 . 2009-07-22 18:13 -------- d-----w- c:\documents and settings\Frank\Application Data\Comodo
2009-07-22 18:11 . 2009-07-23 17:29 -------- d-----w- c:\program files\COMODO
2009-07-22 17:26 . 2009-07-22 20:28 -------- d-----w- c:\program files\VS Revo Group
2009-07-21 20:29 . 2009-07-22 20:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-21 20:06 . 2009-07-21 20:06 -------- d-----w- c:\documents and settings\Frank\Application Data\Auslogics
2009-07-21 20:06 . 2009-07-21 20:06 -------- d-----w- c:\program files\Auslogics
2009-07-19 01:37 . 2009-07-19 01:37 -------- d-----w- c:\program files\bfgclient
2009-07-19 01:36 . 2009-07-19 01:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\BigFishGamesCache
2009-07-19 01:32 . 2009-07-21 13:13 24 ----a-w- c:\windows\popcinfot.dat
2009-07-19 01:32 . 2009-07-19 01:32 -------- d-----w- c:\program files\PopCap Games
2009-07-19 01:32 . 2009-07-19 01:32 0 ----a-w- c:\windows\popcreg.dat
2009-07-18 15:21 . 2009-07-18 15:21 -------- d-----w- c:\documents and settings\Frank\Application Data\Malwarebytes
2009-07-18 15:20 . 2009-07-18 15:20 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-18 02:31 . 2009-06-22 14:58 24576 ----a-w- c:\windows\system32\drivers\ndisrd.sys
2009-07-18 02:31 . 2009-05-14 09:58 61440 ----a-w- c:\windows\system32\ndisapi.dll
2009-07-18 02:27 . 2009-07-18 02:27 -------- d-----w- c:\program files\Common Files\Uninstall
2009-07-18 02:27 . 2009-07-21 18:25 -------- d-----w- c:\program files\PersonalAV
2009-07-17 22:01 . 2009-07-21 18:06 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Norton
2009-07-17 22:01 . 2009-07-17 22:01 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Symantec
2009-07-17 22:00 . 2009-07-17 22:00 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\NortonInstaller
2009-06-30 03:49 . 2001-08-18 02:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-06-30 03:49 . 2008-04-13 17:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-06-30 03:49 . 2008-04-13 17:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-06-30 03:49 . 2008-04-13 23:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-06-23 23:50 . 2009-07-21 18:06 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-23 23:49 . 2009-07-21 18:06 -------- d-----w- c:\program files\Norton Security Scan
2009-06-23 22:40 . 2009-06-23 22:40 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\3DVIA
2009-06-23 22:39 . 2007-07-19 22:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
2009-06-23 22:39 . 2006-09-28 20:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-06-23 22:38 . 2009-06-23 22:38 -------- d-----w- c:\windows\Logs
2009-06-23 22:38 . 2009-06-23 22:38 -------- d-----w- c:\program files\Virtools
2009-06-23 20:49 . 2009-06-23 20:56 -------- d-----w- c:\windows\system32\Adobe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-22 19:46 . 2008-11-14 22:28 -------- d-----w- c:\program files\Common Files\Motive
2009-07-21 18:16 . 2009-05-23 00:37 -------- d-----w- c:\program files\EA GAMES
2009-07-21 17:53 . 2008-09-01 18:27 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-18 14:58 . 2008-11-14 22:58 -------- d-----w- c:\program files\ATTToolbar
2009-06-26 03:17 . 2008-11-14 22:58 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ATTToolbar
2009-06-16 14:36 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2003-05-30 13:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-31 01:57 . 2009-05-31 01:57 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Kodak
2009-05-31 00:54 . 2009-05-31 00:54 -------- d-----w- c:\documents and settings\Frank\Application Data\Walgreens
2009-05-23 02:12 . 2009-05-23 02:12 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-14 21:55 . 2009-05-14 21:55 245408 ----a-w- c:\windows\system32\unicows.dll
2009-05-14 18:05 . 2009-03-31 22:23 530083 ----a-w- C:\HC4DecommissionScheduler.exe
2009-05-07 15:32 . 2003-03-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2003-03-31 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2008-09-01 17:24 78336 ----a-w- c:\windows\system32\ieencode.dll
2008-11-16 15:05 . 2008-11-16 15:05 1190421 -c--a-w- c:\program files\attachments_2008_11_16.zip
2008-11-15 07:37 . 2008-11-15 07:37 37017688 -c--a-w- c:\program files\SpySweeperRegSetup_EN.exe
2008-09-01 18:31 . 2008-09-01 18:31 7499056 -c--a-w- c:\program files\Firefox Setup 3[1].0.1.exe
2008-09-01 18:25 . 2008-09-01 18:24 48367896 -c--a-w- c:\program files\avg_free_stf_en_8_138a1332.exe
2008-09-01 18:14 . 2008-09-01 18:14 20659224 -c--a-w- c:\program files\dotnetredist.exe
2008-09-01 18:13 . 2008-09-01 18:13 354304 -c--a-w- c:\program files\GWAssistantSetup.msi
2009-07-22 03:53 . 2008-09-01 18:32 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-11-15 66912]
[HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-11-15 07:41 66912 ----a-w- c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2008-10-12 18:11 238968 ----a-w- c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_9.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-28 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-01-30 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-01-30 118784]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"HelpCenter4.1"="c:\program files\FastAccessDSL\HelpCenter43\bin\sprtcmd.exe" [2008-06-18 198184]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-01 77824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WebrootSpySweeperService"=2 (0x2)
"sfx"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8085:TCP"= 8085:TCP:sfx
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [10/2/2008 5:15 AM 29808]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [11/15/2008 3:41 AM 1066360]
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;c:\windows\system32\drivers\DLKRTS.SYS [9/1/2008 2:11 PM 45568]
--- Other Services/Drivers In Memory ---
*Deregistered* - NDISRD
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.att.netIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{ED98F8D1-09AC-4107-B2FF-91DBE011B0C5} - {6BBCFF8E-D837-4DA4-9141-1F645B34A179} - c:\program files\Comodo\HopSurfToolbar\HopSurfToolbar_IE.dll
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} -
hxxp://lads.myspace.com/upload/MySpaceUploader2.cabFF - ProfilePath - c:\docume~1\Frank\APPLIC~1\Mozilla\Firefox\Profiles\lwz7mq47.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://search.yahoo.com/search?fr=ffsp1&p=FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
hxxp://www.bellsouth.netFF - prefs.js: keyword.URL -
hxxp://search.yahoo.com/search?fr=ffds1&p=FF - component: c:\program files\Comodo\HopSurfToolbar\hopsurfext_ff3\components\hopsurf.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPJPI142.dll
FF - plugin: c:\program files\Java\j2re1.4.2\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-23 14:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2448)
c:\program files\Webroot\WebrootSecurity\Backup\CtxMenu_1_0_0_9.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
c:\program files\Webroot\WebrootSecurity\SpySweeper.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-07-23 14:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-23 18:05
Pre-Run: 72,522,506,240 bytes free
Post-Run: 73,212,674,048 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
211 --- E O F --- 2009-07-15 07:08