ComboFix 09-09-18.02 - Jim 09/20/2009 0:47.2.1 - NTFSx86
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
AV: iolo AntiVirus
*On-access scanning disabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\11rhbu.cmd
C:\2.com
C:\2vk6wn.exe
C:\2w.cmd
C:\982um3s9.exe
C:\a2h2.com
C:\cahpcg.cmd
C:\ceb6eu98.bat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\All Users\Application Data\ohymax.exe
c:\documents and settings\All Users\Documents\ahenogovos._dl
c:\documents and settings\clark boys\Application Data\ifaqitude.scr
c:\documents and settings\clark boys\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\clark boys\Application Data\ogefixoti.scr
c:\documents and settings\clark boys\Cookies\degig.dll
c:\documents and settings\clark boys\Cookies\mevu.sys
c:\documents and settings\clark boys\Cookies\orybov.pif
c:\documents and settings\clark boys\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\clark boys\Local Settings\Application Data\bewan.bin
c:\documents and settings\clark boys\Local Settings\Application Data\inycoj.dl
c:\documents and settings\clark boys\Local Settings\Application Data\syxacam.pif
c:\documents and settings\clark boys\Local Settings\Application Data\uvegyl.pif
c:\documents and settings\clark boys\Local Settings\Temporary Internet Files\gypywi.bin
c:\documents and settings\clark boys\Local Settings\Temporary Internet Files\ubavubu.bat
c:\documents and settings\clark boys\Start Menu\Programs\AntivirusPro_2010
c:\documents and settings\clark boys\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\clark boys\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
C:\g8k.exe
C:\hifdmgt.com
C:\lel3cx.com
C:\ln9.exe
C:\m.com
C:\metdgv.bat
c:\program files\Common Files\huru.reg
c:\program files\Common Files\ihufequraq.bat
c:\program files\Common Files\logu.ban
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\tmp\dbsinit.exe
c:\program files\Windows Police Pro\tmp\images\i1.gif
c:\program files\Windows Police Pro\tmp\images\i2.gif
c:\program files\Windows Police Pro\tmp\images\i3.gif
c:\program files\Windows Police Pro\tmp\images\j1.gif
c:\program files\Windows Police Pro\tmp\images\j2.gif
c:\program files\Windows Police Pro\tmp\images\j3.gif
c:\program files\Windows Police Pro\tmp\images\jj1.gif
c:\program files\Windows Police Pro\tmp\images\jj2.gif
c:\program files\Windows Police Pro\tmp\images\jj3.gif
c:\program files\Windows Police Pro\tmp\images\l1.gif
c:\program files\Windows Police Pro\tmp\images\l2.gif
c:\program files\Windows Police Pro\tmp\images\l3.gif
c:\program files\Windows Police Pro\tmp\images\pix.gif
c:\program files\Windows Police Pro\tmp\images\t1.gif
c:\program files\Windows Police Pro\tmp\images\t2.gif
c:\program files\Windows Police Pro\tmp\images\up1.gif
c:\program files\Windows Police Pro\tmp\images\up2.gif
c:\program files\Windows Police Pro\tmp\images\w1.gif
c:\program files\Windows Police Pro\tmp\images\w11.gif
c:\program files\Windows Police Pro\tmp\images\w2.gif
c:\program files\Windows Police Pro\tmp\images\w3.gif
c:\program files\Windows Police Pro\tmp\images\w3.jpg
c:\program files\Windows Police Pro\tmp\images\wt1.gif
c:\program files\Windows Police Pro\tmp\images\wt2.gif
c:\program files\Windows Police Pro\tmp\images\wt3.gif
c:\program files\Windows Police Pro\tmp\wispex.html
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\recycler\S-1-5-21-2220035878-3111292644-2104965004-1008
C:\sv8c2bjw.bat
C:\uo10sn.cmd
C:\v63enh.exe
c:\windows\braviax.exe
c:\windows\cru629.dat
c:\windows\Installer\1201dd0.msp
c:\windows\Installer\194423.msp
c:\windows\Installer\2ee60b4.msp
c:\windows\Installer\3235866.msp
c:\windows\Installer\d9c8ea.msp
c:\windows\jezumecizi.bin
c:\windows\ppp3.dat
c:\windows\ppp4.dat
c:\windows\sohasij.inf
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_006031_.tmp.dll
c:\windows\system32\_006032_.tmp.dll
c:\windows\system32\_006033_.tmp.dll
c:\windows\system32\_006034_.tmp.dll
c:\windows\system32\_006041_.tmp.dll
c:\windows\system32\_006042_.tmp.dll
c:\windows\system32\_006043_.tmp.dll
c:\windows\system32\_006044_.tmp.dll
c:\windows\system32\_006046_.tmp.dll
c:\windows\system32\_006047_.tmp.dll
c:\windows\system32\_006050_.tmp.dll
c:\windows\system32\_006051_.tmp.dll
c:\windows\system32\_006053_.tmp.dll
c:\windows\system32\_006054_.tmp.dll
c:\windows\system32\_006055_.tmp.dll
c:\windows\system32\_006057_.tmp.dll
c:\windows\system32\_006060_.tmp.dll
c:\windows\system32\_006061_.tmp.dll
c:\windows\system32\_006065_.tmp.dll
c:\windows\system32\_006066_.tmp.dll
c:\windows\system32\_006068_.tmp.dll
c:\windows\system32\_006071_.tmp.dll
c:\windows\system32\_006073_.tmp.dll
c:\windows\system32\_006074_.tmp.dll
c:\windows\system32\_006075_.tmp.dll
c:\windows\system32\_006076_.tmp.dll
c:\windows\system32\_006077_.tmp.dll
c:\windows\system32\_006080_.tmp.dll
c:\windows\system32\_006081_.tmp.dll
c:\windows\system32\_006082_.tmp.dll
c:\windows\system32\_006083_.tmp.dll
c:\windows\system32\_006084_.tmp.dll
c:\windows\system32\_006089_.tmp.dll
c:\windows\system32\_006091_.tmp.dll
c:\windows\system32\1817148822.dat
c:\windows\system32\bennuar.old
c:\windows\system32\braviax.exe
c:\windows\system32\cru629.dat
c:\windows\system32\dddesot.dll
c:\windows\system32\desote.exe
c:\windows\system32\dllcache\figaro.sys
c:\windows\system32\dokela._dl
c:\windows\system32\hjgruinpyltdbo.dat
c:\windows\system32\hjgruioqqgpkmb.dll
c:\windows\system32\hjgruiyavtkylk.dll
c:\windows\system32\hjgruiydvrjnrv.dat
c:\windows\system32\images
c:\windows\system32\images\i1.gif
c:\windows\system32\images\i2.gif
c:\windows\system32\images\i3.gif
c:\windows\system32\images\j1.gif
c:\windows\system32\images\j2.gif
c:\windows\system32\images\j3.gif
c:\windows\system32\images\jj1.gif
c:\windows\system32\images\jj2.gif
c:\windows\system32\images\jj3.gif
c:\windows\system32\images\l1.gif
c:\windows\system32\images\l2.gif
c:\windows\system32\images\l3.gif
c:\windows\system32\images\pix.gif
c:\windows\system32\images\t1.gif
c:\windows\system32\images\t2.gif
c:\windows\system32\images\up1.gif
c:\windows\system32\images\up2.gif
c:\windows\system32\images\w1.gif
c:\windows\system32\images\w11.gif
c:\windows\system32\images\w2.gif
c:\windows\system32\images\w3.gif
c:\windows\system32\images\w3.jpg
c:\windows\system32\images\wt1.gif
c:\windows\system32\images\wt2.gif
c:\windows\system32\images\wt3.gif
c:\windows\system32\kav321.dll
c:\windows\system32\kewiryh.dll
c:\windows\system32\onhelp.htm
c:\windows\system32\sonhelp.htm
c:\windows\system32\sysnet.dat
c:\windows\system32\wisdstr.exe
c:\windows\system32\wispex.html
c:\windows\ucawopyvem.bat
C:\xh319r9b.bat
C:\xrdygg.bat
C:\yftvl.com
-- Previous Run --
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
-- Previous Run --
Infected copy of c:\windows\system32\eventlog.dll was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll
--------
Infected copy of c:\windows\system32\drivers\beep.sys was found and disinfected
Restored copy from - c:\i386\BEEP.SYS
--------
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_hjgruiygjdcfex
-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Service_AVPsys
-------\Service_hjgruiygjdcfex
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.
2009-09-14 16:16 . 2009-09-14 16:16 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-09-14 02:46 . 2009-09-20 04:27 -------- d--h--w- c:\windows\PIF
2009-09-09 11:32 . 2009-09-09 11:32 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\Mozilla
2009-09-08 19:37 . 2009-09-08 19:37 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-08 11:22 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-08 11:22 . 2009-09-14 19:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-08 11:22 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 11:15 . 2009-09-08 11:15 -------- d-----w- C:\sh4ldr
2009-09-08 11:14 . 2009-09-08 11:14 -------- d-----w- c:\program files\Enigma Software Group
2009-09-07 19:54 . 2009-09-07 19:54 -------- d-----w- c:\windows\system32\wbem\Repository
2009-09-07 19:07 . 2009-09-07 19:07 163840 ----a-w- c:\windows\svchasts.exe
2009-09-07 10:58 . 2009-09-07 10:58 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-09-06 13:05 . 2009-09-07 09:10 29184 ----a-w- c:\windows\system32\dllcache\beep.sys
2009-09-06 13:04 . 2009-09-06 13:04 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2009-09-04 22:17 . 2009-09-04 22:17 -------- d-----w- c:\documents and settings\clark boys\Application Data\Malwarebytes
2009-09-04 02:31 . 2009-09-04 02:31 -------- d-----w- c:\documents and settings\clark boys\Local Settings\Application Data\Mozilla
2009-09-03 11:45 . 2009-09-03 11:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2009-09-03 11:36 . 2009-09-03 11:36 -------- d-----w- c:\program files\TomTom DesktopSuite
2009-09-01 15:46 . 2009-09-01 15:46 -------- d-----w- C:\Cache
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\Malwarebytes
2009-08-24 04:31 . 2009-08-24 04:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-24 03:28 . 2009-08-24 03:28 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\vlc
2009-08-24 03:23 . 2009-08-24 03:23 680960 ----a-w- c:\windows\is-CSKTN.exe
2009-08-22 11:42 . 2009-08-22 11:42 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Application Data\iolo
2009-08-21 20:01 . 2009-08-21 20:01 -------- d-----w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\BVRP Software
2009-08-21 16:46 . 2009-08-21 16:48 0 ----a-w- c:\windows\system32\cmpwrap.dat
2009-08-21 11:01 . 2009-08-21 11:02 1336 ----a-w- c:\windows\r.vbs
2009-08-21 11:01 . 2009-08-21 11:02 21 ----a-w- c:\windows\c.bat
2009-08-21 11:01 . 2009-08-21 11:01 53 ----a-w- c:\windows\m.bat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-19 03:53 . 2009-04-10 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-09-14 16:16 . 2009-04-23 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-09-14 03:11 . 2009-08-21 19:48 46312 ----a-w- c:\documents and settings\Administrator.DB2B3L51.000\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-07 11:29 . 2008-03-12 04:22 -------- d-----w- c:\documents and settings\clark boys\Application Data\PreCast
2009-09-07 11:01 . 2009-07-12 20:23 -------- d-----w- c:\documents and settings\clark boys\Application Data\iolo
2009-09-03 13:30 . 2008-09-08 16:56 -------- d-----w- c:\program files\TomTom HOME 2
2009-08-02 23:00 . 2009-08-02 23:00 -------- d-----w- c:\program files\ICQ6Toolbar
2009-08-02 23:00 . 2009-08-02 22:59 -------- d-----w- c:\documents and settings\All Users\Application Data\ICQ
2009-08-02 22:59 . 2004-08-25 18:57 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-27 16:56 . 2008-03-12 04:25 -------- d-----w- c:\documents and settings\clark boys\Application Data\Yahoo!
2008-08-22 19:36 . 2008-11-18 03:32 163840 ----a-w- c:\program files\mozilla firefox\components\nsgkff20_meter2.dll
2007-08-21 01:47 . 2007-08-21 01:46 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
------- Sigcheck -------
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 2005-09-01 . 648BF0B4DDE4F7A1156DAE7174D36EFA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$hf_mig$\KB900725\SP2GDR\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll
[-] 2005-09-01 . A1A688EE56CF3BBD24EDEB815D48E9BA . 19968 . . [5.1.2600.2751] . . c:\windows\SYSTEM32\linkinfo.dll
[7] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB900725$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB900725_0$\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp1qfe\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2gdr\linkinfo.dll
[-] 2002-08-29 . 7D8C58C0CBB7331E9296A7357827CA8E . 15360 . . [5.1.2600.0] . . c:\windows\SoftwareDistribution\Download\b3ba2a040ecf3ac2cd2da399851bda00\backup\sp2qfe\linkinfo.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2GDR\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\$NtServicePackUninstall$\netman.dll
[-] 2005-08-22 . 36739B39267914BA69AD0610A0299732 . 197632 . . [5.1.2600.2743] . . c:\windows\SYSTEM32\netman.dll
[-] 2005-08-22 . 3516D8A18B36784B1005B950B84232E1 . 197632 . . [5.1.2600.2743] . . c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[7] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB905414$\netman.dll
[-] 2002-08-29 . E7FF9267BBEB1386975278A27378526F . 154112 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB905414_0$\netman.dll
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2GDR\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe
[-] 2005-06-10 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\SYSTEM32\spoolsv.exe
[7] 2004-08-04 . 7435B108B935E42EA92CA94F59C8E717 . 57856 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2002-08-29 . 9B4155BA58192D4073082B8FC5D42612 . 51200 . . [5.1.2600.0] . . c:\windows\$NtUninstallKB896423_0$\spoolsv.exe
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 2005-07-08 . 1418A3A6E76E5A2E3F5E43866E793A8B . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$hf_mig$\KB893756\SP2GDR\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\$NtServicePackUninstall$\tapisrv.dll
[-] 2005-07-08 . FB78839B36025AA286A51289ED28B73E . 249344 . . [5.1.2600.2716] . . c:\windows\SYSTEM32\tapisrv.dll
[7] 2004-08-04 . EB4A4187D74A8EFDCBEA3EA2CB1BDFBD . 246272 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893756$\tapisrv.dll
[-] 2002-08-29 . 9B3A213B6591A79EBABBFB4E4EA0A23E . 233984 . . [5.1.2600.1106] . . c:\windows\$NtUninstallKB893756_0$\tapisrv.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2007-03-08 . 7AA4F6C00405DFC4B70ED4214E7D687B . 578048 . . [5.1.2600.3099] . . c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\$NtServicePackUninstall$\user32.dll
[-] 2007-03-08 . B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . . c:\windows\SYSTEM32\user32.dll
[-] 2005-03-02 . 1800F293BCCC8EDE8A70E12B88D80036 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2GDR\user32.dll
[-] 2005-03-02 . DE2DB164BBB35DB061AF0997E4499054 . 577024 . . [5.1.2600.2622] . . c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2004-08-04 . C72661F8552ACE7C5C85E16A3CF505C4 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\$NtUninstallKB890859_0$\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp1qfe\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2gdr\user32.dll
[-] 2002-11-01 . 68E1F4EF02DF52CA9C5E157045D23582 . 528896 . . [5.1.2600.1134] . . c:\windows\SoftwareDistribution\Download\5652d934eec8bfa4dc68c4e256a23d5e\backup\sp2qfe\user32.dll
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2007-06-13 . 7712DF0CDDE3A5AC89843E61CD5B3658 . 1033216 . . [6.00.2900.3156] . . c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2007-06-13 10:23 . !HASH: COULD NOT OPEN FILE !!!!! . 1033216 . . [------] . . c:\windows\explorer.exe
[-] 2007-06-13 . 97BD6515465659FF8F3B7BE375B2EA87 . 1033216 . . [6.00.2900.3156] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\$NtServicePackUninstall$\shsvcs.dll
[-] 2006-12-19 . 6815DEF9B810AEFAC107EEAF72DA6F82 . 134656 . . [6.00.2900.3051] . . c:\windows\SYSTEM32\shsvcs.dll
[-] 2006-12-19 . 53D9184A21C5CBF600D918E51EF3A7E5 . 135168 . . [6.00.2900.3051] . . c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[7] 2004-08-04 . E7518DC542D3EBDCB80EDD98462C7821 . 134656 . . [6.00.2900.2180] . . c:\windows\$NtUninstallKB928255$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\$NtUninstallKB885835_0$\shsvcs.dll
[-] 2002-08-29 . 61684089A54936E40F65DA02D47A28AE . 116224 . . [6.00.2800.1106] . . c:\windows\SoftwareDistribution\Download\080070f6461c8001578e5e4cd4bb024b\backup\sp1qfe\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-21 39408]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-02-19 120320]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe" [2009-03-19 460216]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-07 77824]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"IgfxTray"="c:\windows\System32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2004-02-10 118784]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-03-15 122933]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-02 270336]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"iolo AntiVirus"="c:\program files\iolo\System Mechanic Professional\AntiVirus\ioloAV.exe" [2009-05-13 1109856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ShOsPostRemover"="c:\sh4ldr\shospostremover.exe" [2009-04-03 80384]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]
"*Restore"="c:\windows\system32\restore\rstrui.exe" [2008-04-14 380416]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
PreCast Monitor.lnk - c:\program files\Ocucom\PreCast\tmon.exe [2008-2-12 1811120]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\SYSTEM32\\
ftp.exe"="c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\ioloAV.exe"=
"c:\\Program Files\\iolo\\System Mechanic Professional\\AntiVirus\\iAVEmailScanner.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2009-06-02 222968]
S2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
S2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-05-21 600944]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,LaunchINFSectionEx c:\program files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
Contents of the 'Scheduled Tasks' folder
2009-09-20 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 22:39]
2009-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-21 01:03]
2009-09-20 c:\windows\Tasks\User_Feed_Synchronization-{25D65CB4-9ADE-4ED7-AE46-1F1762C8E39F}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 22:36]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultUrl =
hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRxdm429YYUS&fl=0&ptb=RlD9TCNDbrl.m.ezjD6Pjg&url=http://www.ask.com/web&q={searchTerms}&l=zr&o=sbuStart Page =
hxxp://www.google.commStart Page =
hxxp://www.google.comuInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%sIE: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm869TKUSLSP: c:\windows\system32\iavlsp.dll
LSP: c:\program files\Google\Google Desktop Search\GoogleDesktopNetwork1.dll
TCP: {76AC16A1-8A80-4DE2-83BA-DCD922C1D4CA} = 166.102.165.11,207.91.5.20
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cabDPF: {3713F92E-2252-4A87-868E-C5F17704D4C6} -
hxxp://www.rockyou.com/RockYouImageUploader.cab.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-AROReminder - c:\program files\Advanced Registry Optimizer\ARO.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\4.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\4.bin\m3SrchMn.exe
HKLM-Run-NWEReboot - (no file)
AddRemove-HijackThis - c:\documents and settings\Jim\My Documents\Downloads\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-20 00:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2220035878-3111292644-2104965004-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\iavlsp.dll
.
Completion time: 2009-09-20 0:53
ComboFix-quarantined-files.txt 2009-09-20 04:52
Pre-Run: 116,497,555,456 bytes free
Post-Run: 116,562,542,592 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
Current=6 Default=6 Failed=5 LastKnownGood=7 Sets=1,2,3,4,5,6,7
432 --- E O F --- 2009-09-19 07:06