ComboFix 09-12-31.01 - Owner 12/31/2009 12:46:56.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.468 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-20CB7B5077\Desktop\Combo-Fix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-163167965-408290686-327467740-500
c:\windows\avinimiqay.dll
c:\windows\run.log
D:\Autorun.inf
J:\Autorun.inf
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_IAS
-------\Legacy_WINSTS
-------\Service_Ias
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.
2009-12-31 17:11 . 2009-12-31 17:11 -------- d-----w- c:\program files\TrendMicro
2009-12-31 05:29 . 2009-12-31 05:29 -------- d-----w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Recordpad
2009-12-15 10:41 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-15 10:41 . 2009-12-31 05:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-15 10:41 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-11 02:14 . 2009-12-11 02:14 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-11 02:14 . 2009-12-20 22:28 -------- d-----w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\skypePM
2009-12-11 02:11 . 2009-12-20 23:55 -------- d-----w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Skype
2009-12-11 02:10 . 2009-12-11 02:10 -------- d-----w- c:\program files\Common Files\Skype
2009-12-11 02:10 . 2009-12-11 02:11 -------- d-----r- c:\program files\Skype
2009-12-11 02:10 . 2009-12-11 02:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-05 02:01 . 2009-12-05 02:01 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-12-05 01:32 . 2009-12-05 01:32 237600 ----a-w- c:\windows\system32\drivers\str.sys.vir
2009-12-03 12:39 . 2009-12-03 12:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-12-03 12:07 . 2009-12-03 12:23 -------- d-----w- c:\program files\Enigma Software Group
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 18:04 . 2009-12-28 20:44 773120 ----a-w- c:\windows\system32\drivers\nunlj.sys
2009-12-31 17:11 . 2009-12-31 17:11 388096 ----a-r- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-31 14:59 . 2009-12-28 21:01 120 ----a-w- c:\windows\Vsakozoloce.dat
2009-12-31 06:23 . 2009-10-18 00:27 -------- d-----w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\FrostWire
2009-12-31 05:36 . 2009-12-31 05:36 5061520 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-31 05:24 . 2009-12-28 21:01 0 ----a-w- c:\windows\Ffazikuji.bin
2009-12-31 03:57 . 2009-12-31 03:52 -------- d-----w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\NCH Swift Sound
2009-12-31 03:53 . 2009-12-31 03:52 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-12-31 03:52 . 2009-12-18 01:50 -------- d-----w- c:\program files\NCH Swift Sound
2009-12-31 03:52 . 2009-12-31 03:52 -------- d-----w- c:\program files\NCH Software
2009-12-31 02:31 . 2009-10-25 02:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-22 01:31 . 2005-01-10 01:26 186704 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-16 23:46 . 2009-11-12 18:43 926 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\wklnhst.dat
2009-12-05 03:22 . 2009-10-18 01:37 -------- d-----w- c:\program files\McAfee
2009-12-05 03:22 . 2009-10-18 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-28 02:02 . 2009-10-24 00:37 -------- d-----w- c:\program files\Yahoo!
2009-11-28 02:01 . 2009-10-18 01:14 -------- d-----w- c:\program files\Google
2009-11-20 00:14 . 2009-11-20 00:14 726008 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\gotomypc_438.exe
2009-11-19 01:09 . 2009-10-18 23:14 -------- d-----w- c:\program files\FrostWire
2009-11-19 00:53 . 2009-11-19 00:53 -------- d-----w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\IsolatedStorage
2009-11-15 16:55 . 2009-11-15 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-15 16:52 . 2009-10-18 01:28 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-15 16:50 . 2009-11-15 16:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-15 16:49 . 2009-11-15 16:49 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-14 20:32 . 2009-11-14 20:32 -------- d-----w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Elluminate
2009-11-14 20:32 . 2009-11-14 20:32 74240 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Sun\Java\Deployment\cache\6.0\36\2c690564-5eecdd80-n\JINECELP.dll
2009-11-14 20:32 . 2009-11-14 20:32 73216 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Sun\Java\Deployment\cache\6.0\36\2c690564-5eecdd80-n\JIWAudio.dll
2009-11-14 20:32 . 2009-11-14 20:32 66048 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Sun\Java\Deployment\cache\6.0\36\2c690564-5eecdd80-n\JIWMixer.dll
2009-11-14 20:32 . 2009-11-14 20:32 65536 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Sun\Java\Deployment\cache\6.0\47\442eef-364e1f84-n\ICE_JNIRegistry.dll
2009-11-14 20:32 . 2009-11-14 20:32 60928 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Sun\Java\Deployment\cache\6.0\47\442eef-364e1f84-n\WinPlatform.dll
2009-11-13 03:17 . 2009-11-13 03:17 136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2009-11-13 03:16 . 2009-11-13 03:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-13 01:15 . 2009-11-04 03:18 -------- d-----w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\DivX
2009-11-12 18:43 . 2009-11-12 18:43 -------- d-----w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Template
2009-11-10 02:54 . 2009-11-10 02:54 -------- d-----w- c:\program files\MSECache
2009-11-04 02:48 . 2009-10-25 02:45 -------- d-----w- c:\program files\Sony Setup
2009-11-04 02:39 . 2009-11-01 09:55 -------- d-----w- c:\program files\DivX
2009-11-04 02:39 . 2009-11-04 02:36 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-10-29 07:45 . 2006-09-30 03:36 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-09-30 03:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-09-30 03:30 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-09-30 03:30 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 23:43 . 2009-10-18 23:43 0 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\FrostWire\.NetworkShare\Incomplete\T-4506256-LimeWireWin4.16.6.exe
2009-10-18 23:13 . 2009-10-18 23:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-18 23:13 . 2009-10-18 23:13 152576 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-18 19:09 . 2005-01-10 01:10 86811 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-18 01:32 . 2009-10-18 02:05 49152 ----a-r- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-18 01:32 . 2009-10-18 02:05 45056 ----a-r- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-18 01:32 . 2009-10-18 02:05 45056 ----a-r- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-10-18 01:32 . 2009-10-18 02:05 10134 ----a-r- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-10-18 01:32 . 2009-10-18 02:04 49152 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-18 01:32 . 2009-10-18 02:04 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-18 01:32 . 2009-10-18 02:04 45056 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-10-18 01:32 . 2009-10-18 02:04 10134 ----a-r- c:\windows\system32\config\systemprofile\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-10-18 01:32 . 2009-10-18 01:32 49152 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-18 01:32 . 2009-10-18 01:32 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
2009-10-18 01:32 . 2009-10-18 01:32 45056 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
2009-10-18 01:32 . 2009-10-18 01:32 10134 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\ARPPRODUCTICON.exe
2009-10-18 01:31 . 2009-10-18 01:31 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-10-18 01:30 . 2009-10-18 01:30 335 ----a-w- c:\windows\nsreg.dat
2009-10-18 01:28 . 2009-10-18 01:28 4 ----a-w- c:\windows\Pix11.dat
2009-10-17 23:18 . 2009-10-17 23:18 144 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\Local Settings\Application Data\fusioncache.dat
2009-10-13 10:30 . 2006-09-30 03:34 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-09-30 03:35 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-09-30 03:35 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-10 07:07 . 2009-11-15 16:50 38208 ----a-w- c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2009-09-19 01:09 574096 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-10-18 169984]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-12 15961088]
"CHotkey"="zHotkey.exe" [2004-12-09 550912]
"HostManager"="c:\program files\Common Files\AOL\1255829409\EE\AOLHostManager.exe" [2004-11-03 125528]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-09 5134864]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-18 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Carbonite Backup"="c:\program files\Carbonite\Carbonite Backup\CarboniteUI.exe" [2009-09-19 670864]
"Recordpad"="c:\program files\NCH Swift Sound\Recordpad\recordpad.exe" [2009-12-31 913412]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\Owner.YOUR-20CB7B5077\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McRegWiz]
2005-06-01 21:05 368714 ----a-w- c:\progra~1\McAfee.com\Agent\mcregwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1255829409\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Toolbars\\Shared\\SkypeNames.exe"=
"c:\\Program Files\\McAfee\\VirusScan\\mcvsshld.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S3 ndisdrv;ndisdrv;\??\c:\windows\system32\ndisdrv.sys --> c:\windows\system32\ndisdrv.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - nunlj
.
Contents of the 'Scheduled Tasks' folder
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1987120589-1196514716-1893015011-1006Core.job
- c:\documents and settings\Owner.YOUR-20CB7B5077\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-10-22 05:49]
2009-10-18 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-18 16:22]
2009-10-18 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-18 16:22]
2009-12-31 c:\windows\Tasks\User_Feed_Synchronization-{81066519-6634-4B8E-9960-EDDCCAEC4BB9}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
www.comcast.net/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Owner.YOUR-20CB7B5077\Application Data\Mozilla\Firefox\Profiles\12ryfjfj.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.comcast.net/FF - prefs.js: keyword.URL -
hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Owner.YOUR-20CB7B5077\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-VirusScan Online - \mcvsshld.exe
HKLM-Run-Dyawucucaqiqeje - c:\windows\avinimiqay.dll
SafeBoot-aawservice
MSConfigStartUp-notepad - c:\windows\system32\notepad.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-12-31 13:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nunlj]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,13,4e,3c,40,f6,28,40,98,53,a7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,19,13,4e,3c,40,f6,28,40,98,53,a7,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3216)
c:\windows\system32\WININET.dll
c:\progra~1\McAfee\SPAMKI~1\mskoeplg.dll
c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
c:\program files\Google\Google Desktop Search\GoogleDesktopHyper.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Carbonite\Carbonite Backup\carboniteservice.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\windows\system32\Ati2evxx.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\progra~1\McAfee\SPAMKI~1\MSKSrvr.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\ehome\mcrdsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\dllhost.exe
c:\windows\RTHDCPL.EXE
c:\windows\zHotkey.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopIndex.exe
c:\program files\Google\Google Desktop Search\GoogleDesktopDisplay.exe
c:\progra~1\COMMON~1\AOL\125582~1\EE\AOLHOS~1.EXE
c:\progra~1\COMMON~1\AOL\125582~1\EE\AOLServiceHost.exe
c:\program files\McAfee\MPF\MPFSrv.exe
.
**************************************************************************
.
Completion time: 2009-12-31 13:08:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-31 18:08
Pre-Run: 214,563,799,040 bytes free
Post-Run: 214,661,099,520 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 2CE3F5DA9852430610EA2A5B4742EFEA
............................................................................................