ComboFix 09-07-23.01 - Owner 07/23/2009 12:31.1.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.166 [GMT -4:00]
Running from: c:\documents and settings\Owner\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Outdated) {00000000-0000-0000-0000-000000000000}
AV: Avira AntiVir PersonalEdition Classic *On-access scanning enabled* (Updated) {804E5358-FFA4-00DA-0D24-347CA8A3377C}
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Favorites\Download programs.url
c:\documents and settings\Owner\Favorites\Games.url
c:\documents and settings\Owner\Favorites\Translator.url
c:\documents and settings\Owner\Favorites\VIDEOS.url
c:\documents and settings\Owner\Start Menu\Programs\Download programs.url
c:\documents and settings\Owner\Start Menu\Programs\Translator.url
c:\program files\iMeshBar
c:\program files\iMeshBar\bar\Cache\files.ini
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\recycler\NPROTECT
c:\windows\dll
c:\windows\dll\log.rtc
c:\windows\Installer\15eebf.msi
c:\windows\Installer\27fd167.msp
c:\windows\Installer\27fd17a.msp
c:\windows\Installer\27fd18d.msp
c:\windows\Installer\27fd1b2.msp
c:\windows\Installer\27fd236.msp
c:\windows\Installer\27fd23d.msp
c:\windows\Installer\27fd262.msp
c:\windows\Installer\27fd273.msp
c:\windows\Installer\27fd282.msp
c:\windows\Installer\27fd288.msp
c:\windows\Installer\27fd28f.msp
c:\windows\Installer\27fd2b5.msp
c:\windows\Installer\27fd2cc.msp
c:\windows\Installer\27fd2df.msp
c:\windows\Installer\2d979cd.msp
c:\windows\Installer\2d979e0.msp
c:\windows\Installer\2d97a02.msp
c:\windows\Installer\2d97a15.msp
c:\windows\Installer\2d97a27.msp
c:\windows\Installer\54b7c.msi
c:\windows\Installer\a937cf6.msi
c:\windows\SNMPAPI.DLL
c:\windows\system32\drivers\armada.sys
c:\windows\system32\drivers\hjgruiymtveyid.sys
c:\windows\system32\drivers\npf.sys
c:\windows\system32\hjgruiacxjybpn.dat
c:\windows\system32\hjgruidlvjdnva.dat
c:\windows\system32\hjgruikaybiwjd.dll
c:\windows\system32\hjgruilog.dat
c:\windows\system32\hjgruioylvfefy.dll
c:\windows\system32\i
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruiytpxtxlv
-------\Legacy_NPF
-------\Legacy_SMSC
-------\Legacy_ZESOFT
-------\Service_NPF
-------\Service_SMSC
-------\Legacy_Armada_Cleaner
-------\Service_Armada_Cleaner
((((((((((((((((((((((((( Files Created from 2009-06-23 to 2009-07-23 )))))))))))))))))))))))))))))))
.
2009-07-23 15:49 . 2009-07-23 15:50 -------- dc----w- C:\rsit
2009-07-23 14:33 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-23 14:33 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-23 14:33 . 2009-07-23 14:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 14:28 . 2009-07-23 14:28 -------- d-----w- c:\program files\ERUNT
2009-07-23 12:01 . 2009-07-23 12:09 -------- dc----w- C:\UBCD4Win
2009-07-23 06:47 . 2009-07-23 06:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-07-23 03:23 . 2009-07-23 03:23 -------- dc----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-23 03:23 . 2009-07-23 03:23 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-23 03:23 . 2009-07-23 03:23 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-23 03:23 . 2009-07-23 03:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-23 03:22 . 2009-07-23 03:22 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-23 03:21 . 2009-07-23 03:21 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-07-23 03:21 . 2009-07-23 03:21 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-07-23 03:21 . 2009-07-23 03:21 -------- d-----w- c:\program files\AVG
2009-07-23 03:21 . 2009-07-23 03:21 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-23 03:03 . 2009-07-23 03:03 -------- d-----w- c:\docume~1\Owner\APPLIC~1\AVG8
2009-07-22 21:43 . 2009-07-22 23:09 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-07-22 13:56 . 2008-03-03 22:21 568 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-07-22 13:56 . 2008-03-03 18:25 5702 ---ha-w- c:\windows\nod32restoretemdono.reg
2009-07-22 13:45 . 2009-07-22 13:45 -------- d-----w- c:\program files\ESET
2009-07-22 13:22 . 2009-07-22 13:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\ESET
2009-07-22 13:08 . 2009-07-22 13:08 -------- dc----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-22 04:17 . 2009-07-22 04:16 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-07-22 04:15 . 2009-07-22 04:23 -------- d-----w- c:\documents and settings\Owner\.housecall6.6
2009-07-22 04:10 . 2009-07-22 04:08 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 03:07 . 2009-07-22 03:07 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-07-21 21:20 . 2009-07-21 21:20 -------- d-----w- c:\program files\Desktop Icon Toy
2009-07-21 20:25 . 2009-07-21 20:25 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Thinking Minds Budiling Bytes
2009-07-21 20:25 . 2009-07-21 22:06 -------- d-----w- c:\program files\CubeDesktop
2009-07-21 19:53 . 2009-07-21 19:53 -------- d-----w- c:\docume~1\Owner\APPLIC~1\OtakuSoftware
2009-07-21 19:51 . 2009-07-22 02:28 -------- d-----w- c:\program files\DeskSpace
2009-07-21 15:43 . 2009-07-21 15:43 -------- dc----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-07-21 15:42 . 2009-07-21 15:42 -------- d-----w- c:\program files\Bonjour
2009-07-21 03:29 . 2009-07-21 03:29 -------- d-----w- c:\program files\SpywareBlaster
2009-07-21 01:41 . 2009-07-21 01:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-21 01:40 . 2009-07-21 01:40 -------- d-----w- c:\program files\Reference Assemblies
2009-07-21 01:40 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-21 01:40 . 2008-07-06 12:06 117760 ----a-w- c:\windows\system32\prntvpt.dll
2009-07-21 01:40 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-21 01:40 . 2009-07-21 01:40 -------- dc----w- C:\25f7e9435b9b1fc8479dd17aaac0
2009-07-21 01:40 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-21 01:40 . 2008-07-06 12:06 575488 ----a-w- c:\windows\system32\xpsshhdr.dll
2009-07-21 01:40 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-21 01:40 . 2008-07-06 12:06 1676288 ----a-w- c:\windows\system32\xpssvcs.dll
2009-07-20 23:46 . 2009-07-21 17:49 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-20 20:29 . 2009-07-20 20:45 -------- dc----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-07-20 18:25 . 2009-07-20 18:27 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Winamp
2009-07-20 18:25 . 2009-07-20 18:26 -------- d-----w- c:\program files\Winamp
2009-07-20 12:45 . 2009-07-20 13:57 -------- d-----w- c:\program files\VS Revo Group
2009-07-20 12:21 . 2008-11-10 15:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2009-07-20 12:18 . 2009-07-21 01:41 -------- d-----w- c:\program files\MSBuild
2009-07-20 12:10 . 2009-07-20 12:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-07-19 18:36 . 2009-07-19 19:18 -------- d-----w- c:\docume~1\Owner\APPLIC~1\IDM
2009-07-19 18:36 . 2009-07-20 11:47 -------- d-----w- c:\docume~1\Owner\APPLIC~1\DMCache
2009-07-19 18:35 . 2009-07-20 12:31 -------- d-----w- c:\program files\Internet Download Manager
2009-07-19 17:57 . 2009-07-19 18:09 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-07-19 17:51 . 2009-07-19 18:14 -------- dc----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-07-19 17:51 . 2009-07-19 18:05 -------- d-----w- c:\program files\SpeedBit Toolbar
2009-07-19 17:51 . 2009-07-19 18:16 -------- d-----w- c:\program files\DAP
2009-07-19 17:42 . 2009-07-19 17:50 -------- d-----w- c:\docume~1\Owner\APPLIC~1\R-Wipe&Clean
2009-07-19 16:00 . 2009-07-19 17:24 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Auslogics
2009-07-19 15:57 . 2009-07-23 02:57 -------- dc--a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-19 15:56 . 2009-07-19 15:56 -------- d-----w- c:\program files\Auslogics
2009-07-19 13:53 . 2009-07-23 02:49 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-17 21:22 . 2009-07-17 21:23 -------- d-----w- c:\windows\system32\NtmsData
2009-07-12 23:02 . 2009-07-12 23:02 -------- dc----w- c:\documents and settings\All Users\Application Data\acccore
2009-07-12 22:59 . 2009-07-12 23:02 -------- d-----w- c:\program files\AIM6
2009-07-11 03:17 . 2007-09-17 14:34 136528 -c--a-w- c:\documents and settings\All Users\Application Data\AOL\UserProfiles\All Users\SUDS\CACHE\4397.2.4\radioupd.exe
2009-07-03 14:21 . 2008-10-17 01:02 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 12:11 . 2009-03-15 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-07-23 03:23 . 2009-07-23 03:23 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys.install_backup
2009-07-23 02:49 . 2004-12-10 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-22 04:08 . 2005-10-09 00:39 -------- d-----w- c:\program files\Java
2009-07-22 01:21 . 2005-10-06 18:34 8224 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-21 16:17 . 2006-12-28 18:45 -------- d-----w- c:\program files\iTunes
2009-07-21 15:44 . 2005-10-25 20:14 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Apple Computer
2009-07-21 15:43 . 2005-10-25 20:11 -------- dc----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-21 14:31 . 2008-08-22 00:51 1306624 ----a-w- c:\windows\system32\msxml6(2).dll
2009-07-21 01:17 . 2009-06-15 22:52 -------- d-----w- c:\program files\Microsoft Works
2009-07-20 20:45 . 2004-12-10 21:38 -------- d-----w- c:\program files\Lavasoft
2009-07-20 17:29 . 2008-09-01 17:17 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Yahoo!
2009-07-20 17:29 . 2008-08-23 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-07-20 17:28 . 2007-09-19 19:34 -------- d-s---w- c:\program files\Yahoo!
2009-07-20 16:25 . 2004-10-26 05:36 225280 ----a-w- c:\windows\system32\igfxpph.dll
2009-07-20 03:01 . 2006-08-06 00:59 -------- d-----w- c:\docume~1\Owner\APPLIC~1\uTorrent
2009-07-19 16:47 . 2008-11-06 11:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-19 16:47 . 2008-11-06 11:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-19 15:51 . 2006-06-22 18:59 -------- d-----w- c:\program files\Trend Micro
2009-07-19 15:45 . 2008-09-01 17:18 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Viewpoint
2009-07-19 15:35 . 2004-10-26 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-19 15:35 . 2004-10-26 04:19 -------- d-----w- c:\program files\Viewpoint
2009-07-14 01:27 . 2004-11-05 22:11 -------- d-----w- c:\program files\Real
2009-07-14 01:23 . 2005-10-19 22:22 -------- d-----w- c:\program files\DivX
2009-07-10 19:30 . 2008-06-20 11:55 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL
2009-07-10 19:16 . 2005-10-22 02:45 -------- d-----w- c:\program files\Rhyme & Verse Demo
2009-07-10 19:16 . 2005-10-05 23:15 -------- d-----w- c:\program files\Microsoft AntiSpyware
2009-07-10 19:16 . 2004-10-26 05:31 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-10 19:16 . 2004-11-05 22:13 -------- d-----w- c:\program files\Google
2009-07-10 19:16 . 2007-12-05 18:05 -------- dcsh--w- c:\program files\Common Files\WindowsLiveInstaller
2009-07-10 19:16 . 2006-08-17 21:53 -------- d-----w- c:\program files\Common Files\Vbox
2009-07-10 19:16 . 2004-11-05 22:11 -------- d-----w- c:\program files\Common Files\Real
2009-07-10 19:16 . 2009-06-10 13:06 -------- d-----w- c:\program files\Common Files\aolshare
2009-07-10 19:16 . 2005-12-14 00:33 -------- d-----w- c:\program files\Common Files\AOL
2009-07-10 19:16 . 2005-10-14 15:08 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-10 19:16 . 2005-10-05 20:07 -------- d-----w- c:\program files\Ares P2P
2009-07-10 19:16 . 2004-10-26 06:10 -------- d-----w- c:\program files\Britannica
2009-07-10 18:45 . 2008-08-23 18:50 -------- d-----w- c:\program files\Windows Live
2009-07-02 07:12 . 2009-04-02 23:03 -------- d-----w- c:\docume~1\Owner\APPLIC~1\Move Networks
2009-07-01 23:56 . 2005-10-13 16:41 -------- d-----w- c:\program files\Rhymesaurus 1.4
2009-06-25 07:08 . 2006-08-03 14:01 -------- d-----w- c:\program files\Microsoft SQL Server
2009-06-23 22:45 . 2009-03-26 19:00 -------- d-----w- c:\docume~1\Owner\APPLIC~1\LimeWire
2009-06-23 22:14 . 2009-03-15 19:13 -------- d-----w- c:\docume~1\Owner\APPLIC~1\GetRightToGo
2009-06-20 17:17 . 2009-06-20 17:17 -------- d-----w- c:\docume~1\Owner\APPLIC~1\acccore
2009-06-16 14:36 . 2002-09-03 17:06 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2002-09-03 16:33 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-11 10:32 . 2005-10-06 05:28 4720 -c--a-w- c:\windows\mozver.dat
2009-06-10 13:12 . 2009-06-10 13:06 -------- d-----w- c:\program files\AOL 9.1
2009-06-10 13:11 . 2009-06-10 13:11 -------- d-----w- c:\docume~1\Owner\APPLIC~1\AOL
2009-06-10 13:09 . 2009-06-10 13:09 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-06-10 13:05 . 2009-06-10 13:05 99200 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sm\sminstlp.exe
2009-06-10 13:05 . 2009-06-10 13:04 1895720 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\waol-0.4334.34.14.exe
2009-06-10 13:04 . 2009-06-10 13:04 142040 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\aolload\alsetup.exe
2009-06-10 13:04 . 2009-06-10 13:03 8139800 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\acs\acssetup.exe
2009-06-10 13:03 . 2009-06-10 13:03 11312 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\acs\ecuchk.dll
2009-06-10 13:03 . 2009-06-10 13:03 260040 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\acs\ecuinst.exe
2009-06-10 13:03 . 2009-06-10 13:03 601728 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\unagi\ampx.english.exe
2009-06-10 13:03 . 2009-06-10 13:03 67120 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ccu\instSup.dll
2009-06-10 13:03 . 2009-06-10 13:03 15920 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ccu\ocpchk.dll
2009-06-10 13:03 . 2009-06-10 13:03 10800 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\wsfixchk.dll
2009-06-10 13:03 . 2009-06-10 13:03 355592 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\afixinst.exe
2009-06-10 13:03 . 2009-06-10 13:03 54832 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\parcon\AOLParconLink.exe
2009-06-10 13:02 . 2009-06-10 13:02 607392 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\tpspd\wbsetup.exe
2009-06-10 13:02 . 2009-06-10 13:02 2100784 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\toolbar\aol_toolbar_dual.exe
2009-06-10 13:02 . 2009-06-10 13:02 127224 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\afixlang.exe
2009-06-10 13:02 . 2009-06-10 13:02 2439824 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ccu\ocpinsti.exe
2009-06-10 13:02 . 2009-06-10 13:01 711520 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sysinfo\SinfInst.exe
2009-06-10 13:01 . 2009-06-10 13:01 62816 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\ocpgc.exe
2009-06-10 13:01 . 2009-06-10 12:55 35387072 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\noneCodesignFilesBundle.exe
2009-06-10 12:55 . 2009-06-10 12:55 359184 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\tb\tbsetup.exe
2009-06-10 12:55 . 2009-06-10 12:55 75104 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\instSup.dll
2009-06-10 12:55 . 2009-06-10 12:55 223152 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\wsfinst.exe
2009-06-10 12:55 . 2009-06-10 12:55 175224 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\sm\stmninst.exe
2009-06-10 12:55 . 2009-06-10 12:54 1475416 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\ocpinst.exe
2009-06-10 12:54 . 2009-06-10 12:54 15712 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\ocp\ocpchk.dll
2009-06-10 12:54 . 2009-06-10 12:54 390704 -c--a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\waol\0.4334.34.14\comps\afix\WinsockFix.exe
2009-06-10 12:54 . 2008-09-01 17:18 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-06-03 19:09 . 2002-09-03 16:53 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-14 19:49 . 2009-05-14 19:49 94360 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2009-05-14 19:47 . 2009-05-14 19:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 19:41 . 2009-05-14 19:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-13 05:15 . 2005-06-18 03:49 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-07 15:32 . 2002-09-03 16:39 345600 ----a-w- c:\windows\system32\localspl.dll
2006-08-06 03:21 . 2006-08-06 03:21 774144 -c--a-w- c:\program files\RngInterstitial.dll
2009-07-15 20:30 . 2009-07-21 17:26 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-07-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-22 148888]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e\0SsiEfr.e\0SsiEfr.e
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134520414\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1134520414\\ee\\aim6.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Java\\jre1.5.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Ares Vista\\AresVista.exe"=
"c:\\Program Files\\Java\\jre1.6.0_05\\bin\\javaw.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/22/2009 11:23 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/22/2009 11:23 PM 108552]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 3:47 PM 107256]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 3:49 PM 94360]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/22/2009 11:22 PM 298776]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/24/2008 10:31 PM 29263712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/22/2009 11:21 PM 29208]
S0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys --> c:\windows\system32\Drivers\avgrkx86.sys [?]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe --> c:\progra~1\AVG\AVG8\avgfws8.exe [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [9/3/2002 12:56 PM 3584]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/22/2009 11:21 PM 29208]
S3 Cyber02Hide;Cyber02Hide;\??\c:\windows\system32\drivers\Cyber02Hide.sys --> c:\windows\system32\drivers\Cyber02Hide.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://start.verizon.net/vznisp/portal/main.aspx
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
DPF: Broadcaster Publisher - hxxp://www.broadcaster.com/on2/broadcaster_publisher.CAB
DPF: DigiChat Applet - hxxp://host7.digichat.com/DigiChat/DigiClasses/Client_IE.cab
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://217.23.231.4/activex/AMC.cab
FF - ProfilePath - c:\docume~1\Owner\APPLIC~1\Mozilla\Firefox\Profiles\a5zbfp8v.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50ffTB50CLie7&query=
FF - prefs.js: browser.search.selectedEngine - AOL Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.speedbit.com/searchresults.asp?src=default&q=
FF - component: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\a5zbfp8v.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll
FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "
https://www.google.com/loc/json");
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-23 12:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-343818398-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5A02C8D5-8CA8-EA77-79D7-A18C3B9A0517}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abjfpaknpoejmbndmdlokgaldnbdadnnma"=hex:6a,61,6e,6c,69,6f,65,68,6c,65,6d,63,
68,6c,61,61,65,64,64,6b,00,00
"pahffkfeodjanblddiknbomnplcliokf"=hex:6a,61,6e,6c,69,6f,65,68,6c,65,6d,63,68,
6c,61,61,65,64,64,6b,00,00
[HKEY_USERS\S-1-5-21-343818398-1500820517-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{94B386A8-E8CE-E3FF-B8F1-F9E0A1715643}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"haogejbmlencknem"=hex:6e,62,6a,6a,70,65,6b,6e,62,66,6c,67,65,6e,63,67,62,6d,
61,68,62,67,63,70,6d,70,6b,68,70,6d,6b,6a,65,6d,64,63,67,6b,61,61,6d,6a,6d,\
"jaogejbmlencknemmdoo"=hex:66,61,6a,6a,6e,65,70,69,61,69,64,69,00,02
"pagdfkngpjailchiihgahcfmillbdkoe"=hex:63,61,63,6d,6b,6a,00,69
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•Ôw*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2468)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\AOL 9.1\waol.exe
c:\windows\system32\wscntfy.exe
c:\program files\AOL 9.1\shellmon.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\control.exe
c:\windows\system32\control.exe
.
**************************************************************************
.
Completion time: 2009-07-23 13:01 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-23 17:01
Pre-Run: 10,170,712,064 bytes free
Post-Run: 11,821,903,872 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
448 --- E O F --- 2009-07-21 02:58
heres my logg,i received alot of corrupted files windows,files such as,cf2128.exe c:\$mft, tells me to run chkdsk