ComboFix 09-02-18.01 - Randy 2009-02-19 20:06:59.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.200 [GMT -10:00] Running from: c:\documents and settings\Randy\Desktop\ComboFix.exe AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Outdated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\salesmonitor c:\documents and settings\All Users\Start Menu\Programs\DriveCleaner Freeware c:\documents and settings\All Users\Start Menu\Programs\DriveCleaner Freeware\DriveCleaner Freeware.lnk c:\documents and settings\All Users\Start Menu\Programs\DriveCleaner Freeware\DriveCleaner HomePage.lnk c:\documents and settings\All Users\Start Menu\Programs\DriveCleaner Freeware\DriveCleaner Online Manual.lnk c:\documents and settings\All Users\Start Menu\Programs\DriveCleaner Freeware\DriveCleaner Online Support.lnk c:\documents and settings\All Users\Start Menu\Programs\DriveCleaner Freeware\Uninstall DriveCleaner.lnk c:\documents and settings\Randy\Application Data\DriveCleaner Freeware c:\documents and settings\Randy\Application Data\DriveCleaner Freeware\Logs\update.log c:\documents and settings\Randy\err.log c:\windows\IE4 Error Log.txt c:\windows\system32\bszip.dll . ((((((((((((((((((((((((( Files Created from 2009-01-20 to 2009-02-20 ))))))))))))))))))))))))))))))) . 2009-02-18 21:39 . 2009-02-18 21:39 d-------- c:\windows\system32\XPSViewer 2009-02-18 21:39 . 2009-02-18 21:39 d-------- c:\program files\Reference Assemblies 2009-02-18 21:39 . 2009-02-18 21:39 d-------- c:\program files\MSBuild 2009-02-18 21:38 . 2009-02-18 21:38 d-------- C:\[u]0[/u]87aa60c9adac258f3 2009-02-18 21:38 . 2008-07-06 02:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll 2009-02-18 21:38 . 2008-07-06 02:06 1,676,288 --------- c:\windows\system32\dllcache\xpssvcs.dll 2009-02-18 21:38 . 2008-07-06 00:50 597,504 --------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2009-02-18 21:38 . 2008-07-06 02:06 575,488 --------- c:\windows\system32\xpsshhdr.dll 2009-02-18 21:38 . 2008-07-06 02:06 575,488 --------- c:\windows\system32\dllcache\xpsshhdr.dll 2009-02-18 21:38 . 2008-07-06 02:06 117,760 --------- c:\windows\system32\prntvpt.dll 2009-02-18 21:38 . 2008-07-06 02:06 89,088 --------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2009-02-18 21:37 . 2009-02-18 22:28 d-------- c:\windows\SxsCaPendDel 2009-02-18 21:20 . 2009-02-18 21:20 d-------- c:\program files\AskBarDis 2009-02-18 21:20 . 2009-02-18 21:20 d-------- c:\program files\Advanced Registry Optimizer 2009-02-18 21:20 . 2009-02-18 21:20 d-------- c:\documents and settings\Randy\Application Data\Sammsoft 2009-02-18 20:58 . 2009-02-19 19:41 d-------- c:\documents and settings\All Users\Application Data\AV1 2009-01-31 11:55 . 2009-02-01 06:53 d-------- c:\documents and settings\Randy\Application Data\DriverCure 2009-01-31 11:55 . 2009-01-31 11:55 d-------- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-01-31 11:55 . 2009-02-02 23:15 d-------- c:\documents and settings\All Users\Application Data\DriverCure 2009-01-31 11:52 . 2009-01-31 11:52 d-------- c:\program files\RegCure 2009-01-30 21:27 . 2009-01-30 21:27 21,246 --a------ C:\sb challenge.jpg 2009-01-20 22:31 . 2009-01-20 22:31 d-------- C:\Money Coach 2009-01-20 22:05 . 2009-01-20 22:05 d-------- c:\program files\Common Files\AnswerWorks 5.0 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-20 05:29 --------- d-----w c:\program files\Symantec AntiVirus 2009-01-21 08:31 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-21 08:03 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit 2009-01-21 08:02 --------- d-----w c:\program files\Common Files\Intuit 2009-01-21 08:00 --------- d-----w c:\program files\TurboTax 2009-01-17 07:35 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll 2009-01-05 08:11 --------- d-----w c:\program files\Google 2008-12-29 05:51 --------- d-----w c:\documents and settings\Randy\Application Data\Apple Computer 2008-12-29 05:50 --------- d-----w c:\program files\iTunes 2008-12-29 05:50 --------- d-----w c:\program files\iPod 2008-12-29 05:50 --------- d-----w c:\program files\Common Files\Apple 2008-12-29 05:50 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-12-29 05:31 --------- d-----w c:\program files\Bonjour 2008-12-29 05:30 --------- d-----w c:\program files\QuickTime 2008-12-29 05:27 --------- d-----w c:\program files\Apple Software Update 2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe 2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe 2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe 2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll 2008-12-11 10:57 333,952 ------w c:\windows\system32\dllcache\srv.sys 2008-11-17 01:15 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2008-11-17 01:15 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2008-11-17 01:15 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2008-11-17 01:15 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2008-11-17 01:15 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-08-06 15:20 279944 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-06 279944] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-25 68856] "DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-28 395776] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "AROReminder"="c:\program files\Advanced Registry Optimizer\ARO.exe" [2008-08-22 2084480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_07\bin\jusched.exe" [2006-05-03 36975] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-04-25 139264] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-29 339968] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "MMTray"="c:\program files\Musicmatch\Musicmatch Jukebox\mm_tray.exe" [2004-09-14 131072] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" [2004-09-14 53248] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752] "vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184] "Motive SmartBridge"="c:\progra~1\VERIZO~1\SMARTB~1\MotiveSB.exe" [2002-05-18 327680] "dlbxmon.exe"="c:\program files\Dell Photo AIO Printer 962\dlbxmon.exe" [2004-08-27 417792] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-31 122941] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 57344] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-13 206064] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "Monitor calibration"="c:\documents and settings\All Users\Application Data\AV1\AV1i.exe" [2009-02-18 151040] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-22 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-07-23 24576] Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2006-04-18 442368] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] Verizon Online Support Center.lnk - c:\program files\Verizon Online\bin\matcli.exe [2005-08-08 204800] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dlbxcoms.exe"= "c:\\Program Files\\World Poker Championship\\World Poker Championship.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-04-17 124608] . Contents of the 'Scheduled Tasks' folder 2008-12-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] 2009-02-20 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20] 2009-02-01 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [] 2009-01-31 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [] 2009-02-20 c:\windows\Tasks\RegCure Program Check.job - c:\program files\RegCure\RegCure.exe [2008-12-29 07:58] 2009-01-31 c:\windows\Tasks\RegCure.job - c:\program files\RegCure\RegCure.exe [2008-12-29 07:58] . - - - - ORPHANS REMOVED - - - - URLSearchHooks-~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) HKCU-Run-DriverCure - c:\program files\ParetoLogic\DriverCure\DriverCure.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.hawaiiantel.net/wps/portal uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Settings,ProxyOverride = 127.0.0.1;*.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: turbotax.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Randy\Application Data\Mozilla\Firefox\Profiles\ovjnprmw.default\ . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-19 20:08:46 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\.application\bootstrap] @DACL=(02 0000) @="bootstrap.application.1" . Completion time: 2009-02-19 20:10:28 ComboFix-quarantined-files.txt 2009-02-20 06:10:25 Pre-Run: 130,258,927,616 bytes free Post-Run: 130,576,592,896 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 198 --- E O F --- 2009-02-20 05:36:14