ComboFix 10-10-15.04 - Cappa 10/17/2010 10:53:38.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1270 [GMT -4:00] Running from: c:\documents and settings\Cappa\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\John\Application Data\E208FC8B0E698085686BEF22712C0902 c:\documents and settings\John\Application Data\E208FC8B0E698085686BEF22712C0902\enemies-names.txt c:\documents and settings\John\Application Data\E208FC8B0E698085686BEF22712C0902\local.ini c:\documents and settings\John\Application Data\E208FC8B0E698085686BEF22712C0902\lsrslt.ini c:\documents and settings\John\Application Data\E208FC8B0E698085686BEF22712C0902\synt700isorelease00.exe c:\documents and settings\John\Local Settings\Application Data\{A5D1ACDD-DAFA-4E1A-A23F-4D364F21D956} c:\documents and settings\John\Local Settings\Application Data\{A5D1ACDD-DAFA-4E1A-A23F-4D364F21D956}\chrome.manifest c:\documents and settings\John\Local Settings\Application Data\{A5D1ACDD-DAFA-4E1A-A23F-4D364F21D956}\chrome\content\_cfg.js c:\documents and settings\John\Local Settings\Application Data\{A5D1ACDD-DAFA-4E1A-A23F-4D364F21D956}\chrome\content\overlay.xul c:\documents and settings\John\Local Settings\Application Data\{A5D1ACDD-DAFA-4E1A-A23F-4D364F21D956}\install.rdf c:\windows\AutoRun.ini c:\windows\system32\Drivers\jnlrbb.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_leoc ((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 ))))))))))))))))))))))))))))))) . 2010-10-17 14:45 . 2009-05-01 21:24 1340797 ----a-w- C:\MGtools.exe 2010-10-17 13:56 . 2010-10-17 13:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-17 13:56 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-10-17 13:56 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-17 13:53 . 2010-10-17 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-10-17 12:55 . 2010-10-17 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-10-17 12:55 . 2010-10-17 13:54 -------- d-----w- c:\program files\SUPERAntiSpyware 2010-10-17 11:59 . 2010-10-17 03:11 15688 ----a-w- c:\windows\system32\lsdelete.exe 2010-10-17 03:12 . 2010-10-17 03:11 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-10-17 03:11 . 2010-10-17 03:11 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} 2010-10-17 03:10 . 2010-10-17 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2010-10-17 03:10 . 2010-10-17 03:10 -------- d-----w- c:\program files\Lavasoft 2010-10-17 02:53 . 2008-04-14 09:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll 2010-10-17 02:53 . 2008-04-14 09:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll 2010-10-17 02:53 . 2008-04-14 02:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll 2010-10-17 02:53 . 2008-04-14 09:42 10752 ------w- c:\windows\system32\smtpapi.dll 2010-10-17 02:53 . 2008-04-14 09:42 9728 ------w- c:\windows\system32\rwnh.dll 2010-10-17 02:48 . 2006-12-29 04:31 19569 ----a-w- c:\windows\005885_.tmp 2010-10-17 02:34 . 2008-04-14 09:42 380416 ------w- c:\windows\system32\irprops.cpl 2010-10-17 02:30 . 2004-07-17 15:40 19528 ----a-w- c:\windows\003894_.tmp 2010-10-17 02:19 . 2010-10-17 02:19 -------- d-----w- c:\windows\ServicePackFiles 2010-10-17 02:15 . 2008-04-14 09:42 11264 ----a-w- c:\windows\system32\autolfn.exe 2010-10-17 02:04 . 2008-04-14 09:42 162304 ----a-w- c:\windows\system32\wuaucpl.cpl 2010-10-17 01:45 . 2001-08-23 07:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe 2010-10-17 01:44 . 2001-08-23 07:00 9216 -c--a-w- c:\windows\system32\dllcache\authfilt.dll 2010-10-17 01:40 . 2008-04-14 09:42 45568 ----a-w- c:\windows\system32\safrslv.dll 2010-10-17 01:40 . 2008-04-14 09:42 29696 ----a-w- c:\windows\system32\safrdm.dll 2010-10-17 01:40 . 2008-04-14 09:42 43520 ----a-w- c:\windows\system32\safrcdlg.dll 2010-10-17 01:40 . 2008-04-14 09:42 43520 ----a-w- c:\windows\system32\racpldlg.dll 2010-10-17 01:40 . 2008-04-14 04:06 73472 ----a-w- c:\windows\system32\drivers\sr.sys 2010-10-17 01:40 . 2008-04-14 09:42 32768 ----a-w- c:\windows\system32\mnmsrvc.exe 2010-10-17 01:40 . 2008-04-14 09:41 32768 ----a-w- c:\windows\system32\isrdbg32.dll 2010-10-17 01:38 . 2008-04-14 09:42 281088 ----a-w- c:\program files\Windows NT\Pinball\pinball.exe 2010-10-17 01:35 . 2008-04-14 04:15 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys 2010-10-17 01:34 . 2008-04-14 04:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys 2010-10-17 01:33 . 2008-04-14 04:10 57600 ----a-w- c:\windows\system32\drivers\redbook.sys 2010-10-17 01:31 . 2008-04-14 09:41 4096 ----a-w- c:\windows\system32\ksuser.dll 2010-10-17 01:31 . 2008-04-14 09:42 129536 ----a-w- c:\windows\system32\ksproxy.ax 2010-10-17 01:23 . 2008-04-14 09:43 40840 ----a-w- c:\windows\system32\drivers\termdd.sys 2010-10-17 01:23 . 2008-04-14 04:02 196224 ----a-w- c:\windows\system32\drivers\rdpdr.sys 2010-10-17 01:22 . 2008-04-14 09:42 146432 ----a-w- c:\windows\system\winspool.drv 2010-10-17 01:22 . 2008-04-14 04:24 11264 ----a-w- c:\windows\system32\drivers\irenum.sys 2010-10-17 01:22 . 2001-08-23 07:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-10-17 01:22 . 2001-08-23 07:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2010-10-17 01:22 . 2001-08-23 07:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-10-17 01:22 . 2001-08-23 07:00 13312 ----a-w- c:\windows\system32\irclass.dll 2010-10-17 01:22 . 2001-08-23 07:00 13608 ----a-r- c:\windows\SETC7.tmp 2010-10-17 01:22 . 2001-08-23 07:00 1085913 ----a-r- c:\windows\SETBA.tmp 2010-10-16 23:24 . 2010-10-16 23:24 -------- d-----w- c:\program files\Free Window Registry Repair 2010-10-16 21:22 . 2010-10-16 22:07 -------- d-----w- c:\documents and settings\Johns Shared Stuff 2010-10-15 01:08 . 2010-10-15 01:08 -------- d-----w- c:\program files\CCleaner 2010-10-15 00:39 . 2001-08-18 02:36 9728 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpapi.dll 2010-10-15 00:39 . 2001-08-18 02:36 175104 -c--a-w- c:\windows\system32\dllcache\EXCH_smtpadm.dll 2010-10-15 00:39 . 2001-08-18 02:36 9216 -c--a-w- c:\windows\system32\dllcache\EXCH_rwnh.dll 2010-10-15 00:39 . 2001-08-18 02:36 205824 -c--a-w- c:\windows\system32\dllcache\EXCH_seo.dll 2010-10-15 00:34 . 2006-12-29 04:31 19569 ----a-w- c:\windows\005148_.tmp 2010-10-14 02:12 . 2008-04-14 09:41 81920 ------w- c:\windows\system32\ieencode.dll 2010-10-14 02:08 . 2004-07-17 15:40 19528 ----a-w- c:\windows\002315_.tmp 2010-10-14 01:13 . 2010-10-17 03:07 -------- d-----w- c:\documents and settings\Cappa 2010-10-14 01:09 . 2010-10-17 03:16 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY 2010-10-14 01:09 . 2010-10-14 01:09 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY 2010-10-14 00:52 . 2001-08-23 07:00 13608 ----a-r- c:\windows\SETC3.tmp 2010-10-14 00:52 . 2001-08-23 07:00 1085913 ----a-r- c:\windows\SETB7.tmp 2010-10-14 00:23 . 2001-08-23 07:00 13608 ----a-r- c:\windows\SETC5.tmp 2010-10-14 00:23 . 2001-08-23 07:00 1085913 ----a-r- c:\windows\SETB9.tmp 2010-10-13 08:05 . 2010-10-13 08:05 -------- d-----w- C:\~ErdUserProfile.$$$ 2010-10-10 19:32 . 2010-10-10 19:41 -------- d-----w- c:\windows\tmp 2010-10-05 01:17 . 2010-10-05 01:17 0 ----a-w- c:\windows\Yhuyideduvak.bin 2010-09-23 06:14 . 2010-09-23 06:14 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-18 13574144] "nwiz"="nwiz.exe" [2008-09-18 1657376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-18 86016] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-24 446571] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-10-17 524632] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] Microsoft Works Calendar Reminders.lnk - c:\windows\Installer\{9944aa9e-362d-11d3-81ab-00c04fb932ba}\1960F8A9.exe [2010-3-5 29184] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2000-8-6 69632] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt\0lsdelete [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/16/2010 11:12 PM 64160] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408] . Contents of the 'Scheduled Tasks' folder 2010-10-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 03:11] 2010-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50] . . ------------------------ Other Running Processes ------------------------ . c:\program files\idt\v114_ecs_d_6207.2v7_6099.8xp_g2.0v_rc_sdc\wdm\STacSV.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\RUNDLL32.EXE c:\windows\System32\wbem\unsecapp.exe c:\windows\system32\imapi.exe . ************************************************************************** . Completion time: 2010-10-17 11:05:09 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-17 15:05 Pre-Run: 92,990,005,248 bytes free Post-Run: 95,928,385,536 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn - - End Of File - - C2AE534A761EB7248D3AC590274C3CCE