ok all finished here ya go.
ComboFix 08-04-22.5 - CNA 2008-04-24 9:37:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.962 [GMT -4:00]
Running from: I:\Documents and Settings\CNA\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
I:\Documents and Settings\CNA\Desktop\Error Cleaner.url
I:\Documents and Settings\CNA\Desktop\Privacy Protector.url
I:\Documents and Settings\CNA\Desktop\Spyware&Malware Protection.url
I:\Documents and Settings\CNA\Favorites\Error Cleaner.url
I:\Documents and Settings\CNA\Favorites\Privacy Protector.url
I:\Documents and Settings\CNA\Favorites\Spyware&Malware Protection.url
I:\Program Files\autorun.inf
I:\WINDOWS\cookies.ini
I:\WINDOWS\privacy_danger
I:\WINDOWS\privacy_danger\images\capt.gif
I:\WINDOWS\privacy_danger\images\danger.jpg
I:\WINDOWS\privacy_danger\images\down.gif
I:\WINDOWS\privacy_danger\images\spacer.gif
I:\WINDOWS\privacy_danger\index.htm
I:\WINDOWS\system32\iOrXwGgh.ini
I:\WINDOWS\system32\iOrXwGgh.ini2
I:\WINDOWS\system32\mlUvyccf.ini
I:\WINDOWS\system32\mlUvyccf.ini2
I:\WINDOWS\system32\moXyHRqr.ini
I:\WINDOWS\system32\moXyHRqr.ini2
I:\WINDOWS\system32bdn.com
I:\WINDOWS\system32hxiwlgpm.dat
I:\WINDOWS\system32ssvchost.com
I:\WINDOWS\system32taack.dat
I:\WINDOWS\system32VBIEWER.OCX
.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.
2008-04-24 08:55 . 2008-04-24 08:55 <DIR> d-------- I:\Program Files\Trend Micro
2008-04-23 17:32 . 2008-04-23 17:32 <DIR> d-------- I:\Documents and Settings\CNA\Application Data\Symantec
2008-04-23 17:29 . 2008-04-23 17:29 <DIR> d-------- I:\Program Files\Windows Sidebar
2008-04-23 17:28 . 2008-04-23 17:30 <DIR> d-------- I:\Program Files\Norton Internet Security
2008-04-23 17:26 . 2008-04-23 17:30 <DIR> d-------- I:\Program Files\Symantec
2008-04-23 17:26 . 2008-04-23 17:51 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Symantec
2008-04-23 17:26 . 2008-04-23 17:30 123,952 --a------ I:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-04-23 17:26 . 2008-04-23 17:30 60,800 --a------ I:\WINDOWS\system32\S32EVNT1.DLL
2008-04-23 17:26 . 2008-04-23 17:30 10,563 --a------ I:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-04-23 17:26 . 2008-04-23 17:30 805 --a------ I:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-04-23 17:20 . 2008-04-24 09:39 <DIR> d-------- I:\Program Files\Common Files\Symantec Shared
2008-04-23 17:15 . 2008-04-23 17:15 <DIR> d-------- I:\Documents and Settings\All Users\Symantec Temporary Files
2008-04-23 16:16 . 2008-04-23 16:16 <DIR> d-------- I:\WINDOWS\system32\Kaspersky Lab
2008-04-23 16:16 . 2008-04-23 16:16 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-22 10:47 . 2008-04-22 11:19 10,752 --a------ I:\WINDOWS\DCEBoot.exe
2008-04-22 10:33 . 2008-04-23 16:19 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Trend Micro
2008-04-22 09:44 . 2008-04-22 10:23 <DIR> d-------- I:\Documents and Settings\CNA\.housecall6.6
2008-04-21 07:47 . 2008-04-21 16:25 611 --a------ I:\WINDOWS\wininit.ini
2008-04-21 07:25 . 2008-04-24 09:31 <DIR> d-------- I:\Program Files\Spybot - Search & Destroy
2008-04-21 07:25 . 2008-04-24 09:31 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-21 07:07 . 2008-04-21 07:21 1,540,918 --ahs---- I:\WINDOWS\system32\htkmaaqu.ini
2008-04-18 08:58 . 2008-04-23 14:17 <DIR> d-------- I:\Program Files\CCleaner
2008-04-18 08:53 . 2008-04-21 07:06 1,540,737 --ahs---- I:\WINDOWS\system32\lhlyadvg.ini
2008-04-18 08:51 . 2008-04-24 09:37 <DIR> d-------- I:\Documents and Settings\CNA\Application Data\TmpRecentIcons
2008-04-17 14:20 . 2008-04-23 17:24 <DIR> d-------- I:\Documents and Settings\All Users\Application Data\pavmpopo
2008-04-17 14:20 . 2008-04-17 12:11 221,184 --a------ I:\WINDOWS\omlbpkaw.dll
2008-04-17 14:20 . 2008-04-17 12:11 94,208 --a------ I:\WINDOWS\npqtsrak.exe
2008-04-17 09:29 . 2008-04-17 09:29 <DIR> d-------- I:\WINDOWS\system32\LogFiles
2008-04-05 07:43 . 2008-02-22 02:33 69,632 --a------ I:\WINDOWS\system32\javacpl.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 15:55 --------- d-----w I:\Program Files\Sony
2008-04-18 13:10 --------- d-----w I:\Program Files\Pure Networks
2008-04-18 12:55 --------- d-----w I:\Program Files\CADDee.com
2008-04-14 11:28 --------- d-----w I:\Documents and Settings\CNA\Application Data\LimeWire
2008-04-14 11:27 --------- d-----w I:\Program Files\LimeWire
2008-04-05 11:43 --------- d-----w I:\Program Files\Java
2008-03-07 01:32 706 ----a-w I:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 01:32 23,904 ----a-w I:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 01:32 10,537 ----a-w I:\WINDOWS\system32\drivers\coh_mon.cat
2008-03-05 13:05 --------- d-----w I:\Documents and Settings\All Users\Application Data\WinZip
2008-03-05 12:50 --------- d-----w I:\Program Files\Microsoft ActiveSync
2008-02-26 15:11 --------- d-----w I:\Program Files\iTunes
2008-02-26 15:10 --------- d-----w I:\Program Files\iPod
2008-02-26 15:09 --------- d-----w I:\Program Files\QuickTime
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-07 00:05 349552 --a------ I:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-04-23 17:29 116088 --a------ I:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "I:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-07 00:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= I:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-07 00:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="I:\WINDOWS\system32\ctfmon.exe" [2004-08-12 09:18 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-06 14:01 335872]
"SunJavaUpdateSched"="I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"ccApp"="I:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 21:47 51048]
"osCheck"="I:\Program Files\Norton Internet Security\osCheck.exe" [2008-02-07 02:49 718704]
"QuickTime Task"="I:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
I:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - I:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 23:05:26 29696]
AutoCAD LT Startup Accelerator.lnk - I:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 09:18:22 10872]
GARO Status Monitor.lnk - I:\Program Files\Canon\GAROStatusMonitor\cnwism.exe [2006-12-01 11:29:44 344064]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\
0]
Source= file:///I:\WINDOWS\privacy_danger\index.htm
FriendlyName= Privacy Protection
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"DriveSys"= {05255934-854f-4cb7-971c-f47e5da4ba5c} - I:\WINDOWS\Resources\DriveSys.dll [ ]
"omlbpkaw"= {AEF16746-7092-4428-AF72-C98DAAC55411} - I:\WINDOWS\omlbpkaw.dll [2008-04-17 12:11 221184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUKdASM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-07 00:46 57344 I:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2003-05-23 11:43 88363 I:\WINDOWS\AGRSMMSG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2006-10-23 08:50 71216 I:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLSPScheduler]
--a------ 2006-09-07 11:29 8784 I:\Program Files\Common Files\AOL\1163796153\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnwiDeviceAgent]
--a------ 2005-08-11 20:14 65536 I:\Program Files\Canon\GAROStatusMonitor\cnwida.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-12 09:18 15360 I:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmailScan]
--a------ 2005-10-19 13:13 460336 I:\Program Files\mcafee.com\antivirus\mcvsescn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gvhssnoy]
I:\WINDOWS\system32\ynenizof.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 14:39 1289000 I:\Program Files\Microsoft ActiveSync\wcescomm.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2006-09-25 20:52 50736 I:\Program Files\Common Files\AOL\1163796153\ee\AOLSoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ifhawcmg]
I:\WINDOWS\system32\tizqrcbo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 14:10 267048 I:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OASClnt]
--a------ 2005-08-18 17:57 116272 I:\Program Files\mcafee.com\antivirus\oasclnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 I:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\rslibrry]
I:\WINDOWS\system32\jsjadkrs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--------- 2008-01-28 11:43 2097488 I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sscRun]
--a------ 2006-09-07 11:29 153168 I:\Program Files\Common Files\AOL\1163796153\ee\SSCRun.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-10-30 14:27 185632 I:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"I:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"I:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"I:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"I:\\Program Files\\America Online 9.0\\waol.exe"=
"I:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"I:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"I:\\Program Files\\Common Files\\AOL\\1163796153\\EE\\AOLServiceHost.exe"=
"I:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"I:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"I:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"I:\\Program Files\\Canon\\GAROStatusMonitor\\cnwism.exe"=
"I:\\Program Files\\Canon\\GAROStatusMonitor\\cnwida.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"I:\\Program Files\\Canon\\Network ScanGear\\SgTool.exe"=
"I:\\Program Files\\Common Files\\AOL\\1163796153\\EE\\aolsoftware.exe"=
"I:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"I:\\Program Files\\LimeWire\\LimeWire.exe"=
"I:\\Program Files\\iTunes\\iTunes.exe"=
"I:\Program Files\Microsoft ActiveSync\rapimgr.exe"= I:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"I:\Program Files\Microsoft ActiveSync\wcescomm.exe"= I:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"I:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= I:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 LiveUpdate Notice;LiveUpdate Notice;"I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
S3 COH_Mon;COH_Mon;I:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-09 14:26:01 I:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- I:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-23 21:32:33 I:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - CNA.job"
- I:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-24 09:41:40
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
I:\WINDOWS\system32\ati2evxx.exe
I:\WINDOWS\system32\ati2evxx.exe
I:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
I:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
I:\Program Files\Common Files\AOL\1163796153\EE\services\safetyCore\ver2_5_4_1\aolavupd.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
I:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\PROGRA~1\mcafee.com\ANTIVI~1\McShield.exe
.
**************************************************************************
.
Completion time: 2008-04-24 9:45:01 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 13:44:53
Pre-Run: 232,650,768,384 bytes free
Post-Run: 233,456,197,632 bytes free
231 --- E O F --- 2008-04-09 19:01:27
SmitFraudFix v2.318
Scan done at 9:54:35.85, Thu 04/24/2008
Run from I:\Documents and Settings\CNA\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
I:\WINDOWS\system32\spoolsv.exe
I:\WINDOWS\system32\Ati2evxx.exe
I:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
I:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
I:\Program Files\Common Files\AOL\1163796153\ee\services\safetyCore\ver2_5_4_1\aolavupd.exe
I:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
I:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
I:\Program Files\Bonjour\mDNSResponder.exe
I:\PROGRA~1\mcafee.com\ANTIVI~1\mcshield.exe
I:\WINDOWS\system32\svchost.exe
I:\PROGRA~1\mcafee.com\ANTIVI~1\OasClnt.exe
I:\WINDOWS\system32\ctfmon.exe
I:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
I:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
I:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
I:\Program Files\QuickTime\qttask.exe
I:\WINDOWS\explorer.exe
I:\WINDOWS\system32\notepad.exe
I:\Program Files\Common Files\AOL\1163796153\ee\aolsoftware.exe
I:\Program Files\Common Files\AOL\1163796153\ee\aolsoftware.exe
i:\program files\common files\aol\1163796153\ee\services\safetyCore\ver2_5_4_1\AOLSP Scheduler.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» I:\
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» I:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\CNA
»»»»»»»»»»»»»»»»»»»»»»»» I:\Documents and Settings\CNA\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» I:\DOCUME~1\CNA\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» I:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="file:///I:\\WINDOWS\\privacy_danger\\index.htm"
"SubscribedURL"=""
"FriendlyName"="Privacy Protection"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
[!] Suspicious: omlbpkaw.dll
SSODL: omlbpkaw - {AEF16746-7092-4428-AF72-C98DAAC55411}
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="I:\\WINDOWS\\system32\\userinit.exe,"
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 24.29.99.35
DNS Server Search Order: 24.29.99.36
HKLM\SYSTEM\CCS\Services\Tcpip\..\{16056A8A-A030-421B-89AA-8A06C99C9F36}: NameServer=24.29.99.35,24.29.99.36
HKLM\SYSTEM\CS1\Services\Tcpip\..\{16056A8A-A030-421B-89AA-8A06C99C9F36}: NameServer=24.29.99.35,24.29.99.36
HKLM\SYSTEM\CS2\Services\Tcpip\..\{16056A8A-A030-421B-89AA-8A06C99C9F36}: NameServer=24.29.99.35,24.29.99.36
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End