Hi andrewuk
Thanks for the help
Here are the two reports of ComboFix and HijackThis.
---------------
HijackThisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:22:04 PM, on 8/23/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\Dell Photo AIO Printer 964\memcard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\dlcjcoms.exe
C:\Program Files\TuneUp Utilities 2008\RegistryCleaner.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://att.yahoo.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://red.clientapp.../search/ie.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://red.clientapp...//www.yahoo.comR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [dlcjmon.exe] "C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 964\memcard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - ?p=ZCxdm801MEUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) -
http://acs.pandasoft...s/as2stubie.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1219103135328O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1219106765468O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} -
http://www.nick.com/.../GrooveAX27.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
https://fpdownload.m...ash/swflash.cabO16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://a532.g.akamai...l/installer.exeO23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlcj_device - Unknown owner - C:\WINDOWS\system32\dlcjcoms.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 8142 bytes
--------------------------
ComboFixComboFix 08-08-21.02 - Lori 2008-08-23 15:15:15.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.207 [GMT -5:00]
Running from: C:\Documents and Settings\Lori\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lori\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Brendon\Application Data\FunWebProducts
C:\Documents and Settings\Brendon\Application Data\FunWebProducts\Data\Brendon\avatar.dat
C:\Documents and Settings\Brendon\Application Data\macromedia\Flash Player\#SharedObjects\83XUJ4FX\interclick.com
C:\Documents and Settings\Brendon\Application Data\macromedia\Flash Player\#SharedObjects\83XUJ4FX\interclick.com\ud.sol
C:\Documents and Settings\Brendon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Brendon\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Lori\Application Data\macromedia\Flash Player\#SharedObjects\J5FRZDWE\interclick.com
C:\Documents and Settings\Lori\Application Data\macromedia\Flash Player\#SharedObjects\J5FRZDWE\interclick.com\ud.sol
C:\Documents and Settings\Lori\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Lori\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Taylor\Application Data\FunWebProducts
C:\Documents and Settings\Taylor\Application Data\FunWebProducts\Data\Taylor\avatar.dat
C:\Documents and Settings\Taylor\Application Data\FunWebProducts\Data\Taylor\register.dat
C:\Documents and Settings\Taylor\Application Data\macromedia\Flash Player\#SharedObjects\A8K8UVAH\interclick.com
C:\Documents and Settings\Taylor\Application Data\macromedia\Flash Player\#SharedObjects\A8K8UVAH\interclick.com\ud.sol
C:\Documents and Settings\Taylor\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Taylor\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\system32\bszip.dll
.
((((((((((((((((((((((((( Files Created from 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))
.
2008-08-21 19:11 . 2008-08-21 19:11 <DIR> d-------- C:\Documents and Settings\Taylor\Application Data\TuneUp Software
2008-08-21 16:50 . 2008-08-21 18:05 <DIR> d-------- C:\Program Files\a-squared Free
2008-08-21 16:27 . 2008-08-21 16:27 <DIR> d-------- C:\Program Files\Astonsoft
2008-08-21 16:27 . 2008-08-21 16:42 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\DeepBurner
2008-08-21 14:55 . 2008-08-21 16:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-08-20 00:31 . 2008-08-21 19:13 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-20 00:28 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\is-6M9KD.tmp
2008-08-20 00:28 . 2008-08-20 00:28 680,960 --a------ C:\WINDOWS\is-GK5GF.exe
2008-08-20 00:28 . 2008-08-20 00:28 10,453 --a------ C:\WINDOWS\is-GK5GF.msg
2008-08-20 00:28 . 2008-08-20 00:28 354 --a------ C:\WINDOWS\is-GK5GF.lst
2008-08-19 23:53 . 2008-08-19 23:53 <DIR> d-------- C:\Documents and Settings\Brendon\Application Data\GlarySoft
2008-08-19 23:36 . 2008-08-19 23:36 <DIR> d-------- C:\Documents and Settings\Brendon\Application Data\TuneUp Software
2008-08-19 22:37 . 2008-08-19 22:37 <DIR> d-------- C:\Program Files\Panda Security
2008-08-19 22:37 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-19 21:10 . 2008-08-21 19:13 <DIR> d-------- C:\Program Files\SpywareGuard
2008-08-19 21:08 . 2008-08-21 19:13 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-19 20:55 . 2008-08-19 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2008-08-18 23:18 . 2008-08-18 23:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-08-18 23:15 . 2008-08-18 23:15 0 --a------ C:\WINDOWS\ativpsrm.bin
2008-08-18 23:10 . 2008-08-18 23:10 <DIR> d-------- C:\ATI
2008-08-18 22:55 . 2008-08-18 22:55 <DIR> d-------- C:\Program Files\iTunes
2008-08-18 22:55 . 2008-08-18 22:55 <DIR> d-------- C:\Program Files\iPod
2008-08-18 22:54 . 2008-08-18 22:54 <DIR> d-------- C:\Program Files\QuickTime
2008-08-18 22:54 . 2008-08-18 22:54 <DIR> d-------- C:\Program Files\Bonjour
2008-08-18 22:52 . 2008-08-18 22:52 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-18 22:49 . 2008-08-18 22:49 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-08-18 22:43 . 2008-08-18 22:43 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-08-18 22:41 . 2008-08-18 22:42 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-08-18 22:25 . 2008-08-18 22:25 361,600 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS.ORIGINAL
2008-08-18 19:57 . 2008-05-01 09:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-18 19:56 . 2008-04-11 14:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-18 19:27 . 2008-08-18 19:27 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-08-18 19:27 . 2008-08-18 19:27 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-18 19:27 . 2008-08-18 19:27 <DIR> d-------- C:\WINDOWS\system32\bits
2008-08-18 19:27 . 2008-08-18 19:27 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-18 19:24 . 2008-08-18 19:27 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-08-18 19:13 . 2008-04-13 19:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-08-18 19:12 . 2004-08-03 22:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-08-18 19:08 . 2008-08-18 19:08 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\TuneUp Software
2008-08-18 19:08 . 2008-08-18 19:08 355,584 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-08-18 19:08 . 2008-05-29 09:28 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-08-18 19:07 . 2008-08-18 19:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-08-18 19:06 . 2008-08-18 19:07 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-08-18 18:56 . 2008-08-18 18:56 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\GlarySoft
2008-08-18 17:41 . 2008-08-18 17:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-18 17:41 . 2008-08-18 17:41 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-08-18 17:41 . 2008-08-18 17:41 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\Malwarebytes
2008-08-18 17:41 . 2008-08-18 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-18 17:41 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-18 17:41 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-18 17:18 . 2008-08-18 17:18 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-18 13:15 . 2008-08-18 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-18 13:14 . 2008-08-21 16:07 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-18 12:44 . 2008-08-18 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-18 12:27 . 2008-08-18 12:27 <DIR> d--hs---- C:\found.000
2008-08-18 12:10 . 2008-08-18 12:10 <DIR> d-------- C:\Documents and Settings\Lori\Application Data\VSRevoGroup
2008-08-18 12:09 . 2008-08-18 12:09 <DIR> d-------- C:\Program Files\VS Revo Group
2008-08-18 11:54 . 2008-04-13 19:11 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 23:18 --------- d-----w C:\Program Files\Jasc Software Inc
2008-08-21 23:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-08-21 21:16 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-08-19 04:13 --------- d-----w C:\Program Files\ATI Technologies
2008-08-19 04:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-19 03:48 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-19 03:25 361,600 ----a-w C:\WINDOWS\system32\drivers\TCPIP.SYS
2008-08-19 03:25 361,600 ----a-w C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-08-19 02:32 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-08-19 01:00 --------- d-----w C:\Program Files\Microsoft Works
2008-08-18 22:39 --------- d-----w C:\Program Files\Dell
2008-08-18 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-08-18 21:37 --------- d-----w C:\Documents and Settings\Lori\Application Data\Walgreens
2008-08-18 17:07 --------- d-----w C:\Program Files\Dl_cats
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-07-04 03:06 253,952 ----a-w C:\WINDOWS\system32\atiok3x2(2).dll
2008-07-01 19:05 --------- d-----w C:\Documents and Settings\Lori\Application Data\SiteAdvisor
2008-06-24 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Napster
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 15:57 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-24 02:19 --------- d-----w C:\Documents and Settings\Lori\Application Data\Apple Computer
2008-06-23 23:16 --------- d-----w C:\Program Files\McAfee
2008-06-23 22:47 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-06-23 21:35 --------- d-----w C:\Program Files\Common Files\McAfee
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-04-29 22:39 722,176 ----a-w C:\Documents and Settings\Lori\gotomypc_428.exe
.
------- Sigcheck -------
2005-05-25 14:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 12:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 07:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 11:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 05:44 360960 744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 06:51 361600 9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 06:59 361600 ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2008-06-20 05:45 360320 2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
2004-08-10 06:00 359040 9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB893066$\tcpip.sys
2005-05-25 14:04 359808 88763a98a4c26c409741b4aa162720c9 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 21:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 06:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2007-10-30 12:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys
2008-04-13 14:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
2008-08-18 22:25 361600 d24ea301e2b36c4e975fd216ca85d8e7 C:\WINDOWS\system32\dllcache\TCPIP.SYS
2008-08-18 22:25 361600 d24ea301e2b36c4e975fd216ca85d8e7 C:\WINDOWS\system32\drivers\TCPIP.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 19:12 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 08:56 139264]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 22:05 344064]
"dlcjmon.exe"="C:\Program Files\Dell Photo AIO Printer 964\dlcjmon.exe" [2005-08-12 15:47 430080]
"MemoryCardManager"="C:\Program Files\Dell Photo AIO Printer 964\memcard.exe" [2005-08-10 09:12 286720]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 01:20 339968 C:\WINDOWS\stsystra.exe]
C:\Documents and Settings\Lori\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2005-11-16 20:39:08 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-13 19:12]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-08-18 19:08]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ce638aa-dce2-11dc-81fb-00038a000015}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL
http://www.mgae.com/...654266100086331[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-08-23 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
2008-04-15 C:\WINDOWS\Tasks\McDefragTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
2008-05-01 C:\WINDOWS\Tasks\McQcTask.job
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe [2007-12-04 13:32]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lori\Application Data\Mozilla\Firefox\Profiles\89v6uetj.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF -: plugin - C:\Program Files\Java\j2re1.4.2_03\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-23 15:17:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-23 15:20:17
ComboFix-quarantined-files.txt 2008-08-23 20:19:34
Pre-Run: 54,518,644,736 bytes free
Post-Run: 54,579,015,680 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
239 --- E O F --- 2008-08-21 19:54:40