ComboFix 09-04-14.08 - Andrew Jones 04/14/2009 8:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1346 [GMT -4:00]
Running from: c:\documents and settings\Andrew Jones\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andrew Jones\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\fuyawadu.dll
c:\windows\system32\guneyani.dll
c:\windows\yilizoge.dll
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.
2009-04-14 12:22 . 2009-04-14 12:22 -------- d-sh--w c:\documents and settings\Andrew Jones\PrivacIE
2009-04-14 03:41 . 2009-04-14 03:41 0 --sha-w c:\program files\lohezudu.dll
2009-04-07 23:33 . 2009-04-07 23:33 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-07 23:32 . 2009-04-07 23:32 -------- d-sh--w c:\documents and settings\Andrew Jones\IETldCache
2009-04-07 16:34 . 2009-04-07 16:34 -------- d-sh--w c:\documents and settings\NetworkService\IETldCache
2009-04-02 18:15 . 2009-04-02 18:15 -------- d-----w c:\windows\ie8updates
2009-04-02 18:12 . 2009-04-02 18:14 -------- dc-h--w c:\windows\ie8
2009-04-02 18:09 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-03-31 00:54 . 2009-03-31 00:54 54 ----a-w C:\Boot.img.errorlog
2009-03-30 22:03 . 2009-03-30 22:03 23392 ----a-w c:\windows\system32\nscompat.tlb
2009-03-30 22:03 . 2009-03-30 22:03 16832 ----a-w c:\windows\system32\amcompat.tlb
2009-03-23 21:40 . 2009-03-23 21:40 -------- d-----w c:\program files\Common Files\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 12:54 . 2006-09-12 07:12 1758 ----a-w C:\hpqp.ini
2009-04-14 12:54 . 2006-09-12 07:12 39 ----a-w C:\XP_TV.ini
2009-04-14 06:33 . 2009-01-22 00:16 -------- d-----w c:\documents and settings\Andrew Jones\Application Data\Skype
2009-04-14 06:29 . 2007-09-05 13:55 -------- d-----w c:\program files\Google
2009-04-14 06:27 . 2009-03-13 02:16 -------- d-----w c:\documents and settings\Andrew Jones\Application Data\NBC Direct
2009-04-14 06:27 . 2009-03-13 02:15 -------- d-----w c:\documents and settings\All Users\Application Data\NBC Direct
2009-04-14 06:27 . 2009-03-13 02:15 -------- d---a-w c:\program files\NBC Direct
2009-04-14 06:26 . 2009-03-13 02:16 -------- d-----w c:\program files\Pando Networks
2009-04-14 06:24 . 2006-09-12 05:33 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-14 06:20 . 2007-04-15 18:14 -------- d-----w c:\program files\Kodak
2009-04-14 06:15 . 2009-01-31 01:09 -------- d-----w c:\program files\Acoustica Mixcraft 4
2009-04-14 04:14 . 2009-01-22 00:18 -------- d-----w c:\documents and settings\Andrew Jones\Application Data\skypePM
2009-04-14 03:07 . 2009-01-14 03:07 107008 --sha-w c:\windows\system32\bikokere.dll
2009-04-14 03:07 . 2009-01-14 03:07 107008 --sha-w c:\windows\system32\bikokere.dll
2009-04-14 03:07 . 2009-01-14 03:07 63488 --sha-w c:\windows\system32\pufoponu.exe
2009-04-14 03:07 . 2009-01-14 03:07 63488 --sha-w c:\windows\system32\pufoponu.exe
2009-04-12 21:51 . 2008-02-25 14:11 81 ----a-w C:\DVDPATH.TXT
2009-04-11 02:05 . 2006-09-12 05:33 -------- d-----w c:\program files\Java
2009-04-03 01:28 . 2008-02-10 01:53 -------- d-----w c:\documents and settings\Andrew Jones\Application Data\Move Networks
2009-03-30 01:52 . 2006-09-12 07:29 -------- d-----w c:\program files\Windows Media Connect 2
2009-03-28 23:18 . 2007-07-25 04:46 -------- d-----w c:\documents and settings\Andrew Jones\Application Data\Azureus
2009-03-23 21:40 . 2009-01-22 00:15 -------- d-----r c:\program files\Skype
2009-03-23 21:40 . 2009-01-22 00:15 -------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-03-14 21:53 . 2009-03-14 21:53 -------- d-----w c:\program files\PopCap Games
2009-03-13 02:35 . 2009-03-13 02:16 -------- d-----w c:\documents and settings\Andrew Jones\Application Data\IDM
2009-03-12 23:02 . 2009-03-12 23:01 -------- d-----w c:\program files\iTunes
2009-03-12 23:02 . 2009-03-12 23:01 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-12 23:01 . 2009-03-12 23:01 -------- d-----w c:\program files\iPod
2009-03-12 23:01 . 2008-12-01 01:30 -------- d-----w c:\program files\Common Files\Apple
2009-03-12 23:00 . 2009-03-12 23:00 -------- d-----w c:\program files\Bonjour
2009-03-12 22:59 . 2009-03-12 22:58 -------- d-----w c:\program files\QuickTime
2009-03-12 21:53 . 2007-09-11 20:48 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-09 09:19 . 2008-09-23 05:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-08 18:09 . 2006-11-07 07:27 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 18:09 . 2006-10-17 16:04 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 08:41 . 2006-10-23 15:34 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 08:39 . 2007-05-09 01:44 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 08:34 . 2006-10-23 15:34 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 08:34 . 2006-03-16 04:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2006-10-23 15:34 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 08:34 . 2006-11-08 01:03 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 08:34 . 2006-10-17 16:05 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 08:34 . 2006-03-16 04:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:34 . 2006-10-17 16:05 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 08:34 . 2006-10-23 15:34 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 08:34 . 2006-10-17 16:04 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 08:33 . 2006-09-18 14:15 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 08:33 . 2009-03-08 08:33 18944 ------w c:\windows\system32\dllcache\corpol.dll
2009-03-08 08:33 . 2006-03-16 04:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2006-10-23 15:34 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 08:33 . 2008-05-09 10:53 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 08:33 . 2006-11-07 07:27 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 08:33 . 2008-05-09 10:53 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 08:33 . 2006-03-16 04:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:33 . 2006-11-07 07:26 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 08:32 . 2006-11-07 07:26 72704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 08:32 . 2006-03-16 04:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2006-11-07 07:26 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 08:32 . 2006-11-07 07:25 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 08:32 . 2006-11-07 07:26 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 08:32 . 2006-11-07 07:26 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 08:32 . 2006-03-16 04:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:32 . 2006-11-07 07:26 128512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 08:32 . 2006-10-23 15:34 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 08:32 . 2007-05-09 01:44 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 08:32 . 2007-05-09 01:44 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 08:32 . 2006-10-23 15:34 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 08:24 . 2006-10-17 15:44 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 08:22 . 2006-11-08 01:03 156160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 08:22 . 2006-03-16 04:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 08:11 . 2007-05-09 01:44 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-06 03:59 . 2009-03-12 22:56 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-06 03:59 . 2008-12-01 01:30 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-28 01:23 . 2007-07-25 04:45 -------- d-----w c:\program files\Azureus
2009-02-09 11:13 . 2008-10-14 18:42 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 11:13 . 2006-03-16 04:00 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-07 01:07 . 2007-05-09 01:44 3698584 ----a-w c:\windows\system32\dllcache\ieapfltr.dat
2009-01-11 21:15 . 2006-09-12 06:39 150760 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-12-22 04:53 . 2006-12-31 03:59 15656 ----a-w c:\documents and settings\Andrew Jones\Application Data\wklnhst.dat
2007-12-22 19:54 . 2007-04-11 12:22 140928 -c--a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2007-04-11 12:22 . 2007-04-11 12:22 128 -c--a-w c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2007-01-31 03:05 . 2007-01-31 03:05 251 -c--a-w c:\program files\wt3d.ini
2006-12-26 07:16 . 2006-12-26 07:14 135 ----a-w c:\documents and settings\Andrew Jones\Local Settings\Application Data\fusioncache.dat
2006-09-12 07:53 . 2006-12-26 07:14 51192 -c--a-w c:\documents and settings\Andrew Jones\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-09-12 06:39 . 2006-09-12 06:39 136 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e4903124-b231-40e2-9d16-8970288890c7}]
2009-01-14 03:02 69632 --sha-w c:\windows\system32\gurujize.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Google Update"="c:\documents and settings\Andrew Jones\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-19 133104]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-16 24095528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-08-25 102400]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-05-09 184320]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 57344]
"RecGuard"="c:\windows\SMINST\RecGuard.exe" [2005-10-11 1187840]
"Reminder"="c:\windows\CREATOR\Remind_XP.exe" [2006-02-09 643072]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-02-23 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-12-19 136768]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 241664]
"KerberosIdentityFinder"="c:\program files\MIT\Kerberos\bin\KerberosIdentityFinder.vbs" [2008-04-30 12365]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-10-03 480560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-09-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-09-06 114688]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-09-06 94208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"yugefikila"="c:\windows\system32\pijutiji.dll" [2009-01-14 69632]
"CPM32e3c26f"="c:\windows\system32\bikokere.dll" [2009-04-14 107008]
"MsmqIntCert"="mqrt.dll" - c:\windows\system32\mqrt.dll [2008-04-14 177152]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-07-27 61952]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 217194]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4}"= "c:\windows\system32\bikokere.dll" [2009-04-14 107008]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"SSODL"= {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\bikokere.dll [2009-04-14 107008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AfsLogon]
2008-03-21 18:41 87400 ----a-w c:\program files\OpenAFS\Client\Program\afslogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MIT_KFW]
2007-10-22 13:32 23040 ----a-w c:\windows\system32\kfwlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\bikokere.dll,c:\windows\system32\dojonilu.dll
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\dojonilu.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Domestic Security Version 4.87
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\lsass.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7001:UDP"= 7001:UDP:AFS CacheManager Callback (UDP)
R3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;c:\windows\system32\Drivers\5U870CAP.sys [2006-06-06 61952]
R3 iComp;HP Analog TV Tuner;c:\windows\system32\DRIVERS\p2usbwdm.sys [2005-10-13 1527808]
R3 Tcpc2h;Tcpc2h; [x]
S2 U3SHLPDR;U3SHLPDR;c:\windows\System32\Drivers\U3SHLPDR.SYS [2007-01-23 3445]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d75c48a7-7477-11dd-8366-0018dea385f6}]
\Shell\AutoRun\command - H:\PortableVault.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1238730878-4098613907-3068013729-1005.job
- c:\documents and settings\Andrew Jones\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-19 03:08]
2009-04-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-04-14 c:\windows\Tasks\User_Feed_Synchronization-{F7845907-D1BD-4B75-B349-E2B4F3D8A821}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-googletalk - c:\program files\Google\Google Talk\googletalk.exe
HKLM-Run-Psepixiwuhuq - c:\windows\Pgoqesebeva.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/ymj/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{A6E07A82-436A-11d3-83B6-00902747E82E} - c:\windows\PeoplePC\hta\peopledialer.hta
IE: {{A6E07A80-436A-11d3-83B6-00902747E82E} - {A6E07A81-436A-11d3-83B6-00902747E82E} - c:\windows\system32\shdocvw.dll
IE: {{F05B7DAE-337E-11D3-83B6-00E0980647AC} - {F05B7DAE-337E-11D3-83B6-00E0980647AC} - c:\windows\PeoplePC\BIN\PAYMEN~1.DLL
Trusted Zone: internet
Trusted Zone: mcafee.com
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-14 08:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1238730878-4098613907-3068013729-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:33,75,b5,cc,0a,83,d1,ff,53,b4,0e,e2,0d,d3,ae,71,ec,c6,90,4b,3c,1c,9c,
46,20,93,c8,ea,d9,ea,aa,c5,b0,80,82,b7,e0,e7,63,22,62,aa,a9,b3,72,e0,af,7c,\
"??"=hex:32,6d,17,bd,ce,bc,fe,c7,b0,58,a8,8f,4a,f8,bf,a3
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(928)
c:\program files\MIT\Kerberos\bin\krb5_32.dll
c:\program files\MIT\Kerberos\bin\comerr32.dll
c:\program files\MIT\Kerberos\bin\k5sprt32.dll
c:\program files\MIT\Kerberos\bin\xpprof32.dll
c:\program files\MIT\Kerberos\bin\krb524.dll
c:\program files\MIT\Kerberos\bin\leashw32.dll
c:\program files\MIT\Kerberos\bin\krbcc32.dll
c:\program files\MIT\Kerberos\bin\krbv4w32.dll
c:\windows\system32\kfwlogon.dll
- - - - - - - > 'lsass.exe'(984)
c:\windows\system32\dojonilu.dll
- - - - - - - > 'explorer.exe'(564)
c:\windows\system32\pijutiji.dll
c:\windows\system32\dojonilu.dll
c:\windows\system32\bikokere.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\MIT\Kerberos\bin\krbcc32s.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\progra~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
c:\program files\OpenAFS\Client\Program\afsd_service.exe
c:\windows\system32\searchindexer.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\wscntfy.exe
c:\windows\ehome\ehmsas.exe
c:\program files\McAfee\Common Framework\Mctray.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 13:00
Pre-Run: 15,292,624,896 bytes free
Post-Run: 15,446,429,696 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
333 --- E O F --- 2009-04-13 16:01