I did what you said ComboFix 09-04-15.08 - HAGER 04/15/2009 19:24.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.572 [GMT -4:00]
Running from: c:\documents and settings\HAGER\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.
ADS - WINDOWS: deleted 72 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\HAGER\Application Data\inst.exe
c:\documents and settings\HAGER\My Documents\ICROSO~1
c:\documents and settings\HAGER\My Documents\SEMBLY~1
c:\documents and settings\HAGER\My Documents\STEM32~1
c:\documents and settings\HAGER\My Documents\WNSXS~1
c:\program files\Common Files\icroso~1
c:\program files\Common Files\racle~1
c:\program files\Common Files\sstem3~1
c:\program files\Common Files\uninstall information
c:\program files\dobe~1
c:\program files\FunWebProducts
c:\program files\Internet Explorer\msimg32.dll
c:\program files\mbols~1
c:\program files\mcroso~1
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\ystem~1
c:\program files\ystem~1\wuauboot.exe
c:\windows\start.exe
c:\windows\system32\AutoRun.inf
c:\windows\system32\crosof~1.net
c:\windows\system32\curity~1
c:\windows\system32\drivers\gaopdxlruxdltpbwyrkujxvklijbitlkvvfwoo.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\fnts~1
c:\windows\system32\fnts~1\msdtc.exe
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxyuwpyqldkxjkcgsapbnabteksqoupoav.dll
c:\windows\system32\mbols~1
c:\windows\system32\mdm.exe
c:\windows\system32\mukmil.dll
c:\windows\system32\ppatch~1
c:\windows\system32\pppatc~1
c:\windows\system32\sembly~1
c:\windows\system32\sks~1
c:\windows\system32\stem~1
c:\windows\system32\systeminfo3.dll
c:\windows\system32\ystem~1
c:\windows\Web\default.htt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
-------\Legacy_ISEXENG
-------\Legacy_IWINGAMESINSTALLER
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_iWinGamesInstaller
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2009-03-15 to 2009-04-15 )))))))))))))))))))))))))))))))
.
2009-04-15 14:09 . 2009-04-15 14:10 -------- d-----w C:\Rooter$
2009-04-15 13:43 . 2009-04-15 13:43 -------- d-----w c:\program files\ERUNT
2009-04-15 13:34 . 2009-04-15 13:39 1374 ----a-w c:\windows\imsins.BAK
2009-04-15 12:26 . 2009-03-06 14:22 284160 ------w c:\windows\system32\dllcache\pdh.dll
2009-04-15 12:26 . 2009-02-09 12:10 473600 ------w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 12:26 . 2009-02-09 12:10 453120 ------w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 12:26 . 2009-02-09 12:10 401408 ------w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 12:26 . 2009-02-06 11:11 110592 ------w c:\windows\system32\dllcache\services.exe
2009-04-15 12:26 . 2009-02-06 10:10 227840 ------w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 12:26 . 2009-02-09 12:10 729088 ------w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 12:26 . 2009-02-09 12:10 714752 ------w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 12:26 . 2009-02-09 12:10 617472 ------w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 12:24 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 12:24 . 2009-03-27 06:58 1203922 ------w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 12:24 . 2008-04-21 12:08 215552 ------w c:\windows\system32\dllcache\wordpad.exe
2009-04-08 18:39 . 2009-04-08 18:56 18816 ----a-w c:\windows\system32\drivers\dvd43llh.sys
2009-04-08 00:10 . 2009-04-08 00:10 -------- d-----w c:\program files\iPod
2009-04-08 00:10 . 2009-04-08 00:10 -------- d-----w c:\program files\iTunes
2009-04-08 00:10 . 2009-04-08 00:10 -------- d-----w c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-07 18:38 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-07 18:38 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-07 18:38 . 2009-04-15 13:48 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-06 19:10 . 2009-04-06 19:11 -------- d-----w c:\documents and settings\HAGER\Application Data\ErrorFix
2009-04-06 00:07 . 2009-04-06 00:07 1152 ----a-w c:\windows\system32\windrv.sys
2009-04-06 00:06 . 2009-04-06 00:07 -------- d-----w c:\documents and settings\HAGER\Application Data\GetRightToGo
2009-04-05 00:30 . 2009-04-06 18:03 -------- d-----w c:\documents and settings\All Users\Application Data\101256015
2009-03-28 03:19 . 2009-01-09 19:19 1089593 ------w c:\windows\system32\dllcache\ntprint.cat
2009-03-28 01:09 . 2009-03-28 01:09 -------- d-----w c:\windows\system32\XPSViewer
2009-03-28 01:09 . 2009-03-28 01:09 -------- d-----w c:\program files\Reference Assemblies
2009-03-28 01:08 . 2008-07-06 12:06 89088 ------w c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-28 01:08 . 2008-07-06 12:06 575488 ------w c:\windows\system32\xpsshhdr.dll
2009-03-28 01:08 . 2008-07-06 12:06 575488 ------w c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-28 01:08 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\xpssvcs.dll
2009-03-28 01:08 . 2008-07-06 12:06 1676288 ------w c:\windows\system32\dllcache\xpssvcs.dll
2009-03-28 01:08 . 2008-07-06 12:06 117760 ------w c:\windows\system32\prntvpt.dll
2009-03-28 01:08 . 2008-07-06 10:50 597504 ------w c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-28 01:08 . 2009-03-28 01:08 -------- d-----w C:\c762295ebd59545d2cab9cdd6ef40f53
2009-03-24 23:53 . 2009-03-24 23:53 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-24 23:48 . 2009-03-06 03:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-24 23:39 . 2009-03-24 23:39 -------- d-----w c:\program files\Safari
2009-03-24 23:37 . 2009-03-24 23:37 -------- d-----w c:\program files\Bonjour
2009-03-21 14:06 . 2009-03-21 14:06 989696 ------w c:\windows\system32\dllcache\kernel32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-15 23:44 . 2006-07-11 23:53 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-15 19:06 . 2001-05-01 23:32 363676672 ----a-w C:\outlook.pst
2009-04-15 19:03 . 2008-04-17 03:48 568869888 ----a-w C:\outlook.bak
2009-04-15 14:10 . 2009-04-15 14:10 4856 ----a-w C:\Rooter.txt
2009-04-15 13:37 . 2008-01-29 15:53 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-13 19:47 . 2004-02-07 06:01 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-13 19:37 . 2004-02-07 05:59 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-13 17:48 . 2006-02-13 15:13 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-04-13 17:43 . 2001-12-30 01:14 11582 ----a-w C:\winzip.log
2009-04-09 00:59 . 2004-08-21 18:14 -------- d-----w c:\documents and settings\HAGER\Application Data\WeatherBug
2009-04-08 18:56 . 2009-03-11 17:45 -------- d-----w c:\program files\dvd43
2009-04-08 01:06 . 2009-04-08 01:06 1608 ----a-w C:\avenger.txt
2009-04-08 00:10 . 2009-02-27 01:05 -------- d-----w c:\program files\Common Files\Apple
2009-04-06 18:18 . 2004-02-07 04:17 -------- d-----w c:\program files\Google
2009-04-06 17:30 . 2007-01-16 01:19 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-06 13:20 . 2009-04-06 12:54 26314 ------w C:\CybDefInstallInfo.log
2009-04-05 18:45 . 2008-09-04 00:09 -------- d-----w c:\program files\iWin Games
2009-04-05 18:45 . 2005-09-08 02:47 -------- d-----w c:\program files\DataApples
2009-03-28 01:34 . 2006-07-11 02:26 438848 ----a-w c:\documents and settings\HAGER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-28 01:09 . 2008-01-29 23:43 -------- d-----w c:\program files\MSBuild
2009-03-25 00:12 . 2006-09-19 23:21 -------- d-----w c:\documents and settings\HAGER\Application Data\Apple Computer
2009-03-21 16:07 . 2009-01-04 23:11 410984 ----a-w c:\windows\SYSTEM32\deploytk.dll
2009-03-19 20:32 . 2009-02-27 01:07 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-11 18:22 . 2009-02-01 23:02 -------- d-----w c:\documents and settings\HAGER\Application Data\Vso
2009-03-11 18:22 . 2009-02-01 23:01 -------- d-----w c:\program files\CloneDVD
2009-03-11 17:49 . 2002-01-05 20:14 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 17:48 . 2009-03-11 17:48 -------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-03-11 02:18 . 2006-04-10 17:00 934792 ------w c:\windows\SYSTEM32\dllcache\WgaTray.exe
2009-03-11 02:18 . 2006-04-10 17:00 239496 ------w c:\windows\SYSTEM32\dllcache\wgaLogon.dll
2009-03-10 22:21 . 2009-03-10 15:10 -------- d-----w c:\program files\Common Files\AVSMedia
2009-03-10 15:25 . 2009-03-10 15:12 -------- d-----w c:\documents and settings\HAGER\Application Data\AVS4YOU
2009-03-10 15:12 . 2009-03-10 15:12 -------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2009-03-09 23:06 . 2001-05-01 23:46 -------- d-----w c:\program files\Coupons
2009-03-06 20:30 . 2008-09-04 00:09 -------- d-----w c:\program files\iWin
2009-03-06 14:22 . 2004-09-25 01:42 284160 ----a-w c:\windows\SYSTEM32\pdh.dll
2009-03-06 03:59 . 2009-02-27 01:06 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-03 00:18 . 2004-09-25 01:41 826368 ----a-w c:\windows\SYSTEM32\wininet.dll
2009-03-03 00:18 . 2004-09-25 01:41 826368 ----a-w c:\windows\SYSTEM32\dllcache\wininet.dll
2009-02-28 04:54 . 2004-09-25 01:43 636072 ----a-w c:\windows\SYSTEM32\dllcache\iexplore.exe
2009-02-26 21:35 . 2009-02-26 21:34 -------- d-----w c:\program files\QuickTime
2009-02-26 21:32 . 2006-09-19 11:15 -------- d-----w c:\program files\Apple Software Update
2009-02-26 21:32 . 2009-02-26 21:32 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-02-20 10:20 . 2007-05-09 04:33 13824 ------w c:\windows\SYSTEM32\dllcache\ieudinit.exe
2009-02-20 10:20 . 2006-10-17 18:00 70656 ------w c:\windows\SYSTEM32\dllcache\ie4uinit.exe
2009-02-20 05:14 . 2003-06-25 15:16 161792 ----a-w c:\windows\SYSTEM32\dllcache\ieakui.dll
2009-02-09 12:10 . 2004-09-25 01:41 729088 ----a-w c:\windows\SYSTEM32\lsasrv.dll
2009-02-09 12:10 . 2004-09-25 01:42 401408 ----a-w c:\windows\SYSTEM32\rpcss.dll
2009-02-09 12:10 . 2004-09-25 01:41 617472 ----a-w c:\windows\SYSTEM32\advapi32.dll
2009-02-09 12:10 . 2004-09-25 01:41 714752 ----a-w c:\windows\SYSTEM32\ntdll.dll
2009-02-09 11:13 . 2008-10-15 05:57 1846784 ------w c:\windows\SYSTEM32\dllcache\win32k.sys
2009-02-09 11:13 . 2004-09-25 01:41 1846784 ----a-w c:\windows\SYSTEM32\win32k.sys
2009-02-07 23:02 . 2008-10-15 05:56 2066048 ------w c:\windows\SYSTEM32\dllcache\ntkrnlpa.exe
2009-02-06 11:11 . 2004-09-25 01:41 110592 ----a-w c:\windows\SYSTEM32\services.exe
2009-02-06 11:08 . 2008-10-15 05:56 2189056 ------w c:\windows\SYSTEM32\dllcache\ntoskrnl.exe
2009-02-06 11:06 . 2008-10-15 05:57 2145280 ------w c:\windows\SYSTEM32\dllcache\ntkrnlmp.exe
2009-02-06 11:06 . 2004-09-25 01:41 2145280 ----a-w c:\windows\SYSTEM32\ntoskrnl.exe
2009-02-06 10:39 . 2003-06-25 15:17 35328 ----a-w c:\windows\SYSTEM32\sc.exe
2009-02-06 10:39 . 2003-06-25 15:17 35328 ----a-w c:\windows\SYSTEM32\dllcache\sc.exe
2009-02-06 10:32 . 2008-10-15 05:56 2023936 ------w c:\windows\SYSTEM32\dllcache\ntkrpamp.exe
2009-02-06 10:32 . 2004-09-25 01:41 2023936 ----a-w c:\windows\SYSTEM32\ntkrnlpa.exe
2009-02-03 19:59 . 2009-02-03 19:59 56832 ------w c:\windows\SYSTEM32\dllcache\secur32.dll
2009-02-03 19:59 . 2004-09-25 01:42 56832 ----a-w c:\windows\SYSTEM32\secur32.dll
2009-02-02 19:32 . 2008-10-19 19:21 1028 ----a-w C:\updatedatfix.log
2009-02-01 23:02 . 2009-02-01 23:02 47360 ----a-w c:\documents and settings\HAGER\Application Data\pcouffin.sys
2006-07-11 02:25 . 2001-12-10 00:51 8224 -c--a-w c:\documents and settings\HAGER\Application Data\GDIPFONTCACHEV1.DAT
2005-06-04 03:58 . 2005-06-04 03:59 774144 ----a-w c:\program files\RngInterstitial.dll
2005-03-12 03:12 . 2004-08-08 21:55 1435 -c-ha-w c:\documents and settings\HAGER\Application Data\hpothb07.dat
2005-01-23 03:04 . 2005-01-23 03:04 137 -c--a-w c:\documents and settings\NetworkService\Local Settings\Application Data\fusioncache.dat
2005-01-19 01:07 . 2005-01-19 00:46 145 ----a-w c:\documents and settings\HAGER\Application Data\tvmdmns.dll
2004-10-26 00:13 . 2004-10-26 00:13 128 -c--a-w c:\documents and settings\HAGER\Local Settings\Application Data\fusioncache.dat
2004-08-08 21:55 . 2006-03-26 23:43 0 ---ha-w c:\documents and settings\HelpAssistant\hpothb07.dat
2004-08-08 21:55 . 2004-08-08 21:55 0 -c-ha-w c:\documents and settings\Default User\hpothb07.dat
2004-08-08 21:55 . 2004-03-28 23:31 0 -c-ha-w c:\documents and settings\HAGER\hpothb07.dat
2004-08-08 21:54 . 2004-08-08 21:54 0 -c-h--w c:\documents and settings\Administrator\hpothb07.dat
2001-04-29 19:24 . 2001-05-01 23:38 271 -csha-w c:\program files\desktop.ini
2001-04-29 19:24 . 2001-05-01 23:38 21952 -c-ha-w c:\program files\folder.htt
1999-06-17 18:2001-05-01 23:43 37:42 . c:\program files\internet explorer\plugins\lfbmp11n.dll
1999-06-15 21:2001-05-01 23:43 17:40 . c:\program files\internet explorer\plugins\LFCMP11n.DLL
1999-06-17 18:2001-05-01 23:43 37:56 . c:\program files\internet explorer\plugins\lftga11n.dll
1999-08-31 12:2001-05-01 23:43 23:32 . c:\program files\internet explorer\plugins\library.dll
1999-06-15 21:2001-05-01 23:43 08:48 . c:\program files\internet explorer\plugins\LTDIS11n.dll
1999-06-06 23:2001-05-01 23:43 27:08 . c:\program files\internet explorer\plugins\ltefx11n.dll
1999-06-15 21:2001-05-01 23:43 09:06 . c:\program files\internet explorer\plugins\ltfil11n.DLL
1999-06-15 21:2001-05-01 23:43 10:02 . c:\program files\internet explorer\plugins\ltimg11n.dll
1999-06-09 20:2001-05-01 23:43 41:30 . c:\program files\internet explorer\plugins\ltkrn11n.dll
1999-08-16 15:2001-05-01 23:43 27:52 . c:\program files\internet explorer\plugins\Paint.dll
2000-07-25 16:2001-05-01 23:43 20:02 . c:\program files\internet explorer\plugins\sprites.dll
1998-07-11 05:2001-05-01 23:43 13:00 . c:\program files\internet explorer\plugins\zlib.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWi0.dll" [2009-03-06 1883672]
[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
2009-03-06 20:30 1883672 ----a-w c:\program files\iWin\tbiWi0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ce0c2586-da36-452b-acdb-320d9bcb19bf}"= "c:\program files\iWin\tbiWi0.dll" [2009-03-06 1883672]
[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CE0C2586-DA36-452B-ACDB-320D9BCB19BF}"= "c:\program files\iWin\tbiWi0.dll" [2009-03-06 1883672]
[HKEY_CLASSES_ROOT\clsid\{ce0c2586-da36-452b-acdb-320d9bcb19bf}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOT\CLSID\{7D688A77-C613-11D0-999B-00C04FD655E1}]
2008-06-17 19:02 8461312 ----a-w c:\windows\SYSTEM32\shell32.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2005-06-07 1339392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"SFP"="c:\program files\Common Files\Verizon Online\SFP\vzSFPWin.EXE" [2003-09-05 561152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-26 2019624]
"DVD Ghost"="c:\program files\DVD Ghost\DVDGhost.EXE" [2007-02-01 1536000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-02-23 3026944]
"Share-to-Web Namespace Daemon"="c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe" [2002-04-17 69632]
"HPHmon04"="c:\windows\system32\hphmon04.exe" [2006-01-06 348160]
"HPHUPD04"="c:\program files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe" [2002-05-24 49152]
"HPHUPD08"="c:\program files\Hewlett-Packard\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-01 49152]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
"vptray"="c:\progra~1\SYMANT~2\VPTray.exe" [2006-03-17 124656]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-21 148888]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2008-11-17 827904]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2004-02-23 753664]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\Alcxmntr.exe [2004-09-07 57344]
"Synchronization Manager"="mobsync.exe" - c:\windows\SYSTEM32\mobsync.exe [2008-04-14 143360]
c:\documents and settings\HAGER\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
iWin Desktop Alerts.lnk - c:\documents and settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe [2008-9-3 108544]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Camio Viewer.lnk - c:\program files\Dell Computer\Dell Image Expert\IXApplet.exe [2002-3-28 53248]
Crystal 3D Audio Control.lnk - c:\windows\Cwd3dsnd.exe [2001-5-1 206848]
Event Reminder.lnk - c:\program files\Broderbund\PrintMaster\PMremind.exe [2003-2-15 331776]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
HP Image Zone Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-2-9 278528]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-20 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\DVDGHO~1\DVDGHO~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vivo"= ivvideo.dll
"msacm.vivog723"= vivog723.acm
"msacm.voxacm119"= vdk32119.acm
"VIDC.TR20"= tr2032.dll
"VIDC.UCOD"= clrviddd.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ cli scecli
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminders Tray Icon.lnk]
backup=c:\windows\pss\Event Planner Reminders Tray Icon.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
backup=c:\windows\pss\Forget Me Not.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photo Express Calendar Checker.lnk]
backup=c:\windows\pss\Photo Express Calendar Checker.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\windows\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
"c:\\Program Files\\Replicon Inc\\Web Resource\\ASPHost\\Replicon.Resourcing.TrayASPHost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\WildGames\\Wheel of Fortune\\Wheel of Fortune.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 AEC671X;AEC671X;c:\windows\System32\drivers\AEC671X.SYS [1998-05-05 12128]
R1 DMX3191;DMX3191;c:\windows\System32\drivers\DMX3191.SYS [1999-02-23 17700]
R2 UDNT;UDNT; [x]
R2 YMDIPUUO;YMDIPUUO; [x]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-03-17 115952]
S2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [2009-01-28 185640]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-06 101936]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dae55d1f-2864-11da-9b38-00600fff1879}]
\Shell\AutoRun\command - J:\GETMYPIX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msimn.inf,User.Install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
rundll32.exe advpack.dll,LaunchINFSection c:\windows\INF\msimn.inf,User.Install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2009-04-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-04-15 c:\windows\Tasks\Uninstall Expiration Reminder.job
- c:\windows\System32\OOBE\oobebaln.exe [2004-09-25 00:12]
2009-04-15 c:\windows\Tasks\WebReg HP Photosmart 8200 Series.job
- c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exe [2007-03-12 01:27]
.
- - - - ORPHANS REMOVED - - - -
BHO-{00A6FAF1-072E-44cf-8957-5838F569A31D} - c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
BHO-{1428A472-5260-404E-9977-7ECDF1DAF936} - c:\windows\system32\mukmil.dll
BHO-{7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
BHO-{B97B2E3B-ECF5-C558-ADFF-943B877623C7} - blank
Notify-daeaddafaeccfc - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: &Search - ?p=ZUxdm486YYUS
IE: &Web Search - c:\windows\WEB\selsearch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: I&mages List - c:\windows\Web\imglist.htm
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom O&ut - c:\windows\WEB\zoomout.htm
Trusted Zone: cartoonnetwork.com\www
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
DPF: {127CE7BA-AD89-4108-A913-C52EFC037C36}
DPF: {2776DDE9-D4B2-4BF7-9F98-ADC1A1B80AF5}
DPF: {7AEB674E-4089-11D1-93F0-00A0241763CD} - hxxp://www1.coolsavings.com/download/CouponX.cab
DPF: {87056D28-9730-4A47-B9F9-7E890B62C58A} - hxxp://aolsvc.aol.com/onlinegames/ghtumblebugs/axhost.cab
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-15 19:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,2f,84,ec,8e,cb,
0a,7a,87,2e,e8,e1,00,eb,16,2b,de,f8,ac,f3,a7,28,19,a4,b9,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,96,5a,25,3c,e9,
8d,d3,8f,46,47,15,b0,92,4b,c7,ef,2e,48,2f,d4,8b,52,95,55,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,2d,7e,4a,13,fc,
61,42,4c,7a,45,05,fd,91,e8,6f,31,7f,a1,b5,28,38,e9,bd,27,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,dc,7e,d8,c5,67,
0a,5d,2d,6b,65,49,6a,7e,99,74,f7,ec,4c,89,40,65,e4,76,bd,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,8f,34,36,22,61,
ba,bb,26,e9,02,6c,fa,fb,1d,47,57,eb,fb,cb,1f,b7,a7,ce,4c,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,2a,44,4c,23,85,
7c,ad,7c,50,93,e5,ab,ec,6a,4e,ab,7f,63,c7,fc,b1,0d,cb,d3,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,93,82,24,c6,d5,
11,97,5b,97,20,4e,9a,c7,f1,35,ee,06,4e,d2,39,f5,9a,91,46,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,ff,85,1a,3b,b1,
07,53,29,aa,52,c6,00,84,3c,26,64,e7,d3,93,b7,2c,ff,30,90,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,0e,ac,dd,ba,f0,
9d,a9,79,b2,46,9a,e2,1b,fe,1b,94,ae,c1,2a,e1,63,f1,f6,98,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,ce,f6,04,ed,81,
29,f8,91,37,a4,aa,c3,a6,15,56,0a,67,ee,f1,66,9d,23,4b,f9,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,56,2d,7d,a4,a7,
6b,19,06,f8,31,0f,a9,5f,a0,ec,fb,ee,eb,41,df,ce,4e,7f,92,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,33,8e,8f,7b,8d,
89,f8,cb,05,73,21,dd,54,d8,4a,c5,5f,8a,d5,be,87,38,f2,92,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2952)
c:\windows\system32\hnetcfg.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\SYSTEM32\DRIVERS\CDAC11BA.EXE
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\program files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
.
**************************************************************************
.
Completion time: 2009-04-15 19:57 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-15 23:57
Pre-Run: 75,856,633,856 bytes free
Post-Run: 75,770,564,608 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout = 30
default = multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS = "Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
544 --- E O F --- 2009-04-15 13:39