ComboFix 09-09-22.01 - User 09/22/2009 19:15.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.768 [GMT -4:00] Running from: c:\documents and settings\User\Desktop\Combo-Fix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\awdym.exe c:\documents and settings\All Users\Application Data\gra\WSTEch.dll c:\documents and settings\All Users\Application Data\ivame.exe c:\documents and settings\All Users\Application Data\pujom.dl c:\documents and settings\All Users\Documents\apymyf.reg c:\documents and settings\All Users\Documents\aqilyroca.pif c:\documents and settings\All Users\Documents\julu.dl c:\documents and settings\All Users\Documents\nycyvejab.reg c:\documents and settings\User\Application Data\ijihimoki.bin c:\documents and settings\User\Application Data\inst.exe c:\documents and settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk c:\documents and settings\User\Cookies\kubucim.com c:\documents and settings\User\Cookies\udydufuqi.inf c:\documents and settings\User\Local Settings\Application Data\givo.scr c:\documents and settings\User\Local Settings\Application Data\wyguly.com c:\documents and settings\User\Start Menu\Programs\AntivirusPro_2010 c:\documents and settings\User\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk c:\documents and settings\User\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk c:\documents and settings\User\XP Deluxe Protector c:\documents and settings\User\XP Deluxe Protector\xpdeluxe.exe C:\LOG14.tmp C:\LOG3.tmp C:\LOG4.tmp C:\LOG5.tmp C:\LOG6.tmp c:\program files\AntivirusPro_2010 c:\program files\AntivirusPro_2010\AntivirusPro_2010.cfg c:\program files\AntivirusPro_2010\AVEngn.dll c:\program files\AntivirusPro_2010\data\daily.cvd c:\program files\AntivirusPro_2010\htmlayout.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\Microsoft.VC80.CRT.manifest c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcm80.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcp80.dll c:\program files\AntivirusPro_2010\Microsoft.VC80.CRT\msvcr80.dll c:\program files\AntivirusPro_2010\pthreadVC2.dll c:\program files\AntivirusPro_2010\Uninstall.exe c:\program files\AntivirusPro_2010\wscui.cpl c:\program files\Common Files\ocabegyduz.vbs c:\program files\Common Files\pyxil.bin c:\program files\Windows Antivirus Pro c:\program files\Windows Antivirus Pro\msvcm80.dll c:\program files\Windows Antivirus Pro\msvcp80.dll c:\program files\Windows Antivirus Pro\msvcr80.dll c:\program files\Windows Antivirus Pro\tmp\dbsinit.exe c:\program files\Windows Antivirus Pro\tmp\images\i1.gif c:\program files\Windows Antivirus Pro\tmp\images\i2.gif c:\program files\Windows Antivirus Pro\tmp\images\i3.gif c:\program files\Windows Antivirus Pro\tmp\images\j1.gif c:\program files\Windows Antivirus Pro\tmp\images\j2.gif c:\program files\Windows Antivirus Pro\tmp\images\j3.gif c:\program files\Windows Antivirus Pro\tmp\images\jj1.gif c:\program files\Windows Antivirus Pro\tmp\images\jj2.gif c:\program files\Windows Antivirus Pro\tmp\images\jj3.gif c:\program files\Windows Antivirus Pro\tmp\images\l1.gif c:\program files\Windows Antivirus Pro\tmp\images\l2.gif c:\program files\Windows Antivirus Pro\tmp\images\l3.gif c:\program files\Windows Antivirus Pro\tmp\images\pix.gif c:\program files\Windows Antivirus Pro\tmp\images\t1.gif c:\program files\Windows Antivirus Pro\tmp\images\t2.gif c:\program files\Windows Antivirus Pro\tmp\images\up1.gif c:\program files\Windows Antivirus Pro\tmp\images\up2.gif c:\program files\Windows Antivirus Pro\tmp\images\w1.gif c:\program files\Windows Antivirus Pro\tmp\images\w11.gif c:\program files\Windows Antivirus Pro\tmp\images\w2.gif c:\program files\Windows Antivirus Pro\tmp\images\w3.gif c:\program files\Windows Antivirus Pro\tmp\images\w3.jpg c:\program files\Windows Antivirus Pro\tmp\images\wt1.gif c:\program files\Windows Antivirus Pro\tmp\images\wt2.gif c:\program files\Windows Antivirus Pro\tmp\images\wt3.gif c:\program files\Windows Antivirus Pro\tmp\wispex.html c:\program files\Windows Police Pro c:\program files\Windows Police Pro\msvcm80.dll c:\program files\Windows Police Pro\msvcp80.dll c:\program files\Windows Police Pro\msvcr80.dll c:\windows\braviax.exe c:\windows\cru629.dat c:\windows\ifoyulidemaw.dll c:\windows\Installer\3a89820.msi c:\windows\Installer\5d692ae2.msp c:\windows\Installer\5d692af6.msp c:\windows\Installer\5d692b0a.msp c:\windows\jiqig.reg c:\windows\manome.dll c:\windows\svchast.exe c:\windows\system32\_scui.cpl c:\windows\system32\18467.exe c:\windows\system32\41.exe c:\windows\system32\amuwafef.ini c:\windows\system32\AVR09.exe c:\windows\system32\braviax.exe c:\windows\system32\critical_warning.html c:\windows\system32\cru629.dat c:\windows\system32\drivers\hjgruionvvmkmf.sys c:\windows\system32\drivers\UACxjlqpuwljb.sys c:\windows\system32\gdi32lib.dll c:\windows\system32\gebojele.dll c:\windows\system32\gumija.reg c:\windows\system32\hjgruidslajctv.dll c:\windows\system32\hjgruidulltpql.dat c:\windows\system32\hjgruiohbogrkr.dll c:\windows\system32\hjgruipavfmesf.dat c:\windows\system32\images c:\windows\system32\images\i1.gif c:\windows\system32\images\i2.gif c:\windows\system32\images\i3.gif c:\windows\system32\images\j1.gif c:\windows\system32\images\j2.gif c:\windows\system32\images\j3.gif c:\windows\system32\images\jj1.gif c:\windows\system32\images\jj2.gif c:\windows\system32\images\jj3.gif c:\windows\system32\images\l1.gif c:\windows\system32\images\l2.gif c:\windows\system32\images\l3.gif c:\windows\system32\images\pix.gif c:\windows\system32\images\t1.gif c:\windows\system32\images\t2.gif c:\windows\system32\images\up1.gif c:\windows\system32\images\up2.gif c:\windows\system32\images\w1.gif c:\windows\system32\images\w11.gif c:\windows\system32\images\w2.gif c:\windows\system32\images\w3.gif c:\windows\system32\images\w3.jpg c:\windows\system32\images\wt1.gif c:\windows\system32\images\wt2.gif c:\windows\system32\images\wt3.gif c:\windows\system32\leyepeno.exe c:\windows\system32\mamapome.dll c:\windows\system32\mepepora.exe c:\windows\system32\onhelp.htm c:\windows\system32\sonhelp.htm c:\windows\system32\taJF83ikdmf.dll c:\windows\system32\tapi.nfo c:\windows\system32\togemobo.dll c:\windows\system32\UACabwtsnbaoy.dll c:\windows\system32\udurumay.ini c:\windows\system32\winhelper.dll c:\windows\system32\winupdate.exe c:\windows\system32\wisdstr.exe c:\windows\system32\wispex.html c:\windows\tolyqedusu.bin c:\windows\tyxenyv.vbs c:\windows\system32\drivers\beep.sys . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_hjgruiyqjblgiy -------\Legacy_hjgruiyqjblgiy -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE} ((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 ))))))))))))))))))))))))))))))) . 2009-09-22 19:32 . 2009-09-22 19:34 -------- d-----w- c:\program files\123 2009-09-22 18:58 . 2009-09-22 18:59 -------- d-----w- c:\program files\ERUNT 2009-09-22 15:52 . 2009-09-22 16:02 -------- d-----w- c:\program files\Doug 2009-09-22 15:37 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys 2009-09-22 15:37 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys 2009-09-06 03:27 . 2009-09-06 03:27 -------- d-----w- C:\My Documents 2009-09-06 00:44 . 2009-09-06 00:44 -------- d-----w- c:\windows\All Users 2009-09-05 17:18 . 2009-09-05 18:28 51712 ----a-w- C:\alolb.exe 2009-09-05 17:17 . 2009-09-05 17:17 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe 2009-08-27 15:52 . 2009-08-27 15:52 19968 ----a-w- c:\windows\system32\win32xcpw.exe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-09-22 23:28 . 2009-09-05 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\gra 2009-09-22 21:58 . 2008-01-15 18:25 -------- d-----w- c:\documents and settings\User\Application Data\U3 2009-09-22 15:55 . 2008-02-09 14:56 -------- d-----w- c:\program files\Motorola Homesight 2009-09-10 18:54 . 2009-04-24 20:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-09-10 18:53 . 2009-04-24 20:23 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-09-06 02:54 . 2009-09-05 23:13 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-09-05 17:37 . 2009-09-05 17:37 19861 ----a-w- c:\program files\Common Files\awodugogiw._sy 2009-09-04 17:24 . 2007-11-30 14:46 -------- d-----w- c:\documents and settings\User\Application Data\Canon 2009-09-02 21:38 . 2007-11-25 18:23 294824 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-08-27 15:53 . 2009-07-30 19:46 19968 ----a-w- c:\windows\system32\perfc5932.dat 2009-08-27 15:53 . 2009-07-30 19:46 1 ----a-w- c:\windows\system32\perfc7683.dat 2009-08-23 07:38 . 2009-05-08 01:17 -------- d-----w- c:\documents and settings\User\Application Data\FrostWire 2009-08-22 02:16 . 2009-04-24 20:23 -------- d-----w- c:\program files\fall 2009-08-19 18:06 . 2008-02-03 20:46 -------- d-----w- c:\program files\EA GAMES 2009-08-18 19:07 . 2009-08-18 19:07 -------- d-----w- c:\program files\MeDs-Movie-Manager 2009-08-18 10:00 . 2009-08-18 10:00 -------- d-----w- c:\program files\NortonInstaller 2009-08-18 10:00 . 2009-08-18 10:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2009-08-18 06:54 . 2009-08-18 06:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-08-18 06:54 . 2009-08-18 06:54 -------- d-----w- c:\program files\NOS 2009-08-17 14:36 . 2009-08-17 14:36 288768 ----a-w- C:\gmer.exe 2009-08-14 18:20 . 2007-11-25 22:33 -------- d-----w- c:\program files\MSBuild 2009-08-14 18:20 . 2009-08-14 18:20 -------- d-----w- c:\program files\Reference Assemblies 2009-08-14 07:05 . 2007-11-25 22:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-08-11 16:39 . 2009-08-11 16:39 19968 ----a-w- c:\windows\system32\winxp32sndpc.exe 2009-08-05 09:01 . 2003-03-31 14:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-07-31 17:38 . 2009-07-31 17:38 0 ----a-w- c:\windows\system32\mmd109en.dat 2009-07-31 17:38 . 2009-07-31 17:38 0 ----a-w- c:\windows\system32\cok458en.dat 2009-07-31 17:37 . 2009-02-07 01:00 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-17 19:01 . 2003-03-31 14:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-14 03:43 . 2004-08-04 07:56 286208 ------w- c:\windows\system32\wmpdxm.dll 2009-07-03 17:09 . 2006-06-23 16:33 915456 ----a-w- c:\windows\system32\wininet.dll 2008-10-08 21:30 . 2008-10-08 21:30 284248 ----a-w- c:\program files\npmusicn.dll 2009-04-20 11:00 . 2009-01-20 11:00 47104 -csha-w- c:\windows\system32\bafumeri.exe 2009-04-20 23:01 . 2009-01-20 23:01 47104 -csha-w- c:\windows\system32\dohutuge.exe 2009-04-19 23:00 . 2009-01-19 23:00 47104 -csha-w- c:\windows\system32\hemewima.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-03 133104] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2007-09-23 292152] "SetRefresh"="c:\program files\COMPAQ\SetRefresh\\SetRefresh.exe" [2003-11-20 525824] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2003-08-15 70816] "NAV CfgWiz"="c:\program files\Common Files\Symantec Shared\CfgWiz.exe" [2003-08-15 124096] "Symantec NetDriver Monitor"="c:\progra~1\SYMNET~1\SNDMon.exe" [2007-11-25 95960] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-11 39792] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [2003-06-18 54472] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSetActiveDesktop"= 1 (0x1) "NoActiveDesktopChanges"= 1 (0x1) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"= "c:\\Program Files\\Motorola Homesight\\mhm.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\webcamXP\\webcamXP.exe"= "c:\\Program Files\\Beyond Compare 2\\BC2.exe"= "c:\\Program Files\\Java\\jre1.6.0_03\\bin\\javaw.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Norton AntiVirus\\SAVScan.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\Adobe\\Reader 8.0\\Reader\\AcroRd32.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 R2 SlingAgentService;SlingAgent Service;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [12/10/2008 7:05 PM 88576] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/17/2008 6:40 PM 24652] S3 DualCoreCenter;DualCoreCenter;c:\biostools\NTGLM7X.sys [11/25/2007 1:09 PM 28160] S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [3/31/2003 10:00 AM 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-09-22 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com mStart Page = hxxp://www.google.com uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = *.local IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?1e8f2df842c64ccea38e13350e168697 IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?1e8f2df842c64ccea38e13350e168697 FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\kp5kezxy.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - file:///C:/Documents%20and%20Settings/All%20Users/Documents/home.htm FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\nploki.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll FF - HiddenExtension: XUL Cache: {2BF8947D-73AF-42B1-AE19-7A963759694F} - c:\documents and settings\User\Local Settings\Application Data\{2BF8947D-73AF-42B1-AE19-7A963759694F} FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- pref(dom.disable_open_during_load, true);. - - - - ORPHANS REMOVED - - - - BHO-{cee30070-046c-4219-80bd-33e32c83f598} - c:\windows\system32\gebojele.dll HKCU-Run-µTorrent - c:\toolbars\Web\utorrent.exe HKCU-Run-nadutamafu - c:\windows\system32\mamapome.dll HKLM-Run-nadutamafu - c:\windows\system32\mamapome.dll AddRemove-Win Antivirus Pro - c:\program files\Windows Antivirus Pro\AntiSpyware_Uninstall.exe AddRemove-Win Police Pro - c:\program files\Windows Police Pro\AntiSpyware_Uninstall.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-09-22 19:34 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,3b,bc,d5,78,c0,54,40,a9,26,a7,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,3b,bc,d5,78,c0,54,40,a9,26,a7,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}] @Denied: (A 2) (Everyone) @="IFlashBroker3" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3060) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\mshtml.dll c:\windows\system32\msls31.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Common Files\Symantec Shared\ccSetMgr.exe c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Norton AntiVirus\navapsvc.exe c:\program files\Norton AntiVirus\SAVScan.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-09-22 20:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-09-23 00:14 Pre-Run: 14,143,266,816 bytes free Post-Run: 14,029,938,688 bytes free Current=7 Default=7 Failed=6 LastKnownGood=8 Sets=1,2,3,4,5,6,7,8 373 --- E O F --- 2009-09-02 07:00