Computer seems to be running well with no more fake security pop ups Thanks.
new combo fix log
ComboFix 08-12-29.02 - Kathleen Rosen 2008-12-30 15:20:50.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.587 [GMT -5:00]
Running from: c:\documents and settings\Kathleen Rosen\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Kathleen Rosen\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*
* Created a new restore point
FILE ::
c:\windows\system32\Agent.OMZ.Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\Agent.OMZ.Fix.exe
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-30 )))))))))))))))))))))))))))))))
.
2008-12-30 15:00 . 2008-12-30 15:06 <DIR> d-------- c:\documents and settings\Kathleen Rosen\.SunDownloadManager
2008-12-30 14:01 . 2008-12-30 14:01 <DIR> d-------- c:\documents and settings\seth rosen\Application Data\Malwarebytes
2008-12-30 11:47 . 2008-12-30 11:47 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-30 11:47 . 2008-12-30 11:47 <DIR> d-------- c:\documents and settings\Kathleen Rosen\Application Data\Malwarebytes
2008-12-30 11:47 . 2008-12-30 11:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 11:47 . 2008-12-03 19:59 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-30 11:47 . 2008-12-03 19:59 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-29 00:07 . 2008-12-29 00:07 <DIR> d-------- c:\program files\Kaspersky Lab
2008-12-29 00:07 . 2008-12-30 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-12-29 00:07 . 2008-12-30 15:10 4,408,352 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-12-29 00:07 . 2008-12-30 15:10 696,352 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-12-29 00:07 . 2008-12-29 00:07 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-12-29 00:07 . 2008-12-29 00:07 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-12-29 00:07 . 2008-12-30 15:10 35,520 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-12-29 00:07 . 2008-12-30 15:10 3,460 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-12-28 23:09 . 2008-12-28 23:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-12-28 16:09 . 2008-12-28 16:09 0 --a------ c:\documents and settings\Kathleen Rosen\Application Data\wklnhst.dat
2008-12-26 11:49 . 2008-12-26 11:49 <DIR> d-------- c:\program files\Trend Micro
2008-12-26 11:09 . 2008-12-26 11:09 <DIR> d-------- C:\VundoFix Backups
2008-12-26 10:48 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-26 10:48 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-26 00:12 . 2008-12-28 22:50 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-26 00:12 . 2008-12-26 00:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-25 16:51 . 2008-12-28 22:50 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-25 16:51 . 2008-12-28 22:50 <DIR> d-------- c:\documents and settings\Kathleen Rosen\Application Data\SUPERAntiSpyware.com
2008-12-25 16:39 . 2008-12-25 16:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-25 15:46 . 2008-12-25 15:46 <DIR> d-------- c:\program files\Microsoft Windows OneCare Live
2008-12-25 15:46 . 2008-12-26 00:12 <DIR> d-------- C:\79a151d8d86cd075c935
2008-12-25 11:32 . 2008-12-26 00:12 <DIR> d-------- c:\program files\Windows Live Safety Center
2008-12-25 01:37 . 2008-04-13 19:12 26,112 --a------ c:\windows\system32\dllcache\userinit.exe
2008-12-24 13:57 . 2008-12-24 13:57 <DIR> d-------- c:\program files\Trivial Pursuit Choice
2008-12-24 13:57 . 2008-12-24 13:57 <DIR> d-------- c:\documents and settings\Kathleen Rosen\Application Data\Hasbro
2008-12-18 17:01 . 2008-12-24 11:11 <DIR> d-------- c:\program files\Mystery Case Files - Return to Ravenhearst
2008-12-16 17:45 . 2008-12-16 17:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\PlayFirst
2008-12-16 16:49 . 2008-12-16 16:49 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-12 22:21 . 2008-12-12 22:22 <DIR> d-------- c:\documents and settings\seth rosen\Application Data\Move Networks
2008-12-12 22:15 . 2008-12-12 22:15 <DIR> d-------- c:\documents and settings\seth rosen\Application Data\Nikon
2008-12-12 13:26 . 2008-12-12 13:26 <DIR> d-------- c:\documents and settings\Kathleen Rosen\Application Data\Shape games
2008-12-10 17:34 . 2008-12-10 17:34 <DIR> d-------- c:\program files\bfgclient
2008-12-10 17:33 . 2008-12-20 08:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-12-07 08:55 . 2008-12-07 08:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-12-03 14:26 . 2008-12-03 14:26 <DIR> d-------- c:\program files\New York Times
2008-12-01 09:25 . 2008-12-01 09:25 <DIR> d-------- c:\documents and settings\Kathleen Rosen\Application Data\GameHousev1005
2008-11-30 17:07 . 2008-11-30 17:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Gogii
2008-11-27 04:05 . 2008-12-24 22:29 79,548 --ah----- c:\windows\system32\mlfcache.dat
2008-11-18 19:10 . 2008-11-18 19:10 <DIR> d-------- c:\documents and settings\Kathleen Rosen\Application Data\iWin
2008-11-17 21:53 . 2008-11-17 21:53 <DIR> d-------- c:\program files\iTunes
2008-11-17 21:53 . 2008-11-17 21:53 <DIR> d-------- c:\program files\iPod
2008-11-17 21:53 . 2008-11-17 21:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-17 21:51 . 2008-11-17 21:51 <DIR> d-------- c:\program files\QuickTime
2008-11-15 17:09 . 2008-11-15 17:09 <DIR> d-------- c:\documents and settings\Kathleen Rosen\Application Data\Talkback
2008-11-15 16:52 . 2008-11-15 16:52 <DIR> d-------- c:\documents and settings\Kathleen Rosen\Application Data\Eyeblaster
2008-11-12 03:07 . 2008-09-04 12:15 1,106,944 --------- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 03:07 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-11 20:00 . 2008-11-11 20:00 218,376 --a------ c:\windows\system32\klogon.dll
2008-11-11 19:58 . 2008-11-11 19:58 25,601 --a------ c:\windows\system32\drivers\klopp.dat
2008-11-11 13:56 . 2008-12-13 09:04 <DIR> d-------- c:\program files\GameHouse
2008-11-11 13:56 . 2008-12-01 09:25 <DIR> d-------- c:\documents and settings\Kathleen Rosen\Application Data\GameHouse
2008-11-11 13:56 . 2008-11-11 13:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-30 20:16 --------- d-----w c:\documents and settings\Kathleen Rosen\Application Data\Delicious IE Extension
2008-12-30 19:57 --------- d-----w c:\program files\Java
2008-12-30 19:30 --------- d-----w c:\documents and settings\seth rosen\Application Data\Delicious IE Extension
2008-12-30 02:58 --------- d-----w c:\program files\BAE
2008-12-29 22:06 4,288 --sha-w c:\windows\system32\KGyGaAvL.sys
2008-12-29 04:59 --------- d-----w c:\program files\PC Tools AntiVirus
2008-12-29 03:59 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-12-29 03:44 --------- d-----w c:\documents and settings\Kathleen Rosen\Application Data\Lavasoft
2008-12-29 02:32 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-28 23:10 --------- d-----w c:\program files\Mystery Case Files - Ravenhearst
2008-12-26 05:26 --------- d-----w c:\program files\Microsoft Works
2008-12-25 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-12-25 15:57 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-17 00:51 --------- d-----w c:\program files\Google
2008-12-15 22:03 --------- d-----w c:\program files\Mystery Case Files - Prime Suspects
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-13 03:15 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2008-12-03 19:35 --------- d-----w c:\program files\The Print Shop 20
2008-11-18 19:31 --------- d-----w c:\program files\RealArcade
2008-11-18 02:51 --------- d-----w c:\program files\Common Files\Apple
2008-11-16 17:58 --------- d-----w c:\documents and settings\Kathleen Rosen\Application Data\Image Zone Express
2008-11-16 17:07 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 19:07 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:02 247,326 ------w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-19 23:38 2,004 ----a-w c:\windows\system32\ealregsnapshot1.reg
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-15 12:12 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-10 01:14 1,307,648 ----a-w c:\windows\system32\msxml6.dll
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\dllcache\msxml6.dll
2008-09-08 10:41 333,824 ------w c:\windows\system32\dllcache\srv.sys
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2007-02-16 21:19 774,144 ----a-w c:\program files\RngInterstitial.dll
2007-08-18 02:45 88 --sh--r c:\windows\system32\6F9D126C11.sys
2008-09-26 20:05 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092620080927\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\79a151d8d86cd075c935 ----
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\pt-br\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\nl-nl\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\nl-be\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\ko-kr\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\ja-jp\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\ja-jp-psloc\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\it-it\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\fr-fr\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\fr-ch\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\fr-ca\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\fr-be\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\es-us\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\es-mx\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\es-es\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\en-sg\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\en-nz\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\en-in\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\en-ie\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\en-hk\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\en-gb\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\en-ca\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\en-au\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\de-de\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\de-ch\
2008-12-26 00:12 0 d-------- c:\79a151d8d86cd075c935\de-at\
2008-11-05 13:54 95744 --a------ c:\79a151d8d86cd075c935\atl80.dll
2008-11-05 13:54 67952 --a------ c:\79a151d8d86cd075c935\ochelpagent.dll
2008-11-05 13:54 626688 --a------ c:\79a151d8d86cd075c935\msvcr80.dll
2008-11-05 13:54 595312 --a------ c:\79a151d8d86cd075c935\winssplatform.dll
2008-11-05 13:54 56176 --a------ c:\79a151d8d86cd075c935\conflictingappmodule.dll
2008-11-05 13:54 548864 --a------ c:\79a151d8d86cd075c935\msvcp80.dll
2008-11-05 13:54 54640 --a------ c:\79a151d8d86cd075c935\cert.dll
2008-11-05 13:54 522 --a------ c:\79a151d8d86cd075c935\microsoft.vc80.crt.manifest
2008-11-05 13:54 5102 --a------ c:\79a151d8d86cd075c935\service.xml
2008-11-05 13:54 456 --a------ c:\79a151d8d86cd075c935\microsoft.vc80.atl.manifest
2008-11-05 13:54 368496 --a------ c:\79a151d8d86cd075c935\ocsetup.exe
2008-11-05 13:54 261488 --a------ c:\79a151d8d86cd075c935\winsscommon.dll
2008-11-05 13:54 122736 --a------ c:\79a151d8d86cd075c935\ocsetupro.dll
2008-11-05 13:54 122578 --a------ c:\79a151d8d86cd075c935\eula.rtf
---- Directory of c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9 ----
2008-12-14 22:23 270 --a------ c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9\profile.ini
((((((((((((((((((((((((((((( snapshot@2008-12-29_22.34.50.65 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-30 02:29:57 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-30 16:12:40 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-30 02:29:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-30 16:12:40 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-30 20:11:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_b0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-07-16 389120]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"PRISMSVR.EXE"="c:\windows\system32\PRISMSVR.EXE" [2004-04-13 290905]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-07-12 1117184]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 53248]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-02-16 185896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-16 136600]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 61440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-11-11 206088]
"SigmatelSysTrayApp"="stsystra.exe" [2006-02-10 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
2Wire Wireless Client.lnk - c:\program files\2Wire 802.11g Wireless\PRISMCFG.EXE [2006-10-21 335979]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576]
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2006-10-22 315392]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 210520]
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2006-12-15 118784]
TotalMedia Backup Monitor.lnk - c:\program files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe [2008-06-07 270336]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Adobe\\Photoshop Elements 5.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\Amazon\\Amazon Unbox Video\\ADVWindowsClientApp.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-04-30 24592]
S3 WlanUIG;2Wire 802.11g USB Driver;c:\windows\system32\DRIVERS\WlanUIG.sys [2006-10-21 347648]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
.
Contents of the 'Scheduled Tasks' folder
2008-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-12-30 c:\windows\Tasks\User_Feed_Synchronization-{7040A39C-030D-46EB-8618-D97094542798}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:58]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: {{2C887991-08F0-11DC-A9B2-0012F0B227DD} - {B8D8B1D0-83AF-451B-8CD9-8F1BF4ED8FEA} - c:\program files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
IE: {{2C887992-08F0-11DC-A9B2-0012F0B227DD} - {9D19C405-BA93-461b-871F-97992CC45972} - c:\program files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
IE: {{2C887993-08F0-11DC-A9B2-0012F0B227DD} - {4D3D441F-9543-4941-B664-2EDCF9FC1B56} - c:\program files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://aolsvc.aol.com/onlinegames/ghbab ... player.cabc:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-30 15:24:11
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-30 15:26:05
ComboFix-quarantined-files.txt 2008-12-30 20:25:24
Pre-Run: 57,753,366,528 bytes free
Post-Run: 57,793,073,152 bytes free
280 --- E O F --- 2008-12-18 08:00:56
***NEW HIJACK THIS LOG:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:12:24, on 12/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\system32\PRISMSVR.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\2Wire 802.11g Wireless\PRISMCFG.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\WgaTray.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: CDelHotkeys Object - {78875F5C-A685-4405-8DC5-D48DC65452B0} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Delicious Toolbar - {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\WINDOWS\system32\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - Global Startup: 2Wire Wireless Client.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: TotalMedia Backup Monitor.lnk = C:\Program Files\ArcSoft\TotalMedia Backup & Record\uBBMonitor.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Delicious - {2C887991-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Bookmarks - {2C887992-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Tag - {2C887993-08F0-11DC-A9B2-0012F0B227DD} - C:\Program Files\Delicious Add-on for Internet Explorer\DeliciousExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se6662.cabO16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) -
http://h20270.www2.hp.com/ediags/gmn2/i ... ection.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 0269025828O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) -
http://aolsvc.aol.com/onlinegames/ghbab ... player.cabO23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
--
End of file - 10327 bytes