Computer is running much better. Thanks so much!!
ComboFix 09-05-05.03 - HP_Owner 05/06/2009 19:31.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.503.169 [GMT -4:00]
Running from: c:\documents and settings\HP_Owner.THEBAMAS\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Owner.THEBAMAS\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
AV: COMODO Antivirus *On-access scanning disabled* (Updated)
FW: COMODO Firewall *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\32788R22FWJFW.0.tmp
c:\32788r22fwjfw.0.tmp\hidec.exe
c:\32788r22fwjfw.0.tmp\history.bat
c:\32788r22fwjfw.0.tmp\image001.gif
c:\32788r22fwjfw.0.tmp\Install-RC.cmd
c:\32788r22fwjfw.0.tmp\katch.cmd
c:\32788r22fwjfw.0.tmp\Kill-All.cmd
c:\32788r22fwjfw.0.tmp\Kollect.bat
c:\32788r22fwjfw.0.tmp\Lang.bat
c:\32788r22fwjfw.0.tmp\License\Curl - license.txt
c:\32788r22fwjfw.0.tmp\License\dumphive-license.txt
c:\32788r22fwjfw.0.tmp\License\EXTRACT.TXT
c:\32788r22fwjfw.0.tmp\License\FI - license.txt
c:\32788r22fwjfw.0.tmp\License\mtee.txt.txt
c:\32788r22fwjfw.0.tmp\License\pv_5_2_2.zip
c:\32788r22fwjfw.0.tmp\License\streamtools.zip
c:\32788r22fwjfw.0.tmp\License\UnxUtilsDist.html
c:\32788r22fwjfw.0.tmp\License\Zip - license.txt
c:\32788r22fwjfw.0.tmp\List-B.bat
c:\32788r22fwjfw.0.tmp\List-C.bat
c:\32788r22fwjfw.0.tmp\List-D.bat
c:\32788r22fwjfw.0.tmp\List.bat
c:\32788r22fwjfw.0.tmp\lnkread.vbs
c:\32788r22fwjfw.0.tmp\LocalService.dat
c:\32788r22fwjfw.0.tmp\LocalServiceNetworkRestricted.dat
c:\32788r22fwjfw.0.tmp\LocalSystemNetworkRestricted.dat
c:\32788r22fwjfw.0.tmp\md5sum.pif
c:\32788r22fwjfw.0.tmp\moveex.cfexe
c:\32788r22fwjfw.0.tmp\MoveIt.bat
c:\32788r22fwjfw.0.tmp\mtee.cfexe
c:\32788r22fwjfw.0.tmp\mynul.dat
c:\32788r22fwjfw.0.tmp\n.com
c:\32788r22fwjfw.0.tmp\N_\15878
c:\32788r22fwjfw.0.tmp\N_\17290
c:\32788r22fwjfw.0.tmp\N_\22627
c:\32788r22fwjfw.0.tmp\N_\31523
c:\32788r22fwjfw.0.tmp\N_\N
c:\32788r22fwjfw.0.tmp\ND_.bat
c:\32788r22fwjfw.0.tmp\ndis_combofix.dat
c:\32788r22fwjfw.0.tmp\netsvc.bad.dat
c:\32788r22fwjfw.0.tmp\netsvc.dat
c:\32788r22fwjfw.0.tmp\netsvc.vista.dat
c:\32788r22fwjfw.0.tmp\netsvc.xp.dat
c:\32788r22fwjfw.0.tmp\NetworkService.dat
c:\32788r22fwjfw.0.tmp\NirCmd.cfexe
c:\32788r22fwjfw.0.tmp\Nircmd.com
c:\32788r22fwjfw.0.tmp\NirCmdC.cfexe
c:\32788r22fwjfw.0.tmp\NlsLanguageDefault
c:\32788r22fwjfw.0.tmp\NT-OS.cmd
c:\32788r22fwjfw.0.tmp\Oldsfxname00
c:\32788r22fwjfw.0.tmp\OSid.vbs
c:\32788r22fwjfw.0.tmp\OsVer
c:\32788r22fwjfw.0.tmp\pev.cfexe
c:\32788r22fwjfw.0.tmp\pev.exe
c:\32788r22fwjfw.0.tmp\Policies.dat
c:\32788r22fwjfw.0.tmp\Prep.cmd
c:\32788r22fwjfw.0.tmp\Prep.inf
c:\32788r22fwjfw.0.tmp\psexec.cfexe
c:\32788r22fwjfw.0.tmp\Purity.dat
c:\32788r22fwjfw.0.tmp\pv.cfexe
c:\32788r22fwjfw.0.tmp\RCLink.dat
c:\32788r22fwjfw.0.tmp\REGDACL.sed
c:\32788r22fwjfw.0.tmp\RegDo.sed
c:\32788r22fwjfw.0.tmp\region.dat
c:\32788r22fwjfw.0.tmp\RegScan.cmd
c:\32788r22fwjfw.0.tmp\Resident.txt
c:\32788r22fwjfw.0.tmp\restore_pt.vbs
c:\32788r22fwjfw.0.tmp\RestoreO4.bat
c:\32788r22fwjfw.0.tmp\Rkey.cmd
c:\32788r22fwjfw.0.tmp\rogues.dat
c:\32788r22fwjfw.0.tmp\run2.sed
c:\32788r22fwjfw.0.tmp\safeboot.dat
c:\32788r22fwjfw.0.tmp\safeboot.def.dat
c:\32788r22fwjfw.0.tmp\safeboot.def.vista.dat
c:\32788r22fwjfw.0.tmp\SafeBootRepair.bat
c:\32788r22fwjfw.0.tmp\sed.cfexe
c:\32788r22fwjfw.0.tmp\SetEnvmt.bat
c:\32788r22fwjfw.0.tmp\setpath.cfexe
c:\32788r22fwjfw.0.tmp\sfx.cmd
c:\32788r22fwjfw.0.tmp\SnapShot.cmd
c:\32788r22fwjfw.0.tmp\SRestore.cmd
c:\32788r22fwjfw.0.tmp\srizbi.md5
c:\32788r22fwjfw.0.tmp\SuppScan.cmd
c:\32788r22fwjfw.0.tmp\svc_wht.dat
c:\32788r22fwjfw.0.tmp\SvcDrv.vbs
c:\32788r22fwjfw.0.tmp\svchost.dat
c:\32788r22fwjfw.0.tmp\svchost.vista.dat
c:\32788r22fwjfw.0.tmp\swreg.exe
c:\32788r22fwjfw.0.tmp\swsc.cfexe
c:\32788r22fwjfw.0.tmp\swxcacls.cfexe
c:\32788r22fwjfw.0.tmp\system_ini.dat
c:\32788r22fwjfw.0.tmp\tail.cfexe
c:\32788r22fwjfw.0.tmp\toolbar.sed
c:\32788r22fwjfw.0.tmp\unzip.cfexe
c:\32788r22fwjfw.0.tmp\Update-CF.cmd
c:\32788r22fwjfw.0.tmp\vistareg.dat
c:\32788r22fwjfw.0.tmp\w2kreg.dat
c:\32788r22fwjfw.0.tmp\xpreg.dat
c:\32788r22fwjfw.0.tmp\zDomain.dat
c:\32788r22fwjfw.0.tmp\zhsvc.dat
c:\32788r22fwjfw.0.tmp\zip.cfexe
C:\32788R22FWJFW.1.tmp
c:\32788r22fwjfw.1.tmp\hidec.exe
c:\32788r22fwjfw.1.tmp\psexec.cfexe
C:\32788R22FWJFW.2.tmp
c:\32788r22fwjfw.2.tmp\hidec.exe
c:\32788r22fwjfw.2.tmp\psexec.cfexe
C:\32788R22FWJFW.3.tmp
c:\32788r22fwjfw.3.tmp\hidec.exe
C:\32788R22FWJFW.4.tmp
c:\32788r22fwjfw.4.tmp\hidec.exe
c:\32788r22fwjfw.4.tmp\history.bat
c:\32788r22fwjfw.4.tmp\image001.gif
c:\32788r22fwjfw.4.tmp\Install-RC.cmd
c:\32788r22fwjfw.4.tmp\katch.cmd
c:\32788r22fwjfw.4.tmp\Kill-All.cmd
c:\32788r22fwjfw.4.tmp\Kollect.bat
c:\32788r22fwjfw.4.tmp\Lang.bat
c:\32788r22fwjfw.4.tmp\License\Curl - license.txt
c:\32788r22fwjfw.4.tmp\License\dumphive-license.txt
c:\32788r22fwjfw.4.tmp\License\EXTRACT.TXT
c:\32788r22fwjfw.4.tmp\License\FI - license.txt
c:\32788r22fwjfw.4.tmp\License\mtee.txt.txt
c:\32788r22fwjfw.4.tmp\License\pv_5_2_2.zip
c:\32788r22fwjfw.4.tmp\License\streamtools.zip
c:\32788r22fwjfw.4.tmp\License\UnxUtilsDist.html
c:\32788r22fwjfw.4.tmp\License\Zip - license.txt
c:\32788r22fwjfw.4.tmp\List-B.bat
c:\32788r22fwjfw.4.tmp\List-C.bat
c:\32788r22fwjfw.4.tmp\List-D.bat
c:\32788r22fwjfw.4.tmp\List.bat
c:\32788r22fwjfw.4.tmp\lnkread.vbs
c:\32788r22fwjfw.4.tmp\LocalService.dat
c:\32788r22fwjfw.4.tmp\LocalServiceNetworkRestricted.dat
c:\32788r22fwjfw.4.tmp\LocalSystemNetworkRestricted.dat
c:\32788r22fwjfw.4.tmp\md5sum.pif
c:\32788r22fwjfw.4.tmp\moveex.cfexe
c:\32788r22fwjfw.4.tmp\MoveIt.bat
c:\32788r22fwjfw.4.tmp\mtee.cfexe
c:\32788r22fwjfw.4.tmp\mynul.dat
c:\32788r22fwjfw.4.tmp\n.com
c:\32788r22fwjfw.4.tmp\N_\10279
c:\32788r22fwjfw.4.tmp\N_\11656
c:\32788r22fwjfw.4.tmp\N_\16585
c:\32788r22fwjfw.4.tmp\N_\17439
c:\32788r22fwjfw.4.tmp\N_\22475
c:\32788r22fwjfw.4.tmp\N_\27609
c:\32788r22fwjfw.4.tmp\N_\6968
c:\32788r22fwjfw.4.tmp\N_\N
c:\32788r22fwjfw.4.tmp\ND_.bat
c:\32788r22fwjfw.4.tmp\ndis_combofix.dat
c:\32788r22fwjfw.4.tmp\netsvc.bad.dat
c:\32788r22fwjfw.4.tmp\netsvc.dat
c:\32788r22fwjfw.4.tmp\netsvc.vista.dat
c:\32788r22fwjfw.4.tmp\netsvc.xp.dat
c:\32788r22fwjfw.4.tmp\NetworkService.dat
c:\32788r22fwjfw.4.tmp\NirCmd.cfexe
c:\32788r22fwjfw.4.tmp\Nircmd.com
c:\32788r22fwjfw.4.tmp\NirCmdC.cfexe
c:\32788r22fwjfw.4.tmp\NlsLanguageDefault
c:\32788r22fwjfw.4.tmp\NT-OS.cmd
c:\32788r22fwjfw.4.tmp\OSid.vbs
c:\32788r22fwjfw.4.tmp\OsVer
c:\32788r22fwjfw.4.tmp\pev.cfexe
c:\32788r22fwjfw.4.tmp\pev.exe
c:\32788r22fwjfw.4.tmp\Policies.dat
c:\32788r22fwjfw.4.tmp\Prep.cmd
c:\32788r22fwjfw.4.tmp\Prep.inf
c:\32788r22fwjfw.4.tmp\psexec.cfexe
c:\32788r22fwjfw.4.tmp\Purity.dat
c:\32788r22fwjfw.4.tmp\pv.cfexe
c:\32788r22fwjfw.4.tmp\RCLink.dat
c:\32788r22fwjfw.4.tmp\REGDACL.sed
c:\32788r22fwjfw.4.tmp\RegDo.sed
c:\32788r22fwjfw.4.tmp\region.dat
c:\32788r22fwjfw.4.tmp\RegScan.cmd
c:\32788r22fwjfw.4.tmp\Resident.txt
c:\32788r22fwjfw.4.tmp\restore_pt.vbs
c:\32788r22fwjfw.4.tmp\RestoreO4.bat
c:\32788r22fwjfw.4.tmp\Rkey.cmd
c:\32788r22fwjfw.4.tmp\rogues.dat
c:\32788r22fwjfw.4.tmp\run2.sed
c:\32788r22fwjfw.4.tmp\safeboot.dat
c:\32788r22fwjfw.4.tmp\safeboot.def.dat
c:\32788r22fwjfw.4.tmp\safeboot.def.vista.dat
c:\32788r22fwjfw.4.tmp\SafeBootRepair.bat
c:\32788r22fwjfw.4.tmp\sed.cfexe
c:\32788r22fwjfw.4.tmp\SetEnvmt.bat
c:\32788r22fwjfw.4.tmp\setpath.cfexe
c:\32788r22fwjfw.4.tmp\sfx.cmd
c:\32788r22fwjfw.4.tmp\SnapShot.cmd
c:\32788r22fwjfw.4.tmp\SRestore.cmd
c:\32788r22fwjfw.4.tmp\srizbi.md5
c:\32788r22fwjfw.4.tmp\SuppScan.cmd
c:\32788r22fwjfw.4.tmp\svc_wht.dat
c:\32788r22fwjfw.4.tmp\SvcDrv.vbs
c:\32788r22fwjfw.4.tmp\svchost.dat
c:\32788r22fwjfw.4.tmp\svchost.vista.dat
c:\32788r22fwjfw.4.tmp\swreg.exe
c:\32788r22fwjfw.4.tmp\swsc.cfexe
c:\32788r22fwjfw.4.tmp\swxcacls.cfexe
c:\32788r22fwjfw.4.tmp\system_ini.dat
c:\32788r22fwjfw.4.tmp\tail.cfexe
c:\32788r22fwjfw.4.tmp\toolbar.sed
c:\32788r22fwjfw.4.tmp\unzip.cfexe
c:\32788r22fwjfw.4.tmp\Update-CF.cmd
c:\32788r22fwjfw.4.tmp\vistareg.dat
c:\32788r22fwjfw.4.tmp\w2kreg.dat
c:\32788r22fwjfw.4.tmp\xpreg.dat
c:\32788r22fwjfw.4.tmp\zDomain.dat
c:\32788r22fwjfw.4.tmp\zhsvc.dat
c:\32788r22fwjfw.4.tmp\zip.cfexe
C:\32788R22FWJFW.5.tmp
c:\32788r22fwjfw.5.tmp\hidec.exe
c:\32788r22fwjfw.5.tmp\history.bat
c:\32788r22fwjfw.5.tmp\image001.gif
c:\32788r22fwjfw.5.tmp\Install-RC.cmd
c:\32788r22fwjfw.5.tmp\katch.cmd
c:\32788r22fwjfw.5.tmp\Kill-All.cmd
c:\32788r22fwjfw.5.tmp\Kollect.bat
c:\32788r22fwjfw.5.tmp\Lang.bat
c:\32788r22fwjfw.5.tmp\License\Curl - license.txt
c:\32788r22fwjfw.5.tmp\License\dumphive-license.txt
c:\32788r22fwjfw.5.tmp\License\EXTRACT.TXT
c:\32788r22fwjfw.5.tmp\License\FI - license.txt
c:\32788r22fwjfw.5.tmp\License\mtee.txt.txt
c:\32788r22fwjfw.5.tmp\License\pv_5_2_2.zip
c:\32788r22fwjfw.5.tmp\License\streamtools.zip
c:\32788r22fwjfw.5.tmp\License\UnxUtilsDist.html
c:\32788r22fwjfw.5.tmp\License\Zip - license.txt
c:\32788r22fwjfw.5.tmp\List-B.bat
c:\32788r22fwjfw.5.tmp\List-C.bat
c:\32788r22fwjfw.5.tmp\List-D.bat
c:\32788r22fwjfw.5.tmp\List.bat
c:\32788r22fwjfw.5.tmp\lnkread.vbs
c:\32788r22fwjfw.5.tmp\LocalService.dat
c:\32788r22fwjfw.5.tmp\LocalServiceNetworkRestricted.dat
c:\32788r22fwjfw.5.tmp\LocalSystemNetworkRestricted.dat
c:\32788r22fwjfw.5.tmp\md5sum.pif
c:\32788r22fwjfw.5.tmp\moveex.cfexe
c:\32788r22fwjfw.5.tmp\MoveIt.bat
c:\32788r22fwjfw.5.tmp\mtee.cfexe
c:\32788r22fwjfw.5.tmp\mynul.dat
c:\32788r22fwjfw.5.tmp\n.com
c:\32788r22fwjfw.5.tmp\N_\10104
c:\32788r22fwjfw.5.tmp\N_\13881
c:\32788r22fwjfw.5.tmp\N_\19378
c:\32788r22fwjfw.5.tmp\N_\20008
c:\32788r22fwjfw.5.tmp\N_\21258
c:\32788r22fwjfw.5.tmp\N_\24700
c:\32788r22fwjfw.5.tmp\N_\27153
c:\32788r22fwjfw.5.tmp\N_\N
c:\32788r22fwjfw.5.tmp\ND_.bat
c:\32788r22fwjfw.5.tmp\ndis_combofix.dat
c:\32788r22fwjfw.5.tmp\netsvc.bad.dat
c:\32788r22fwjfw.5.tmp\netsvc.dat
c:\32788r22fwjfw.5.tmp\netsvc.vista.dat
c:\32788r22fwjfw.5.tmp\netsvc.xp.dat
c:\32788r22fwjfw.5.tmp\NetworkService.dat
c:\32788r22fwjfw.5.tmp\NirCmd.cfexe
c:\32788r22fwjfw.5.tmp\Nircmd.com
c:\32788r22fwjfw.5.tmp\NirCmdC.cfexe
c:\32788r22fwjfw.5.tmp\NlsLanguageDefault
c:\32788r22fwjfw.5.tmp\NT-OS.cmd
c:\32788r22fwjfw.5.tmp\OSid.vbs
c:\32788r22fwjfw.5.tmp\OsVer
c:\32788r22fwjfw.5.tmp\pev.cfexe
c:\32788r22fwjfw.5.tmp\pev.exe
c:\32788r22fwjfw.5.tmp\Policies.dat
c:\32788r22fwjfw.5.tmp\Prep.cmd
c:\32788r22fwjfw.5.tmp\Prep.inf
c:\32788r22fwjfw.5.tmp\psexec.cfexe
c:\32788r22fwjfw.5.tmp\Purity.dat
c:\32788r22fwjfw.5.tmp\pv.cfexe
c:\32788r22fwjfw.5.tmp\RCLink.dat
c:\32788r22fwjfw.5.tmp\REGDACL.sed
c:\32788r22fwjfw.5.tmp\RegDo.sed
c:\32788r22fwjfw.5.tmp\region.dat
c:\32788r22fwjfw.5.tmp\RegScan.cmd
c:\32788r22fwjfw.5.tmp\Resident.txt
c:\32788r22fwjfw.5.tmp\restore_pt.vbs
c:\32788r22fwjfw.5.tmp\RestoreO4.bat
c:\32788r22fwjfw.5.tmp\Rkey.cmd
c:\32788r22fwjfw.5.tmp\rogues.dat
c:\32788r22fwjfw.5.tmp\run2.sed
c:\32788r22fwjfw.5.tmp\safeboot.dat
c:\32788r22fwjfw.5.tmp\safeboot.def.dat
c:\32788r22fwjfw.5.tmp\safeboot.def.vista.dat
c:\32788r22fwjfw.5.tmp\SafeBootRepair.bat
c:\32788r22fwjfw.5.tmp\sed.cfexe
c:\32788r22fwjfw.5.tmp\SetEnvmt.bat
c:\32788r22fwjfw.5.tmp\setpath.cfexe
c:\32788r22fwjfw.5.tmp\sfx.cmd
c:\32788r22fwjfw.5.tmp\SnapShot.cmd
c:\32788r22fwjfw.5.tmp\SRestore.cmd
c:\32788r22fwjfw.5.tmp\srizbi.md5
c:\32788r22fwjfw.5.tmp\SuppScan.cmd
c:\32788r22fwjfw.5.tmp\svc_wht.dat
c:\32788r22fwjfw.5.tmp\SvcDrv.vbs
c:\32788r22fwjfw.5.tmp\svchost.dat
c:\32788r22fwjfw.5.tmp\svchost.vista.dat
c:\32788r22fwjfw.5.tmp\swreg.exe
c:\32788r22fwjfw.5.tmp\swsc.cfexe
c:\32788r22fwjfw.5.tmp\swxcacls.cfexe
c:\32788r22fwjfw.5.tmp\system_ini.dat
c:\32788r22fwjfw.5.tmp\tail.cfexe
c:\32788r22fwjfw.5.tmp\toolbar.sed
c:\32788r22fwjfw.5.tmp\unzip.cfexe
c:\32788r22fwjfw.5.tmp\Update-CF.cmd
c:\32788r22fwjfw.5.tmp\vistareg.dat
c:\32788r22fwjfw.5.tmp\w2kreg.dat
c:\32788r22fwjfw.5.tmp\xpreg.dat
c:\32788r22fwjfw.5.tmp\zDomain.dat
c:\32788r22fwjfw.5.tmp\zhsvc.dat
c:\32788r22fwjfw.5.tmp\zip.cfexe
C:\32788R22FWJFW.6.tmp
c:\32788r22fwjfw.6.tmp\hidec.exe
c:\32788r22fwjfw.6.tmp\history.bat
c:\32788r22fwjfw.6.tmp\image001.gif
c:\32788r22fwjfw.6.tmp\Install-RC.cmd
c:\32788r22fwjfw.6.tmp\katch.cmd
c:\32788r22fwjfw.6.tmp\Kill-All.cmd
c:\32788r22fwjfw.6.tmp\Kollect.bat
c:\32788r22fwjfw.6.tmp\Lang.bat
c:\32788r22fwjfw.6.tmp\License\Curl - license.txt
c:\32788r22fwjfw.6.tmp\License\dumphive-license.txt
c:\32788r22fwjfw.6.tmp\License\EXTRACT.TXT
c:\32788r22fwjfw.6.tmp\License\FI - license.txt
c:\32788r22fwjfw.6.tmp\License\mtee.txt.txt
c:\32788r22fwjfw.6.tmp\License\pv_5_2_2.zip
c:\32788r22fwjfw.6.tmp\License\streamtools.zip
c:\32788r22fwjfw.6.tmp\License\UnxUtilsDist.html
c:\32788r22fwjfw.6.tmp\License\Zip - license.txt
c:\32788r22fwjfw.6.tmp\List-B.bat
c:\32788r22fwjfw.6.tmp\List-C.bat
c:\32788r22fwjfw.6.tmp\List-D.bat
c:\32788r22fwjfw.6.tmp\List.bat
c:\32788r22fwjfw.6.tmp\lnkread.vbs
c:\32788r22fwjfw.6.tmp\LocalService.dat
c:\32788r22fwjfw.6.tmp\LocalServiceNetworkRestricted.dat
c:\32788r22fwjfw.6.tmp\LocalSystemNetworkRestricted.dat
c:\32788r22fwjfw.6.tmp\md5sum.pif
c:\32788r22fwjfw.6.tmp\moveex.cfexe
c:\32788r22fwjfw.6.tmp\MoveIt.bat
c:\32788r22fwjfw.6.tmp\mtee.cfexe
c:\32788r22fwjfw.6.tmp\mynul.dat
c:\32788r22fwjfw.6.tmp\n.com
c:\32788r22fwjfw.6.tmp\N_\16911
c:\32788r22fwjfw.6.tmp\N_\18941
c:\32788r22fwjfw.6.tmp\N_\21626
c:\32788r22fwjfw.6.tmp\N_\25161
c:\32788r22fwjfw.6.tmp\N_\32650
c:\32788r22fwjfw.6.tmp\N_\3420
c:\32788r22fwjfw.6.tmp\N_\8966
c:\32788r22fwjfw.6.tmp\N_\N
c:\32788r22fwjfw.6.tmp\ND_.bat
c:\32788r22fwjfw.6.tmp\ndis_combofix.dat
c:\32788r22fwjfw.6.tmp\netsvc.bad.dat
c:\32788r22fwjfw.6.tmp\netsvc.dat
c:\32788r22fwjfw.6.tmp\netsvc.vista.dat
c:\32788r22fwjfw.6.tmp\netsvc.xp.dat
c:\32788r22fwjfw.6.tmp\NetworkService.dat
c:\32788r22fwjfw.6.tmp\NirCmd.cfexe
c:\32788r22fwjfw.6.tmp\Nircmd.com
c:\32788r22fwjfw.6.tmp\NirCmdC.cfexe
c:\32788r22fwjfw.6.tmp\NlsLanguageDefault
c:\32788r22fwjfw.6.tmp\NT-OS.cmd
c:\32788r22fwjfw.6.tmp\OSid.vbs
c:\32788r22fwjfw.6.tmp\OsVer
c:\32788r22fwjfw.6.tmp\pev.cfexe
c:\32788r22fwjfw.6.tmp\pev.exe
c:\32788r22fwjfw.6.tmp\Policies.dat
c:\32788r22fwjfw.6.tmp\Prep.cmd
c:\32788r22fwjfw.6.tmp\Prep.inf
c:\32788r22fwjfw.6.tmp\psexec.cfexe
c:\32788r22fwjfw.6.tmp\Purity.dat
c:\32788r22fwjfw.6.tmp\pv.cfexe
c:\32788r22fwjfw.6.tmp\RCLink.dat
c:\32788r22fwjfw.6.tmp\REGDACL.sed
c:\32788r22fwjfw.6.tmp\RegDo.sed
c:\32788r22fwjfw.6.tmp\region.dat
c:\32788r22fwjfw.6.tmp\RegScan.cmd
c:\32788r22fwjfw.6.tmp\Resident.txt
c:\32788r22fwjfw.6.tmp\restore_pt.vbs
c:\32788r22fwjfw.6.tmp\RestoreO4.bat
c:\32788r22fwjfw.6.tmp\Rkey.cmd
c:\32788r22fwjfw.6.tmp\rogues.dat
c:\32788r22fwjfw.6.tmp\run2.sed
c:\32788r22fwjfw.6.tmp\safeboot.dat
c:\32788r22fwjfw.6.tmp\safeboot.def.dat
c:\32788r22fwjfw.6.tmp\safeboot.def.vista.dat
c:\32788r22fwjfw.6.tmp\SafeBootRepair.bat
c:\32788r22fwjfw.6.tmp\sed.cfexe
c:\32788r22fwjfw.6.tmp\SetEnvmt.bat
c:\32788r22fwjfw.6.tmp\setpath.cfexe
c:\32788r22fwjfw.6.tmp\sfx.cmd
c:\32788r22fwjfw.6.tmp\SnapShot.cmd
c:\32788r22fwjfw.6.tmp\SRestore.cmd
c:\32788r22fwjfw.6.tmp\srizbi.md5
c:\32788r22fwjfw.6.tmp\SuppScan.cmd
c:\32788r22fwjfw.6.tmp\svc_wht.dat
c:\32788r22fwjfw.6.tmp\SvcDrv.vbs
c:\32788r22fwjfw.6.tmp\svchost.dat
c:\32788r22fwjfw.6.tmp\svchost.vista.dat
c:\32788r22fwjfw.6.tmp\swreg.exe
c:\32788r22fwjfw.6.tmp\swsc.cfexe
c:\32788r22fwjfw.6.tmp\swxcacls.cfexe
c:\32788r22fwjfw.6.tmp\system_ini.dat
c:\32788r22fwjfw.6.tmp\tail.cfexe
c:\32788r22fwjfw.6.tmp\toolbar.sed
c:\32788r22fwjfw.6.tmp\unzip.cfexe
c:\32788r22fwjfw.6.tmp\Update-CF.cmd
c:\32788r22fwjfw.6.tmp\vistareg.dat
c:\32788r22fwjfw.6.tmp\w2kreg.dat
c:\32788r22fwjfw.6.tmp\xpreg.dat
c:\32788r22fwjfw.6.tmp\zDomain.dat
c:\32788r22fwjfw.6.tmp\zhsvc.dat
c:\32788r22fwjfw.6.tmp\zip.cfexe
.
((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.
2009-05-06 23:23 . 2009-05-06 23:23 -------- d-----w c:\windows\LastGood
2009-04-30 17:12 . 2009-04-30 17:12 -------- d-----w C:\fsaua.data
2009-04-29 23:32 . 2009-04-29 23:32 -------- d-----w C:\_OTListIt
2009-04-26 04:01 . 2009-04-26 04:01 -------- d-----w C:\_OTMoveIt
2009-04-19 23:31 . 2009-04-26 23:36 -------- d-----w c:\program files\PartyGaming.Net
2009-04-19 23:13 . 2009-04-19 23:13 -------- d-----w c:\documents and settings\HP_Owner.THEBAMAS\Application Data\Lavasoft
2009-04-08 16:57 . 2009-04-26 23:05 -------- d-----w c:\program files\PokerStars
2009-04-08 11:40 . 2009-04-08 12:59 -------- d-----w c:\documents and settings\HP_Owner.THEBAMAS\Application Data\LimeWire
2009-04-08 11:34 . 2009-04-08 11:33 410984 ----a-w c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 01:34 . 2008-03-20 02:06 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-06 01:28 . 2005-05-06 07:35 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-04 20:17 . 2009-04-03 17:41 -------- d-----w c:\program files\Common
2009-04-20 18:22 . 2008-11-08 17:40 1062 ----a-w c:\documents and settings\HP_Owner.THEBAMAS\Application Data\wklnhst.dat
2009-04-19 13:49 . 2008-11-01 21:50 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-04-08 23:03 . 2005-05-06 06:35 -------- d-----w c:\program files\Java
2009-04-06 19:32 . 2008-11-14 08:58 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-06 19:32 . 2008-11-14 08:58 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-21 00:24 . 2008-11-02 05:24 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-21 00:24 . 2008-11-02 05:24 325128 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-21 00:24 . 2008-11-02 05:24 107272 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-21 00:02 . 2008-11-01 21:50 155384 ----a-w c:\windows\system32\guard32.dll
2009-03-21 00:02 . 2008-11-01 21:50 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-03-20 23:10 . 2009-03-20 23:10 21035 ----a-w c:\windows\system32\drivers\AegisP.sys
2009-03-20 23:08 . 2009-03-20 23:08 -------- d-----w c:\program files\Belkin
2009-03-20 23:08 . 2005-05-06 07:05 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-06 14:44 . 2004-08-04 12:00 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 11:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 12:00 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2004-08-04 12:00 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2004-08-04 11:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-04 18:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2004-08-04 12:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2004-08-04 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2004-08-04 12:00 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2004-08-04 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2004-08-04 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2004-08-04 18:00 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-09-14 04:14 . 2008-09-14 04:14 144 ----a-w c:\program files\jhat.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-10-17 4347120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-01-23 126976]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-02-26 245760]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"thirdintel"="c:\hp\bin\cloaker.exe" [1999-11-07 27136]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-06 180269]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-21 1601304]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0\bin\jusched.exe" [2005-05-06 36972]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-28 221184]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-03-21 1851128]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Belkin Wireless G USB Adapter Client Utility.lnk - c:\program files\Belkin\F5D7050v5011\Belkinwcui.exe [2009-3-20 1589248]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-5 258048]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-21 00:24 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/2/2008 1:24 AM 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/2/2008 1:24 AM 107272]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11/1/2008 5:50 PM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/1/2008 5:50 PM 24336]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [3/20/2009 8:23 PM 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/20/2009 8:23 PM 298264]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [3/20/2009 7:09 PM 38144]
S3 BELKIN;Belkin Wireless G USB Network Adapter;c:\windows\system32\drivers\BLKWGU.sys [3/20/2009 7:09 PM 273280]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [11/8/2008 12:28 AM 2944]
S3 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [11/8/2008 12:28 AM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [11/8/2008 12:28 AM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [11/8/2008 12:28 AM 10368]
.
Contents of the 'Scheduled Tasks' folder
2009-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]
.
.
------- Supplementary Scan -------
.
uLocal Page =
uStart Page =
hxxp://www.myspace.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\HP_Owner.THEBAMAS\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: {6F714D46-E4EF-11D4-93EF-00D0D7032099} -
hxxp://www.christianrock2.net/amp3dj.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-06 19:42
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(584)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(644)
c:\windows\system32\guard32.dll
.
Completion time: 2009-05-06 19:45
ComboFix-quarantined-files.txt 2009-05-06 23:45
ComboFix2.txt 2009-05-06 01:31
ComboFix3.txt 2009-05-04 20:31
Pre-Run: 126,133,145,600 bytes free
Post-Run: 126,638,964,736 bytes free
564 --- E O F --- 2009-04-19 07:03