Combofix report:
ComboFix 09-11-16.03 - Sheilla 11/15/2009 16:35..1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.537 [GMT -5:00]
Running from: c:\documents and settings\Sheilla\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 091115-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Internet Explorer\msimg32.dll
c:\recycler\S-1-5-21-1314201555-3785290187-2462946864-1006
c:\windows\APanel.exe
Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2009-10-15 to 2009-11-15 )))))))))))))))))))))))))))))))
.
2009-11-13 13:01 . 2009-11-13 13:01 79488 ----a-w- c:\documents and settings\Sheilla\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-13 08:20 . 2009-11-15 21:33 313152 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-12 12:31 . 2009-11-12 12:31 -------- d-----w- c:\documents and settings\Sheilla\Application Data\AskToolbar
2009-11-12 12:31 . 2009-11-12 12:32 -------- d-----w- c:\documents and settings\Sheilla\Local Settings\Application Data\AskToolbar
2009-11-12 04:27 . 2009-11-12 04:27 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-11-12 04:27 . 2009-11-12 04:27 -------- d-----w- c:\documents and settings\Sheilla\Application Data\Nero
2009-11-12 03:45 . 2009-11-12 04:02 -------- d-----w- c:\program files\Nero
2009-11-12 03:45 . 2009-11-12 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-11-12 03:45 . 2009-11-12 04:04 -------- d-----w- c:\program files\Common Files\Nero
2009-11-12 03:40 . 2009-11-12 03:40 -------- d-----w- c:\program files\Ask.com
2009-11-08 21:51 . 2009-11-08 21:51 -------- d-sh--w- c:\documents and settings\Kiddos\IECompatCache
2009-11-08 21:33 . 2009-11-08 21:33 -------- d-----w- c:\documents and settings\Kiddos\Application Data\Malwarebytes
2009-11-07 04:55 . 2009-11-07 04:55 -------- d-----w- C:\rsit
2009-11-07 04:14 . 2009-11-07 04:14 -------- d-----w- c:\documents and settings\Sheilla\Application Data\Malwarebytes
2009-11-07 04:14 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-07 04:14 . 2009-11-07 04:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-07 04:14 . 2009-11-07 04:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-07 04:14 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 23:10 . 2009-11-06 23:10 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2009-11-04 01:58 . 2009-11-04 02:26 -------- d-----w- c:\documents and settings\Sheilla\Application Data\Corel
2009-11-04 01:58 . 2009-11-04 02:26 88 --sh--r- c:\documents and settings\All Users\Application Data\03B485763D.sys
2009-11-04 01:58 . 2009-11-04 02:26 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-11-04 01:26 . 2009-11-04 01:26 -------- d-----w- c:\documents and settings\Kiddos\Local Settings\Application Data\Yahoo
2009-11-03 04:18 . 2009-11-04 02:31 -------- d-----w- c:\documents and settings\Sheilla\Application Data\Ulead Systems
2009-11-03 04:18 . 2009-11-03 04:18 -------- d-----w- c:\windows\system32\windows media
2009-11-03 04:18 . 2009-11-03 04:18 -------- d--h--w- c:\windows\msdownld.tmp
2009-11-03 04:08 . 2009-11-03 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo
2009-11-03 04:05 . 2009-11-03 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-11-03 04:01 . 2009-11-03 04:01 -------- d-----w- c:\program files\Common Files\Protexis
2009-11-03 03:47 . 2009-11-03 03:47 -------- d-----w- c:\program files\Windows Sidebar
2009-11-03 03:40 . 2009-11-03 03:40 -------- d-----w- c:\program files\Windows Media Components
2009-11-03 03:36 . 2009-11-03 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems
2009-11-03 03:36 . 2009-11-03 04:00 -------- d-----w- c:\program files\Common Files\Corel
2009-11-03 03:36 . 2009-11-03 03:47 -------- d-----w- c:\program files\Common Files\Ulead Systems
2009-11-03 03:32 . 2006-12-08 17:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-11-03 03:32 . 2006-11-29 18:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-03 03:32 . 2007-03-05 17:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-11-03 03:32 . 2006-09-28 21:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-11-03 03:32 . 2006-09-28 21:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-03 03:32 . 2006-07-28 14:30 236824 ----a-w- c:\windows\system32\xactengine2_3.dll
2009-11-03 03:32 . 2006-07-28 14:30 62744 ----a-w- c:\windows\system32\xinput1_2.dll
2009-11-03 03:31 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2009-11-03 02:56 . 2009-11-03 02:56 -------- d-----w- c:\program files\NOS
2009-11-01 04:10 . 2009-11-01 04:10 -------- d-----w- c:\program files\Trend Micro
2009-10-27 22:45 . 2009-10-27 22:45 -------- d-sh--w- c:\documents and settings\Jeff\PrivacIE
2009-10-23 18:01 . 2009-10-23 18:01 1581704 ----a-w- c:\documents and settings\Sheilla\Application Data\Smilebox\SmileboxClient.exe
2009-10-23 17:24 . 2009-10-23 17:24 340616 ----a-w- c:\documents and settings\Sheilla\Application Data\Smilebox\SmileboxDvdEngine.dll
2009-10-23 17:24 . 2009-10-23 17:24 123528 ----a-w- c:\documents and settings\Sheilla\Application Data\Smilebox\SmileboxUpdater.exe
2009-10-22 03:25 . 2009-10-22 03:25 -------- d-----w- c:\documents and settings\Sheilla\Local Settings\Application Data\WMTools Downloaded Files
2009-10-22 03:10 . 2009-10-22 03:10 -------- d-----w- c:\program files\Common Files\xing shared
2009-10-22 03:10 . 2009-10-22 03:10 -------- d-----w- c:\program files\Real
2009-10-22 03:10 . 2009-10-22 03:10 -------- d-----w- c:\program files\Common Files\Real
2009-10-22 01:44 . 2009-10-22 01:43 38208 ----a-w- c:\documents and settings\Kiddos\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-10-22 01:44 . 2009-10-22 01:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-10-22 01:42 . 2009-10-22 01:42 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-10-22 01:42 . 2009-11-03 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-22 01:20 . 2009-10-22 01:20 -------- d-sh--w- c:\documents and settings\Sheilla\IECompatCache
2009-10-21 22:51 . 2009-10-21 22:51 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-10-19 22:25 . 2009-10-19 22:25 78169 ----a-w- c:\documents and settings\All Users\Application Data\Visan\Reseller2\uninst.exe
2009-10-19 22:25 . 2009-05-23 07:27 132592 ----a-w- c:\documents and settings\All Users\Application Data\Visan\Reseller2\RLPNUpload.dll
2009-10-19 22:25 . 2009-05-23 07:27 116208 ----a-w- c:\documents and settings\All Users\Application Data\Visan\Reseller2\installax.dll
2009-10-19 22:25 . 2009-05-23 07:27 247280 ----a-w- c:\documents and settings\All Users\Application Data\Visan\Reseller2\ContentMan.dll
2009-10-19 22:25 . 2009-05-23 07:27 1074672 ----a-w- c:\documents and settings\All Users\Application Data\Visan\Reseller2\RocketEngine.dll
2009-10-19 22:25 . 2009-10-19 22:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Visan
2009-10-17 16:35 . 2009-10-17 16:35 -------- d-sh--w- c:\documents and settings\Jeff\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-13 21:59 . 2009-02-23 01:11 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-11-13 08:04 . 2008-10-29 01:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-11-12 04:12 . 2009-03-26 01:10 -------- d-----w- c:\documents and settings\Sheilla\Application Data\Smilebox
2009-11-07 04:11 . 2009-06-07 00:24 -------- d-----w- c:\program files\Safari
2009-11-05 13:41 . 2009-06-07 00:25 64692 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-05 02:27 . 2009-02-10 02:41 74552 -c--a-w- c:\documents and settings\Jeff\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-05 00:28 . 2009-04-06 00:20 74552 -c--a-w- c:\documents and settings\Kiddos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 06:17 . 2009-02-10 00:25 74552 -c--a-w- c:\documents and settings\Sheilla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-03 04:07 . 2008-10-29 01:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-03 04:06 . 2009-11-03 03:33 -------- d-----w- c:\program files\Corel
2009-11-02 02:01 . 2009-02-14 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-10-24 11:20 . 2009-02-10 02:48 -------- d-----w- c:\program files\Yahoo!
2009-10-24 11:20 . 2009-02-10 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-24 11:18 . 2008-10-29 01:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\Temp
2009-10-23 18:11 . 2009-02-24 11:58 373384 ----a-w- c:\documents and settings\Sheilla\Application Data\Smilebox\SmileboxStarter.exe
2009-10-23 18:11 . 2009-02-24 11:40 168584 ----a-w- c:\documents and settings\Sheilla\Application Data\Smilebox\SmileboxBrowserEngine.dll
2009-10-23 18:11 . 2009-02-24 08:04 266888 ----a-w- c:\documents and settings\Sheilla\Application Data\Smilebox\SmileboxTray.exe
2009-10-23 18:11 . 2009-02-24 08:04 205448 ----a-w- c:\documents and settings\Sheilla\Application Data\Smilebox\SmileboxDvd.exe
2009-10-22 01:50 . 2008-10-29 01:30 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-13 01:55 . 2009-10-13 01:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-10-13 01:55 . 2009-10-13 01:55 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-11 17:38 . 2008-10-29 01:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-10-11 16:30 . 2008-10-29 01:09 -------- d-----w- c:\documents and settings\All Users\Application Data\WildTangent
2009-10-11 16:28 . 2009-02-11 23:20 -------- d-----w- c:\program files\Common Files\Apple
2009-10-11 16:23 . 2008-10-29 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-10-11 16:23 . 2008-10-29 01:27 -------- d-----w- c:\program files\Norton 360
2009-10-07 01:11 . 2009-10-07 01:09 -------- d-----w- c:\documents and settings\Sheilla\Application Data\acccore
2009-10-07 01:09 . 2009-10-07 01:09 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-10-07 01:08 . 2009-10-07 01:08 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2009-10-07 01:08 . 2009-10-07 01:08 -------- d-----w- c:\program files\AIM
2009-10-07 01:08 . 2009-10-07 01:08 -------- d-----w- c:\program files\Common Files\AOL
2009-10-05 01:48 . 2009-05-30 20:32 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2009-10-05 01:48 . 2009-03-26 21:37 -------- d-----w- c:\program files\Windows Live Safety Center
2009-10-05 01:47 . 2009-10-05 01:22 -------- d-----w- c:\program files\NCH Software
2009-10-05 01:22 . 2009-10-05 01:22 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Swift Sound
2009-10-05 01:21 . 2009-10-05 01:21 -------- d-----w- c:\documents and settings\Sheilla\Application Data\NCH Swift Sound
2009-09-30 21:57 . 2009-04-06 01:01 -------- d-----w- c:\documents and settings\Kiddos\Application Data\Apple Computer
2009-09-27 16:50 . 2009-05-21 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-09-27 16:48 . 2009-06-29 03:38 -------- d-----w- c:\program files\Kodak
2009-09-27 16:46 . 2009-09-27 16:46 -------- d-----w- c:\program files\Common Files\Kodak
2009-09-27 16:43 . 2009-09-27 16:43 77824 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2009-09-27 16:43 . 2009-09-27 16:43 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\finish.exe
2009-09-27 16:43 . 2009-09-27 16:43 69632 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\ksu\ksustop.exe
2009-09-27 16:42 . 2009-09-27 16:42 225280 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\wtf\start.exe
2009-09-27 16:42 . 2009-09-27 16:42 1179648 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$SETUP_1e0002_258c8c8\EasyShrx.Dll
2009-09-27 16:42 . 2009-09-27 16:42 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.4.30.2.dll
2009-09-17 18:51 . 2009-09-17 18:51 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero 9\DrWeb\DrWeb32.dll
2009-09-17 17:58 . 2009-09-17 17:58 2373416 ----a-w- c:\documents and settings\All Users\Application Data\Nero\Nero\DrWeb\DrWeb32.dll
2009-09-11 14:18 . 2008-04-14 22:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2008-04-14 22:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2007-08-14 02:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2008-04-14 22:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 02:31 . 2008-10-29 01:04 1024 -c-h--r- c:\windows\system32\NTIMP3.dll
2009-08-18 03:33 . 2009-08-18 03:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-09-30 15:40 1182088 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-30 1182088]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"SmileboxTray"="c:\documents and settings\Sheilla\Application Data\Smilebox\SmileboxTray.exe" [2009-10-23 266888]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-07 34040]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-09-25 210216]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-22 148888]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-03 111856]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-12 49152]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-05-07 380928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-22 198160]
"CorelGadget"="c:\program files\Common Files\Ulead Systems\Gadget\GadgetEB.dll" [2009-09-09 154256]
"Standby"="c:\program files\Common Files\Corel\Standby\Standby.exe" [2009-09-09 105616]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-25 1626112]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-05-16 16862720]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\Client\\Agentsvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\BackupSvc.exe"=
"c:\\Program Files\\NewTech Infosystems\\NTI Backup Now 5\\SchedulerSvc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8080:TCP"= 8080:TCP:WAH
"443:TCP"= 443:TCP:WAH
"5060:TCP"= 5060:TCP:WAH
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/9/2009 7:59 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/9/2009 7:59 PM 20560]
R2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [3/3/2008 4:11 PM 16384]
R2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [4/7/2008 1:42 AM 50424]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [4/4/2008 6:03 AM 131072]
S3 getPlusHelper;getPlus(R) Installer;c:\windows\System32\svchost.exe -k getPlusHelper [4/14/2008 5:00 PM 14336]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2009-11-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-11-15 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-09-30 15:40]
2009-11-15 c:\windows\Tasks\User_Feed_Synchronization-{403BDCE8-C726-4BD0-9077-EA9C56634592}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://my.yahoo.com/mSearch Bar =
hxxp://us.rd.yahoo.com/customize/ie/def ... earch.htmluInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: west.com
Trusted Zone: westathome.com
Trusted Zone: westathome.net
Trusted Zone: workathomeagent.net
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-15 16:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xBA2A4000]<< >>UNKNOWN [0xF74C7000]<< >>UNKNOWN [0xF74B7000]<< >>UNKNOWN [0xF7358000]<< >>UNKNOWN [0x806E4000]<< >>UNKNOWN [0xF7310000]<< >>UNKNOWN [0xF7A4F000]<< >>UNKNOWN [0xF7707000]<<
kernel: MBR read successfully
user & kernel MBR OK
**************************************************************************
.
Completion time: 2009-11-15 16:58
ComboFix-quarantined-files.txt 2009-11-15 21:58
Pre-Run: 44,653,879,296 bytes free
Post-Run: 48,192,880,640 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - F970FE6F4A743C81EA1A663DF3B3BCA9