Combofix log.txt report:
ComboFix 10-06-03.01 - Doug and Becky 06/03/2010 22:39:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1534.849 [GMT -7:00]
Running from: c:\documents and settings\Doug and Becky\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\Setup.exe
c:\documents and settings\Doug and Becky\Recent\Thumbs.db
c:\windows\system32\drivers\fad.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_FAD
((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))
.
2010-06-03 23:51 . 2010-06-03 23:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-06-01 13:20 . 2010-06-01 13:19 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-29 02:27 . 2010-05-29 02:27 -------- d-----w- C:\_OTL
2010-05-29 02:23 . 2010-05-29 02:23 -------- d-----w- c:\program files\ERUNT
2010-05-26 02:56 . 2010-05-26 02:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-05-25 03:48 . 2010-05-25 03:48 -------- d-----w- c:\program files\trendmicro
2010-05-18 16:11 . 2010-05-18 16:11 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-05-18 16:06 . 2010-05-18 16:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-05-18 13:06 . 2010-05-18 13:06 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\Malwarebytes
2010-05-18 13:06 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 13:06 . 2010-05-18 13:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-18 13:06 . 2010-05-18 13:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-18 13:06 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-14 09:45 . 2010-05-14 09:47 -------- d-----w- c:\documents and settings\Doug and Becky\Local Settings\Application Data\cenprgbgk
2010-05-14 04:46 . 2010-05-14 04:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-05-14 04:46 . 2010-05-14 04:47 -------- d-----w- c:\documents and settings\Doug and Becky\Local Settings\Application Data\Temp
2010-05-10 22:54 . 2010-05-10 22:54 -------- d-----w- c:\program files\JRE
2010-05-10 22:42 . 2010-05-10 22:42 -------- d-----w- c:\program files\readmes
2010-05-10 22:42 . 2010-05-10 22:42 -------- d-----w- c:\program files\redist
2010-05-10 22:42 . 2010-05-10 22:42 -------- d-----w- c:\program files\licenses
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 22:18 . 2009-08-29 01:12 1 ----a-w- c:\documents and settings\Doug and Becky\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-06-01 17:49 . 2009-08-29 19:26 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\mjusbsp
2010-06-01 17:45 . 2004-08-04 11:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2010-06-01 13:20 . 2008-07-24 13:01 -------- d-----w- c:\program files\Common Files\Java
2010-05-25 03:48 . 2010-05-25 03:48 388096 ----a-r- c:\documents and settings\Doug and Becky\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-25 02:39 . 2010-05-25 02:39 348160 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f363095-n\msvcr71.dll
2010-05-25 02:39 . 2010-05-25 02:39 503808 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f363095-n\msvcp71.dll
2010-05-25 02:39 . 2010-05-25 02:39 499712 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-2f363095-n\jmc.dll
2010-05-25 02:39 . 2010-05-25 02:39 61440 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65fbe609-n\decora-sse.dll
2010-05-25 02:39 . 2010-05-25 02:39 12800 ----a-w- c:\documents and settings\Doug and Becky\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-65fbe609-n\decora-d3d.dll
2010-05-18 16:09 . 2004-12-02 20:57 103256 ----a-w- c:\documents and settings\Doug and Becky\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-14 04:47 . 2007-03-24 21:28 -------- d-----w- c:\program files\Google
2010-05-13 21:10 . 2009-10-13 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-12 18:21 . 2009-10-02 21:10 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-12 04:01 . 2009-08-29 01:45 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\Skype
2010-05-10 22:54 . 2009-08-29 01:07 -------- d-----w- c:\program files\OpenOffice.org 3
2010-05-10 22:42 . 2008-07-24 13:05 -------- d-----w- c:\program files\Java
2010-05-01 04:07 . 2010-05-01 04:05 -------- d-----w- c:\program files\iTunes
2010-05-01 04:05 . 2010-05-01 04:05 -------- d-----w- c:\program files\iPod
2010-05-01 04:05 . 2010-03-01 01:17 -------- d-----w- c:\program files\Common Files\Apple
2010-05-01 03:56 . 2010-05-01 03:56 -------- d-----w- c:\program files\Bonjour
2010-05-01 03:54 . 2010-05-01 03:54 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-04-23 04:19 . 2009-10-13 01:45 -------- d-----w- c:\program files\Microsoft Works
2010-04-23 04:18 . 2010-04-23 04:18 -------- d-----w- c:\program files\MSBuild
2010-04-17 05:05 . 2010-03-01 01:34 -------- d-----w- c:\documents and settings\Doug and Becky\Application Data\Apple Computer
2010-04-08 20:20 . 2010-04-08 20:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 20:20 . 2010-04-08 20:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-10 06:15 . 2004-08-04 11:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-02 13:09 . 2010-02-02 13:09 135558563 ----a-w- c:\program files\openofficeorg1.cab
2010-02-02 13:09 . 2010-02-02 13:09 10177536 ----a-w- c:\program files\openofficeorg32.msi
2010-02-01 23:27 . 2010-02-01 23:27 290 ----a-w- c:\program files\setup.ini
2009-10-13 00:55 . 2009-10-13 00:37 526428264 ----a-w- c:\program files\X12-30307.exe
2007-09-20 20:07 . 2007-09-20 20:04 124607748 ----a-w- c:\program files\OOo_2.3.0_Win32Intel_install_wJRE_en-US.exe
2007-06-17 21:28 . 2007-06-17 21:28 1626624 -c--a-w- c:\program files\RhapsodyPlayerEngine_gt.msi
2005-06-19 02:12 . 2005-06-19 02:12 1968105 -c--a-w- c:\program files\tabview.zip
2007-09-04 20:53 . 2007-09-04 20:53 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"Creative Live! Cam Manager"="c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2007-06-07 155648]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"cdloader"="c:\documents and settings\Doug and Becky\Application Data\mjusbsp\cdloader2.exe" [2010-02-26 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-29 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"IPInSightMonitor 01"="c:\program files\Visual Networks\Visual IP InSight\SprintESol\IPMon32.exe" [2003-06-12 122880]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-08-23 28672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
c:\documents and settings\Doug and Becky\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Doug and Becky\\Application Data\\mjusbsp\\magicJack.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [11/12/2009 3:57 PM 108289]
R3 VF0350Afx;VF0350 Audio FX;c:\windows\SYSTEM32\DRIVERS\V0350Afx.sys [9/11/2009 9:28 PM 142656]
R3 VF0350Vfx;VF0350 Video FX;c:\windows\SYSTEM32\DRIVERS\V0350Vfx.sys [9/11/2009 9:28 PM 7424]
R3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\SYSTEM32\DRIVERS\V0350Vid.sys [9/11/2009 9:28 PM 170368]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/13/2010 9:46 PM 136176]
S2 mrtRate;mrtRate; [x]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\SYSTEM32\DRIVERS\wg111v3.sys [4/23/2007 11:11 AM 224896]
--- Other Services/Drivers In Memory ---
*Deregistered* - IPVNMon
.
Contents of the 'Scheduled Tasks' folder
2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 04:46]
2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-14 04:46]
2004-12-02 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext =
hxxp://www.dell4me.com/mywayuInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {40272BF7-4FF5-4D6F-9BAD-3C1D3CB32982} -
hxxp://www.live365.com/players/p365vip.cabDPF: {E0FEE963-BB53-4215-81AD-B28C77384644} -
hxxps://pbells.broadjump.com/wizlet/att ... Client.cabFF - ProfilePath - c:\documents and settings\Doug and Becky\Application Data\Mozilla\Firefox\Profiles\u2vuh1g1.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - plugin: c:\documents and settings\Doug and Becky\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-klmdb.sys
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-03 22:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2156)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\program files\MUSICMATCH\Musicmatch Jukebox\mim.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-06-03 23:02:31 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-04 06:02
Pre-Run: 50,444,316,672 bytes free
Post-Run: 50,447,634,432 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - F186DA6C31755E65F68696E420AB3DDB