ran combofix
all seemed to work fine except now I'm having trouble getting my internet to work.
tried resetting, repair, etc.
meantime, here is the combix log
ComboFix 09-10-04.01 - Ron 10/04/2009 12:31.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2030.1549 [GMT -7:00]
Running from: c:\documents and settings\Ron\Desktop\ComboFix.exe
AV: Windows Live OneCare *On-access scanning disabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Recipe Feeder\Recipe Feeder Explorer Bar\adxloader.dll
c:\recycler\S-1-5-21-1935655697-1482476501-839522115-1003
c:\recycler\S-1-5-21-2690496664-3563138007-3180262307-1006
c:\windows\Installer\15062930.msp
c:\windows\run.log
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\Sonyhcp.dll
c:\windows\system32\drivers\ss.sys
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Kitty ate it
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_StreamSurge
((((((((((((((((((((((((( Files Created from 2009-09-04 to 2009-10-04 )))))))))))))))))))))))))))))))
.
2009-10-04 15:35 . 2009-10-04 15:35 -------- d-----w- C:\rsit
2009-10-04 15:35 . 2009-10-04 15:35 -------- d-----w- c:\program files\trend micro
2009-10-04 00:34 . 2009-10-04 00:34 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Malwarebytes
2009-10-03 14:23 . 2009-10-03 14:23 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-10-02 23:42 . 2009-10-02 23:42 -------- d-----w- c:\documents and settings\Linda\Application Data\Malwarebytes
2009-10-02 16:49 . 2009-10-02 16:50 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-09-30 18:57 . 2009-09-30 18:57 -------- d-----w- c:\documents and settings\Andrew\Application Data\Malwarebytes
2009-09-30 06:38 . 2009-09-30 06:38 -------- d-----w- c:\documents and settings\Ron\Application Data\Malwarebytes
2009-09-30 06:38 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 06:38 . 2009-10-03 22:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-30 06:38 . 2009-09-30 06:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 06:38 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-24 15:55 . 2009-09-24 15:55 -------- d-----w- c:\program files\iPod
2009-09-24 15:55 . 2009-09-24 15:55 -------- d-----w- c:\program files\iTunes
2009-09-17 07:26 . 2009-09-17 07:26 -------- d-sh--w- c:\documents and settings\Chris\IECompatCache
2009-09-17 07:21 . 2009-09-17 07:21 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-14 03:12 . 2009-09-17 00:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Nanovor
2009-09-13 20:24 . 2009-09-13 20:24 -------- d-----w- c:\documents and settings\Andrew\Application Data\DivX
2009-09-10 07:29 . 2009-09-10 07:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-09-08 22:22 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 15:25 . 2009-05-24 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-10-03 23:41 . 2007-05-27 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-03 22:28 . 2008-02-02 20:40 -------- d-----w- c:\program files\Microsoft Windows OneCare Live
2009-10-03 14:23 . 2009-04-08 03:53 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-03 14:15 . 2009-04-08 03:54 256 ----a-w- c:\windows\system32\pool.bin
2009-09-27 05:19 . 2008-02-23 04:11 -------- d-----w- c:\documents and settings\Andrew\Application Data\Apple Computer
2009-09-27 00:36 . 2009-04-19 20:11 256 ----a-w- c:\documents and settings\Linda\pool.bin
2009-09-26 11:43 . 2009-05-31 00:18 -------- d-----w- c:\program files\LooksBuilderSE
2009-09-26 11:42 . 2006-12-04 23:22 -------- d-----w- c:\program files\CyberLink DVD Solution
2009-09-26 11:42 . 2006-12-04 22:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-24 15:55 . 2007-07-01 01:21 -------- d-----w- c:\program files\Common Files\Apple
2009-09-20 00:59 . 2007-09-05 04:05 -------- d-----w- c:\documents and settings\Linda\Application Data\Apple Computer
2009-09-17 07:28 . 2008-05-31 22:05 -------- d-----w- c:\documents and settings\Chris\Application Data\DNA
2009-09-17 07:23 . 2007-11-08 01:13 -------- d-----w- c:\program files\Steam
2009-09-17 07:19 . 2008-05-31 22:05 -------- d-----w- c:\program files\DNA
2009-09-16 02:15 . 2007-04-06 20:03 -------- d-----w- c:\documents and settings\Nicholas\Application Data\Apple Computer
2009-09-12 17:46 . 2007-01-04 22:52 -------- d-----w- c:\documents and settings\Ron\Application Data\Apple Computer
2009-09-10 07:27 . 2007-05-05 17:09 -------- d-----w- c:\program files\QuickTime
2009-09-09 10:11 . 2008-03-11 09:50 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 07:50 . 2007-04-28 00:41 -------- d-----w- c:\program files\DivX
2009-09-08 07:49 . 2009-04-25 17:13 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-09-03 08:41 . 2007-06-04 04:47 2644 ----a-w- c:\windows\system32\d3d9caps.dat
2009-08-29 02:42 . 2008-09-11 05:56 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-08-29 02:42 . 2007-11-07 04:33 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-21 20:41 . 2009-08-21 20:41 -------- d-----w- c:\documents and settings\Chris\Application Data\Research In Motion
2009-08-20 05:20 . 2008-03-19 06:21 -------- d-----w- c:\program files\Safari
2009-08-07 02:24 . 2006-12-04 21:50 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-07 02:24 . 2006-12-04 21:50 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-07 02:24 . 2006-12-04 21:50 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-07 02:24 . 2005-05-26 12:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-07 02:24 . 2006-12-04 21:50 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-07 02:24 . 2004-08-04 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-07 02:23 . 2006-12-04 21:50 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-07 02:23 . 2007-01-08 03:33 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-07 02:23 . 2006-12-04 21:50 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-07 02:23 . 2005-05-26 12:19 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 06:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-09 04:34 . 2007-01-20 01:42 160080 ----a-w- c:\documents and settings\Chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 11:01 . 2007-01-08 14:19 160080 ----a-w- c:\documents and settings\Linda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-04-12 15:50 . 2008-04-12 15:50 774144 ----a-w- c:\program files\RngInterstitial.dll
2004-10-01 23:00 . 2006-12-04 23:22 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-06-28 14:32 . 2008-06-28 14:27 24 --sh--w- c:\windows\S860848C9.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-27 68856]
"TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-09-25 1195008]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2007-09-25 384000]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2007-09-25 1495040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2009-07-09 65240]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-11-02 185872]
"USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-05-01 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-05-01 13750272]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-05-01 1657376]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\windows\Installer\{5D0DF1BB-D82E-4FB2-B98E-4FDE42EF7EBB}\Shortcut_EventPlan_5D0DF1BBD82E4FB2B98E4FDE42EF7EBB.exe [2008-5-16 1718]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-3-11 214360]
ImageMixer 3 SE Camera Monitor.lnk - c:\program files\PIXELA\ImageMixer 3 SE\CameraMonitor.exe [2009-4-25 253952]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"=
"c:\\ijji\\ENGLISH\\u_sf\\soldierfront.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\company of heroes\\RelicCOH.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"c:\\Program Files\\Sierra\\FEAR\\FEAR.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2 Trial Version\\zt2demoretail.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 sonyhcb;Sony Digital Imaging Base;c:\windows\system32\drivers\sonyhcb.sys [2/4/2007 12:41 PM 6097]
R2 MIMO XR TM PCI WLService;MIMO XR TM PCI Adapter WLService;c:\program files\Airlink101\AWLH5025\WLService.exe [3/11/2008 1:17 AM 49152]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe [7/9/2009 12:15 PM 26104]
R2 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [5/24/2009 4:56 PM 90352]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [9/25/2007 11:33 AM 867328]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/16/2007 6:17 AM 24652]
R2 wlidsvc;Windows Live ID Sign-in Assistant;c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [3/30/2009 4:28 PM 1533808]
S1 autyhway;autyhway;\??\c:\windows\system32\drivers\autyhway.sys --> c:\windows\system32\drivers\autyhway.sys [?]
S1 cceapkvt;cceapkvt;\??\c:\windows\system32\drivers\cceapkvt.sys --> c:\windows\system32\drivers\cceapkvt.sys [?]
S1 fajftouo;fajftouo;\??\c:\windows\system32\drivers\fajftouo.sys --> c:\windows\system32\drivers\fajftouo.sys [?]
S1 kokcrppi;kokcrppi;\??\c:\windows\system32\drivers\kokcrppi.sys --> c:\windows\system32\drivers\kokcrppi.sys [?]
S1 luqgcdnb;luqgcdnb;\??\c:\windows\system32\drivers\luqgcdnb.sys --> c:\windows\system32\drivers\luqgcdnb.sys [?]
S1 nyosntjf;nyosntjf;\??\c:\windows\system32\drivers\nyosntjf.sys --> c:\windows\system32\drivers\nyosntjf.sys [?]
S1 ofyzefpy;ofyzefpy;\??\c:\windows\system32\drivers\ofyzefpy.sys --> c:\windows\system32\drivers\ofyzefpy.sys [?]
S1 ostipnuw;ostipnuw;\??\c:\windows\system32\drivers\ostipnuw.sys --> c:\windows\system32\drivers\ostipnuw.sys [?]
S1 pqoxfrfm;pqoxfrfm;\??\c:\windows\system32\drivers\pqoxfrfm.sys --> c:\windows\system32\drivers\pqoxfrfm.sys [?]
S1 rrryduli;rrryduli;\??\c:\windows\system32\drivers\rrryduli.sys --> c:\windows\system32\drivers\rrryduli.sys [?]
S1 slcqumpn;slcqumpn;\??\c:\windows\system32\drivers\slcqumpn.sys --> c:\windows\system32\drivers\slcqumpn.sys [?]
S2 gupdate1c9c5c973d9206;Google Update Service (gupdate1c9c5c973d9206);c:\program files\Google\Update\GoogleUpdate.exe [4/25/2009 10:12 AM 133104]
S3 sonyhcs;Sony Digital Imaging Video;c:\windows\system32\drivers\sonyhcs.sys [2/4/2007 12:41 PM 299923]
S3 WMP300Nv1;Linksys Wireless-N PCI Adapter WMP300N Driver;c:\windows\system32\DRIVERS\WMP300Nv1.sys --> c:\windows\system32\DRIVERS\WMP300Nv1.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-10-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]
2009-10-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-27 02:52]
2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 17:12]
2009-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-25 17:12]
2009-10-04 c:\windows\Tasks\User_Feed_Synchronization-{48ACC765-F3DC-491F-8970-E63F22D81A84}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
2009-10-04 c:\windows\Tasks\User_Feed_Synchronization-{9BF3D6DC-5BC7-42A1-B930-1F5B54F23970}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{14528701-EB26-4DDD-BDF3-5B3A3BF85CA5} - {14528701-EB26-4DDD-BDF3-5B3A3BF85CA5} - c:\program files\Recipe Feeder\Recipe Feeder Explorer Bar\adxloader.dll
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\zl9y1vwn.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - prefs.js: keyword.URL -
FF - plugin: c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\zl9y1vwn.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-Aim6 - (no file)
HKCU-Run-AdobeBridge - (no file)
Notify-AtiExtEvent - (no file)
AddRemove-HijackThis - c:\documents and settings\Ron\Local Settings\Temporary Internet Files\Content.IE5\USDV1F5J\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-04 12:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Ron\LOCALS~1\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,0b,4c,8c,e8,23,
79,77,cb,e2,63,26,f1,3f,c8,ff,68,96,3d,57,e4,d2,44,3e,59,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,16,2b,5d,e1,cf,
22,7c,ec,6a,9c,d6,61,af,45,84,18,33,e5,59,e5,41,17,9d,2f,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,3d,d1,f2,ea,6b,
2d,1a,69,ff,7c,85,e0,43,d4,0e,fe,6b,cc,bb,07,13,3b,1e,73,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,13,0a,24,a9,aa,
30,fc,36,86,8c,21,01,be,91,eb,e7,de,43,d9,3e,cd,66,0d,ff,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,4f,22,80,12,00,
a1,56,c1,f5,1d,4d,73,a8,13,5c,05,4e,ab,0a,8b,8f,63,a2,e2,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,e2,29,9b,8c,43,
d2,9d,6c,df,20,58,62,78,6b,cf,c8,77,34,ba,7f,d4,ed,d6,e6,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,e3,53,83,61,f6,
4c,fd,b6,fb,a7,78,e6,12,2f,9a,ea,a2,ff,0c,39,b6,3d,ee,02,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,54,da,53,00,e5,
8f,41,2a,01,3a,48,fc,e8,04,4a,f1,88,66,b8,7e,c9,48,8f,b6,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,30,a8,05,87,26,
dc,96,3b,f6,0f,4e,58,98,5b,89,c9,0b,94,b7,92,44,da,6e,5f,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,82,d5,ef,bc,a6,
45,d9,14,3d,ce,ea,26,2d,45,aa,78,4b,a6,08,56,e6,63,c3,5b,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,d9,24,e2,f3,72,
a0,b3,3f,2a,b7,cc,b5,b9,7f,41,e7,3b,41,92,30,09,aa,45,ab,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,c3,95,58,6a,6c,
ac,65,d1,6c,43,2d,1e,aa,22,2f,9c,1c,92,8a,5c,49,ad,6a,f9,6c,43,2d,1e,aa,22,\
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1072)
c:\windows\System32\BCMLogon.dll
- - - - - - - > 'lsass.exe'(1128)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(3240)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\AvidSDMService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Airlink101\AWLH5025\AWLH5025.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\searchindexer.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Hallmark\Hallmark Card Studio 2007 Deluxe\Planner\PLNRnote.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
.
**************************************************************************
.
Completion time: 2009-10-04 13:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-04 20:02
Pre-Run: 6,886,694,912 bytes free
Post-Run: 12,241,346,560 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
392 --- E O F --- 2009-09-09 10:04