1. I cannot follow a link in google it take me to a site that is not the link that I wanted
2. Internet Explorer states that I am not connected to the internet.
3. I cannot download updates to AVG.
4. Malware removal tool does not start.
I ran Combofix.exe on my computer and here are the results:
Any help would be appreciated, I am assuming that my computer is hyjacked?
ComboFix 09-05-09.05 - Joe 05/10/2009 22:40.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.1028 [GMT -4:00]
Running from: c:\documents and settings\Joe\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Common Files\System\Uninstall
c:\recycler\S-6-0-87-100009349-100008168-100026669-1666.com
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\system32\drivers\gxvxcvuvjysiwionkjssmysvswuuoxgjmoekn.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxctjilcfgaujexlqgoepkqfvlrjhhbyert.dll
c:\windows\system32\mdm.exe
c:\windows\winhelp.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gxvxcserv.sys
((((((((((((((((((((((((( Files Created from 2009-04-11 to 2009-05-11 )))))))))))))))))))))))))))))))
.
2009-05-04 22:37 . 2009-05-04 22:37 -------- d-sh--w c:\documents and settings\Ioe\IETldCache
2009-05-04 22:37 . 2009-05-04 22:37 -------- d-sh--w c:\documents and settings\Ioe\UserData
2009-05-04 22:37 . 2009-05-04 22:37 -------- d-sh--w c:\documents and settings\Ioe\PrivacIE
2009-05-04 22:36 . 2009-05-04 22:36 -------- d-sh--w c:\documents and settings\Ioe\IECompatCache
2009-05-04 22:35 . 2009-05-04 22:35 -------- d-sh--w c:\documents and settings\Ioe\LOCALS~1
2009-05-04 22:35 . 2009-05-04 22:37 -------- d-sh--w c:\documents and settings\Ioe
2009-05-03 19:47 . 2009-05-03 19:47 -------- d-----w c:\program files\WebEx
2009-05-03 19:45 . 2008-12-12 22:05 23984 ----a-w c:\windows\system32\drivers\pnarp.sys
2009-05-03 19:44 . 2008-12-12 22:05 25264 ----a-w c:\windows\system32\drivers\purendis.sys
2009-05-03 19:42 . 2009-05-03 19:44 -------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks
2009-05-03 16:35 . 2009-05-03 16:35 -------- d-sh--w c:\documents and settings\LocalService\PrivacIE
2009-05-03 13:47 . 2009-05-03 13:47 -------- d-sh--w c:\documents and settings\Joe\IECompatCache
2009-05-03 13:24 . 2009-05-03 13:24 -------- d-sh--w c:\documents and settings\Joe\PrivacIE
2009-05-03 13:21 . 2009-05-03 13:21 -------- d-sh--w c:\documents and settings\Joe\IETldCache
2009-05-03 07:10 . 2009-05-03 07:10 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-02 20:09 . 2009-05-02 20:09 -------- d-----w c:\windows\ie8updates
2009-05-02 20:06 . 2009-02-28 04:55 105984 -c----w c:\windows\system32\dllcache\iecompat.dll
2009-05-02 20:00 . 2009-05-02 20:06 -------- dc-h--w c:\windows\ie8
2009-05-02 18:59 . 2009-02-06 22:08 55152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-05-02 18:57 . 2009-05-02 18:57 -------- d-----w c:\program files\Microsoft Sync Framework
2009-05-02 18:55 . 2006-11-29 17:06 3426072 ----a-w c:\windows\system32\d3dx9_32.dll
2009-05-02 18:55 . 2009-05-02 18:55 -------- d-----w c:\program files\Microsoft SQL Server Compact Edition
2009-05-02 18:51 . 2009-05-02 18:59 -------- d-----w c:\program files\Windows Live
2009-05-02 16:39 . 2009-05-02 16:39 -------- d-----w c:\documents and settings\Joe\Local Settings\Application Data\Citrix
2009-05-02 16:39 . 2009-05-02 16:39 61224 ----a-w c:\documents and settings\Joe\GoToAssistDownloadHelper.exe
2009-05-02 15:19 . 2009-05-03 19:44 -------- d-----w c:\program files\Common Files\Pure Networks Shared
2009-05-02 15:17 . 2009-05-02 15:17 -------- d-----w c:\program files\Pure Networks
2009-04-30 01:14 . 2009-04-30 01:14 -------- d-----w c:\documents and settings\Shannon\Local Settings\Application Data\Adobe
2009-04-30 01:11 . 2009-04-30 01:11 -------- d-----w c:\documents and settings\Shannon\Local Settings\Application Data\Identities
2009-04-20 16:00 . 2009-04-20 16:00 -------- d-----w c:\program files\Microsoft Office Outlook Connector
2009-04-20 15:59 . 2009-04-20 15:59 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-20 15:57 . 2009-04-20 15:57 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-20 15:43 . 2009-04-20 15:44 -------- d-----w C:\9e691c211cdc5a06551e93f5a68e1f
2009-04-20 15:42 . 2009-04-20 16:07 -------- d-----w c:\windows\SxsCaPendDel
2009-04-15 00:53 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 00:53 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 00:53 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 00:53 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 00:53 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 00:53 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 00:53 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 00:53 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 00:53 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 00:45 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 00:45 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-11 02:24 . 2005-12-20 00:33 -------- d-----w c:\program files\UPHS VPN
2009-05-07 03:38 . 2007-10-19 20:54 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-04 21:55 . 2007-03-05 03:06 118400 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-05-02 20:24 . 2008-03-03 01:18 -------- d-----w c:\program files\Microsoft Works
2009-04-29 22:45 . 2007-12-08 01:51 117952 ----a-w c:\documents and settings\Shannon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-21 00:08 . 2008-08-24 00:43 2828 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-20 16:00 . 2007-02-23 18:40 -------- d-----w c:\program files\Microsoft
2009-04-11 13:59 . 2008-07-03 17:30 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-11 13:59 . 2008-05-10 03:24 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-11 13:59 . 2008-05-10 03:24 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-08 01:46 . 2009-04-08 01:45 -------- d-----w c:\program files\iTunes
2009-04-08 01:45 . 2009-04-08 01:45 -------- d-----w c:\program files\iPod
2009-04-08 01:45 . 2008-09-11 00:02 -------- d-----w c:\program files\Common Files\Apple
2009-04-03 16:43 . 2006-03-12 18:28 -------- d-----w c:\program files\Diskeeper Corporation
2009-03-26 19:23 . 2009-04-08 01:42 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-03-26 19:23 . 2009-04-08 01:42 1900544 ----a-w c:\windows\system32\usbaaplrc.dll
2009-03-19 20:32 . 2008-01-29 16:01 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-13 02:08 . 2009-03-13 02:08 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-12 02:03 . 2009-03-12 02:03 85540 ---ha-w c:\windows\system32\mlfcache.dat
2009-03-08 08:34 . 2004-02-06 22:05 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2002-08-29 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2002-08-29 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2002-08-29 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2002-08-29 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2002-08-29 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2002-08-29 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2002-08-29 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2002-08-29 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2002-08-29 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2002-08-29 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-11 14:19 . 2009-03-13 02:08 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 14:19 . 2009-03-13 02:08 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2003-08-27 19:19 . 2005-02-20 21:07 36963 ----a-r c:\program files\Common Files\SM1updtr.dll
2003-03-27 14:37 . 2003-03-27 14:37 32 -csha-w c:\windows\{3E5B623F-ED0C-4133-AE89-E8FFC61DF68C}.dat
2003-09-15 23:58 . 2003-09-15 23:58 32 -csha-w c:\windows\{6EB4EDCB-DBFC-4B0C-90F6-E27399B6D4CE}.dat
2003-09-15 23:59 . 2003-09-15 23:59 32 -csha-w c:\windows\{79F45BE8-789F-44A1-95F9-88CC4E9B37A1}.dat
2003-09-15 23:59 . 2003-09-15 23:59 32 -csha-w c:\windows\system32\{89A262CC-7F78-4F39-A2C6-8B8F2111C1EF}.dat
2003-09-15 23:58 . 2003-09-15 23:58 32 -csha-w c:\windows\system32\{90E4CBD8-978D-4918-8948-88205D097131}.dat
2003-03-27 14:37 . 2003-03-27 14:37 32 -csha-w c:\windows\system32\{C592CBCB-9900-4E36-A9E9-F43E87253248}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-31 50480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-11 1932568]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-12-12 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"WD Button Manager"="WDBtnMgr.exe" - c:\windows\system32\WDBtnMgr.exe [2007-07-29 364544]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-17 1626112]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-11 13:59 10520 ----a-w c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"MIDI1"= SYNCOR11.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Hotfix-KB5504305 REG_SZ c:\windows\system32\rundll60.exe
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ WinCinema Manager.lnk
backup=c:\windows\pss\ WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Joe^Start Menu^Programs^Startup^Diskeeper 9 Professional Edition Registration.lnk]
path=c:\documents and settings\Joe\Start Menu\Programs\Startup\Diskeeper 9 Professional Edition Registration.lnk
backup=c:\windows\pss\Diskeeper 9 Professional Edition Registration.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM95\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\UPHS VPN\\Extranet.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"49182:TCP"= 49182:TCP:BitComet 49182 TCP
"49182:UDP"= 49182:UDP:BitComet 49182 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/9/2008 11:24 PM 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/9/2008 11:24 PM 108552]
R1 OxFWLF;OxFWLF;c:\windows\system32\drivers\OxFWLF.sys [8/1/2007 7:34 PM 12616]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 1:30 PM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 1:30 PM 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [5/2/2009 2:59 PM 55152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [1/14/2009 5:53 PM 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/3/2007 10:16 PM 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [12/19/2005 8:33 PM 9817]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [12/19/2005 8:33 PM 117760]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [5/23/2007 4:15 AM 547744]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 ICAM3NT5;Intel(r) PC Camera CS331;c:\windows\system32\drivers\ICAM3D2.SYS [9/20/2003 12:11 PM 145184]
S3 OXUDIDRV;OXUDIDRV;c:\windows\system32\drivers\OXUDIDRV_X32.sys [8/1/2007 7:34 PM 17664]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:34]
2009-05-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
2009-05-08 c:\windows\Tasks\{068E6D82-BE67-4662-8C70-2E55F59ACA15}_XODE2HLY1ZJ0F3B_Joe.job
- c:\windows\System32\mobsync.exe [2002-08-29 00:12]
2009-05-08 c:\windows\Tasks\{5B700A59-B1D1-415A-90B1-A70799A164BE}_XODE2HLY1ZJ0F3B_Joe.job
- c:\windows\System32\mobsync.exe [2002-08-29 00:12]
2009-05-08 c:\windows\Tasks\{ECB502C6-3778-4A9C-8DB5-80BFA667E414}_XODE2HLY1ZJ0F3B_Joe.job
- c:\windows\System32\mobsync.exe [2002-08-29 00:12]
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
HKCU-RunOnce-Shockwave Updater - c:\windows\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.0.3705; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET
HKLM-Run-IINetworkScanUtility - c:\program files\Canon\Canon II Network Scan Utility\CNMNSUT.EXE
HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
Notify-NavLogon - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customi ... .yahoo.com
Trusted Zone: upenn.edu\mail.uphs
DPF: Cab-package - hxxp://uphsnet.uphs.upenn.edu/medview/p ... v_cert.CAB
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {541AEDD4-20E8-4E6F-B12B-0FDD38BB712F} - hxxp://cenweb.uphs.upenn.edu/ami/install/amiviewer.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/0365d8fa3fa ... xIE601.cab
DPF: {6FE450DC-AD32-48D4-A366-01EE7E0B1374} - hxxp://uphsnet.uphs.upenn.edu/medview/p ... apicom.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 22:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1275210071-1757981266-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2009-05-11 22:55
ComboFix-quarantined-files.txt 2009-05-11 02:54
Pre-Run: 47,963,783,168 bytes free
Post-Run: 48,728,195,072 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
264 --- E O F --- 2009-05-09 18:11