Combofix log
ComboFix 09-06-16.01 - EARL 06/16/2009 17:38.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.312 [GMT -4:00]
Running from: c:\documents and settings\EARL\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\EARL\Application Data\ioauwegt
c:\documents and settings\EARL\Local Settings\Application Data\ioauwegt
c:\documents and settings\NetworkService\Application Data\ioauwegt
c:\documents and settings\NetworkService\Local Settings\Application Data\ioauwegt
c:\windows\Adventure Inlay.scr
c:\windows\Tasks\At1.job
c:\documents and settings\EARL\Application Data\ioauwegt\profiles.ini
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\cert8.db
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\compatibility.ini
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\compreg.dat
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\cookies.sqlite
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\formhistory.sqlite
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\key3.db
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\localstore.rdf
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\permissions.sqlite
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\places.sqlite
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\places.sqlite-journal
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\pluginreg.dat
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\prefs.js
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\secmod.db
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\webappsstore.sqlite
c:\documents and settings\EARL\Application Data\ioauwegt\Profiles\xxpb9mfw.default\xpti.dat
c:\documents and settings\EARL\Local Settings\Application Data\ioauwegt\Profiles\xxpb9mfw.default\urlclassifier3.sqlite
c:\documents and settings\EARL\Local Settings\Application Data\ioauwegt\Profiles\xxpb9mfw.default\XPC.mfl
c:\documents and settings\NetworkService\Application Data\ioauwegt\profiles.ini
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\cert8.db
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\compatibility.ini
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\compreg.dat
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\cookies.sqlite
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\formhistory.sqlite
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\key3.db
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\localstore.rdf
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\permissions.sqlite
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\places.sqlite
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\places.sqlite-journal
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\pluginreg.dat
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\prefs.js
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\secmod.db
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\webappsstore.sqlite
c:\documents and settings\NetworkService\Application Data\ioauwegt\Profiles\baixewl8.default\xpti.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\ioauwegt\Profiles\baixewl8.default\urlclassifier3.sqlite
c:\documents and settings\NetworkService\Local Settings\Application Data\ioauwegt\Profiles\baixewl8.default\XPC.mfl
C:\rsbqbni.exe
c:\windows\9g234sdfdfgjf23
c:\windows\asetizoyiziyemam.dll
c:\windows\egaqunuhogajimon.dll
c:\windows\idowotehokofata.dll
c:\windows\Install.txt
c:\windows\omenorix.dll
c:\windows\Readme.txt
c:\windows\system32\drivers\cvcpvdol.sys . . . . failed to delete
c:\windows\system32\drivers\xspbibhn.sys . . . . failed to delete
c:\windows\system32\Install.txt
c:\windows\system32\nfr.assembly
c:\windows\system32\rkfmxnr.dll . . . . failed to delete
c:\windows\system32\uhukkqi.dll . . . . failed to delete
c:\windows\system32\uniq.tll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6to4
-------\Legacy_CVCPVDOL
-------\Legacy_dhcpsrv
-------\Legacy_msncache
-------\Legacy_ntalme
-------\Legacy_sopidkc
-------\Service_cvcpvdol
((((((((((((((((((((((((( Files Created from 2009-05-16 to 2009-06-16 )))))))))))))))))))))))))))))))
.
2009-06-16 03:18 . 2009-06-16 03:18 390664 ----a-w- c:\documents and settings\EARL\Application Data\Real\RealPlayer\Update\realplayer11gold.exe
2009-06-14 20:09 . 2009-06-14 20:09 -------- d-sh--w- c:\documents and settings\ERICA\PrivacIE
2009-06-14 20:08 . 2009-06-14 20:08 -------- d-sh--w- c:\documents and settings\ERICA\IETldCache
2009-06-14 18:41 . 2009-06-14 18:44 -------- dc-h--w- c:\windows\ie8
2009-06-14 15:00 . 2009-06-14 15:00 -------- d-sh--w- c:\documents and settings\EARL\IECompatCache
2009-06-14 14:58 . 2009-06-14 14:58 -------- d-sh--w- c:\documents and settings\EARL\PrivacIE
2009-06-14 14:58 . 2009-06-14 14:58 -------- d-sh--w- c:\documents and settings\EARL\IETldCache
2009-06-14 14:41 . 2009-06-14 14:41 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-14 14:40 . 2009-06-14 14:40 -------- d-sh--w- c:\documents and settings\LISA\PrivacIE
2009-06-14 14:40 . 2009-06-14 14:40 -------- d-sh--w- c:\documents and settings\LISA\IECompatCache
2009-06-14 14:36 . 2009-06-14 14:36 -------- d-sh--w- c:\documents and settings\LISA\IETldCache
2009-06-14 06:37 . 2009-06-14 06:37 -------- d-----w- c:\documents and settings\LISA\Local Settings\Application Data\Mozilla
2009-06-14 02:45 . 2009-06-14 02:47 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-14 02:02 . 2009-06-14 02:02 -------- d-----w- C:\VundoFix Backups
2009-06-14 01:34 . 2009-06-14 01:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-06-14 01:34 . 2009-06-14 01:36 -------- d-----w- c:\program files\PCPitstop
2009-06-13 18:42 . 2009-06-13 18:42 0 ----a-w- c:\windows\nsreg.dat
2009-06-13 18:42 . 2009-06-13 18:42 -------- d-----w- c:\documents and settings\EARL\Local Settings\Application Data\Mozilla
2009-06-04 20:36 . 2009-06-04 22:03 -------- d-----w- c:\documents and settings\ERICA\Local Settings\Application Data\king.com
2009-06-03 02:52 . 2009-06-03 02:52 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-02 02:39 . 2009-06-02 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2009-06-01 23:12 . 2009-06-03 02:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-01 23:12 . 2009-06-01 23:12 -------- d-----w- c:\documents and settings\EARL\Application Data\SUPERAntiSpyware.com
2009-06-01 22:20 . 2009-06-03 02:52 -------- d-----w- c:\program files\Windows Defender
2009-05-31 14:38 . 2009-05-31 14:38 -------- d-----w- c:\documents and settings\ERICA\Application Data\Malwarebytes
2009-05-31 02:15 . 2009-05-31 02:15 -------- d-----w- c:\documents and settings\EARL\Application Data\Malwarebytes
2009-05-30 19:35 . 2009-05-30 19:35 -------- d-----w- c:\windows\system32\Internet Explorer
2009-05-30 15:38 . 2009-05-30 15:38 -------- d-----w- c:\documents and settings\LISA\Application Data\Malwarebytes
2009-05-30 15:37 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-30 15:37 . 2009-05-30 15:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-30 15:37 . 2009-05-30 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-30 15:37 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-30 13:25 . 2009-05-30 13:25 -------- d-----w- c:\program files\MSBuild
2009-05-30 05:41 . 2009-05-30 05:41 155648 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bonuspaigowpoker.7a255497429caa23df774f47d3465136.dll
2009-05-30 05:39 . 2009-05-30 05:39 385024 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bonusblackjack.dab6343a296b066bd5fe18d7c7d9940f.dll
2009-05-30 05:36 . 2009-05-30 05:36 483600 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\h\hilowbonus_tggg.10cdcb3e64c301c60db4d11d2d7781a4.dll
2009-05-30 05:36 . 2009-05-30 05:36 446736 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\h\hilowbonus.ecf70c1bd892c000f22ce30d5b0ba784.dll
2009-05-30 05:24 . 2009-05-30 05:24 421888 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\lua51host.4f93c8cce0c64b200821a73dd29068f6.dll
2009-05-30 05:24 . 2009-05-30 05:24 594192 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\snakesandladdersbonus.1b7d7437b87cc53b7a00c4efd2db679d.dll
2009-05-30 05:23 . 2009-05-30 05:23 61440 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\tikimaskbonusgame.0dc1c149f619ef0a72aacd3abdeb0dfb.dll
2009-05-30 05:23 . 2009-05-30 05:23 57344 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\volcanobonusgame.1f5cd5f4b800bd1a6e740e08a3119e10.dll
2009-05-30 05:23 . 2009-05-30 05:23 213089 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\b\bigkahuna.769fd4a48b95c8614a738f1cad88bcd5.dll
2009-05-30 05:17 . 2009-05-30 05:17 430352 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofyskillbonus.8d56aeea91f0d0bbdf41c578fbf38496.dll
2009-05-30 05:11 . 2009-05-30 05:11 376832 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\atlanticcityblackjack.9baef784fe666fb9d90dc331d0239eed.dll
2009-05-30 05:04 . 2009-05-30 05:04 561424 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_tggg.ca9a61a09a35dc0843cc68f532694746.dll
2009-05-30 05:04 . 2009-05-30 05:04 495888 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus.aa7eb4e3b4774e5cad0d4f8562ca860d.dll
2009-05-30 05:04 . 2009-05-30 05:04 233744 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickuntilbonus_temp.b6b7e588aedb05fa062fb8447406bca9.dll
2009-05-30 05:03 . 2009-05-30 05:03 114688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokergambleplugin.d65fe35ffb2e6dc1b9ea46def3db39dc.dll
2009-05-30 05:03 . 2009-05-30 05:03 290941 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokerxxx.0d52d2ac00db83d9b97c99592ee3aa21.dll
2009-05-30 05:03 . 2009-05-30 05:03 139264 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\l\levelupvideopokerplugin.d3ee60c36507413ca9ab67247eac5288.dll
2009-05-30 05:02 . 2009-05-30 05:02 237840 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\p\powerpokersuite1_nl.cebfe8812d984716506c6d9d096a5f48.dll
2009-05-30 05:01 . 2009-05-30 05:01 217360 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\v\videopokersuite1.03dd648f567bef124a1d270ad208752a.dll
2009-05-30 05:00 . 2009-05-30 05:00 200704 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\3\3cardpoker.8e73a522a397f174eb628d05f72f1f40.dll
2009-05-30 04:59 . 2009-05-30 04:59 32834 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\_\_crt_baccarat.a090413d6195a12421945ded5707d93f.dll
2009-05-30 04:57 . 2009-05-30 04:57 368912 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\reelstrikexxx.f6ecb9684e1be3d30a84d6ce47725e8a.dll
2009-05-30 04:57 . 2009-05-30 04:57 307472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\reelstrikeslot.263bf62c0114cead1f4829bc52d84b9f.dll
2009-05-30 04:57 . 2009-05-30 04:57 151824 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\r\reelstrikebonus.352846d26cf4c594dafc9b9ea0b478be.dll
2009-05-30 04:55 . 2009-05-30 04:55 110864 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\type_3reelnormal1_2.6d58a1bcaf1d9165fa0b77fa9598b623.dll
2009-05-30 04:55 . 2009-05-30 04:55 114960 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll
2009-05-30 04:54 . 2009-05-30 04:54 204905 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll
2009-05-30 04:53 . 2009-05-30 04:53 114688 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
2009-05-30 04:51 . 2009-05-30 04:51 376832 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\europeanblackjack.cb403a5bad6b43e2910d2e09c35c47ed.dll
2009-05-30 04:51 . 2009-05-30 04:51 45056 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroblackjackstrategy.9c188ef9cd6c03e5b4bd398d23041cd2.dll
2009-05-30 04:51 . 2009-05-30 04:51 229483 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\e\euroblackjack.6c6f541acc24f3244c0a64fa851edca8.dll
2009-05-30 04:49 . 2009-05-30 04:49 311398 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2009-05-30 04:49 . 2009-05-30 04:49 303204 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2009-05-30 04:48 . 2009-05-30 04:48 327784 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2009-05-30 04:43 . 2009-05-30 04:43 213264 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\c\choosebonus.df815bbfb8ae7a29a353f0ae65e4af17.dll
2009-05-30 04:43 . 2009-05-30 04:43 323856 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\h\hitmancontractbonus.339a969d902930975b3194643e289fc9.dll
2009-05-30 04:40 . 2009-05-30 04:40 266512 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll
2009-05-30 04:40 . 2009-05-30 04:40 262416 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll
2009-05-30 04:40 . 2009-05-30 04:40 254224 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll
2009-05-30 04:39 . 2009-05-30 04:39 524560 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\s\simplepickxofybonus_tggg.f8ba0ccac248b6026b2705996790640a.dll
2009-05-30 04:39 . 2009-05-30 04:39 1904753 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2009-05-30 04:39 . 2009-05-30 04:39 823568 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1_temp2.198f2a88c7f89c1d0b1ded39e546e22b.dll
2009-05-30 04:39 . 2009-05-30 04:39 1249399 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\a\advancedslots1xxx_tggg.a33335318f7b89139ecd4652b6e8c4b9.dll
2009-05-30 04:39 . 2009-05-30 04:39 307472 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\g\gamble2_tggg.436ea9e59e2a2b9a2106e598920cba26.dll
2009-05-30 04:35 . 2009-05-30 04:35 413696 ----a-w- c:\documents and settings\All Users\Application Data\MGS\cache\m\menucore.9037a298ee3e59ea5a655d88569c2b77.dll
2009-05-29 20:44 . 2009-05-30 16:05 -------- d-----w- c:\windows\dhcp
2009-05-28 23:34 . 2009-05-28 23:34 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-27 20:49 . 2009-05-27 20:49 -------- d-----w- c:\program files\Trend Micro
2009-05-27 18:10 . 2009-06-03 02:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-27 18:10 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-05-27 18:10 . 2009-04-03 15:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-05-27 18:10 . 2008-12-18 16:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-27 18:09 . 2009-05-27 18:11 -------- d-----w- c:\program files\Common Files\PC Tools
2009-05-27 18:09 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-05-27 18:09 . 2009-05-27 18:11 -------- d-----w- c:\program files\Spyware Doctor
2009-05-27 18:09 . 2009-05-27 18:09 -------- d-----w- c:\documents and settings\ERICA\Application Data\PC Tools
2009-05-27 18:09 . 2009-05-27 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-16 21:45 . 2001-08-18 11:00 104448 ----a-w- c:\windows\system32\uhukkqi.dll
2009-06-16 21:45 . 2001-08-18 11:00 23424 ----a-w- c:\windows\system32\drivers\xspbibhn.sys
2009-06-16 00:43 . 2009-04-16 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-14 15:02 . 2008-07-08 22:21 33061 ----a-w- c:\windows\king-uninstall.exe
2009-06-02 00:31 . 2002-11-12 21:45 92024 ----a-w- c:\documents and settings\ERICA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-31 22:28 . 2002-11-10 23:26 92024 ----a-w- c:\documents and settings\EARL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 17:42 . 2003-07-03 01:27 92024 ----a-w- c:\documents and settings\LISA\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-30 13:30 . 2007-04-04 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-30 13:25 . 2002-10-05 01:10 -------- d-----w- c:\program files\Microsoft Works
2009-05-30 04:13 . 2004-03-18 00:07 -------- d-----w- c:\documents and settings\LISA\Application Data\MSN6
2009-05-27 10:26 . 2002-10-05 02:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-27 00:32 . 2004-02-13 00:16 -------- d-----w- c:\documents and settings\ERICA\Application Data\Lycos
2009-05-26 23:31 . 2004-02-13 20:50 -------- d-----w- c:\documents and settings\EARL\Application Data\Lycos
2009-05-16 04:50 . 2009-05-16 04:50 -------- d-----w- c:\program files\Common Files\xing shared
2009-05-16 04:50 . 2002-10-05 02:41 -------- d-----w- c:\program files\Common Files\Real
2009-04-16 04:01 . 2009-04-13 04:51 0 ----a-w- c:\windows\Wnewowa.bin
2009-04-14 22:33 . 2009-04-14 22:33 0 ----a-w- c:\windows\Wnewowa.binWnewowa.bin
2007-11-22 18:55 . 2007-11-22 18:55 436360 ----a-w- c:\program files\msgr8us.exe
2005-08-11 23:53 . 2005-08-11 23:53 1058352 ----a-w- c:\program files\tr1advinst.zip
1999-03-17 20:40 . 2004-09-24 02:17 48704 ----a-w- c:\program files\Same.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-26 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-05-26 414480]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-16 198160]
c:\documents and settings\LISA\Start Menu\Programs\Startup\
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1996-11-17 51984]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2001-8-7 24633]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\globallyopenports\list]
"41435:TCP"= 41435:TCP:@xpsp2res.dll,-22009
R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [5/27/2009 2:10 PM 130936]
R2 mbamservice;mbamservice;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/30/2009 11:37 AM 194832]
R3 mbamprotector;mbamprotector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [5/30/2009 11:37 AM 19096]
S1 e422fce6;e422fce6;c:\windows\system32\drivers\e422fce6.sys --> c:\windows\system32\drivers\e422fce6.sys [?]
S2 fmiyrae;fmiyrae;c:\windows\System32\svchost.exe -k netsvcs [8/18/2001 7:00 AM 14336]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\SYSTEM32\spupdsvc.exe [10/22/2004 7:42 AM 26144]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/27/2009 2:09 PM 348752]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CVCPVDOL
*Deregistered* - cvcpvdol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
fpqojinc
fmiyrae
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-06-16 c:\windows\Tasks\Ad-aware 6.job
- c:\progra~1\Lavasoft\AD-AWA~1\Ad-aware.exe [2004-03-18 03:00]
2009-06-16 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-16 02:33]
2009-06-16 c:\windows\Tasks\Malwarebytes' Scheduled Scan for EARL.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-05-30 17:20]
2009-06-16 c:\windows\Tasks\Malwarebytes' Scheduled Update for EARL.job
- c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-05-30 17:20]
2009-06-12 c:\windows\Tasks\System Restore.job
- c:\windows\SYSTEM32\Restore\rstrui.exe [2004-01-01 00:12]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
HKLM-Run-1803 - C:\rsbqbni.exe
.
------- Supplementary Scan -------
.
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: Add to Media Manager... - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-16 17:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3468)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Common Files\Symantec Shared\CCPROXY.EXE
c:\program files\Common Files\Symantec Shared\CCSETMGR.EXE
c:\windows\SYSTEM32\CTSVCCDA.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\program files\Norton Internet Security\Norton AntiVirus\NAVAPSVC.EXE
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\MsPMSPSv.exe
c:\windows\SYSTEM32\devldr32.exe
c:\windows\SYSTEM32\CF13173.exe
.
**************************************************************************
.
Completion time: 2009-06-16 18:02 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-16 22:02
Pre-Run: 57,025,171,456 bytes free
Post-Run: 58,044,420,096 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
313 --- E O F --- 2009-05-29 17:48
Hijack this log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:14:07 PM, on 6/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.15\AMVConverter\grab.html
O8 - Extra context menu item: Add to Media Manager... - C:\Program Files\MP3 Player Utilities 4.15\MediaManager\grab.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zone.msn.com/binary/msgrchkr.cabO16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.symantec.com/techsup ... SupCtl.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zone.msn.com/binary/ms ... b56986.cabO16 - DPF: {215b8138-a3cf-44c5-803f-8226143cfc0a} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.trendmicro.com/house ... hcImpl.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cabO16 - DPF: {5ed80217-570b-4da9-bf44-be107c0ec166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... se1140.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... Client.cabO16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) -
http://h30155.www3.hp.com/ediags/gs/ins ... utions.cabO16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) -
http://autos.msn.com/components/ocx/ext ... utside.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/Me ... b56907.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsup ... mAData.cabO16 - DPF: {ffb3a759-98b1-446f-bda9-909c6eb18cc7} (PCPitstop Exam) -
http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dllO23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: EPSON V5 Service4(01) (epson_eb_rpcv4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (epson_pm_rpcv4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: mbamservice - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 9353 bytes