askey,
thank you for your instructions . I followed them to the letter. although, when combofix rebooted, my computer locked up before it could prepare the log. so i ran it again. i hope this didn't screw anything up.
thanks again, i wont touch my computer again until you give me the ok.
uninstall list.
Ad-Aware
Ad-Aware
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG 8.5
Belarc Advisor 7.0
BigFix
BitLord 1.1
Contextual Tool Adssite
Critical Update for Windows Media Player 11 (KB959772)
Digital Media Reader
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
hp deskjet 3500 series
iTunes
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 4
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Money 2005
Microsoft Office Standard Edition 2003
Microsoft Picture It! Premium 10
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows Vista Upgrade Advisor
Microsoft Works
Monopoly
Mozilla Firefox (3.0.13)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero BurnRights
Nero OEM
OpenOffice.org 2.4
QuickTime
RealPlayer
Realtek AC'97 Audio
Recovery Software Suite eMachines
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SoftV92 Data Fax Modem with SmartCP
SpyHunter
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB953356)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VC 9.0 Runtime
Viewpoint Media Player
Winamp (remove only)
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinMX
ZoneAlarm
ZoneAlarm Spy Blocker Toolbar
ComboFix 09-08-26.05 - Owner 08/26/2009 19:45.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1406.964 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\mfred.exe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\jestertb.dll
c:\windows\patch.exe
c:\windows\run.log
c:\windows\system32\certstore.dat
c:\windows\system32\cont_adssite-remove.exe
c:\windows\system32\drivers\SKYNETpiqvrbqp.sys
c:\windows\system32\drivers\UACklyxqltoxn.sys
c:\windows\system32\gzmrot-uninst.exe
c:\windows\system32\nerocheck.exe
c:\windows\system32\netskt.sys
c:\windows\system32\SKYNETdqvdktur.dll
c:\windows\system32\SKYNEToqwswuyp.dat
c:\windows\system32\SKYNETpvwabrfm.dat
c:\windows\system32\SKYNETuxxeiglk.dll
c:\windows\system32\UACbivppetnkt.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACipereypixm.dat
c:\windows\system32\UACkjitvxdoro.dll
c:\windows\system32\UACrtalqbuxyb.dll
c:\windows\system32\UACsybdvbnmge.db
c:\windows\system32\UACxowkklvten.dll
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_SKYNETxrmejwfv
-------\Legacy_SKYNETxrmejwfv
-------\Service_UACd.sys
-------\Legacy_UACd.sys
-------\Legacy_netskt
-------\Service_netskt
((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 )))))))))))))))))))))))))))))))
.
2009-08-27 00:17 . 2009-08-27 00:43 -------- d-s---w- C:\fred.exe
2009-08-23 21:26 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 21:26 . 2009-08-23 21:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 21:26 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-20 13:06 . 2009-08-20 13:06 -------- d-----w- C:\ERDNT
2009-08-20 13:06 . 2009-08-20 13:06 -------- d-----w- c:\windows\ERUNT
2009-08-20 13:05 . 2009-08-20 13:06 -------- d-----w- C:\!FixIEDef
2009-08-18 19:14 . 2009-08-18 19:14 0 ----a-w- c:\documents and settings\Owner\settings.dat
2009-08-18 02:03 . 2009-08-18 02:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-08-18 01:40 . 2009-08-18 15:03 -------- d-----w- c:\program files\Panda Security
2009-08-17 02:59 . 2009-07-03 14:49 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-08-17 02:27 . 2009-07-03 14:49 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-08-17 02:27 . 2009-08-17 02:27 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-17 02:26 . 2009-08-17 02:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-17 02:26 . 2009-07-08 17:28 2920112 -c--a-w- c:\documents and settings\All Users\Application Data\{EF63305C-BAD7-4144-9208-D65528260864}\Ad-AwareAE.exe
2009-08-17 01:33 . 2009-08-17 01:33 117760 ----a-w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-17 01:31 . 2009-08-18 15:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-17 01:31 . 2009-08-17 01:31 -------- d-----w- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-08-16 21:06 . 2009-08-16 21:37 -------- d-----w- C:\SRN Micro
2009-08-13 19:09 . 2009-07-28 21:33 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-13 18:56 . 2009-08-13 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-08-13 18:56 . 2009-08-13 19:04 -------- d-----w- c:\program files\PCPitstop
2009-08-13 16:32 . 2009-02-16 05:10 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-08-13 16:32 . 2009-02-16 05:10 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-08-13 16:32 . 2009-02-16 05:10 1221512 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-13 15:58 . 2009-08-13 15:58 -------- d-----w- c:\documents and settings\Owner\Application Data\GlarySoft
2009-08-13 14:03 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-13 04:48 . 2009-08-13 04:48 -------- d-----w- c:\documents and settings\Owner\Application Data\MalwareRemovalBot
2009-08-13 01:43 . 2009-08-13 01:43 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-08-10 16:59 . 2009-08-10 16:59 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-28 18:14 . 2009-07-03 17:09 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-07-28 18:14 . 2009-07-03 17:09 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-27 00:08 . 2008-05-29 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-26 23:11 . 2005-08-24 01:31 6614 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat
2009-08-23 19:39 . 2009-03-11 01:15 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 19:39 . 2009-03-11 01:15 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 19:39 . 2009-03-11 01:15 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-23 12:56 . 2007-09-29 03:17 -------- d-----w- c:\program files\Enigma Software Group
2009-08-18 15:04 . 2005-08-05 00:03 -------- d-----w- c:\documents and settings\Owner\Application Data\Shareaza
2009-08-18 00:53 . 2005-01-02 06:35 -------- d-----w- c:\program files\Google
2009-08-17 03:05 . 2009-04-12 21:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-16 21:40 . 2005-11-07 17:15 -------- d-----w- c:\program files\LimeWire
2009-08-16 21:20 . 2005-01-02 06:40 -------- d-----w- c:\program files\Napster
2009-08-15 22:32 . 2006-06-20 19:54 -------- d-----w- c:\program files\Valusoft
2009-08-15 22:30 . 2005-09-12 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-15 22:29 . 2005-09-12 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-13 16:43 . 2009-08-13 16:39 65350827 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_13_11_25_16_full.dmp.zip
2009-08-13 16:39 . 2009-08-13 16:39 46409 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_13_11_25_13_small.dmp.zip
2009-08-13 16:39 . 2009-08-13 16:39 46866 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_13_11_24_47_small.dmp.zip
2009-08-13 16:39 . 2009-08-13 16:39 46449 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_13_11_25_02_small.dmp.zip
2009-08-13 16:39 . 2009-08-13 16:39 46406 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_13_11_25_09_small.dmp.zip
2009-08-13 16:39 . 2009-08-13 16:39 46120 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_13_11_25_06_small.dmp.zip
2009-08-13 16:39 . 2009-08-13 16:39 45604 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_13_11_24_55_small.dmp.zip
2009-08-13 16:39 . 2009-08-13 16:39 46462 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_13_11_24_45_small.dmp.zip
2009-08-13 16:39 . 2009-08-13 16:39 46297 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_13_11_24_42_small.dmp.zip
2009-08-13 16:39 . 2009-08-13 16:39 46233 ----a-w- c:\windows\Internet Logs\vsmon_2nd_2009_08_13_11_24_39_small.dmp.zip
2009-08-13 16:33 . 2009-04-01 12:44 -------- d-----w- c:\program files\AskBarDis
2009-08-13 16:32 . 2005-08-02 21:47 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-13 04:44 . 2008-11-02 21:18 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-08-13 04:44 . 2008-08-19 21:14 -------- d-----w- c:\documents and settings\Owner\Application Data\OpenOffice.org2
2009-08-08 22:40 . 2008-10-16 08:09 16994015 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2009-08-05 09:01 . 2005-03-23 16:52 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-03-23 16:52 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2005-03-23 16:53 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25 . 2005-03-23 16:52 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2005-03-23 16:52 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2005-03-23 16:52 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2005-03-23 16:52 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2005-03-23 16:52 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2005-03-23 16:52 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2005-03-23 16:52 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2005-03-23 16:52 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-03-23 16:52 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2005-03-23 16:52 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2005-03-23 18:08 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2005-03-23 16:52 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2005-03-23 16:53 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2005-03-23 16:52 1291264 ----a-w- c:\windows\system32\quartz.dll
2005-07-26 01:39 . 2005-07-26 01:39 0 --sha-w- c:\windows\SMINST\HPCD.sys
2009-04-13 18:18 . 2006-07-05 22:33 785 --sha-w- c:\windows\system32\mmf.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-10-16 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-23 2007832]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 19:39 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
backup=c:\windows\pss\BigFix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ORB.lnk]
backup=c:\windows\pss\ORB.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Backyard Hockey 2005 Registration.lnk]
path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Backyard Hockey 2005 Registration.lnk
backup=c:\windows\pss\Backyard Hockey 2005 Registration.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk]
backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
backup=c:\windows\pss\PowerReg Scheduler V3.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)
"vsmon"=2 (0x2)
"ose"=3 (0x3)
"LicCtrlService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"ASKService"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"hkmsvc"=3 (0x3)
"helpsvc"=2 (0x2)
"BITS"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\utorrent.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\SRN Micro\\SOLOCFG.EXE"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/16/2009 9:27 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/10/2009 8:15 PM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/10/2009 8:15 PM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/10/2009 8:15 PM 297752]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [4/1/2009 7:44 AM 464264]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
S4 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [7/5/2006 5:33 PM 2560]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2009-08-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:49]
2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 18:42]
.
.
------- Supplementary Scan -------
.
uStart Page =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {6824D897-F7E1-4E41-B84B-B1D3FA4BF1BD} -
hxxp://utilities.pcpitstop.com/Extermin ... iVirus.dllFF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\gq3e2p55.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www1.yoog.com/search.php?q=FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage -
hxxp://online.tvguide.com/listings/FF - prefs.js: keyword.URL -
hxxp://www1.yoog.com/search.php?q=FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl -
hxxp://www1.yoog.com/search.php?q=FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL -
hxxp://www1.yoog.com/search.php?q=FF - user.js: keyword.enabled - true
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-08-26 19:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222]
"1"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,c9,e0,20,43,a1,23,f2,
e3
"2"=hex:f1,df,16,de,80,08,0e,2a,78,a4,28,cb,d2,56,ff,58,a6,09,d8,fb,43,e9,d5,
e7,16,83,71,61,5d,be,d8,25
"3"=hex:b0,cd,e0,26,42,20,9e,7c,08,f1,c1,23,e7,41,66,ec,2b,92,4b,0d,22,14,9d,
cb,e3,f8,73,90,7d,a4,36,0d,7e,db,3a,16,4c,1a,45,81,b1,a5,77,31,f5,50,d6,e8
[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \EC1A69D1C0948222\B144CCE307E78EB6EE53CA2196E4D0A2]
"1"=hex:97,5e,49,d3,7c,a0,18,18,10,c9,e3,e3,c1,ae,57,ed,60,42,a5,db,24,eb,e2,
b0,36,d7,56,53,fe,9f,3d,f9
"2"=hex:c8,8f,7e,e1,28,bb,79,e1
"3"=hex:c7,0b,2e,59,32,a7,00,8e,23,db,a1,bd,f0,bc,1d,c9,6a,37,ee,b5,fc,36,c4,
15,41,e3,f5,dc,85,6c,d7,d5,ac,6b,c5,61,0d,a0,b7,cf,30,38,79,81,ab,7d,2e,74,\
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:6b,96,68,24,0f,2f,9e,94,e8,ce,54,f3,3b,80,63,3a,1b,c3,e7,ed,44,3a,1d,
97,9f,f9,03,77,68,81,1b,0c,47,9b,87,b8,63,74,7d,34
"8"=hex:9d,9e,b2,b9,a7,a5,f4,ae,4d,29,c2,a3,c0,78,c4,c5,73,7e,45,c6,9f,9e,10,
63,a0,2f,06,c2,a3,e9,62,70,90,4c,ec,d6,92,e1,28,ba,e5,5d,0d,25,ef,fb,b7,21,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:70,56,26,33,e3,20,f8,ab
"10"=hex:70,78,9a,0e,0e,b6,0b,80
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(592)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(748)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-27 19:51
ComboFix-quarantined-files.txt 2009-08-27 00:51
Pre-Run: 139,740,573,696 bytes free
Post-Run: 139,715,055,616 bytes free
286 --- E O F --- 2009-08-15 13:34