ComboFix 09-03-18.01 - Omar 2009-03-19 19:04:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.635 [GMT -4:00]
Running from: c:\documents and settings\Omar\Desktop\ComboFix.exe
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\i386\EULA.txt
c:\documents and settings\i386\hosts
c:\documents and settings\i386\winmsd.exe
c:\program files\Mozilla Firefox\components\7d817ebf-685d-5fc9-8e89-dde647987875.dll
c:\program files\Mozilla Firefox\components\irpecufxanhh.dll
.
((((((((((((((((((((((((( Files Created from 2009-02-19 to 2009-03-19 )))))))))))))))))))))))))))))))
.
2009-03-19 12:00 . 2009-03-19 12:00 <DIR> d-------- c:\windows\LastGood
2009-03-14 00:27 . 2009-03-14 00:27 <DIR> d-------- C:\rsit
2009-03-13 21:55 . 2009-03-13 21:55 <DIR> d-------- c:\documents and settings\Omar\Application Data\Malwarebytes
2009-03-13 21:54 . 2009-03-13 21:55 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-13 21:54 . 2009-03-13 21:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-13 21:54 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-13 21:54 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-11 09:45 . 2009-03-11 09:45 <DIR> d-------- c:\documents and settings\Omar\Application Data\URSoft
2009-03-11 09:44 . 2009-03-11 09:47 <DIR> d-------- c:\program files\Your Uninstaller 2008
2009-03-10 23:19 . 2009-03-10 23:19 <DIR> dr------- c:\program files\Norton Support
2009-03-09 18:48 . 2009-03-09 18:48 <DIR> d-------- C:\_OTScanIt
2009-03-07 13:28 . 2009-03-07 13:52 <DIR> d-------- c:\program files\Common Files\Common Share
2009-03-04 21:14 . 2009-03-04 21:14 <DIR> d-------- c:\documents and settings\Omar\Application Data\DivX
2009-03-04 19:40 . 2008-11-06 12:37 129,784 --------- c:\windows\system32\pxafs.dll
2009-03-04 19:40 . 2008-11-06 12:37 9,464 --------- c:\windows\system32\drivers\cdralw2k.sys
2009-03-04 19:40 . 2008-11-06 12:37 9,336 --------- c:\windows\system32\drivers\cdr4_xp.sys
2009-03-04 15:32 . 2009-02-27 07:20 36,400 -ra------ c:\windows\system32\drivers\SymIM.sys
2009-03-02 09:51 . 2009-03-02 09:51 <DIR> d-------- c:\program files\Bonjour
2009-02-24 22:01 . 2009-02-24 22:01 <DIR> d-------- c:\documents and settings\Omar\Application Data\ACD Systems
2009-02-24 22:01 . 2009-02-24 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-24 21:59 . 2009-02-24 21:59 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-02-24 21:59 . 2009-02-24 21:59 <DIR> d-------- c:\program files\ACD Systems
2009-02-22 21:09 . 2009-03-19 11:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-14 14:51 --------- d-----w c:\program files\LimeWire
2009-03-11 22:57 --------- d-----w c:\program files\World of Warcraft
2009-03-11 13:50 --------- d-----w c:\program files\IrfanView
2009-03-11 13:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-03-07 20:20 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-07 20:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-03-04 23:41 --------- d-----w c:\program files\DivX
2009-03-03 18:56 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-03 18:56 7,386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-03 18:56 60,808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-03 18:56 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-03 18:56 --------- d-----w c:\program files\Symantec
2009-02-27 16:51 --------- d-----w c:\documents and settings\Omar\Application Data\U3
2009-02-24 20:23 --------- d-----w c:\program files\iPod
2009-02-23 01:14 --------- d-----w c:\program files\Google
2009-02-09 21:50 --------- d-----w c:\program files\HP
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-17 01:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-19 09:10 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-12-19 09:10 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-12-19 05:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
2008-12-19 05:23 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-09-29 00:16 38,016 ----a-w c:\documents and settings\Omar\Application Data\GDIPFONTCACHEV1.DAT
2008-09-14 04:06 37,240 ----a-w c:\documents and settings\El guest\Application Data\GDIPFONTCACHEV1.DAT
2006-03-26 19:04 147,608 ----a-w c:\documents and settings\i386\FNTCACHE.DAT
2006-03-24 23:51 53,838 ----a-w c:\documents and settings\i386\perfc009.dat
2006-03-24 23:51 382,260 ----a-w c:\documents and settings\i386\perfh009.dat
2006-03-24 23:46 16,384 ----a-w c:\documents and settings\i386\index.dat
2006-03-11 09:02 262,144 ---ha-w c:\documents and settings\i386\UsrClass.dat
2006-03-11 08:58 16,384 ----a-w c:\documents and settings\i386\MSIMGSIZ.DAT
2006-03-11 08:48 17,056 ----a-w c:\documents and settings\i386\AegisP.sys
2005-11-29 11:01 81,920 ----a-w c:\documents and settings\i386\SynTPCo2.dll
2005-11-29 10:58 69,723 ----a-w c:\documents and settings\i386\SynTPFcs.dll
2005-11-29 10:41 94,299 ----a-w c:\documents and settings\i386\SynTPAPI.dll
2005-11-29 10:41 114,688 ----a-w c:\documents and settings\i386\SynCtrl.dll
2005-11-29 10:40 82,014 ----a-w c:\documents and settings\i386\SynCOM.dll
2005-11-29 10:36 191,936 ----a-w c:\documents and settings\i386\SynTP.sys
2005-11-10 01:31 2,585,872 ----a-w c:\documents and settings\i386\KB893803.exe
2005-11-09 04:18 563,952 ----a-w c:\documents and settings\i386\KB908673.exe
2005-11-03 18:00 2,594,032 ----a-w c:\documents and settings\i386\KB896424.exe
2005-10-31 07:01 442,368 ----a-w c:\documents and settings\i386\pxdrv.dll
2005-10-25 23:39 27,264 ----a-w c:\documents and settings\i386\usbehci.sys
2005-10-25 23:39 143,104 ----a-w c:\documents and settings\i386\usbport.sys
2005-10-25 07:00 983,040 ----a-w c:\documents and settings\i386\cmdvdpakENU.dll
2005-10-15 03:15 1,302,812 ----a-w c:\documents and settings\i386\ialmnt5.sys
2005-10-15 03:14 901,242 ----a-w c:\documents and settings\i386\ialmdd5.dll
2005-10-15 03:06 61,440 ----a-w c:\documents and settings\i386\iAlmCoIn_v4410.dll
2005-10-15 03:06 49,152 ----a-w c:\documents and settings\i386\ialmrem.dll
2005-10-15 03:06 36,990 ----a-w c:\documents and settings\i386\ialmrnt5.dll
2005-10-15 03:06 213,274 ----a-w c:\documents and settings\i386\ialmdev5.dll
2005-10-15 03:06 118,395 ----a-w c:\documents and settings\i386\ialmdnt5.dll
2005-10-15 02:59 524,288 ----a-w c:\documents and settings\i386\igldev32.dll
2005-10-15 02:57 2,310,144 ----a-w c:\documents and settings\i386\iglicd32.dll
2005-10-15 02:50 94,208 ----a-w c:\documents and settings\i386\igfxext.exe
2005-10-15 02:50 53,248 ----a-w c:\documents and settings\i386\oemdspif.dll
2005-10-15 02:50 40,960 ----a-w c:\documents and settings\i386\igfxexps.dll
2005-10-15 02:50 114,688 ----a-w c:\documents and settings\i386\igfxzoom.exe
2005-10-15 02:50 114,688 ----a-w c:\documents and settings\i386\igfxpers.exe
2005-10-15 02:49 446,464 ----a-w c:\documents and settings\i386\igfxcfg.exe
2005-10-15 02:49 147,456 ----a-w c:\documents and settings\i386\igfxpph.dll
2005-10-15 02:49 1,503,232 ----a-w c:\documents and settings\i386\igfxress.dll
2005-10-15 02:46 86,016 ----a-w c:\documents and settings\i386\igfxdo.dll
2005-10-15 02:46 77,824 ----a-w c:\documents and settings\i386\hkcmd.exe
2005-10-15 02:46 57,344 ----a-w c:\documents and settings\i386\igfxsrvc.dll
2005-10-15 02:46 159,744 ----a-w c:\documents and settings\i386\igfxsrvc.exe
2005-10-15 02:45 73,728 ----a-w c:\documents and settings\i386\hccutils.dll
2005-10-15 02:45 135,168 ----a-w c:\documents and settings\i386\igfxres.dll
2005-10-15 02:45 135,168 ----a-w c:\documents and settings\i386\igfxdev.dll
2005-10-10 18:00 559,856 ----a-w c:\documents and settings\i386\KB906569.exe
2005-10-10 18:00 4,966,128 ----a-w c:\documents and settings\i386\KB896688.Exe
2005-10-10 18:00 1,393,392 ----a-w c:\documents and settings\i386\KB904706.Exe
2005-10-07 17:28 349,760 ----a-w c:\documents and settings\i386\mcinsctl.dll
2005-10-07 17:28 288,320 ----a-w c:\documents and settings\i386\mcgdmgr.dll
2005-10-06 03:09 280,064 ----a-w c:\documents and settings\i386\gdi32.dll
2005-10-06 00:05 1,839,488 ----a-w c:\documents and settings\i386\win32k.sys
2005-10-04 23:26 3,015,168 ----a-w c:\documents and settings\i386\mshtml.dll
2005-09-27 00:29 21,504 ----a-w c:\documents and settings\i386\xpsp3res.dll
2005-09-12 09:30 89,264 ----a-w c:\documents and settings\i386\DRVMCDB.SYS
2005-09-10 05:21 109,056 ----a-w c:\documents and settings\i386\staco.dll
2005-09-10 05:18 389,120 ----a-w c:\documents and settings\i386\STLang.dll
2005-09-10 05:18 167,936 ----a-w c:\documents and settings\i386\stacapi.dll
2005-09-10 05:15 1,032,472 ----a-w c:\documents and settings\i386\sthda.sys
2005-09-02 23:52 96,256 ----a-w c:\documents and settings\i386\inseng.dll
2005-08-30 03:54 1,287,168 ----a-w c:\documents and settings\i386\quartz.dll
2005-08-25 18:16 5,628 ----a-w c:\documents and settings\i386\DLACDBHM.SYS
2005-08-25 18:16 22,684 ----a-w c:\documents and settings\i386\DLARTL_N.SYS
2005-08-16 22:18 80,640 ----a-w c:\documents and settings\i386\MpFirewall.sys
2005-08-16 22:13 9,216 ----a-w c:\documents and settings\i386\MpfApi.dll
2005-08-12 11:20 40,544 ----a-w c:\documents and settings\i386\DRVNDDM.SYS
2005-08-12 07:00 28,672 ----a-w c:\documents and settings\i386\VXBLOCK.dll
2005-08-10 17:22 114,464 ----a-w c:\documents and settings\i386\naiavf5x.sys
2005-08-05 09:32 45,312 ----a-r c:\documents and settings\i386\bcm4sbxp.sys
2005-08-04 18:00 583,920 ----a-w c:\documents and settings\i386\KB899591.exe
2005-08-04 18:00 579,312 ----a-w c:\documents and settings\i386\KB899588.exe
2005-08-04 18:00 563,440 ----a-w c:\documents and settings\i386\KB896423.exe
2005-08-03 16:44 16,128 ----a-w c:\documents and settings\i386\APPDRV.SYS
2005-07-22 09:02 1,035,008 ----a-w c:\documents and settings\i386\HSF_DPV.sys
2005-07-22 09:01 717,952 ----a-w c:\documents and settings\i386\HSF_CNXT.sys
2005-07-22 09:01 201,600 ----a-w c:\documents and settings\i386\HSFHWAZL.sys
2008-09-18 19:47 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008091820080919\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-09-13 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-29 761947]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2005-09-01 684032]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-08 176128]
"HPHUPD05"="c:\program files\Hewlett-Packard\\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2005-07-08 49152]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 241664]
"HPHmon05"="c:\windows\system32\hphmon05.exe" [2005-07-08 491520]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 1121792]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-14 136600]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SigmatelSysTrayApp"="stsystra.exe" [2005-09-10 c:\windows\stsystra.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-03-11 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
PASPortal.lnk - c:\windows\Installer\{D4AB1A2A-72A8-4801-B238-0CB789C992FE}\NewShortcut1.exe [2006-08-30 40960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 18:08 110592 c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.NTN1"= NUVision.ax
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\El guest\\Desktop\\WEB-WOWEx-E3-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1005000.086\SymEFA.sys [2009-03-03 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1005000.086\BHDrvx86.sys [2009-03-03 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1005000.086\cchpx86.sys [2009-03-03 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090310.003\IDSXpx86.sys [2009-03-11 276344]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe [2009-03-03 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]
S2 gupdate1c9955416be3348;Servicio de actualización de Google (gupdate1c9955416be3348);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 133104]
S3 nuvaudio;NUVision Audio Service;c:\windows\system32\drivers\nuvaudio.sys [2006-11-19 20704]
S3 NUVision;ATI TV Wonder, USB Edition (NTSC+);c:\windows\system32\drivers\NUVision.sys [2006-11-19 145184]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2d3d59fa-234f-11dc-a033-0014229e8b54}]
\shell\verb1\command - desktop.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f4aba54-1946-11dd-a151-0014229e8b54}]
\Shell\AutoRun\command - F:\oq.cmd
\Shell\explore\Command - F:\oq.cmd
\Shell\open\Command - F:\oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6507c5c1-f2c6-11dd-a284-0014229e8b54}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL system.exe
\Shell\Explore\command - G:\system.exe
\Shell\Open\command - G:\system.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b1a2ef13-1b90-11dd-a155-0014229e8b54}]
\Shell\AutoRun\command - F:\oq.cmd
\Shell\explore\Command - F:\oq.cmd
\Shell\open\Command - F:\oq.cmd
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d5204176-eed7-11dc-a123-0014229e8b54}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-19 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 21:09]
2009-03-19 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 21:14]
2009-03-17 c:\windows\Tasks\Uniblue SpyEraser Nag.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
2008-05-11 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe []
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.google.com/news?ned=us
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.5.0.134\CoIEPlg.dll
FF - ProfilePath - c:\documents and settings\Omar\Application Data\Mozilla\Firefox\Profiles\drj06ki6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://news.google.com/
FF - prefs.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1508.6312\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www15.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www15.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.
.
------- File Associations -------
.
inifile=%SystemRoot%\System32\NOTEPAD.EXE %1"
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-19 19:06:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2193605024-3644771226-1533073982-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-2193605024-3644771226-1533073982-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0BB8495C-2C8D-80CB-624C-A545C4C023A2}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"najbmdahbnonjlcimcplodlnbden"=hex:6a,61,66,6d,61,62,65,70,61,70,70,68,64,70,
6e,68,62,6f,65,67,00,00
"maddgacgncmpgalemooonmaphd"=hex:6b,61,69,6f,6d,61,69,6e,62,6a,68,6e,62,66,63,
6a,6a,66,6a,61,6d,65,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1464)
c:\program files\Intel\Wireless\Bin\LgNotify.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2009-03-19 19:09:43
ComboFix-quarantined-files.txt 2009-03-19 23:08:53
Pre-Run: 18,505,330,688 bytes free
Post-Run: 18,552,950,784 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
320 --- E O F --- 2009-03-17 16:47:00