We moved our computers and had a hard time reestablishing an internet connection. I will be working on this solution today.
Please keep this thread active for me.
Thanks.
Rick
Sorry for delay
We moved our computers and had a hard time reestablishing an internet connection. I will be working on this solution today.
Please keep this thread active for me.
Thanks.
Rick
ComboFix Log
ComboFix 09-06-29.07 - Rick 07/01/2009 10:07.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.383.135 [GMT -4:00]
Running from: c:\documents and settings\Rick\Desktop\ComboFix.exe
AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\karen\Application Data\flfmomry
c:\documents and settings\karen\Application Data\flfmomry\profiles.ini
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\cert8.db
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\compatibility.ini
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\compreg.dat
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\cookies.sqlite
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\formhistory.sqlite
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\key3.db
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\localstore.rdf
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\permissions.sqlite
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\places.sqlite-journal
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\places.sqlite
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\pluginreg.dat
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\prefs.js
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\secmod.db
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\webappsstore.sqlite
c:\documents and settings\karen\Application Data\flfmomry\Profiles\5bumvlhr.default\xpti.dat
c:\documents and settings\karen\Local Settings\Application Data\flfmomry
c:\documents and settings\karen\Local Settings\Application Data\flfmomry\Profiles\5bumvlhr.default\urlclassifier3.sqlite
c:\documents and settings\karen\Local Settings\Application Data\flfmomry\Profiles\5bumvlhr.default\XPC.mfl
c:\documents and settings\NetworkService\Application Data\flfmomry
c:\documents and settings\NetworkService\Application Data\flfmomry\profiles.ini
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\cert8.db
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\compatibility.ini
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\compreg.dat
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\cookies.sqlite
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\formhistory.sqlite
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\key3.db
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\localstore.rdf
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\permissions.sqlite
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\places.sqlite-journal
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\places.sqlite
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\pluginreg.dat
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\prefs.js
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\secmod.db
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\webappsstore.sqlite
c:\documents and settings\NetworkService\Application Data\flfmomry\Profiles\je2bxdxj.default\xpti.dat
c:\documents and settings\NetworkService\Local Settings\Application Data\flfmomry
c:\documents and settings\NetworkService\Local Settings\Application Data\flfmomry\Profiles\je2bxdxj.default\urlclassifier3.sqlite
c:\documents and settings\NetworkService\Local Settings\Application Data\flfmomry\Profiles\je2bxdxj.default\XPC.mfl
c:\documents and settings\Rick\Application Data\flfmomry
c:\documents and settings\Rick\Application Data\flfmomry\profiles.ini
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\cert8.db
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\compatibility.ini
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\compreg.dat
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\cookies.sqlite
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\formhistory.sqlite
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\key3.db
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\localstore.rdf
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\permissions.sqlite
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\places.sqlite-journal
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\places.sqlite
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\pluginreg.dat
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\prefs.js
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\secmod.db
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\webappsstore.sqlite
c:\documents and settings\Rick\Application Data\flfmomry\Profiles\9bp6g9kh.default\xpti.dat
c:\documents and settings\Rick\Local Settings\Application Data\flfmomry
c:\documents and settings\Rick\Local Settings\Application Data\flfmomry\Profiles\9bp6g9kh.default\urlclassifier3.sqlite
c:\documents and settings\Rick\Local Settings\Application Data\flfmomry\Profiles\9bp6g9kh.default\XPC.mfl
C:\setup.exe
c:\windows\st_1241303401.old.exe
c:\windows\st_1241321831.old.exe
c:\windows\start.exe
c:\windows\system32\drivers\bwfcvamw.sys
c:\windows\system32\drivers\mpdxbmmu.sys
c:\windows\system32\Drivers\swhfvtpifwud.sys
c:\windows\system32\npizwdnl.dll
c:\windows\system32\open.ico
c:\windows\system32\ukmvcyo.dll
c:\windows\system32\ywrdohk.dll
c:\windows\Tasks\At1.job
c:\windows\Web\default.htt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DFKHSGHO
-------\Legacy_MPDXBMMU
-------\Service_dfkhsgho
-------\Service_mpdxbmmu
-------\Legacy_swhfvtpifwud
-------\Service_swhfvtpifwud
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.
2009-06-27 05:00 . 2009-06-27 05:00 -------- d-----w- C:\rsit
2009-06-27 01:04 . 2009-06-27 01:04 -------- d-----w- c:\documents and settings\Rick\Application Data\Malwarebytes
2009-06-27 01:03 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-27 01:03 . 2009-06-27 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-27 01:03 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-27 01:03 . 2009-06-27 01:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 20:46 . 2009-06-26 20:46 -------- d-----w- c:\documents and settings\Rick\Application Data\Apple Computer
2009-06-25 00:46 . 2009-06-25 00:46 -------- d-----w- c:\program files\Trend Micro
2009-06-14 14:32 . 2009-06-14 14:32 -------- d-----w- c:\documents and settings\karen\Local Settings\Application Data\Qurb4
2009-06-01 21:13 . 2009-06-01 21:13 -------- d-sh--w- C:\FOUND.000
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 13:11 . 2009-05-30 13:11 -------- d-----w- c:\documents and settings\Rick\Application Data\CallingID
2009-05-21 21:53 . 2009-03-04 22:32 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-05-21 21:53 . 2009-03-04 22:32 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-05-21 21:53 . 2009-03-04 22:32 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-05-21 21:53 . 2009-03-04 22:32 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-05-13 13:03 . 2004-07-02 02:31 444 ----a-w- c:\windows\system32\d3d8caps.dat
2009-05-04 22:11 . 2009-05-04 22:11 -------- d-----w- c:\program files\Lavasoft
2009-05-03 01:09 . 2009-05-03 01:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\flfmomry
2009-05-03 01:06 . 2009-05-03 01:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\CallingID
2005-11-04 12:19 . 2005-11-04 12:19 1646592 ----a-w- c:\program files\QDATA.QEL
2005-11-04 12:19 . 2005-11-04 12:19 133534 ----a-w- c:\program files\QDATA.QSD
2005-11-04 12:19 . 2005-11-04 12:19 3336552 ----a-w- c:\program files\QDATA.QDF
2001-11-24 00:58 . 2001-11-24 00:58 538 ----a-w- c:\program files\Shortcut to MUSICMATCH_6.10.0225.lnk
2001-11-24 00:54 . 2001-11-24 00:54 562 ----a-w- c:\program files\Shortcut to musicmatch key generator (1).lnk
2001-11-24 00:50 . 2001-11-24 00:50 526 ----a-w- c:\program files\Shortcut (2) to Easy Cd 5 Keygen.lnk
2001-11-24 00:49 . 2001-11-24 00:49 526 ----a-w- c:\program files\Shortcut to Easy Cd 5 Keygen.lnk
2001-11-21 14:40 . 2001-11-21 14:40 586 ----a-w- c:\program files\Shortcut to Easy CD Creator 5.0 Platinum Retail .lnk
2001-01-14 15:57 . 2005-11-04 12:19 32 ----a-w- c:\program files\QDATA.QPH
1999-07-22 04:25 . 1999-07-22 04:25 11079 ---h--w- c:\program files\folder.htt
2003-04-19 00:30 . 2003-04-19 00:30 32 --sha-w- c:\windows\{7C20FF11-71DC-11D7-A1ED-0010B574F9C3}.dat
2003-04-19 00:30 . 2003-04-19 00:30 32 --sha-w- c:\windows\SYSTEM\{7C20FF10-71DC-11D7-A1ED-0010B574F9C3}.dat
2003-04-19 00:31 . 2003-04-19 00:31 32 --sha-w- c:\windows\SYSTEM\{B727C663-71DC-11D7-A1ED-0010B574F9C3}.dat
2003-04-19 00:31 . 2003-04-19 00:31 32 --sha-w- c:\windows\SYSTEM\{B727C668-71DC-11D7-A1ED-0010B574F9C3}.dat
2003-04-19 00:31 . 2003-04-19 00:31 32 --sha-w- c:\windows\SYSTEM\{B727C66D-71DC-11D7-A1ED-0010B574F9C3}.dat
2003-04-19 00:32 . 2003-04-19 00:32 32 --sha-w- c:\windows\SYSTEM\{DF5BD403-71DC-11D7-A1ED-0010B574F9C3}.dat
2003-04-19 00:33 . 2003-04-19 00:33 32 --sha-w- c:\windows\SYSTEM\{7C20FF15-71DC-11D7-A1ED-0010B574F9C3}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-30 68856]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-12 50776]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"cctray"="d:\ca\cctray\cctray.exe" [2009-05-21 181488]
"CAVRID"="d:\ca\CA Anti-Virus\CAVRID.exe" [2008-08-30 234736]
"QOELOADER"="d:\ca\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe" [2009-03-04 14088]
"EPSON Stylus CX6600 Series (Copy 1)"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE" [2004-03-01 98304]
"iTunesHelper"="c:\program files\iTunes\Derek\iTunesHelper.exe" [2008-11-20 290088]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{1869181A-9F50-4FCF-8BFF-1B8588ECB85C}"= "d:\ca\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll" [2008-06-23 1373624]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcctMgr
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Pctspk"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"AOLService"=2 (0x2)
"SymWSC"=2 (0x2)
"Speed Disk service"=2 (0x2)
"SNDSrvc"=3 (0x3)
"SBService"=2 (0x2)
"navapsvc"=3 (0x3)
"ccPwdSvc"=3 (0x3)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"PSHost"=2 (0x2)
"pmshellsrv"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"PavPrSrv"=2 (0x2)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe"
"MSMSGS"=c:\program files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TaskMonitor"=c:\windows\taskmon.exe
"Adaptec DirectCD"=c:\progra~1\ADAPTEC\DIRECTCD\DIRECTCD.EXE
"CreateCD"=c:\progra~1\ADAPTEC\EASYCD~1\CREATECD\CREATECD.EXE -r
"QuickTime Task"=c:\windows\SYSTEM32\qttask.exe
"CPQInet"=c:\compaq\CPQInet\CpqInet.exe
"QAGENT"=c:\quickenw\QAGENT.EXE
"RealTray"=c:\program files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
"CreateCD50"=c:\progra~1\COMMON~1\ADAPTE~1\CREATECD\CREATE~1.EXE -r
"CPQEASYACC"=c:\program files\Compaq\Easy Access Button Support\cpqeadm.exe
"EACLEAN"=c:\program files\Compaq\Easy Access Button Support\eaclean.exe
"Digital Dashboard"=c:\program files\Compaq\Digital Dashboard\DevGulp.exe
"CMESys"="c:\program files\COMMON FILES\CMEII\CMESYS.EXE"
"Q9Y7A5RA.EXE"=c:\windows\Q9Y7A5RA.EXE /dk
"c9pmjju5.exe"=c:\windows\c9pmjju5.exe /dk
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"CountrySelection"=pctptt.exe
"PTSNOOP"=ptsnoop.exe
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SchedulingAgent"=mstask.exe
"AolAcsDaemon1"="c:\program files\COMMON FILES\AOL\ACS\ACSD.EXE"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1102198995\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\SAGENT4.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1102198995\\EE\\aolsoftware.exe"=
"d:\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\Derek\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10976:TCP"= 10976:TCP:@xpsp2res.dll,-22009
R3 PPCtlPriv;PPCtlPriv;d:\ca\CA Anti-Spyware\PPCtlPriv.exe [3/4/2009 6:32 PM 185584]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys --> c:\windows\system32\DRIVERS\ShlDrv51.sys [?]
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?]
S3 ICDUSB2;Sony IC Recorder (ST);c:\windows\SYSTEM32\DRIVERS\IcdUsb2.sys [4/15/2004 1:41 PM 39048]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>IEPerUser]
RUNDLL32.EXE IEDKCS32.DLL,BrandIE4 SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:OE /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
"c:\progra~1\OUTLOO~1\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
c:\windows\SYSTEM32\updcrl.exe -e -u c:\windows\SYSTEM\verisignpub1.crl
.
Contents of the 'Scheduled Tasks' folder
2009-07-01 c:\windows\Tasks\Synchronize Time.job
- c:\program files\Compaq\Digital Dashboard\SyncClk.exe [2001-02-21 01:17]
2009-07-01 c:\windows\Tasks\Check E-mail.job
- c:\program files\Compaq\Digital Dashboard\CPQMLCK.exe [2001-02-21 05:53]
2009-06-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]
2009-06-03 c:\windows\Tasks\CAAntiSpywareScan_Daily as karen at 6 33 PM.job
- d:\ca\CA Anti-Spyware\CAAntiSpyware.exe [2009-03-04 22:44]
.
- - - - ORPHANS REMOVED - - - -
ShellIconOverlayIdentifiers-{7D688A77-C613-11D0-999B-00C04FD655E1} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mSearch Bar =
mWindow Title = Microsoft Internet Explorer provided by America Online
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~5\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\VetRedir.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: Internet Explorer Classes for Java - file://c:\windows\SYSTEM\iejava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-01 10:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1420)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
- - - - - - - > 'explorer.exe'(832)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\windows\system32\msi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
d:\ca\CA Anti-Virus\avshlext.dll
c:\progra~1\WINZIP\WZSHLSTB.DLL
d:\ca\CA Website Inspector\LinkAdvisor\CIDLinkAdvisor.dll
c:\windows\system32\browselc.dll
i:\downlo~1\SPYBOT~1\SDHelper.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMMON FILES\AOL\ACS\AOLACSD.EXE
c:\program files\BONJOUR\MDNSRESPONDER.EXE
d:\ca\CA Anti-Virus\ISafe.exe
c:\windows\system32\CTsvcCDA.EXE
c:\program files\CA\SHAREDCOMPONENTS\PPRT\BIN\ITMRTSVC.EXE
d:\ca\CA Anti-Virus\VetMsg.exe
c:\windows\WANMPSVC.EXE
c:\windows\system32\wscntfy.exe
d:\ca\CA Anti-Spyware\CAPPActiveProtection.exe
d:\ca\ccprovsp.exe
c:\windows\system32\taskmgr.exe
c:\program files\Internet Explorer\IEXPLORE.EXE
d:\ca\CA Website Inspector\Toolbar\CAGlobal.exe
d:\ca\CA Website Inspector\Light\CAGlobalLight.exe
.
**************************************************************************
.
Completion time: 2009-07-01 10:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-01 14:45
Pre-Run: 4,331,225,088 bytes free
Post-Run: 4,876,623,872 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /noexecute=optin
340 --- E O F --- 2008-09-20 07:13
HJT Log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:46:49 AM, on 7/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\CA\cctray\cctray.exe
D:\CA\CA Anti-Virus\CAVRID.exe
D:\CA\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
D:\CA\CA Anti-Virus\ISafe.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
D:\CA\CA Anti-Spyware\CAPPActiveProtection.exe
C:\WINDOWS\system32\svchost.exe
D:\CA\CA Anti-Virus\VetMsg.exe
C:\WINDOWS\wanmpsvc.exe
D:\CA\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
D:\CA\ccprovsp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\CA\CA Website Inspector\Toolbar\CAGlobal.exe
D:\CA\CA Website Inspector\Light\CAGlobalLight.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://desktop.presario.net/scripts/...nsumer&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://jump.altavista.com/start/ie4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/r...search&LC=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.presario.net/scripts/r...rchbar&LC=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.212.65.122 browser-security.microsoft.com
O1 - Hosts: 91.212.65.122 antiwareprotect.com
O1 - Hosts: 91.212.65.122 www.antiwareprotect.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\DOWNLO~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: (no name) - {D789FB8B-BEB5-4ECB-B3EE-C3673530D3D3} - c:\windows\system32\ywrdohk.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - D:\CA\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - D:\CA\CA Website Inspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [cctray] "D:\CA\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "D:\CA\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "D:\CA\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX6600 Series (Copy 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9EA.EXE /P35 "EPSON Stylus CX6600 Series (Copy 1)" /O6 "USB001" /M "Stylus CX6600"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\Derek\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~5\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\DOWNLO~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\DOWNLO~1\SPYBOT~1\SDHelper.dll
O16 - DPF: Garmin Communicator Plug-In - https://my.garmin.com/mygarmin/m/GarminAxControl.CAB
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: ioqoilpx - C:\WINDOWS\SYSTEM32\ywrdohk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - D:\CA\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - D:\CA\CA Anti-Virus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\SYSTEM32\ICDSPTSV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: PPCtlPriv - CA, Inc. - D:\CA\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - D:\CA\CA Anti-Virus\VetMsg.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 7549 bytes
Status Request
Hello,
Am I clean?
Did it work?
Thanks,
Rick
Hello!
Sorry for the delay. I had some family emergencies.
2001-11-24 00:54 . 2001-11-24 00:54 562 ----a-w- c:\program files\Shortcut to musicmatch key generator (1).lnk
2001-11-24 00:50 . 2001-11-24 00:50 526 ----a-w- c:\program files\Shortcut (2) to Easy Cd 5 Keygen.lnk
2001-11-24 00:49 . 2001-11-24 00:49 526 ----a-w- c:\program files\Shortcut to Easy Cd 5 Keygen.lnk
We do not support the use of illegal Pirated/Warez/Cracked software.
Helping a person who insists on using such software, could be construed in the eyes of the law to be aiding and abetting a crime. Therefore you will be asked to remove any cracked programs.
Due to inactivity, this thread will now be closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than four days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.
Posting Permissions
