ComboFix 09-10-19.01 - Stacy Martin 10/20/2009 22:10.2.1 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.502.312 [GMT -4:00]
Running from: c:\documents and settings\Stacy Martin\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\aIx23.tmp
c:\docume~1\STACYM~1\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\34061216\34061216.bat
c:\documents and settings\All Users\Application Data\34061216\34061216.exe
c:\documents and settings\All Users\Application Data\54369835\54369835.bat
c:\documents and settings\All Users\Application Data\54369835\54369835.exe
c:\documents and settings\All Users\Application Data\gewatotag.ban
c:\documents and settings\All Users\Application Data\igup.pif
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Stacy Martin\Application Data\Gmail\egwhz733384.exe
c:\documents and settings\Stacy Martin\Application Data\Gmail\Shell32.dll
c:\documents and settings\Stacy Martin\Application Data\Gmail\Shell32.dll
c:\documents and settings\Stacy Martin\Application Data\iniasd.txt
c:\documents and settings\Stacy Martin\Application Data\lizkavd.exe
c:\documents and settings\Stacy Martin\Application Data\Microsoft\Internet Explorer\Quick Launch\AntivirusPro_2010.lnk
c:\documents and settings\Stacy Martin\Application Data\seres.exe
c:\documents and settings\Stacy Martin\Application Data\svcst.exe
c:\documents and settings\Stacy Martin\Application Data\yxalafav.ban
c:\documents and settings\Stacy Martin\Cookies\awydozava.bin
c:\documents and settings\Stacy Martin\Cookies\idywaka._dl
c:\documents and settings\Stacy Martin\Desktop\AntivirusPro_2010.lnk
c:\documents and settings\Stacy Martin\Desktop\Security Tool.lnk
c:\documents and settings\Stacy Martin\Local Settings\Application Data\ocolowite.inf
c:\documents and settings\Stacy Martin\Start Menu\Programs\AntivirusPro_2010\AntivirusPro_2010.lnk
c:\documents and settings\Stacy Martin\Start Menu\Programs\AntivirusPro_2010\Uninstall.lnk
c:\documents and settings\Stacy Martin\Start Menu\Programs\Security Tool.lnk
c:\documents and settings\Stacy Martin\Temporary Internet Files\nabid._sy
c:\documents and settings\Stacy Martin\Temporary Internet Files\ofyzafow.vbs
c:\documents and settings\Stacy Martin\Temporary Internet Files\qywo.db
C:\LOG2A.tmp
C:\LOG68.tmp
C:\LOGC7.tmp
C:\p2hhr.bat
c:\program files\AntivirusPro_2010\AntivirusPro_2010.exe
c:\program files\Common Files\hijiwufuki._sy
c:\program files\Common Files\woviduvew.reg
c:\program files\Common Files\ydamu.bin
c:\program files\Common Files\ygegadelob.reg
c:\program files\Shared\lib.dll
c:\program files\Windows Police Pro\msvcm80.dll
c:\program files\Windows Police Pro\msvcp80.dll
c:\program files\Windows Police Pro\msvcr80.dll
c:\program files\Windows Police Pro\windows Police Pro.exe
c:\windows\axitiwodic.dl
c:\windows\Installer\2a36257.msp
c:\windows\Installer\2a36260.msp
c:\windows\Installer\577bf.msp
c:\windows\Installer\577d6.msp
c:\windows\Installer\577e9.msp
c:\windows\Installer\57800.msp
c:\windows\Installer\57809.msp
c:\windows\Installer\57812.msp
c:\windows\Installer\5781b.msp
c:\windows\mark_32.dll
c:\windows\subivi.exe
c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000011_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\_000013_.tmp.dll
c:\windows\system32\_000019_.tmp.dll
c:\windows\system32\_scui.cpl
c:\windows\system32\~.exe
c:\windows\system32\41.exe
c:\windows\system32\AVR09.exe
c:\windows\system32\bincd32.dat
c:\windows\system32\darugaweb.scr
c:\windows\system32\drivers\gasfkymphwbrna.sys
c:\windows\system32\dukeyiwa.dll
c:\windows\system32\gasfkyciywyqmx.dll
c:\windows\system32\gasfkyesmkbevx.dll
c:\windows\system32\gasfkymwqhhxni.dll
c:\windows\system32\gasfkytehxnsew.dll
c:\windows\system32\gasfkythsipxdl.dat
c:\windows\system32\gasfkyvhcmkyav.dat
c:\windows\system32\gujayiwo.dll
c:\windows\system32\hukovefo.dll
c:\windows\system32\kakekuze.exe
c:\windows\system32\kirenalo.dll
c:\windows\system32\kosagiti.dll
c:\windows\system32\mikasova.dll
c:\windows\system32\monelare.dll
c:\windows\system32\mulirowo.dll
c:\windows\system32\muturebe.dll
c:\windows\system32\nuar.old
c:\windows\system32\nuzeroto.exe
c:\windows\system32\petolahu.dll
c:\windows\system32\plUGie.dll
c:\windows\system32\pump.exe
c:\windows\system32\q9vdxw75oy.dll
c:\windows\system32\rigiwoti.exe
c:\windows\system32\rihotopu.dll
c:\windows\system32\rimuwuka.dll
c:\windows\system32\schtml\dbsinit.exe
c:\windows\system32\schtml\images\i1.gif
c:\windows\system32\schtml\images\i2.gif
c:\windows\system32\schtml\images\i3.gif
c:\windows\system32\schtml\images\j1.gif
c:\windows\system32\schtml\images\j2.gif
c:\windows\system32\schtml\images\j3.gif
c:\windows\system32\schtml\images\jj1.gif
c:\windows\system32\schtml\images\jj2.gif
c:\windows\system32\schtml\images\jj3.gif
c:\windows\system32\schtml\images\l1.gif
c:\windows\system32\schtml\images\l2.gif
c:\windows\system32\schtml\images\l3.gif
c:\windows\system32\schtml\images\pix.gif
c:\windows\system32\schtml\images\t1.gif
c:\windows\system32\schtml\images\t2.gif
c:\windows\system32\schtml\images\up1.gif
c:\windows\system32\schtml\images\up2.gif
c:\windows\system32\schtml\images\w1.gif
c:\windows\system32\schtml\images\w11.gif
c:\windows\system32\schtml\images\w2.gif
c:\windows\system32\schtml\images\w3.gif
c:\windows\system32\schtml\images\w3.jpg
c:\windows\system32\schtml\images\wt1.gif
c:\windows\system32\schtml\images\wt2.gif
c:\windows\system32\schtml\images\wt3.gif
c:\windows\system32\schtml\wispex.html
c:\windows\system32\sedehobi.dll
c:\windows\system32\skynet.dat
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wigimogo.dll
c:\windows\system32\winhelper.dll
c:\windows\system32\yaguwune.dll
c:\windows\system32\yayiyeka.dll
c:\windows\system32\zilebobi.exe
c:\windows\wf3.dat
c:\windows\wf4.dat
D:\Autorun.inf
-- Previous Run --
c:\windows\system32\proquota.exe . . . is missing!!
--------
c:\windows\system32\proquota.exe . . . is missing!!
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gasfkynftowkvt
-------\Legacy_gasfkynftowkvt
-------\Legacy_$SYS$DRMSERVER
-------\Legacy_ANTIPOL
-------\Legacy_CD_PROXY
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
-------\Service_$sys$DRMServer
-------\Service_AntiPol
-------\Service_CD_Proxy
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.
2009-10-08 00:07 . 2009-10-08 00:08 -------- d-----w- c:\program files\ERUNT
2009-10-07 23:42 . 2009-10-07 23:58 -------- d-----w- c:\program files\Trend Micro
2009-10-07 23:18 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-07 23:18 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-07 23:03 . 2009-10-07 23:12 -------- d-----w- c:\program files\shawn
2009-10-07 22:51 . 2009-10-07 22:48 4045544 ----a-w- C:\mbam-setup.exe
2009-10-07 22:51 . 2009-10-07 22:48 3366552 ----a-w- C:\mbam-rules.exe
2009-10-07 22:38 . 2009-10-07 22:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-10-07 22:14 . 2009-10-13 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-10-07 22:14 . 2009-10-12 03:17 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-07 22:12 . 2009-10-07 22:01 5564752 ----a-w- C:\spybotsd_includes.exe
2009-10-07 22:12 . 2009-10-07 22:00 16409960 ----a-w- C:\spybotsd162.exe
2009-10-07 02:51 . 2009-10-07 02:51 -------- d-----w- c:\program files\Zone Labs
2009-10-07 02:49 . 2009-10-13 03:28 -------- d-----w- c:\windows\Internet Logs
2009-10-07 02:49 . 2009-10-07 02:43 33952648 ----a-w- C:\zaSetup_80_298_000_en.exe
2009-10-07 01:47 . 2009-10-07 01:47 691712 ----a-w- c:\windows\is-CRK8P.exe
2009-10-07 00:29 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-10-07 00:29 . 2009-08-24 18:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-10-07 00:29 . 2009-08-19 15:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-07 00:29 . 2009-10-07 00:29 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-07 00:29 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-10-07 00:29 . 2009-10-19 23:15 -------- d-----w- c:\program files\Spyware Doctor
2009-10-07 00:29 . 2009-10-07 00:29 -------- d-----w- c:\documents and settings\Stacy Martin\Application Data\PC Tools
2009-10-07 00:29 . 2009-10-07 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-07 00:13 . 2009-10-07 00:13 -------- d-----w- c:\documents and settings\Stacy Martin\Application Data\Malwarebytes
2009-10-07 00:13 . 2009-10-07 23:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-07 00:13 . 2009-10-07 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-02 00:48 . 2001-08-17 17:49 26624 ----a-w- c:\windows\system32\dllcache\alifir.sys
2009-10-02 00:48 . 2001-08-17 16:11 27678 ----a-w- c:\windows\system32\dllcache\ali5261.sys
2009-10-02 00:48 . 2004-08-04 04:56 3775 ----a-w- c:\windows\system32\dllcache\adv11nt5.dll
2009-10-02 00:48 . 2004-08-04 04:56 3711 ----a-w- c:\windows\system32\dllcache\adv09nt5.dll
2009-10-02 00:48 . 2004-08-04 04:56 3647 ----a-w- c:\windows\system32\dllcache\adv07nt5.dll
2009-10-02 00:48 . 2004-08-04 04:56 3135 ----a-w- c:\windows\system32\dllcache\adv08nt5.dll
2009-10-02 00:48 . 2004-08-04 04:56 3615 ----a-w- c:\windows\system32\dllcache\adv05nt5.dll
2009-10-02 00:48 . 2004-08-04 04:56 3967 ----a-w- c:\windows\system32\dllcache\adv02nt5.dll
2009-10-02 00:48 . 2004-08-04 04:56 4255 ----a-w- c:\windows\system32\dllcache\adv01nt5.dll
2009-10-02 00:34 . 2003-03-24 20:52 20538 ----a-w- c:\windows\system32\dllcache\fpremadm.exe
2009-10-02 00:17 . 2009-10-02 00:17 -------- d-----w- c:\program files\CCleaner
2009-10-01 23:05 . 2009-10-01 23:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-01 23:05 . 2009-10-01 23:05 -------- d-sh--w- c:\windows\system32\config\systemprofile\PrivacIE
2009-10-01 03:12 . 2009-10-01 03:12 -------- d-----w- c:\documents and settings\Stacy Martin\Local Settings\Application Data\Xenocode
2009-10-01 02:07 . 2009-10-07 03:24 -------- d-----w- c:\program files\Windows Defender
2009-10-01 01:16 . 2009-10-01 01:16 496164 ----a-w- C:\aIx23.tmp.exe
2009-10-01 01:14 . 2009-10-14 20:06 0 ----a-w- c:\windows\win32k.sys
2009-10-01 01:12 . 2009-10-01 01:13 52736 ----a-w- C:\afuqr.exe
2009-10-01 01:12 . 2009-10-01 01:13 12288 ----a-w- C:\qtpjjuur.exe
2009-10-01 01:12 . 2009-10-01 01:13 17920 ----a-w- C:\qgferewy.exe
2009-10-01 01:12 . 2009-10-01 01:12 57856 ----a-w- C:\vklebc.exe
2009-10-01 01:12 . 2009-10-01 01:12 46592 ----a-w- C:\hrngen.exe
2009-10-01 01:12 . 2009-10-01 01:12 6144 ----a-w- C:\avjelge.exe
2009-10-01 01:12 . 2009-10-01 01:12 19456 ----a-w- C:\ekffax.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-21 02:07 . 2009-07-25 14:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-16 01:15 . 2007-11-01 22:04 -------- d-----w- c:\program files\Symantec AntiVirus
2009-10-07 22:05 . 2009-07-07 22:05 1050147 --sha-w- c:\windows\system32\lorizuzu.exe
2009-10-07 03:25 . 2009-10-07 02:51 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-10-07 03:11 . 2009-10-07 03:18 5154304 ----a-w- C:\WindowsDefender.msi
2009-10-07 00:01 . 2009-07-07 00:01 194056 --sha-w- c:\windows\system32\kirenalo.exe
2009-10-02 01:05 . 2009-07-02 01:05 1048100 --sha-w- c:\windows\system32\diwupesa.exe
2009-10-01 02:22 . 2009-07-01 02:22 1047076 --sha-w- c:\windows\system32\werenago.exe
2009-10-01 02:22 . 2009-07-01 02:22 39424 --sha-w- c:\windows\system32\jomibeyo.dll
2009-10-01 01:32 . 2007-02-11 22:58 -------- d-----w- c:\documents and settings\Stacy Martin\Application Data\funkitron
2009-10-01 01:32 . 2007-03-26 01:00 -------- d-----w- c:\documents and settings\Stacy Martin\Application Data\ArcSoft
2009-10-01 01:32 . 2007-03-17 21:57 -------- d-----w- c:\documents and settings\Stacy Martin\Application Data\AdobeUM
2009-10-01 01:32 . 2007-01-19 09:19 -------- d-----w- c:\documents and settings\Stacy Martin\Application Data\CyberLink
2009-10-01 01:27 . 2009-10-01 01:27 15177 ----a-w- c:\program files\Common Files\sygyniqyh.lib
2009-10-01 00:45 . 2007-04-11 02:32 -------- d-----w- c:\program files\Soulseek
2009-09-28 03:50 . 2007-01-25 03:05 -------- d-----w- c:\documents and settings\Stacy Martin\Application Data\Juniper Networks
2009-09-10 03:55 . 2007-10-23 01:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-08-05 09:11 . 2004-08-04 21:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="c:\program files\AIM\aim.exe" [2006-08-01 67112]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-01-19 4670968]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 135168]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-24 233472]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2006-01-13 188416]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-03-14 125632]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-05 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-07-23 1181064]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" - c:\windows\system32\CHDAudPropShortcut.exe [2006-06-02 61952]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"TSClientMSIUninstaller"="c:\windows\Installer\TSClientMsiTrans\tscuinst.vbs" [2006-11-07 12451]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-9-24 73728]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2007-9-19 282624]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mdc]
2007-03-30 19:26 466944 ----a-w- c:\windows\system32\SsoWindows.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AntiPol"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=
"c:\\Program Files\\Soulseek\\slsk.exe"=
"c:\\Documents and Settings\\Stacy Martin\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\SecondLife\\SLVoice.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpSvc.exe"=
R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [10/6/2004 10:11 AM 18432]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [10/6/2009 8:29 PM 206256]
R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [10/7/2004 3:57 AM 11904]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/6/2009 8:29 PM 348752]
S1 NEOFLTR_600_13073;Juniper Networks TDI Filter Driver (NEOFLTR_600_13073);c:\windows\system32\drivers\NEOFLTR_600_13073.sys [4/30/2008 3:54 PM 64160]
S1 NEOFLTR_630_13881;Juniper Networks TDI Filter Driver (NEOFLTR_630_13881);c:\windows\system32\drivers\NEOFLTR_630_13881.sys [1/23/2009 3:51 AM 64480]
S2 Cisco Secure Services Client;Cisco Secure Services Client;c:\program files\Cisco Systems\Cisco Secure Services Client\ConnectionClient.exe [3/30/2007 3:26 PM 3891200]
S2 Mtghouse;Meetinghouse 802.1x Protocol v3.7.1.0;c:\windows\system32\drivers\Mtghouse.sys [11/1/2007 6:08 PM 21395]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2/15/2007 10:10 PM 24652]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\drivers\cccp106.sys [3/25/2007 8:50 PM 227200]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/14/2007 7:48 PM 116416]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MDMXSDK
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Post Image to Blog - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5003
IE: Tag This Image - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5002
IE: Transload Image to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5004
IE: Upload All Images to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5000
IE: Upload Image to ImageShack - c:\windows\ImageShackToolbar\ImageShackToolbar.dll/5001
Trusted Zone: imageshack.us\toolbar
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://netscreen.upmc.com/dana-cached/sc/JuniperSetupClient.cab
.
- - - - ORPHANS REMOVED - - - -
BHO-{2cb7e84b-52d6-4772-977e-3887b55a175b} - dukeyiwa.dll
HKLM-Run-realtekc - c:\documents and settings\Stacy Martin\Application Data\Gmail\egwhz733384.exe
HKLM-Run-2537132040 - c:\documents and settings\Stacy Martin\Application Data\2537132040\2537132040.exe
HKLM-Run-00877325 - c:\documents and settings\All Users\Application Data\00877325\00877325.exe
HKLM-Run-34061216 - c:\documents and settings\All Users\Application Data\34061216\34061216.exe
HKLM-Run-gotekerit - c:\windows\system32\kirenalo.dll
HKLM-Run-54369835 - c:\documents and settings\All Users\Application Data\54369835\54369835.exe
HKLM-Run-kunomijiji - wigimogo.dll
SharedTaskScheduler-{8fd87c54-d3d3-4c61-b60c-b3295e6d9f9c} - c:\windows\system32\kirenalo.dll
SSODL-lefabekov-{8fd87c54-d3d3-4c61-b60c-b3295e6d9f9c} - c:\windows\system32\kirenalo.dll
AddRemove-Spy-Sheriff - c:\program files\SpySheriff\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-20 22:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,9b,51,e5,13,32,16,42,9c,56,59,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,9b,51,e5,13,32,16,42,9c,56,59,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(228)
c:\windows\system32\SsoWindows.dll
- - - - - - - > 'explorer.exe'(660)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
.
Completion time: 2009-10-21 22:21
ComboFix-quarantined-files.txt 2009-10-21 02:20
Pre-Run: 35,782,119,424 bytes free
Post-Run: 35,746,582,528 bytes free
- - End Of File - - 896AB64A0A094A6C21B845F4B4E7ED25