Sorry I have been out of pocket.
I followed the instruction and here is the combofix log.
It is still redirecting.
thanks,
ComboFix 10-05-10.05 - Darrel 05/11/2010 15:55:54.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1473 [GMT -5:00]
Running from: c:\documents and settings\Darrel\Desktop\commy.exe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: StopSign Antivirus *On-access scanning disabled* (Updated) {3E1D4556-3240-40c8-BBED-64A8690A3FB4}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\command
c:\windows\command\EXTRACT.PIF
c:\windows\system32\1387958124
c:\windows\system32\mscomct2.dat
c:\windows\system32\msrfcint.dat
c:\windows\system32\ntrdectr.dat
c:\windows\system32\SHELLLNK.TLB
c:\windows\system32\unrar.exe
.
((((((((((((((((((((((((( Files Created from 2010-04-11 to 2010-05-11 )))))))))))))))))))))))))))))))
.
2010-05-07 22:01 . 2010-05-07 22:01 -------- d-----w- c:\program files\iPod
2010-05-07 22:00 . 2010-05-07 22:02 -------- d-----w- c:\program files\iTunes
2010-05-07 21:53 . 2010-05-07 21:53 -------- d-----w- c:\program files\Bonjour
2010-05-07 21:49 . 2010-05-07 21:49 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-07 17:28 . 2010-02-28 01:46 3691384 ----a-w- c:\documents and settings\Darrel\Application Data\Simply Super Software\Trojan Remover\idb2.exe
2010-05-07 17:17 . 2010-05-07 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-07 17:17 . 2010-05-07 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-07 17:11 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-05-07 17:11 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-05-07 17:11 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-05-07 17:11 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-05-07 17:11 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-05-07 17:11 . 2010-05-07 17:12 -------- d-----w- c:\program files\Trojan Remover
2010-05-07 17:11 . 2010-05-07 17:11 -------- d-----w- c:\documents and settings\Darrel\Application Data\Simply Super Software
2010-05-07 17:11 . 2010-05-07 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-05-07 15:42 . 2010-05-07 15:42 -------- d-----w- c:\documents and settings\Darrel\Local Settings\Application Data\Threat Expert
2010-05-07 15:17 . 2010-05-11 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-05-07 15:16 . 2010-05-11 20:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-06 21:38 . 2010-02-24 15:16 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-05-06 21:36 . 2010-05-06 21:36 -------- d-----w- c:\program files\Windows Defender
2010-05-06 20:42 . 2010-05-06 20:42 -------- d-----w- c:\program files\ESET
2010-05-06 19:55 . 2010-05-06 19:55 -------- d-----w- c:\program files\SpywareBlaster
2010-05-06 19:54 . 2010-05-06 19:54 -------- d-----w- c:\program files\Zamaan's Software
2010-05-06 19:52 . 2010-05-06 19:52 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-05-05 17:50 . 2010-05-05 17:50 -------- d-----w- c:\program files\Trend Micro
2010-04-22 13:23 . 2010-04-22 13:25 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-22 13:14 . 2010-04-22 14:22 -------- d-----w- c:\program files\QuickTime
2010-04-22 12:55 . 2010-04-22 12:55 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-15 12:20 . 2010-04-15 12:20 96512 ----a-w- c:\windows\system32\drivers\flczegjd.sys
2010-04-15 12:18 . 2010-05-07 15:46 -------- d-----w- c:\windows\system32\MpEngineStore
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-11 21:12 . 2010-01-18 22:55 -------- d-----w- c:\documents and settings\Darrel\Application Data\LimeWire
2010-05-11 21:11 . 2008-04-07 19:28 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-11 17:59 . 2004-03-12 23:28 50948 ----a-w- c:\documents and settings\Darrel\Application Data\wklnhst.dat
2010-05-11 13:11 . 2008-11-14 14:06 -------- d-----w- c:\program files\LogMeIn
2010-05-08 14:38 . 2007-06-15 17:35 -------- d-----w- c:\program files\NECA2007
2010-05-07 22:01 . 2008-03-03 22:55 -------- d-----w- c:\program files\Common Files\Apple
2010-05-07 18:18 . 2004-03-12 01:19 -------- d-----w- c:\program files\Aveo
2010-05-07 18:17 . 2008-07-24 14:42 -------- d-----w- c:\program files\Acceleration Software
2010-05-07 16:02 . 2009-01-21 19:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-06 22:05 . 2010-02-24 20:47 -------- d-----w- c:\program files\TabQuery
2010-05-06 20:13 . 2006-10-24 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-05-06 19:52 . 2008-07-22 19:01 -------- d-----w- c:\program files\IObit
2010-04-29 20:39 . 2009-01-21 19:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-01-21 19:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 21:35 . 2010-01-18 22:55 -------- d-----w- c:\program files\LimeWire
2010-04-22 12:59 . 2008-03-24 18:57 -------- d-----w- c:\program files\Safari
2010-04-21 13:53 . 2010-03-25 12:56 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-19 14:13 . 2007-07-03 15:41 102833 -c--a-w- c:\windows\HPFins09.dat
2010-04-16 12:36 . 2009-01-21 21:12 -------- d-----w- c:\program files\CCleaner
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 18:29 . 2009-01-27 17:24 -------- d-----w- c:\program files\Office10
2010-04-06 18:18 . 2006-02-14 13:30 -------- d-----w- c:\program files\Yahoo!
2010-04-06 13:02 . 2009-08-26 20:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-03-31 12:53 . 2004-06-25 11:17 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 12:53 . 2010-03-31 12:53 503808 ----a-w- c:\documents and settings\Darrel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-376d9e1d-n\msvcp71.dll
2010-03-31 12:53 . 2010-03-31 12:53 499712 ----a-w- c:\documents and settings\Darrel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-376d9e1d-n\jmc.dll
2010-03-31 12:53 . 2010-03-31 12:53 348160 ----a-w- c:\documents and settings\Darrel\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-376d9e1d-n\msvcr71.dll
2010-03-31 12:53 . 2010-03-31 12:53 61440 ----a-w- c:\documents and settings\Darrel\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-455d9db6-n\decora-sse.dll
2010-03-31 12:53 . 2010-03-31 12:53 12800 ----a-w- c:\documents and settings\Darrel\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-455d9db6-n\decora-d3d.dll
2010-03-31 12:53 . 2004-04-08 20:43 -------- d-----w- c:\program files\Java
2010-03-25 12:56 . 2010-03-25 12:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-25 12:56 . 2010-03-25 12:56 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-25 12:56 . 2010-03-25 12:56 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-25 12:53 . 2010-03-25 12:53 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-25 12:53 . 2009-01-26 01:14 -------- d-----w- c:\program files\AVG
2010-03-12 17:03 . 2004-03-13 21:57 120208 -c--a-w- c:\documents and settings\Darrel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-11 12:38 . 2009-01-25 22:13 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2009-01-25 22:14 17408 ------w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-01-25 22:13 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 09:28 . 2009-02-13 22:50 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 13:11 . 2009-01-25 22:13 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-12 04:33 . 2009-01-25 22:14 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-01-25 22:13 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2001-12-03 23:09 . 2009-11-02 21:23 90112 ----a-w- c:\program files\internet explorer\plugins\DjVuControl.dll
2010-01-23 18:49 . 2010-01-23 18:49 0 --sha-w- c:\windows\system32\43.tmp
2010-01-24 14:49 . 2010-01-23 18:49 0 --sha-w- c:\windows\system32\44.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-21 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"nwiz"="nwiz.exe" [2007-04-19 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-04-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-04-19 7700480]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-25 63048]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-12-10 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"BHR"="c:\program files\Zamaan's Software\Browser Hijack Retaliator 4.5\BHR.exe" [2006-10-25 9375744]
"ASUS Probe"="c:\program files\ASUS\Probe\AsusProb.exe" [2002-12-06 617984]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-02-28 1165192]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
c:\documents and settings\Darrel\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2010-3-30 503808]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-2-8 25214]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-25 12:56 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-02 12:43 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2002-02-15 15:51 24638 ------w- c:\windows\system32\PCANotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
path=
backup=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Canon\\Network ScanGear\\SgTool.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"c:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"c:\\Program Files\\McCormick Systems\\Power Probes Advanced\\Power Probes Utility.exe"=
"c:\\Program Files\\McCormick Systems\\Power Probes Advanced\\Power Probes Update.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\MSACCESS.EXE"=
"c:\\Program Files\\McCormick Systems\\Office10\\MSACCESS.EXE"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\Program Files\\Office10\\MSACCESS.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1947:TCP"= 1947:TCP:HASP SRM
"1947:UDP"= 1947:UDP:HASP SRM
R0 viasraid;viasraid;c:\windows\system32\drivers\viasraid.sys [3/11/2004 11:52 AM 77056]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/25/2010 7:56 AM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/25/2010 7:56 AM 242896]
R2 Asusgio;Asusgio;c:\program files\ASUS\Cool & Quiet\Asusgio.sys [3/11/2004 3:17 PM 52776]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/25/2010 7:54 AM 308064]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [5/6/2010 2:52 PM 311568]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [7/24/2008 7:46 PM 12856]
R2 MSSQL$MSDE01;SQL Server (MSDE01);c:\program files\TradeService\TRA-SER\Database\MSSQL.1\MSSQL\Binn\sqlservr.exe [2/10/2007 6:29 AM 29178224]
R2 PowerProbesAdvanced;Power Probes Advanced;c:\program files\McCormick Systems\Power Probes Advanced\Power Probes Service.exe [12/15/2009 11:58 AM 231952]
R2 TSService;TRA-SER License And Update Manager;c:\program files\TradeService\TRA-SER\Admin\TSService.exe [2/11/2009 12:25 PM 149976]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?]
S1 CorexCardScan500;Corex CardScan 500;c:\windows\system32\drivers\SLCOREX.SYS [3/13/2004 11:48 AM 17448]
S2 eac_notifysvc;eAcceleration Notification Service;c:\progra~1\eAcceleration\Framework\eac_svc.exe [7/24/2008 9:41 AM 113920]
S2 eac_productsvc;eAcceleration Product Manager Service;c:\progra~1\eAcceleration\Framework\eac_productsvc.exe [7/24/2008 9:41 AM 263504]
S2 EZUSB;Cypress General Purpose USB Driver (ezusb.sys);c:\windows\system32\drivers\ezusb.sys [3/11/2004 9:47 AM 132484]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/1/2010 11:48 AM 135664]
S2 sstsmonsvc;StopSign Antivirus Security Center Provider;c:\progra~1\eAcceleration\Framework\eac_svc.exe [7/24/2008 9:41 AM 113920]
S2 TabQuery Service;TabQuery Service;"c:\documents and settings\All Users\Application Data\TabQuery\tabquery119.exe" "c:\program files\TabQuery\tabquery.dll" Service --> c:\documents and settings\All Users\Application Data\TabQuery\tabquery119.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\d:\ntglm7x.sys --> d:\NTGLM7X.sys [?]
S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\TfNetMon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-01-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-05-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6634152bde.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 16:48]
2010-05-11 c:\windows\Tasks\TSOLnkUpdAlertTask.job
- c:\program files\TradeService\Trade Service Online Link Update Manager\TSOLnkUpdAlert.exe [2009-07-07 18:23]
2010-05-11 c:\windows\Tasks\User_Feed_Synchronization-{3784CBF0-7DCB-47EB-8052-6670F0C7BC50}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 00:36]
2010-05-11 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-10 03:18]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/mygarmin/m/GarminAxControl.CAB
DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
DPF: {CA127633-F57D-4475-9445-E5F5B63A01ED} - hxxp://invites.myspace.com/invites/MySpace.OutlookContactFinder.cab
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-11 16:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys >>UNKNOWN [0x8A7CE8C8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba90cf28
\Driver\ACPI -> ACPI.sys @ 0xba77fcb8
\Driver\atapi -> atapi.sys @ 0xba714b3a
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x80579022
ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
NDIS: 3Com Gigabit LOM (3C940) -> SendCompleteHandler -> NDIS.sys @ 0xba5b8bb0
PacketIndicateHandler -> NDIS.sys @ 0xba5c5a21
SendHandler -> NDIS.sys @ 0xba5a387b
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'explorer.exe'(2692)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\nvwddi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\hasplms.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wscntfy.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\IObit\IObit Security 360\is360.exe
.
**************************************************************************
.
Completion time: 2010-05-11 16:19:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-11 21:19
Pre-Run: 36,086,841,344 bytes free
Post-Run: 36,517,662,720 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 77285A8DE67F07B38931F7F7358942BF