ComboFix 09-04-25.A3 - Owner 04/26/2009 17:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.382.129 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Viewpoint\Viewpoint Manager
c:\program files\Viewpoint\Viewpoint Manager\VETScriptInterpreter.dll
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgrCore.dll
c:\windows\mainms.vpi
c:\windows\megavid.cdt
c:\windows\muotr.so
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.
2009-04-26 20:25 . 2009-04-26 20:25 -------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-04-24 03:50 . 2001-08-17 18:55 6144 -c--a-w c:\windows\system32\dllcache\kbd101b.dll
2009-04-24 03:50 . 2001-08-17 18:55 6144 ----a-w c:\windows\system32\kbd101b.dll
2009-04-24 03:28 . 2009-04-24 03:31 -------- d-----w c:\program files\Trend Micro
2009-04-24 03:05 . 2009-04-24 03:05 -------- d-----w c:\documents and settings\Owner\Application Data\Malwarebytes
2009-04-24 03:05 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-24 03:05 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-24 03:05 . 2009-04-24 03:05 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-24 03:05 . 2009-04-24 03:05 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-23 18:59 . 2009-04-23 18:59 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-04-23 18:58 . 2009-04-23 18:59 -------- d-----w c:\program files\SUPERAntiSpyware
2009-04-23 18:58 . 2009-04-23 18:58 -------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-04-23 18:58 . 2009-04-23 18:58 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-23 18:53 . 2009-04-23 18:53 -------- d-----w c:\program files\CCleaner
2009-04-23 07:50 . 2009-04-25 08:14 -------- d--h--w C:\$AVG8.VAULT$
2009-04-23 07:41 . 2009-04-23 07:41 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-04-23 07:41 . 2009-04-23 07:41 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-04-23 07:41 . 2009-04-23 07:41 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-04-23 07:41 . 2009-04-26 18:09 -------- d-----w c:\windows\system32\drivers\Avg
2009-04-23 07:41 . 2009-04-23 07:41 -------- d-----w c:\program files\AVG
2009-04-23 07:41 . 2009-04-23 07:41 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-04-23 07:06 . 2009-04-23 20:27 3092 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-04-23 07:06 . 2009-04-23 20:27 21536 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-04-23 07:05 . 2009-04-23 07:05 3729 ----a-w C:\rollback.ini
2009-04-23 06:54 . 2009-04-23 07:45 -------- d-----w c:\program files\Common Files\ParetoLogic
2009-04-23 06:54 . 2009-04-23 07:45 -------- d-----w c:\documents and settings\All Users\Application Data\ParetoLogic
2009-04-23 05:50 . 2009-04-26 18:12 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-17 07:48 . 2009-04-17 07:48 -------- d-----w c:\documents and settings\Owner\Application Data\Yahoo!
2009-04-17 07:46 . 2009-04-17 11:54 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2009-04-17 07:46 . 2009-04-17 07:46 -------- d-----w c:\documents and settings\LocalService\Application Data\Yahoo!
2009-04-17 07:45 . 2009-04-17 07:47 -------- d-----w c:\program files\Yahoo!
2009-04-17 07:37 . 2009-04-17 07:37 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\TomTom
2009-04-17 06:47 . 2009-04-17 06:47 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Adobe
2009-04-17 04:59 . 2009-04-17 07:38 -------- d-----w c:\windows\system32\GroupPolicy
2009-04-16 22:28 . 2009-04-16 22:28 -------- d-----w c:\documents and settings\Owner\Local Settings\Application Data\Citrix
2009-04-14 19:29 . 2009-03-06 14:00 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-14 19:29 . 2009-02-09 10:01 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-14 19:29 . 2009-02-06 10:22 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-14 19:29 . 2009-02-09 10:01 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-03-31 17:27 . 2009-03-31 17:27 -------- d-----w c:\documents and settings\Owner\Application Data\TomTom
2009-03-31 17:27 . 2009-03-31 17:27 -------- d-----w c:\program files\TomTom International B.V
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 21:17 . 2006-06-10 09:30 -------- d-----w c:\program files\Viewpoint
2009-04-26 19:50 . 2006-06-10 09:30 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-04-24 03:26 . 2006-06-10 09:25 -------- d-----w c:\program files\Java
2009-04-23 20:27 . 2008-04-21 01:28 52220 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-04-23 20:27 . 2008-04-21 01:28 3818784 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-04-23 05:59 . 2006-06-10 09:21 -------- d-----w c:\program files\Google
2009-04-23 04:00 . 2008-10-24 00:04 -------- d-----w c:\program files\PokerStars
2009-04-17 07:38 . 2008-08-28 18:57 -------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2009-03-25 19:09 . 2009-01-13 06:40 -------- d-----w c:\program files\Windows Live Safety Center
2009-03-25 12:50 . 2009-03-25 12:50 -------- d-----w c:\program files\TomTom DesktopSuite
2009-03-23 20:06 . 2009-03-23 20:06 262144 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-23 20:06 . 2009-03-23 20:06 86016 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-21 12:46 . 2009-03-21 12:46 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SACore
2009-03-17 06:10 . 2006-11-18 18:12 -------- d-----w c:\program files\Verizon
2009-03-12 03:37 . 2006-11-18 19:14 -------- d-----w c:\program files\Common Files\PestPatrol
2009-03-10 02:44 . 2006-11-23 23:39 -------- d-----w c:\program files\LimeWire
2009-03-09 09:19 . 2008-10-23 22:27 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:00 . 2005-01-09 23:48 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-04 22:34 . 2009-03-01 18:20 27512 ----a-w c:\windows\DIIUnin.dat
2009-03-04 22:33 . 2008-03-19 19:29 21840 ----atw c:\windows\system32\SIntfNT.dll
2009-03-04 22:33 . 2008-03-19 19:29 17212 ----atw c:\windows\system32\SIntf32.dll
2009-03-04 22:33 . 2008-03-19 19:29 12067 ----atw c:\windows\system32\SIntf16.dll
2009-03-03 00:18 . 2005-01-09 23:48 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-01 18:20 . 2009-03-01 18:20 2829 ----a-w c:\windows\DIIUnin.pif
2009-03-01 18:20 . 2009-03-01 18:20 94208 ----a-w c:\windows\DIIUnin.exe
2009-03-01 17:50 . 2009-01-01 02:36 -------- d-----w c:\program files\Starcraft
2009-02-20 18:09 . 2005-01-09 23:48 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:19 . 2005-01-09 23:48 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2005-01-09 23:48 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2005-01-09 23:48 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2005-01-09 23:47 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2005-01-09 23:48 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-06 10:32 . 2005-01-09 23:48 2186112 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2005-01-09 23:48 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2005-01-09 23:48 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-04 05:59 2062976 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2005-01-09 23:48 55808 ----a-w c:\windows\system32\secur32.dll
2008-10-30 23:55 . 2005-01-10 01:26 35456 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-10-23 03:01 . 2008-10-23 03:01 13123 ----a-w c:\documents and settings\Owner\Application Data\fyfacyz.bin
2008-10-23 03:01 . 2008-10-23 03:01 18576 ----a-w c:\documents and settings\All Users\Application Data\paqopit.bin
2008-10-23 03:01 . 2008-10-23 03:01 16588 ----a-w c:\documents and settings\Owner\Application Data\tykidi.reg
2008-10-23 03:01 . 2008-10-23 03:01 16366 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fagovazus.dll
2008-10-23 03:01 . 2008-10-23 03:01 10889 ----a-w c:\documents and settings\Owner\Application Data\epyduhuva.scr
2008-10-23 03:01 . 2008-10-23 03:01 10522 ----a-w c:\documents and settings\All Users\Application Data\ozaqehiwi.sys
2008-10-22 23:48 . 2008-10-22 23:48 16301 ----a-w c:\documents and settings\All Users\Application Data\adiwisosaw.com
2008-10-22 23:48 . 2008-10-22 23:48 12505 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\ozyvitama.dll
2008-10-22 23:48 . 2008-10-22 23:48 11416 ----a-w c:\documents and settings\All Users\Application Data\dakahupuh.dll
2008-10-22 23:48 . 2008-10-22 23:48 11159 ----a-w c:\documents and settings\All Users\Application Data\losono.com
2008-10-22 23:45 . 2008-10-22 23:45 14463 ----a-w c:\documents and settings\Owner\Application Data\geqidira.bat
2008-10-22 23:45 . 2008-10-22 23:45 14098 ----a-w c:\documents and settings\Owner\Application Data\ojytigexa.vbs
2008-10-22 23:45 . 2008-10-22 23:45 18861 ----a-w c:\documents and settings\All Users\Application Data\pihamymezy.dat
2008-10-22 23:45 . 2008-10-22 23:45 15908 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\caxyfim.sys
2008-10-02 01:13 . 2006-09-06 12:52 4668 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2007-04-22 05:35 . 2007-04-22 05:35 128 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2005-01-10 01:26 . 2006-08-31 20:00 13104 ----a-w c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-08-06 50472]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-10 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-01-02 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-10-19 79448]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-23 1932568]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-04 16120832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-11 51984]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-04-23 07:41 10520 ----a-w c:\windows\system32\avgrsstx.dll
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfee Backup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R2 0064151240469698mcinstcleanup;McAfee Application Installer Cleanup (0064151240469698);
R3 hamachi_oem;PlayLinc Adapter;c:\windows\system32\DRIVERS\gan_adapter.sys [2006-09-27 10664]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-03-23 7408]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-04-23 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-04-23 108552]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-03-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-03-23 72944]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-23 298264]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{262ac29a-5653-11dd-bde4-00038a000015}]
\Shell\AutoRun\command - J:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{be611e29-1937-11de-be42-00038a000015}]
\Shell\AutoRun\command - J:\InstallTomTomHOME.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8b20aa1-f860-11da-b187-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
2009-04-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 05:50]
.
.
------- Supplementary Scan -------
.
uStart Page = yahoo.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D}
DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} - hxxp://www.tenebril.com/assets/activeX/SpywareScannerV2.ocx
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-04-26 17:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1662786125-2231174955-3555815908-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,23,b0,6f,2c,28,
ba,bc,da,e2,63,26,f1,3f,c8,ff,68,a1,a5,53,f5,cd,93,b9,84,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,48,29,1a,5a,8e,
9f,4e,3d,6a,9c,d6,61,af,45,84,18,49,70,8e,7f,58,97,e5,f0,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,1b,48,f3,c6,a6,
3b,2e,63,ff,7c,85,e0,43,d4,0e,fe,c0,5f,e8,22,f4,06,ea,e8,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,01,40,f4,81,fd,
c7,53,f7,86,8c,21,01,be,91,eb,e7,e1,49,7b,83,fa,25,51,19,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,6f,3a,68,e7,6f,
56,5b,eb,f5,1d,4d,73,a8,13,5c,05,5e,e5,82,51,8a,3f,19,1f,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,f0,df,7a,6a,63,
d8,b3,b6,df,20,58,62,78,6b,cf,c8,0c,92,d1,70,c5,18,a4,21,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,01,66,11,04,e6,
cf,b1,4e,fb,a7,78,e6,12,2f,9a,ea,11,6f,9b,7c,d5,c5,a8,01,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,f4,9c,19,1b,e0,
f4,8b,38,01,3a,48,fc,e8,04,4a,f1,2e,67,38,8a,a5,58,e0,77,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:b2,46,9a,e2,1b,fe,1b,94,c4,9d,50,79,5e,
11,54,a5,f6,0f,4e,58,98,5b,89,c9,8d,7e,f3,4e,c3,63,a1,10,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,a0,18,4e,0f,59,
5f,1f,65,3d,ce,ea,26,2d,45,aa,78,9c,3e,b1,1d,42,b9,63,95,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,58,a1,57,e9,a2,
9f,3d,b2,2a,b7,cc,b5,b9,7f,41,e7,0e,56,11,9a,1c,8a,c3,92,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,87,42,28,80,69,
30,b7,fa,6c,43,2d,1e,aa,22,2f,9c,2f,a7,58,24,4f,cd,34,db,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2828)
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\program files\Common Files\Command Software\dvpapi.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\HPZipm12.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\msiexec.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2009-04-26 17:26 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 21:26
Pre-Run: 139,824,803,840 bytes free
Post-Run: 140,016,504,832 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
305 --- E O F --- 2009-04-25 07:03