ComboFix 09-06-26.02 - Admin 06/28/2009 10:11.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.703.393 [GMT -4:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Admin\Local Settings\Temporary Internet Files\CPV.stt c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\All Users\Start Menu\Programs\Setup Wizard c:\documents and settings\All Users\Start Menu\Programs\Setup Wizard\SetupWizard.lnk c:\documents and settings\All Users\Start Menu\Programs\Setup Wizard\Uninstall Setup Wizard.lnk c:\documents and settings\LSG\Local Settings\Temporary Internet Files\CPV.stt c:\documents and settings\Owner\Local Settings\Temporary Internet Files\bestwiner.stt c:\program files\Common Files\appatc~1 c:\program files\Common Files\dobe~1 c:\program files\Common Files\icroso~1 c:\program files\Common Files\smante~1 c:\program files\icroso~1 c:\program files\icroso~1.net c:\program files\podmena c:\program files\pppatc~1 c:\program files\Setup Wizard c:\program files\Setup Wizard\Config.ini c:\program files\Setup Wizard\Setup Wizard.exe c:\program files\sstem3~1 c:\program files\web buying c:\program files\WinBudget c:\program files\WinBudget\bin\crap.1191731145.old c:\program files\WinBudget\bin\matrix.dat c:\program files\WWShow C:\resycled c:\temp\0c2 c:\temp\0c2\tmpFF.log c:\temp\brr c:\temp\brr\tmpZTF.log c:\windows\appatc~1 c:\windows\BM9bf26d0e.txt c:\windows\BM9bf26d0e.xml c:\windows\cookies.ini c:\windows\icroso~1 c:\windows\msmark2.dat c:\windows\pskt.ini c:\windows\rau001978.exe c:\windows\system32\__c003A344.dat c:\windows\system32\__c0058510.exe c:\windows\system32\__c0065E24.exe c:\windows\system32\__c008C0F5.dat c:\windows\system32\__c00E004E.exe c:\windows\system32\__c00EF1E6.exe c:\windows\system32\abawelek.ini c:\windows\system32\abbeojra.ini c:\windows\system32\aejrcrkl.ini c:\windows\system32\aileryhx.ini c:\windows\system32\akezunub.ini c:\windows\system32\apxagaws.ini c:\windows\system32\arusisat.ini c:\windows\system32\asembl~1 c:\windows\system32\awkumexk.ini c:\windows\system32\axniwotr.ini c:\windows\system32\b02FdUe c:\windows\system32\bahezefi.dll c:\windows\system32\bdidsiak.ini c:\windows\system32\bdlgbibb.ini c:\windows\system32\bectldrb.ini c:\windows\system32\bfxehjjh.ini c:\windows\system32\bicwfvot.ini c:\windows\system32\bjgdypcw.ini c:\windows\system32\blbqsceb.ini c:\windows\system32\bnbydwmu.ini c:\windows\system32\bqftrwvi.ini c:\windows\system32\bxpuwgoe.ini c:\windows\system32\caifigpc.ini c:\windows\system32\cewbswmp.ini c:\windows\system32\clfwksgm.ini c:\windows\system32\cpkayims.ini c:\windows\system32\cpwtvrdt.dll c:\windows\system32\ctpiaxtt.ini c:\windows\system32\curity~1 c:\windows\system32\ddwwnehx.ini c:\windows\system32\dfbcftrw.ini c:\windows\system32\dfOpAcdd.ini c:\windows\system32\dfOpAcdd.ini2 c:\windows\system32\dgbykbyb.ini c:\windows\system32\dggsuxbr.ini c:\windows\system32\dlhesmkn.ini c:\windows\system32\dmlbnxrg.ini c:\windows\system32\dqmpjjfx.ini c:\windows\system32\dufizige.dll c:\windows\system32\dvvyuemi.ini c:\windows\system32\dvyammvi.ini c:\windows\system32\ealkbtqr.ini c:\windows\system32\ebuzotuz.ini c:\windows\system32\eoffohxx.ini c:\windows\system32\epatikof.ini c:\windows\system32\erxcniuc.ini c:\windows\system32\esemujob.ini c:\windows\system32\evukafew.ini c:\windows\system32\ewomirev.ini c:\windows\system32\fdxkouta.ini c:\windows\system32\fffPoUvw.ini c:\windows\system32\fffPoUvw.ini2 c:\windows\system32\fohkicvn.ini c:\windows\system32\fokitape.dll c:\windows\system32\fukeuini.ini c:\windows\system32\fwydxvtl.ini c:\windows\system32\gfidqgmp.ini c:\windows\system32\gonhjvlk.ini c:\windows\system32\gvpthtnv.ini c:\windows\system32\gvwvpgxp.ini c:\windows\system32\hdvhtldg.ini c:\windows\system32\hojutomu.dll c:\windows\system32\hsbbtbdf.ini c:\windows\system32\hwwtbwxj.dll c:\windows\system32\Ib2G3XJQ.exe.a_a c:\windows\system32\icfaufyl.ini c:\windows\system32\icroso~1 c:\windows\system32\ihajutud.ini c:\windows\system32\ijpeinil.ini c:\windows\system32\ijsjsywe.ini c:\windows\system32\imunegas.ini c:\windows\system32\ipuvarob.ini c:\windows\system32\jhviaiur.ini c:\windows\system32\jjmgttxq.ini c:\windows\system32\jlsswhml.ini c:\windows\system32\jopqbiik.ini c:\windows\system32\kdwjlkdd.ini c:\windows\system32\klkkj.bak1 c:\windows\system32\klkkj.bak2 c:\windows\system32\klkkj.ini c:\windows\system32\klkkj.ini2 c:\windows\system32\klkkj.tmp c:\windows\system32\kuqlryrp.ini c:\windows\system32\lcrknedc.ini c:\windows\system32\ldgxyspi.ini c:\windows\system32\lepqiero.ini c:\windows\system32\leycfaqa.ini c:\windows\system32\leyplupf.ini c:\windows\system32\lirxhhtk.ini c:\windows\system32\lklpmlrq.ini c:\windows\system32\llcninlu.ini c:\windows\system32\lpalhgdg.ini c:\windows\system32\lsoplhoj.ini c:\windows\system32\lSvFOXbc.ini c:\windows\system32\lSvFOXbc.ini2 c:\windows\system32\lvvytxvi.ini c:\windows\system32\mcrh.tmp c:\windows\system32\mfapgyjq.ini c:\windows\system32\mqxgvuvr.ini c:\windows\system32\msnav32.ax c:\windows\system32\naudrwqe.ini c:\windows\system32\nhsvtqeo.ini c:\windows\system32\nlfhjdub.ini c:\windows\system32\NnXycJlm.ini c:\windows\system32\NnXycJlm.ini2 c:\windows\system32\ntfterpp.ini c:\windows\system32\nuakudas.ini c:\windows\system32\nwhlorqo.ini c:\windows\system32\nxdhdstk.ini c:\windows\system32\obyudhtw.ini c:\windows\system32\olpnamcx.ini c:\windows\system32\opegezef.ini c:\windows\system32\otgjtqvh.ini c:\windows\system32\oumavdhu.ini c:\windows\system32\ovfsthartvrqrakdvkowxqltlemoyssmqulotp.dat c:\windows\system32\ovgljcpl.ini c:\windows\system32\oyhyfpex.ini c:\windows\system32\oziyihof.ini c:\windows\system32\pchkoung.ini c:\windows\system32\pkiyjesg.ini c:\windows\system32\plvvlegj.ini c:\windows\system32\pnwggpkn.ini c:\windows\system32\ppatch~1 c:\windows\system32\pppatc~1 c:\windows\system32\pqjuipvl.ini c:\windows\system32\pukqefvc.dll c:\windows\system32\pvijhjuk.ini c:\windows\system32\pydxscev.ini c:\windows\system32\qlhvfeht.ini c:\windows\system32\qmafiglx.ini c:\windows\system32\raprvyrv.ini c:\windows\system32\rhtfyued.ini c:\windows\system32\rlscsqmg.ini c:\windows\system32\rltotmhg.ini c:\windows\system32\rmqpllgg.ini c:\windows\system32\rorpporb.ini c:\windows\system32\sagimame.exe c:\windows\system32\SCLUFfii.ini c:\windows\system32\SCLUFfii.ini2 c:\windows\system32\sfpgcwhc.ini c:\windows\system32\sgqnjkcy.ini c:\windows\system32\shuukmje.ini c:\windows\system32\sisifeme.dll c:\windows\system32\siujuomm.ini c:\windows\system32\slmutgyf.ini c:\windows\system32\ssembl~1 c:\windows\system32\tasisura.dll c:\windows\system32\tnspwmra.ini c:\windows\system32\tpfcwqnm.ini c:\windows\system32\twoajpho.ini c:\windows\system32\ucvwvlqx.ini c:\windows\system32\udozosod.ini c:\windows\system32\uhenokaj.ini c:\windows\system32\uiuvudgo.ini c:\windows\system32\ujmruyud.ini c:\windows\system32\ukenisoy.ini c:\windows\system32\umotujoh.ini c:\windows\system32\unadusuy.ini c:\windows\system32\unyoiacj.ini c:\windows\system32\uoschhdl.ini c:\windows\system32\uvohuvut.ini c:\windows\system32\uwedevag.ini c:\windows\system32\verimowe.dll c:\windows\system32\vnyufbnn.ini c:\windows\system32\vogekafi.dll c:\windows\system32\vsxxyjiw.ini c:\windows\system32\vuxwyyxx.ini c:\windows\system32\vuxwyyxx.ini2 c:\windows\system32\win c:\windows\system32\winpfz32.sys c:\windows\system32\wnsxs~1 c:\windows\system32\wpufbhga.ini c:\windows\system32\wrgrojdb.ini c:\windows\system32\wvcjaqcy.ini c:\windows\system32\wyfxtevs.ini c:\windows\system32\wyltwbfa.ini c:\windows\system32\X1 c:\windows\system32\X11 c:\windows\system32\X3 c:\windows\system32\X7 c:\windows\system32\X9 c:\windows\system32\XaGffMoq.ini c:\windows\system32\XaGffMoq.ini2 c:\windows\system32\xgsphtuu.ini c:\windows\system32\xlessqjt.ini c:\windows\system32\xmcdxtcf.dll c:\windows\system32\xpcruepp.ini c:\windows\system32\xuhiakvx.ini c:\windows\system32\xwrymbhr.ini c:\windows\system32\xyajemiy.ini c:\windows\system32\yivtkcxx.ini c:\windows\system32\zxdnt3d.cfg c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job c:\windows\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job c:\windows\wr.txt c:\windows\ymante~1 c:\windows\zaponce53173.dat c:\windows\zaponce53198.dat c:\windows\zaponce53222.dat c:\windows\zaponce53290.dat C:\xcrashdump.dat D:\Desktop.ini D:\resycled c:\documents and settings\Owner\Application Data\ptidl . . . . failed to delete c:\documents and settings\Owner\Start Menu\Programs\Outerinfo . . . . failed to delete ----- BITS: Possible infected sites ----- hxxp://193.33.61.188 . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_DOMAINSERVICE -------\Legacy_DRIVER -------\Legacy_DRIVERDRV -------\Legacy_NET_AGENT -------\Legacy_PODMENA -------\Legacy_PODMENADRV -------\Legacy_WINDOWS_OVERLAY_COMPONENTS -------\Service_DomainService -------\Service_driver -------\Service_driverdrv -------\Service_ovfsthqhmiwaorgipxudruauwmrrntidwkmrdl -------\Service_podmena -------\Service_podmenadrv ((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 ))))))))))))))))))))))))))))))) . 2009-06-26 22:42 . 2009-06-26 22:42 -------- d-----w- c:\program files\Microsoft ActiveSync 2009-06-26 22:39 . 2009-06-26 22:41 -------- d-----w- c:\windows\ShellNew 2009-06-26 22:39 . 2009-06-26 22:39 -------- d-----w- c:\program files\Common Files\L&H 2009-06-26 22:10 . 2009-06-26 22:10 -------- d-----w- c:\program files\Trend Micro 2009-06-26 19:16 . 2009-06-26 21:29 1922848 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-06-26 19:16 . 2009-06-26 21:29 16928 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-06-26 18:45 . 2009-06-26 21:05 -------- d-----w- c:\program files\Common Files\ParetoLogic 2009-06-26 18:45 . 2009-06-26 21:05 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-06-26 18:45 . 2009-06-26 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic Anti-Virus PLUS 2009-06-26 18:43 . 2009-06-26 18:43 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Downloaded Installations 2009-06-21 15:50 . 2009-06-21 15:50 140 ----a-w- C:\x345.bat 2009-06-18 23:08 . 2009-06-18 23:08 -------- d-----w- c:\windows\Favorites 2009-06-18 20:18 . 2009-06-18 20:18 2 ----a-w- c:\windows\0101120101465452.dat 2009-06-18 20:18 . 2009-06-18 20:18 2 ----a-w- c:\windows\104116116112584747.dat 2009-06-18 20:18 . 2009-06-21 23:03 -------- d-----w- c:\program files\driver 2009-06-18 20:18 . 2009-06-18 20:18 2 ----a-w- c:\windows\010112010146118114.dat 2009-06-15 04:42 . 2009-06-15 04:42 1 ---h--w- c:\windows\bf23567.dat 2009-06-15 04:42 . 2009-06-15 16:42 159 ----a-w- C:\d45.bat 2009-06-04 12:57 . 2009-06-04 12:57 -------- d-----w- c:\program files\CONEXANT 2009-06-04 12:19 . 2009-06-21 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\91653746 2009-06-04 12:19 . 2009-06-15 04:48 -------- d-----w- c:\documents and settings\All Users\Application Data\11643754 2009-06-02 06:29 . 2009-06-02 06:29 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\SupportSoft 2009-06-02 06:28 . 2009-06-26 20:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Twain 2009-06-01 17:16 . 2009-06-01 17:16 67072 ----a-w- c:\windows\system32\drivers\yecimuecbqhxnmbf.sys 2009-05-31 20:56 . 2009-06-22 14:20 -------- d-----w- c:\documents and settings\Owner\Application Data\ptidl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-28 14:12 . 2007-10-13 17:36 -------- d-----w- c:\program files\LogMeIn 2009-06-28 14:03 . 2008-11-15 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-06-27 12:41 . 2009-03-27 12:41 83456 --sha-w- c:\windows\system32\jifakade.dll 2009-06-26 21:29 . 2009-06-26 19:16 3632 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-06-26 21:29 . 2009-06-26 19:16 28892 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-06-26 18:45 . 2008-06-29 18:47 31088 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-26 15:10 . 2007-08-31 00:22 -------- d-----w- c:\documents and settings\LSG\Application Data\LimeWire 2009-06-26 12:40 . 2009-03-26 12:40 88064 --sha-w- c:\windows\system32\kuziyado.dll 2009-06-25 23:34 . 2009-04-26 16:41 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-25 23:34 . 2009-04-26 16:41 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-12 05:31 . 2009-03-12 05:30 48640 --sha-w- c:\windows\system32\zorihali.dll 2009-06-02 06:30 . 2007-08-31 11:08 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire 2009-05-19 20:49 . 2009-04-26 16:41 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-05-19 20:49 . 2009-04-26 16:41 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-19 19:41 . 2009-05-19 19:41 -------- d-----w- c:\program files\Common Files\SupportSoft 2009-05-19 19:41 . 2009-05-19 19:41 -------- d-----w- c:\program files\ComcastUI 2009-05-08 01:06 . 2007-08-31 00:16 -------- d-----w- c:\program files\LimeWire 2009-04-25 12:24 . 2008-08-25 04:11 31088 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-03-12 05:31 . 2009-03-12 05:31 48640 --sha-w- c:\windows\system32\jitodujo.dll 2009-03-12 05:31 . 2009-03-12 05:31 48640 --sha-w- c:\windows\system32\jivazona.dll 2008-06-29 01:39 . 2008-06-29 01:38 534 -csha-w- c:\windows\system32\rlscsqmg.tmp . ((((((((((((((((((((((((((((((((((((((((((((( AWF )))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-07-30 07:54 . 2007-07-30 07:54 185896 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe 2007-07-30 07:26 . 2003-11-01 02:42 32768 c:\program files\CyberLink\PowerDVD\bak\PDVDServ.exe 2004-10-18 21:05 . 2004-10-18 21:05 135168 c:\program files\Digital Media Reader\bak\shwiconem.exe 2007-08-20 23:19 . 2007-09-14 00:47 421888 c:\program files\Grisoft\AVG7\bak\avgcc.exe 2003-12-05 19:41 . 2003-12-05 19:41 49152 c:\program files\Hewlett-Packard\HP Software Update\bak\HPWuSchd2.exe 2007-09-17 19:41 . 2005-07-08 04:55 49152 c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\bak\hphupd05.exe 2003-12-22 12:38 . 2003-12-22 12:38 241664 c:\program files\HP\hpcoretech\bak\hpcmpmgr.exe 2007-09-26 18:42 . 2007-09-26 18:42 267064 c:\program files\iTunes\bak\iTunesHelper.exe 2008-11-20 18:20 . 2008-11-20 18:20 290088 c:\program files\iTunes\iTunesHelper.exe 2007-08-31 00:17 . 2007-07-12 08:00 132496 c:\program files\Java\jre1.6.0_02\bin\bak\jusched.exe 2007-07-30 07:20 . 2004-06-04 03:51 131072 c:\program files\NVIDIA Corporation\NvMixer\bak\NVMixerTray.exe 2007-06-29 10:24 . 2007-06-29 10:24 286720 c:\program files\QuickTime\bak\qttask.exe 2008-11-04 15:30 . 2008-11-04 15:30 413696 c:\program files\QuickTime\QTTask.exe 2004-09-09 04:10 . 2002-09-13 20:42 212992 c:\windows\SMINST\bak\RECGUARD.EXE 2007-09-17 19:41 . 2005-07-08 04:55 491520 c:\windows\system32\bak\hphmon05.exe 2007-07-30 07:25 . 2001-07-09 18:50 155648 c:\windows\system32\bak\NeroCheck.exe 2007-09-17 19:48 . 2005-07-08 04:55 176128 c:\windows\system32\spool\drivers\w32x86\3\bak\hpztsb09.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0dff2b8d-38b9-47ea-96de-6243d478d32b}] 2009-03-12 05:31 48640 --sha-w- c:\windows\system32\jivazona.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-07-12 4112384] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2004-07-12 81920] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440] "lebahohoje"="c:\windows\system32\jitodujo.dll" [2009-03-12 48640] "CPM9bf26d0e"="c:\windows\system32\vogekafi.dll" [N/A] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-07-12 843776] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Cognac"="c:\docume~1\Owner\LOCALS~1\Temp\66.tmp.exe" [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "smile"="c:\program files\Applications\wcs.exe" [N/A] c:\documents and settings\LSG\Start Menu\Programs\Startup\ LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2008-2-8 147456] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - f:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-05-19 20:49 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2008-10-17 00:35 87352 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\BigFix.lnk backup=c:\windows\pss\BigFix.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^run_startmenu.cmd] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\run_startmenu.cmd backup=c:\windows\pss\run_startmenu.cmdCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^TA_Start.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\TA_Start.lnk backup=c:\windows\pss\TA_Start.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Think-Adz.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\Think-Adz.lnk backup=c:\windows\pss\Think-Adz.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32 [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "SAVScan"=3 (0x3) "NPFMntor"=2 (0x2) "navapsvc"=2 (0x2) "mcupdmgr.exe"=3 (0x3) "McAfeeAntiSpyware"=2 (0x2) "LiveUpdate"=3 (0x3) "iPod Service"=3 (0x3) "gusvc"=3 (0x3) "ccSetMgr"=2 (0x2) "ccPwdSvc"=3 (0x3) "ccEvtMgr"=2 (0x2) "Automatic LiveUpdate Scheduler"=2 (0x2) "Apple Mobile Device"=2 (0x2) "AOL ACS"=2 (0x2) "SNDSrvc"=3 (0x3) "Viewpoint Manager Service"=2 (0x2) "Bonjour Service"=2 (0x2) "DomainService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\WINDOWS\\system32\\taskmgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:driver R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/26/2009 12:41 PM 327688] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/26/2009 12:41 PM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/25/2009 7:34 PM 906520] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/25/2009 7:34 PM 298776] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 10:21 AM 12856] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/13/2007 1:36 PM 47640] R3 WlanUIG;NB 802.11g Wireless LAN USB Adapter Driver;c:\windows\system32\drivers\WlanUIG.sys [8/19/2007 5:17 PM 379456] S2 wowsystem;Remote TCP/IPv6;c:\windows\System32\svchost.exe -k netsvcs [8/26/2004 12:12 PM 14336] S3 radpms;Driver for RADPMS Device;c:\windows\system32\drivers\radpms.sys [9/12/2007 10:20 AM 12192] S4 LMIRfsClientNP;LMIRfsClientNP; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs wowsystem . Contents of the 'Scheduled Tasks' folder 2009-06-27 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2009-06-28 c:\windows\Tasks\HP Usg Daily.job - c:\program files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe [2007-09-17 04:55] 2007-07-30 c:\windows\Tasks\ISP signup reminder 2.job - c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 00:12] . - - - - ORPHANS REMOVED - - - - ShellExecuteHooks-{EAE8A482-0DE5-4488-9DBF-C8FE0B1D0497} - (no file) Notify-jkklk - c:\windows\system32\jkklk.dll Notify-awtustSM - awtustSM.dll Notify-qoMghfEt - qoMghfEt.dll Notify-urqpmlj - urqpmlj.dll . ------- Supplementary Scan ------- . uStart Page = hxxp://www.comcast.net/ IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000 Trusted Zone: amaena.com Trusted Zone: drivecleaner.com Trusted Zone: errorprotector.com Trusted Zone: errorsafe.com Trusted Zone: imageservr.com Trusted Zone: imagesrvr.com Trusted Zone: systemdoctor.com Trusted Zone: winantispyware.com Trusted Zone: winantivirus.com Trusted Zone: winfixer.com DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} - hxxp://192.168.1.2/xplugLite.cab . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-28 10:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\LMIinit.dll - - - - - - - > 'explorer.exe'(2572) c:\windows\system32\jitodujo.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\LogMeIn\x86\ramaint.exe c:\program files\LogMeIn\x86\LogMeIn.exe c:\program files\LogMeIn\x86\LMIGuardian.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\program files\LogMeIn\x86\LMIGuardian.exe . ************************************************************************** . Completion time: 2009-06-28 10:24 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-28 14:24 Pre-Run: 27,191,894,016 bytes free Post-Run: 28,090,413,056 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="XP HOME" /FASTDETECT multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 517 --- E O F --- 2009-05-22 07:04