Thread: infected- Win32:Adware-gen
View Single Post
Old 08-11-2008, 07:57 PM   #13 (permalink)
khealy729
Registered User
 
Join Date: Aug 2008
Posts: 10
OS: xpsp2


Re: infected- Win32:Adware-gen
here are the contents of combofix2.txt

ComboFix 08-08-10.05 - Kevin 2008-08-11 15:21:07.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.317 [GMT -5:00]
Running from: C:\Documents and Settings\Kevin\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\AntiSpywareMaster.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\AntiSpywareMaster\Uninstall AntiSpywareMaster.lnk
C:\Documents and Settings\Donna\Start Menu\Programs\Startup\think-adz.lnk
C:\Documents and Settings\Elizabeth\Desktop\AntiSpywareMaster.lnk
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\#SharedObjects\H2678TRR\interclick.com
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\#SharedObjects\H2678TRR\interclick.com\ud.sol
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Kevin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Kevin\gside.exe
C:\Documents and Settings\Kimberly\Desktop\AntiSpywareMaster.lnk
C:\U.exe
C:\WINDOWS\BMe78a7185.txt
C:\WINDOWS\BMe78a7185.xml
C:\WINDOWS\drsmartload2.dat
C:\WINDOWS\Fonts\acrsecI.fon
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\newname.dat
C:\WINDOWS\pskt.ini
C:\WINDOWS\rasqervy.dll
C:\WINDOWS\sdfinacs.dll
C:\WINDOWS\sdfixwcs.dll
C:\WINDOWS\system32\9639173091.CPX
C:\WINDOWS\system32\96391730912.CPX
C:\WINDOWS\system32\96391730921.CPX
C:\WINDOWS\system32\96391730931.CPX
C:\WINDOWS\system32\96391730951.CPX
C:\WINDOWS\system32\adbmfgol.dll
C:\WINDOWS\system32\amnqgdct.dll
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\bkmdlf.dll
C:\WINDOWS\system32\bvjfqxqr.ini
C:\WINDOWS\system32\cjlsvpmv.ini
C:\WINDOWS\system32\ckbdrgux.dll
C:\WINDOWS\system32\cmhovhxr.dll
C:\WINDOWS\system32\csatxj.dll
C:\WINDOWS\system32\cvnbak.dll
C:\WINDOWS\system32\dbwjnmhg.dll
C:\WINDOWS\system32\dycmquwc.dll
C:\WINDOWS\system32\ekpscqes.dll
C:\WINDOWS\system32\frcehsap.dll
C:\WINDOWS\system32\gobedifh.ini
C:\WINDOWS\system32\hdjyerel.ini
C:\WINDOWS\system32\hfidebog.dll
C:\WINDOWS\system32\hgGXNdDt.dll
C:\WINDOWS\system32\ilmkoise.dll
C:\WINDOWS\system32\iuhoneal.dll
C:\WINDOWS\system32\iwmprd.dll
C:\WINDOWS\system32\ixsdprdd.ini
C:\WINDOWS\system32\jxwhqbkh.dll
C:\WINDOWS\system32\kvqwsmqo.ini
C:\WINDOWS\system32\lylqcdvp.dll
C:\WINDOWS\system32\mfvaxqee.dll
C:\WINDOWS\system32\mgtsctnk.ini
C:\WINDOWS\system32\minijpqv.dll
C:\WINDOWS\system32\mlJBSLfD.dll
C:\WINDOWS\system32\mpcbrikr.dll
C:\WINDOWS\system32\n3
C:\WINDOWS\system32\njesaded.dll
C:\WINDOWS\system32\nrxephoa.dll
C:\WINDOWS\system32\ompuisig.dll
C:\WINDOWS\system32\peigpolg.ini
C:\WINDOWS\system32\piqeebtq.dll
C:\WINDOWS\system32\pjnvtsbe.dll
C:\WINDOWS\system32\pkayvcal.dll
C:\WINDOWS\system32\pornebfl.ini
C:\WINDOWS\system32\qbpdtmwc.dll
C:\WINDOWS\system32\qhlimldk.dll
C:\WINDOWS\system32\qjycyd.dll
C:\WINDOWS\system32\quyhvrfj.dll
C:\WINDOWS\system32\rabbrteh.dll
C:\WINDOWS\system32\riollo.dll
C:\WINDOWS\system32\rkirbcpm.ini
C:\WINDOWS\system32\RqWFffii.ini
C:\WINDOWS\system32\RqWFffii.ini2
C:\WINDOWS\system32\tDdNXGgh.ini
C:\WINDOWS\system32\tDdNXGgh.ini2
C:\WINDOWS\system32\tkkktvbi.ini
C:\WINDOWS\system32\tmqkrmvq.dll
C:\WINDOWS\system32\tuvWPgfG.dll
C:\WINDOWS\system32\ukjyhfcy.dll
C:\WINDOWS\system32\utxvligy.dll
C:\WINDOWS\system32\uwidsebv.dll
C:\WINDOWS\system32\vedvmhjw.dll
C:\WINDOWS\system32\vmpvsljc.dll
C:\WINDOWS\system32\vzorqz.dll
C:\WINDOWS\system32\waywjwtu.ini
C:\WINDOWS\system32\whpnslgr.dll
C:\WINDOWS\system32\wopndj.dll
C:\WINDOWS\system32\xdoxds.dll
C:\WINDOWS\system32\xgajrg.dll
C:\WINDOWS\system32\xjhfnu.dll
C:\WINDOWS\system32\xwrqdpmh.dll
C:\WINDOWS\system32\yhapmwbi.dll
C:\WINDOWS\system32\ypmhmnqw.dll
C:\WINDOWS\teller2.chk
C:\WINDOWS\wuasirvy.dll
.
---- Previous Run -------
.
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.exe
C:\Program Files\AntiSpywareMaster
C:\Program Files\Common Files\misc001
C:\Program Files\Common Files\simtest
C:\Program Files\Common Files\simtest\svchostsys.bat
C:\Program Files\Common Files\simtest\temp.txt
C:\Program Files\Common Files\svchostsys
C:\Program Files\Common Files\svchostsys\ICSharpCode.SharpZipLib.dll
C:\Program Files\Common Files\svchostsys\svchostsys.exe.config
C:\Program Files\Common Files\svchostsys\svchostupdate.exe.config
C:\Program Files\Common Files\svchostsys\Version.txt
C:\Program Files\Inet Delivery
C:\Program Files\Inet Delivery\inetdl.exe
C:\Program Files\Inet Delivery\intdel.exe
C:\Program Files\MyWay
C:\Program Files\MyWay\myBar\Cache(2)\0004E413.bmp
C:\Program Files\MyWay\myBar\Cache(2)\0004EA8B.bmp
C:\Program Files\MyWay\myBar\Cache(2)\0004EE25.bmp
C:\Program Files\MyWay\myBar\Cache(2)\00126624
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\RcvSystem
C:\Program Files\Svconr
C:\Program Files\Temporary
C:\Program Files\webhancer
C:\Program Files\webhancer\Programs\license.txt
C:\Program Files\webhancer\Programs\readme.txt
C:\Program Files\webhancer\Programs\sporder.dll
C:\Program Files\webhancer\Programs\whagent.ini
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\a.bat
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\base64.tmp
C:\WINDOWS\bdn.com
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\cookies.ini
C:\WINDOWS\default.htm
C:\WINDOWS\didduid.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\acrsecB.fon
C:\WINDOWS\FVProtect.exe
C:\WINDOWS\iTunesMusic.exe
C:\WINDOWS\lfn.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msacm32.drv
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mslagent
C:\WINDOWS\mslagent\2_mslagent.dll
C:\WINDOWS\mslagent\mslagent.exe
C:\WINDOWS\mslagent\uninstall.exe
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssecu.exe
C:\WINDOWS\mssvr.exe
C:\WINDOWS\muotr.so
C:\WINDOWS\ntnut.exe
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\akttzn.exe
C:\WINDOWS\system32\anticipator.dll
C:\WINDOWS\system32\awtoolb.dll
C:\WINDOWS\system32\bang-006.ico
C:\WINDOWS\system32\bdn.com
C:\WINDOWS\system32\bsva-egihsg52.exe
C:\WINDOWS\system32\dpcproxy.exe
C:\WINDOWS\system32\emesx.dll
C:\WINDOWS\system32\h@tkeysh@@k.dll
C:\WINDOWS\system32\hoproxy.dll
C:\WINDOWS\system32\hxiwlgpm.dat
C:\WINDOWS\system32\hxiwlgpm.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\medup012.dll
C:\WINDOWS\system32\medup020.dll
C:\WINDOWS\system32\msgp.exe
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\msnbho.dll
C:\WINDOWS\system32\mssecu.exe
C:\WINDOWS\system32\msvchost.exe
C:\WINDOWS\system32\mtr2.exe
C:\WINDOWS\system32\mwin32.exe
C:\WINDOWS\system32\netode.exe
C:\WINDOWS\system32\newsd32.exe
C:\WINDOWS\system32\nt68rrtc12.sys
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\ps1.exe
C:\WINDOWS\system32\psof1.exe
C:\WINDOWS\system32\psoft1.exe
C:\WINDOWS\system32\regc64.dll
C:\WINDOWS\system32\regm64.dll
C:\WINDOWS\system32\Rundl1.exe
C:\WINDOWS\system32\smp
C:\WINDOWS\system32\smp\msrc.exe
C:\WINDOWS\system32\sncntr.exe
C:\WINDOWS\system32\ssurf022.dll
C:\WINDOWS\system32\ssvchost.com
C:\WINDOWS\system32\ssvchost.exe
C:\WINDOWS\system32\sysreq.exe
C:\WINDOWS\system32\taack.dat
C:\WINDOWS\system32\taack.exe
C:\WINDOWS\system32\temp#01.exe
C:\WINDOWS\system32\thun.dll
C:\WINDOWS\system32\thun32.dll
C:\WINDOWS\system32\VBIEWER.OCX
C:\WINDOWS\system32\vbsys2.dll
C:\WINDOWS\system32\vcatchpi.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\winlogonpc.exe
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\winsystem.exe
C:\WINDOWS\system32\WINWGPX.EXE
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\userconfig9x.dll
C:\WINDOWS\voiceip.dll
C:\WINDOWS\Web\def.htm
C:\WINDOWS\winsb.dll
C:\WINDOWS\winsystem.exe
C:\WINDOWS\wintst32.tmp
C:\WINDOWS\zip1.tmp
C:\WINDOWS\zip2.tmp
C:\WINDOWS\zip3.tmp
C:\WINDOWS\zipped.tmp

----- BITS: Possible infected sites -----

http://80.93.48.74
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSSECURITY1.209.4
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-07-11 to 2008-08-11 )))))))))))))))))))))))))))))))
.

2100-02-16 16:09 . 2001-02-16 15:37 62 --a------ C:\WINDOWS\system32\LXBOUSCI.INI
2008-08-11 13:51 . 2008-08-11 15:01 474 --ahs---- C:\WINDOWS\system32\balapnxn.ini
2008-08-04 16:48 . 2008-08-04 16:48 <DIR> d-------- C:\Deckard
2008-08-04 16:47 . 2008-08-04 16:47 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-08-03 19:44 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-08-03 19:04 . 2008-08-03 19:04 <DIR> d-------- C:\Program Files\Panda Security

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 20:46 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Move Networks
2008-06-28 22:10 --------- d-----w C:\Program Files\AIM6
2008-06-28 22:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-06-28 22:06 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Viewpoint
2008-06-28 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-28 22:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-06-28 22:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-06-27 22:22 --------- d-----w C:\Documents and Settings\Kevin\Application Data\uTorrent
2008-06-27 22:14 --------- d-----w C:\Program Files\MSBuild
2008-06-27 22:04 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-27 21:40 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Sony Setup
2008-06-27 21:39 --------- d-----w C:\Program Files\Sony Setup
2008-06-27 18:13 --------- d-----w C:\Program Files\uTorrent
2008-06-27 18:12 --------- d-----w C:\Program Files\Sony
2008-06-27 01:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-26 14:04 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Audacity
2008-06-26 02:31 --------- d-----w C:\Program Files\LimeWire
2008-06-21 15:38 --------- d-----w C:\Documents and Settings\Kevin\Application Data\Apple Computer
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-24 19:52 399,084 ----a-w C:\Documents and Settings\Kevin\g74.exe
2006-10-31 01:52 3,932 ----a-w C:\Documents and Settings\Kevin\Application Data\CMLayout.dat
2006-10-31 01:52 268 ----a-w C:\Documents and Settings\Kevin\Application Data\CMCPaper.dat
2005-04-06 15:18 16,384 ----a-w C:\Documents and Settings\Kevin\rappmx.dll
2003-07-18 16:12 4 ----a-w C:\Documents and Settings\Kevin\hl.dat
2001-05-21 10:54 3,932 ----a-w C:\Documents and Settings\Elizabeth\Application Data\CMLayout.dat
2006-05-03 10:06 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="1" [X]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"MoneyStartUp"="c:\Program Files\Microsoft Money\System\Money Startup.exe" [2000-07-19 12:00 24625]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CPQEASYACC"="C:\Program Files\Compaq\Easy Access Button Support\StartEAK.exe" [2001-08-15 13:50 28672]
"WCOLOREAL"="C:\Program Files\COMPAQ\Coloreal\coloreal.exe" [2001-09-26 11:30 131072]
"srmclean"="C:\Cpqs\Scom\srmclean.exe" [2001-07-24 16:34 36864]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2001-10-17 12:50 655360]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2003-12-09 14:02 57344]
"Motive SmartBridge"="C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2003-12-10 04:52 380928]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 17:13 86016]
"Lexmark X84-X85 Button Monitor"="C:\PROGRA~1\LEXMAR~1\ACMonitor_X84-X85.exe" [2003-01-08 14:36 40960]
"Lexmark X84-X85 Button Manager"="C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X84-X85.exe" [2002-09-04 10:36 53248]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 19:52 36864]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 17:13 7204864]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-05-26 02:27 180269]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 13:37 79224]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Smapp"="Smtray.exe" [2001-05-31 22:32 224256 C:\WINDOWS\system32\SMTray.exe]

C:\Documents and Settings\Elizabeth\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 20:24:54 98632]

C:\Documents and Settings\Kevin\Start Menu\Programs\Startup\
CoolMon.lnk - C:\Program Files\CoolMon\CoolMon.exe [2002-10-13 22:51:43 1516032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=riollo.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.iv41"= IR41_32.DLL

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Weather"=C:\Program Files\AWS\WeatherBug\Weather.exe 1

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"StartSurfing"=C:\PROGRA~1\STARTS~1\STARTS~1.EXE
"AltnetPointsManager"=c:\program files\altnet\points manager\points manager.exe -s
"avserve2.exe"=C:\WINDOWS\avserve2.exe
"avserve.exe"=C:\WINDOWS\avserve.exe
"Microsoft Works Portfolio"=C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
"Microsoft Works Update Detection"=C:\Program Files\Microsoft Works\WkDetect.exe
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"nwiz"=nwiz.exe /install
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\AnalogX\\Proxy\\proxy.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\WinMX\\WinMX.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Maxis\\SimCity 3000 Unlimited\\Apps\\Updater\\UPDATER.EXE"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\AIM95\\aim.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"35617:TCP"= 35617:TCP:Gnutella
"35617:UDP"= 35617:UDP:Gnutella

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 13:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 13:35]
R2 MSSQL$AUTODESKVAULT;MSSQL$AUTODESKVAULT;C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlservr.exe [2005-05-04 01:04]
R2 Pctspk;PCTEL Speaker Phone;C:\WINDOWS\system32\pctspk.exe [2001-08-17 17:36]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 16:38]
R3 Gcr432;Gcr432;C:\WINDOWS\system32\Drivers\gcr432.sys [2001-09-06 16:05]
R3 MusCDriverV32;MusCDriverV32;C:\WINDOWS\system32\drivers\MusCDriverV32.sys [2007-07-19 14:58]
R3 Ptserlp;PCTEL Serial Device Driver for PCI;C:\WINDOWS\system32\DRIVERS\ptserlp.sys [2001-08-17 08:28]
S1 EACMOS;EACMOS;C:\WINDOWS\system32\drivers\EACMOS.SYS []
S2 ntlogin32;NT login service;C:\WINDOWS\System32\libsysmgr.exe []
S3 SNDP202;Bushnell ImageView;C:\WINDOWS\system32\DRIVERS\sndp202.sys [2003-01-08 09:43]
S3 SQLAgent$AUTODESKVAULT;SQLAgent$AUTODESKVAULT;C:\Program Files\Microsoft SQL Server\MSSQL$AUTODESKVAULT\Binn\sqlagent.EXE [2005-05-03 22:42]
S3 TICalc;TICalc;C:\WINDOWS\system32\drivers\TICalc.sys [2001-01-29 16:41]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\SETUP.EXE
\Shell\install\command - F:\INSTALL\_SETUP.exe
.
Contents of the 'Scheduled Tasks' folder

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 1.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 2.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2001-10-17 C:\WINDOWS\Tasks\Registration reminder 3.job
- C:\WINDOWS\System32\OOBE\oobebaln.exe [2004-08-04 02:56]

2008-08-04 C:\WINDOWS\Tasks\{C185ABC2-822F-4D34-9CF9-6FDDC99D90CE}_DESKTOP_Kevin.job
- C:\WINDOWS\system32\mobsync.exe [2004-08-04 02:56]
.
- - - - ORPHANS REMOVED - - - -

BHO-{30ED533D-7E10-48D6-8314-E07DFE852B87} - C:\Documents and Settings\Kevin\Local Settings\Temporary Internet Files\Content.IE5\393ORJKQ\3077ahntdksr[1].dll
HKCU-Run-Veoh - C:\Documents and Settings\Kevin\My Documents\New Folder\VeohClient.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-e4b94219 - C:\WINDOWS\system32\hfidebog.dll
HKLM-Run-WorksFUD - (no file)
HKU-Default-Run-Picasa Media Detector - C:\Documents and Settings\Kevin\My Documents\New Folder\Picasa2\PicasaMediaDetector.exe
Notify-cbXpQiIB - cbXpQiIB.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\4k3nozsh.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-11 1610
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\scardsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\CPQEADM.exe
C:\Compaq\CPQInet\CPQInet.exe
C:\Compaq\EAKDRV\EAUSBKBD.exe
C:\PROGRA~1\COMPAQ\EASYAC~1\BttnServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
.
**************************************************************************
.
Completion time: 2008-08-11 16:21:11 - machine was rebooted [Kevin]
ComboFix-quarantined-files.txt 2008-08-11 21:21:02

Pre-Run: 27,591,503,872 bytes free
Post-Run: 27,024,203,776 bytes free

467 --- E O F --- 2008-06-20 15:37:40
khealy729 is offline