Spyware and pop-ups

630 Views 0 Replies 1 Participant Last post by shazilla, Jun 7, 2008

shazilla

Discussion Starter · Jun 7, 2008

Hi, I am getting multiple pop-ups & am unable to remove all the spyware. I've done the following:
-uninstalled all I found in add/remove progs.
-deleted all in prefeetch folder
-deleted cookies & files
-ran ccleaner
-disabled all manage-add ons in IE
Here is my log from combofix ******** Please help!!

ComboFix 08-06-07.1 - troy 2008-06-07 14:06:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.151 [GMT -4:00]
Running from: C:\Documents and Settings\troy.SWEETP\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\troy.SWEETP\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Guest\Application Data\ShoppingReport
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\Guest\Application Data\ShoppingReport\cs\res2\WhiteList.dbs
C:\Documents and Settings\JAVON\Application Data\DriveCleaner 2006 Free
C:\Documents and Settings\JAVON\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\Documents and Settings\JAVON\Application Data\ShoppingReport
C:\Documents and Settings\JAVON\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\JAVON\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\JAVON\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\JAVON\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\JAVON\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\JAVON\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\JAVON\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\LocalService\Application Data\ShoppingReport
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\LocalService\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\MADGE\Application Data\DriveCleaner 2006 Free
C:\Documents and Settings\MADGE\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\Documents and Settings\troy.SWEETP\Application Data\ShoppingReport
C:\Documents and Settings\troy.SWEETP\Application Data\ShoppingReport\cs\Config.xml
C:\Documents and Settings\troy.SWEETP\Application Data\ShoppingReport\cs\db\Aliases.dbs
C:\Documents and Settings\troy.SWEETP\Application Data\ShoppingReport\cs\db\Sites.dbs
C:\Documents and Settings\troy.SWEETP\Application Data\ShoppingReport\cs\dwld\WhiteList.xip
C:\Documents and Settings\troy.SWEETP\Application Data\ShoppingReport\cs\report\aggr_storage.xml
C:\Documents and Settings\troy.SWEETP\Application Data\ShoppingReport\cs\report\send_storage.xml
C:\Documents and Settings\troy.SWEETP\Application Data\ShoppingReport\cs\res1\WhiteList.dbs
C:\Documents and Settings\VERNA\Application Data\DriveCleaner 2006 Free
C:\Documents and Settings\VERNA\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\Documents and Settings\VERNA\Application Data\macromedia\Flash Player\#SharedObjects\2NSRJ2NG\www.broadcaster.com
C:\Documents and Settings\VERNA\Application Data\macromedia\Flash Player\#SharedObjects\2NSRJ2NG\www.broadcaster.com\played_list.sol
C:\Documents and Settings\VERNA\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\VERNA\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\dbar
C:\Program Files\dbar\dbaruninst.exe
C:\Program Files\winvi
C:\Program Files\winvi\dsktp\AC_RunActiveContent.js
C:\Program Files\winvi\dsktp\desktop.html
C:\Program Files\winvi\dsktp\internetDetection.swf
C:\Program Files\winvi\dsktp\settings.sol
C:\Program Files\winvi\icons\bufferthis.ico
C:\Program Files\winvi\icons\flashfunpages.ico
C:\Program Files\winvi\icons\funnies.ico
C:\Program Files\winvi\icons\funnyfunpages.ico
C:\Program Files\winvi\icons\goodcleanvideos.ico
C:\Program Files\winvi\icons\newfunpages.ico
C:\Program Files\winvi\icons\positivethoughts.ico
C:\Program Files\winvi\icons\removespyware.ico
C:\Program Files\winvi\icons\thissiterocks.ico
C:\Program Files\winvi\temp\version.ini
C:\Program Files\winvi\Uninst.exe
C:\Program Files\winvi\version.ini
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\alasxcew.ini
C:\WINDOWS\system32\bspawlow.ini
C:\WINDOWS\system32\bywdsbtx.ini
C:\WINDOWS\system32\chxjdsfj.ini
C:\WINDOWS\system32\clpsgusi.dll
C:\WINDOWS\system32\crlkmydv.ini
C:\WINDOWS\system32\cxvmhyys.ini
C:\WINDOWS\system32\drivers\wanarpp.sys
C:\WINDOWS\system32\dyclrrcm.ini
C:\WINDOWS\system32\ewyiheam.ini
C:\WINDOWS\system32\gfbhbklg.ini
C:\WINDOWS\system32\giqfrrra.ini
C:\WINDOWS\system32\gpjpyoeu.ini
C:\WINDOWS\system32\hhofwfrp.dll
C:\WINDOWS\system32\hvqhsshi.ini
C:\WINDOWS\system32\isugsplc.ini
C:\WINDOWS\system32\jgwkhgtr.ini
C:\WINDOWS\system32\jwvlkqic.ini
C:\WINDOWS\system32\koehelgm.ini
C:\WINDOWS\system32\kwnvtmhf.ini
C:\WINDOWS\system32\lnnmp.ini
C:\WINDOWS\system32\lnnmp.ini2
C:\WINDOWS\system32\lvnxjgkx.ini
C:\WINDOWS\system32\mgbvkwmq.ini
C:\WINDOWS\system32\mmbussit.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\nyrrhuuq.dll
C:\WINDOWS\system32\oaifxrgh.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qnlronru.ini
C:\WINDOWS\system32\qpklccxq.ini
C:\WINDOWS\system32\rcgarwsk.ini
C:\WINDOWS\system32\rcrvobvc.ini
C:\WINDOWS\system32\rtojyucq.ini
C:\WINDOWS\system32\ssfpsucy.ini
C:\WINDOWS\system32\tnxahtxt.ini
C:\WINDOWS\system32\tvrkangb.ini
C:\WINDOWS\system32\txkvddli.ini
C:\WINDOWS\system32\uldqjqrj.ini
C:\WINDOWS\system32\ulhmbbvf.ini
C:\WINDOWS\system32\vhbutnyv.ini
C:\WINDOWS\system32\vmhqdfrt.ini
C:\WINDOWS\system32\xbtawfnj.ini
C:\WINDOWS\system32\xbtradct.ini
C:\WINDOWS\system32\xjctiggj.ini
C:\WINDOWS\system32\xjdpjvqt.ini
C:\WINDOWS\system32\xkmfllhv.ini
C:\WINDOWS\system32\xojpsnel.dll
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_WANARPP
-------\Service_wanarpp

((((((((((((((((((((((((( Files Created from 2008-05-07 to 2008-06-07 )))))))))))))))))))))))))))))))
.

2008-06-07 13:14 . 2008-06-07 13:14 3,420 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-06-07 13:13 . 2008-06-07 13:15 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-06-07 13:13 . 2008-06-07 13:13 <DIR> d-------- C:\Documents and Settings\troy.SWEETP\Application Data\PC Tools
2008-06-07 13:13 . 2007-12-10 13:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-06-07 13:13 . 2007-12-10 13:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-06-07 13:13 . 2008-02-01 11:55 42,376 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-06-07 13:13 . 2007-12-10 13:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-06-06 23:43 . 2008-06-06 23:43 <DIR> d-------- C:\Documents and Settings\VERNA\Application Data\AVG7
2008-06-06 23:20 . 2008-06-06 23:21 <DIR> d-------- C:\Documents and Settings\JAVON\Application Data\AVG7
2008-06-06 18:18 . 2008-06-06 18:18 <DIR> d-------- C:\Program Files\Windows Installer Clean Up
2008-06-06 18:17 . 2008-06-06 18:17 <DIR> d-------- C:\Program Files\MSECACHE
2008-06-06 17:47 . 2008-06-06 17:47 <DIR> d-------- C:\Program Files\CCleaner
2008-06-06 17:32 . 2008-06-06 17:32 <DIR> d-------- C:\Documents and Settings\troy.SWEETP\Application Data\Uniblue
2008-06-06 17:09 . 2008-06-06 17:11 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-06-06 16:34 . 2008-06-06 16:34 167,976 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-06-05 10:43 . 2008-06-05 10:43 <DIR> d-------- C:\Documents and Settings\troy.SWEETP\Application Data\Lavasoft
2008-06-04 15:36 . 2006-09-05 18:03 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-02 08:57 . 2008-06-02 08:57 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-02 08:57 . 2008-06-02 08:57 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-02 08:57 . 2008-06-02 08:57 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-02 08:57 . 2008-06-02 08:57 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-01 23:14 . 2008-06-02 01:03 6,024 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-06-01 22:56 . 2007-10-25 23:34 8,460,288 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-01 21:14 . 2008-04-13 20:12 7,680 --a------ C:\WINDOWS\system32\spdwnwxp.exe
2008-06-01 12:01 . 2008-06-01 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-05-31 23:43 . 2008-06-06 18:24 <DIR> d-------- C:\Documents and Settings\MADGE\Application Data\AVG7
2008-05-31 21:13 . 2008-05-31 18:47 691,545 --a------ C:\WINDOWS\unins000.exe
2008-05-31 21:13 . 2008-05-31 21:13 2,540 --a------ C:\WINDOWS\unins000.dat
2008-05-31 21:10 . 2008-05-31 21:10 <DIR> d-------- C:\Program Files\Panicware
2008-05-31 18:52 . 2008-06-07 11:14 1,547 --a------ C:\WINDOWS\SysMech6.INI
2008-05-31 18:45 . 2008-06-04 14:51 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-31 18:45 . 2008-06-06 18:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-31 18:28 . 2008-05-31 18:28 19,238 --a------ C:\2008-05-31_182839.jpg
2008-05-31 18:27 . 2008-05-31 18:40 3,997 --a------ C:\Tools.ini
2008-05-31 17:09 . 2008-05-31 17:09 <DIR> d-------- C:\Documents and Settings\troy.SWEETP\Application Data\MSNInstaller
2008-05-31 15:22 . 2008-05-31 15:25 <DIR> d-------- C:\Documents and Settings\troy.SWEETP\.housecall6.6
2008-05-31 09:25 . 2008-06-06 23:33 <DIR> dr-h----- C:\$VAULT$.AVG
2008-05-31 08:52 . 2008-05-31 08:52 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-31 08:52 . 2008-05-31 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-31 08:35 . 2007-01-18 08:00 3,968 --a------ C:\WINDOWS\system32\drivers\AvgArCln.sys
2008-05-31 08:31 . 2008-06-07 15:24 <DIR> d-------- C:\Documents and Settings\troy.SWEETP\Application Data\AVG7
2008-05-31 08:30 . 2008-05-31 08:30 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-05-31 08:29 . 2008-05-31 08:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-05-31 08:29 . 2008-05-31 08:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-05-31 03:08 . 2008-05-31 03:08 9,662 --a------ C:\WINDOWS\system32\pinkip.ico
2008-05-30 23:15 . 2008-05-30 23:15 <DIR> d-------- C:\Program Files\iolo
2008-05-30 23:15 . 2008-05-30 23:15 406 --a------ C:\WINDOWS\system32\ioloBootDefrag.cfg
2008-05-28 15:49 . 2008-05-28 15:49 <DIR> d-------- C:\Documents and Settings\troy.SWEETP\Application Data\CyberLink
2008-05-28 15:09 . 2008-05-31 19:45 <DIR> d-------- C:\Documents and Settings\troy.SWEETP\Application Data\U3
2008-05-09 01:35 . 2008-05-09 01:35 <DIR> d-------- C:\Documents and Settings\VERNA\Application Data\Application Data

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 17:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-07 08:01 --------- d-----w C:\Program Files\Microsoft Works
2008-06-07 08:01 --------- d-----w C:\Program Files\JpegSizer 6ook
2008-06-07 08:01 --------- d-----w C:\Program Files\JpegSizer 5
2008-06-07 08:01 --------- d-----w C:\Documents and Settings\VERNA\Application Data\Morpheus
2008-06-07 08:01 --------- d-----w C:\Documents and Settings\MADGE\Application Data\Morpheus
2008-06-06 13:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2008-06-04 22:16 --------- d-----w C:\Program Files\alot
2008-05-31 21:07 --------- d-----w C:\Program Files\igLoader
2008-05-02 04:16 --------- d-----w C:\Documents and Settings\MADGE\Application Data\CyberLink
2008-04-16 02:30 --------- d-----w C:\Program Files\SpiralFrog
2008-03-25 02:42 10,657,100 ----a-w C:\Documents and Settings\JAVON\HC43SInstaller.exe
.

------- Sigcheck -------

2008-04-13 20:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\svchost.exe
2004-08-10 15:00 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe

2005-03-02 14:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 11:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2005-03-02 14:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2008-04-13 20:12 578560 b26b135ff1b9f60c9388b4a7d16f600b C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\user32.dll
2007-03-08 11:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\system32\dllcache\user32.dll

2008-04-13 20:12 82432 2ccc474eb85ceaa3e1fa1726580a3e5a C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ws2_32.dll
2004-08-10 15:00 82944 2ed0b7f12a60f90092081c50fa0ec2b2 C:\WINDOWS\system32\ws2_32.dll

2004-09-29 14:27 656896 2c07195588d69a067c2afdaa31759295 C:\WINDOWS\$hf_mig$\KB834707\SP2QFE\wininet.dll
2005-01-27 13:08 657920 a8eac5330876548e9966a7d13025d196 C:\WINDOWS\$hf_mig$\KB867282\SP2QFE\wininet.dll
2005-03-10 03:43 657920 c8663b488996e89a84c3d17c1d12b79e C:\WINDOWS\$hf_mig$\KB890923\SP2QFE\wininet.dll
2005-09-02 19:53 660480 97a6fd7cafd688cf2c78939ebaf0cd0c C:\WINDOWS\$hf_mig$\KB896688\SP2QFE\wininet.dll
2005-07-02 22:09 659456 6e533d155b259eb2363d3e04b5be309f C:\WINDOWS\$hf_mig$\KB896727\SP2QFE\wininet.dll
2005-10-20 23:38 661504 af785c4947676a7fc1673fdc5c8d0b5b C:\WINDOWS\$hf_mig$\KB905915\SP2QFE\wininet.dll
2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
2007-12-06 22:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
2005-09-02 19:52 658432 af61ebb1f550175eff406d545d6ab086 C:\WINDOWS\$NtUninstallKB905915$\wininet.dll
2005-10-20 23:39 658432 e7b27b6b6e06ce34ea019fd8b858c613 C:\WINDOWS\$NtUninstallKB912812$\wininet.dll
2006-03-03 23:58 663552 c0845ecbf4f9164e618ee381b79c9032 C:\WINDOWS\$NtUninstallKB916281$\wininet.dll
2006-05-10 01:25 663552 d94cffdb53e7ac867438e2dfd50e7cbc C:\WINDOWS\$NtUninstallKB918899$\wininet.dll
2006-06-23 07:25 664576 64ce26db72810b30f7855ea51e1df836 C:\WINDOWS\$NtUninstallKB922760$\wininet.dll
2006-09-14 04:31 664576 d207370287cf769aebebf03837784963 C:\WINDOWS\$NtUninstallKB925454$\wininet.dll
2006-10-23 11:34 664576 231ef4179acabe486376b5ca893f1076 C:\WINDOWS\$NtUninstallKB928090$\wininet.dll
2007-01-04 10:05 665088 3ffa1573fc274e5aa7467d03941c45ee C:\WINDOWS\$NtUninstallKB942615$\wininet.dll
2007-10-11 01:57 666112 80d660a49e0d118144423099b2a9f5da C:\WINDOWS\$NtUninstallKB944533$\wininet.dll
2007-12-06 20:44 666112 085a7c37f9c6ede1ba870b7dbec06399 C:\WINDOWS\ie7\wininet.dll
2007-08-13 19:54 818688 a4a0fc92358f39538a6494c42ef99fe9 C:\WINDOWS\ie7updates\KB942615-IE7\wininet.dll
2007-10-10 19:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll
2007-12-06 22:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\ie7updates\KB947864-IE7\wininet.dll
2008-04-13 20:12 666112 7a4f775abb2f1c97def3e73afa2faedd C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\SoftwareDistribution\Download\ceba12074e2ee6f2478e27a2b926a276\SP2GDR\wininet.dll
2008-03-01 09:03 827392 6316c2f0c61271c8abdff7429174879e C:\WINDOWS\SoftwareDistribution\Download\ceba12074e2ee6f2478e27a2b926a276\SP2QFE\wininet.dll
2007-10-10 19:56 824832 30c1e0f34ad2972c72a01db5c74ab065 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2GDR\wininet.dll
2007-10-10 19:47 825344 0e5d918f87efa7d2424d66b499c7eb04 C:\WINDOWS\SoftwareDistribution\Download\e3709fbfd9557a7d083f543d51d38612\SP2QFE\wininet.dll
2007-12-06 22:21 824832 806d274c9a6c3aaea5eae8e4af841e04 C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2GDR\wininet.dll
2007-12-06 22:01 825344 b5b411bb229ae6ead7652a32ed47bfb9 C:\WINDOWS\SoftwareDistribution\Download\e5a204b08ee9dd0f7a20547e61486b27\SP2QFE\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\system32\wininet.dll
2008-03-01 09:06 826368 ad21461aef8244edec2ef18e55e1dcf3 C:\WINDOWS\system32\dllcache\wininet.dll

2005-03-13 21:17 359936 6129e70f3d2f1e60860c930ebeaf92c2 C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 13:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 08:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 12:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2005-03-13 20:55 359808 0e66b538096a6529d1ac66e78eb0d5c8 C:\WINDOWS\$NtUninstallKB913446$\tcpip.sys
2006-01-12 22:28 359808 583e063fdc888ca30d05c2724b0d7ef4 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 07:51 359808 1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2008-04-13 15:20 361344 93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 13:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2008-04-13 20:12 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\winlogon.exe
2004-08-10 15:00 502272 01c3346c241652f43aed8e2149881bfe C:\WINDOWS\system32\winlogon.exe

2008-04-13 15:20 182656 1df7f42665c94b825322fae71721130d C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ndis.sys
2004-08-10 15:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2008-04-13 14:53 36608 3bb22519a194418d5fec05d800a19ad0 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ip6fw.sys
2004-08-10 15:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-01 20:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2005-03-01 20:34 2056832 81013f36b21c7f72cf784cc6731e0002 C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2005-09-28 19:35 2057344 c60248dde015b0a73871a16576b7a945 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2008-04-13 14:31 2065792 109f8e3e3c82e337bb71b6bc9b895d61 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 05:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2004-08-10 15:00 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntkrnlpa.exe

2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2005-09-28 20:04 2180096 b919a39acaff2188fa699e22dcb5f13f C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2004-08-10 15:00 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\ntoskrnl.exe

2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\explorer.exe
2007-06-13 07:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-10 15:00 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-13 20:12 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\explorer.exe
2007-06-13 06:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\system32\dllcache\explorer.exe

2008-04-13 20:12 108544 0e776ed5f7cc9f94299e70461b7b8185 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\services.exe
2004-08-10 15:00 108032 c6ce6eec82f187615d1002bb3bb50ed4 C:\WINDOWS\system32\services.exe

2008-04-13 20:12 13312 bf2466b3e18e970d8a976fb95fc1ca85 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\lsass.exe
2004-08-10 15:00 13312 84885f9b82f4d55c6146ebf6065d75d2 C:\WINDOWS\system32\lsass.exe

2008-04-13 20:12 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ctfmon.exe
2004-08-10 15:00 15360 24232996a38c0b0cf151c2140ae29fc8 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

.
Contents of the 'Scheduled Tasks' folder
"2008-06-06 10:19:31 C:\WINDOWS\Tasks\{F897AA24-BDC3-11D1-B85B-00C04FB93981}_SWEETP_MADGE.job"
\- C:\WINDOWS\system32\mobsync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 15:24:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
OOBEDDDemise = cmd /x /c erase C:\WINDOWS\System32\oobe\msoobe.exe?????hx???????????????C?w????????????????????tz??????????????????i?wis???????????H???????????????????????????*&?|l????&?|??-w????????????????????????????????????????????????????`??????????????|?&?|?????&?|B%?|???????????????????|?$?|??????-wC

scanning hidden files ...

**************************************************************************
.
Completion time: 2008-06-07 15:32:22 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-07 19:32:19

Pre-Run: 51,557,154,816 bytes free
Post-Run: 55,136,882,688 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

333

Top Contributors this Month