Combo Fix

ComboFix 11-04-05.01 - Lolo 04/05/2011 16:30:04.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.
695 [GMT -5:00 ] Running from: D:\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))) ))))))))))))))))))))))))))))) . . c:\documents and settings\Lolo\Application Data\.# c:\documents and settings\Lolo\Application Data\.#\MBX@650@3941A0.### c:\documents and settings\Lolo\Application Data\.#\MBX@650@3941D0.### c:\documents and settings\Lolo\Application Data\.#\MBX@650@394200.### c:\documents and settings\Lolo\Application Data\.#\MBX@868@3941A0.### c:\documents and settings\Lolo\Application Data\.#\MBX@868@3941D0.### c:\documents and settings\Lolo\Application Data\.#\MBX@868@394200.### c:\documents and settings\Lolo\Application Data\.#\MBX@A3C@3941A0.### c:\documents and settings\Lolo\Application Data\.#\MBX@A3C@3941D0.### c:\documents and settings\Lolo\Application Data\.#\MBX@A3C@394200.### c:\documents and settings\Lolo\Application Data\Adobe\AdobeUpdate .exe c:\documents and settings\Lolo\Application Data\Adobe\plugs c:\documents and settings\Lolo\Application Data\Adobe\plugs\KB108928281.exe c:\documents and settings\Lolo\Local Settings\Application Data\{BC9C781A-729C-40 80-9212-AA8562484532} c:\documents and settings\Lolo\Local Settings\Application Data\{BC9C781A-729C-40 80-9212-AA8562484532}\chrome.manifest c:\documents and settings\Lolo\Local Settings\Application Data\{BC9C781A-729C-40 80-9212-AA8562484532}\chrome\content\_cfg.js c:\documents and settings\Lolo\Local Settings\Application Data\{BC9C781A-729C-40 80-9212-AA8562484532}\chrome\content\overlay.xul c:\documents and settings\Lolo\Local Settings\Application Data\{BC9C781A-729C-40 80-9212-AA8562484532}\install.rdf c:\program files\FunWebProducts c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html c:\program files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E 7} c:\program files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E 7}\chrome.manifest c:\program files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E 7}\chrome\bardiscover.jar c:\program files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E 7}\defaults\preferences\prefs.js c:\program files\Mozilla Firefox\extensions\{AC57FCAF-E6FC-4BE9-ADC0-D00129C4C1E 7}\install.rdf c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\1.bin\F3HKSTUB.DLL c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL c:\program files\MyWebSearch\bar\2.bin\F3DTactl.dll c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program c:\program
files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL files\MyWebSearch\bar\2.bin\F3HTmlmu.dll files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL files\MyWebSearch\bar\2.bin\F3POPSWT.DLL files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR files\MyWebSearch\bar\2.bin\F3REGHK.DLL files\MyWebSearch\bar\2.bin\F3REPROX.DLL files\MyWebSearch\bar\2.bin\F3RESTUB.DLL files\MyWebSearch\bar\2.bin\F3SCHMON.EXE files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL files\MyWebSearch\bar\2.bin\F3SPACER.WMV files\MyWebSearch\bar\2.bin\F3WALLPP.DAT files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG files\MyWebSearch\bar\2.bin\INSTALL.RDF files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL files\MyWebSearch\bar\2.bin\M3DLGHK.DLL files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE files\MyWebSearch\bar\2.bin\M3HTML.DLL files\MyWebSearch\bar\2.bin\M3IDLE.DLL files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE files\MyWebSearch\bar\2.bin\M3MEDINT.EXE files\MyWebSearch\bar\2.bin\M3MSg.dll files\MyWebSearch\bar\2.bin\M3OUtlcn.dll files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL files\MyWebSearch\bar\2.bin\M3SKIN.DLL files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL files\MyWebSearch\bar\2.bin\MWSOESTB.DLL files\MyWebSearch\bar\2.bin\MWSUABTN.DLL files\MyWebSearch\bar\Avatar\COMMON.F3S files\MyWebSearch\bar\Cache\00BB5E2F files\MyWebSearch\bar\Cache\00BB640B files\MyWebSearch\bar\Cache\00BB6709.bin files\MyWebSearch\bar\Cache\00C5C91E.bin files\MyWebSearch\bar\Cache\00C5C9E9.bin files\MyWebSearch\bar\Cache\00C5CA66.bin files\MyWebSearch\bar\Cache\0A7B388A.bin files\MyWebSearch\bar\Cache\0A7B3936.bmp files\MyWebSearch\bar\Cache\0A7B39C3.bin files\MyWebSearch\bar\Cache\0A7B3A4F.bin files\MyWebSearch\bar\Cache\0FC06AA5 files\MyWebSearch\bar\Cache\11114E3C files\MyWebSearch\bar\Cache\11115939 files\MyWebSearch\bar\Cache\13ECE306 files\MyWebSearch\bar\Cache\4AB599CF.bin files\MyWebSearch\bar\Cache\files.ini files\MyWebSearch\bar\Game\CHECKERS.F3S files\MyWebSearch\bar\Game\CHESS.F3S files\MyWebSearch\bar\Game\REVERSI.F3S files\MyWebSearch\bar\History\search3 files\MyWebSearch\bar\icons\CM.ICO files\MyWebSearch\bar\icons\MFC.ICO files\MyWebSearch\bar\icons\PSS.ICO files\MyWebSearch\bar\icons\SMILEY.ICO files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO c:\program files\MyWebSearch\bar\Message\COMMON.F3S c:\program files\MyWebSearch\bar\Message\COMMON\8_step1.gif c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm c:\program files\MyWebSearch\bar\Message\COMMON\bkez.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkgr.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkgs.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bklf.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkrg.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkzc.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkzl.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkzn.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkzq.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkzr.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkzu.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkzv.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkzw.jpg c:\program files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2d.png c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2r.png c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3d.png c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3r.png c:\program files\MyWebSearch\bar\Message\COMMON\center.htm c:\program files\MyWebSearch\bar\Message\COMMON\index.htm c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm c:\program files\MyWebSearch\bar\Message\COMMON\rebut4.htm c:\program files\MyWebSearch\bar\Message\COMMON\rebut4b.htm c:\program files\MyWebSearch\bar\Message\COMMON\rebut4c.htm c:\program files\MyWebSearch\bar\Message\COMMON\shield.png c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S c:\program files\MyWebSearch\bar\Notifier\DOG.F3S c:\program files\MyWebSearch\bar\Notifier\FISH.F3S c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S c:\program files\MyWebSearch\bar\Notifier\MAID.F3S c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S c:\program files\MyWebSearch\bar\Overlay\COMMON.F3S c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\windows\system32\f3PSSavr.scr . . ((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 ))))))) )))))))))))))))))))))))) . . 2011-04-05 21:41 . 2011-04-05 21:41 63115 ----a-wc:\documents and
settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\USERTILE.JS 2011-04-05 21:41 . 2011-04-05 21:41 9310 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\TEXTBOX.JS 2011-04-05 21:41 . 2011-04-05 21:41 8646 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\TILEBOX.JS 2011-04-05 21:41 . 2011-04-05 21:41 6429 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\UICORE.JS 2011-04-05 21:41 . 2011-04-05 21:41 5927 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\TEXT.JS 2011-04-05 21:41 . 2011-04-05 21:41 4599 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\UIRESOURCE.JS 2011-04-05 21:41 . 2011-04-05 21:41 8613 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\SAVEDUSER.JS 2011-04-05 21:41 . 2011-04-05 21:41 1651 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\QUERYSTRING.JS 2011-04-05 21:41 . 2011-04-05 21:41 6910 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\NEWUSERCOMM.JS 2011-04-05 21:40 . 2011-04-05 21:40 8288 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\IMAGE.JS 2011-04-05 21:40 . 2011-04-05 21:40 6208 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\LINK.JS 2011-04-05 21:40 . 2011-04-05 21:40 18541 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\LOCALIZATION.JS 2011-04-05 21:40 . 2011-04-05 21:40 51852 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\EXTERNALWRAPPER.JS 2011-04-05 21:40 . 2011-04-05 21:40 7271 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\CHECKBOX.JS 2011-04-05 21:40 . 2011-04-05 21:40 23327 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\COMBOBOX.JS 2011-04-05 21:40 . 2011-04-05 21:40 20719 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\DIVWRAPPER.JS 2011-04-05 21:40 . 2011-04-05 21:40 8782 ----a-wc:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidu i_WLIDSVC\BUTTON.JS 2011-04-05 21:24 . 2011-04-05 21:24 12872 ----a-wc:\windows\syste m32\bootdelete.exe 2011-04-05 21:20 . 2011-04-05 21:20 16968 ----a-wc:\windows\syste m32\drivers\hitmanpro35.sys 2011-04-05 21:19 . 2011-04-05 21:24 -------d-----wc:\docum ents and settings\All Users\Application Data\Hitman Pro 2011-04-05 21:07 . 2008-02-14 22:45 172032 ----a-wc:\windows\syste m32\igfxres.dll 2011-04-05 20:20 . 2008-04-14 12:00 20736 -c--a-wc:\windows\syste m32\dllcache\ramdisk.sys
2011-04-05 20:19 . 2008-04-14 12:00 18432 -c--a-wc:\windows\syste m32\dllcache\jupiw.dll 2011-04-05 20:18 . 2008-04-14 12:00 97792 -c--a-wc:\windows\syste m32\dllcache\chtmbx.dll 2011-04-05 20:17 . 2003-03-24 21:52 20540 -c--a-wc:\windows\syste m32\dllcache\admin.dll 2011-04-05 20:14 . 2008-04-14 12:00 16384 -c--a-wc:\windows\syste m32\dllcache\isignup.exe 2011-04-05 20:14 . 2008-04-14 12:00 16384 ----a-wc:\program files \Internet Explorer\Connection Wizard\isignup.exe 2011-04-05 19:56 . 2008-04-14 12:00 24661 -c--a-wc:\windows\syste m32\dllcache\spxcoins.dll 2011-04-05 19:56 . 2008-04-14 12:00 24661 ----a-wc:\windows\syste m32\spxcoins.dll 2011-04-05 19:56 . 2008-04-14 12:00 13312 -c--a-wc:\windows\syste m32\dllcache\irclass.dll 2011-04-05 19:56 . 2008-04-14 12:00 13312 ----a-wc:\windows\syste m32\irclass.dll 2011-04-05 19:55 . 2008-04-14 12:00 16535 ----a-rc:\windows\SETF0 .tmp 2011-04-05 19:55 . 2008-04-14 12:00 1088840 ----a-rc:\windows\SETE4 .tmp 2011-04-05 19:55 . 2008-04-14 12:00 1296669 ----a-rc:\windows\SETE1 .tmp . . (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))) ))))))))))))))))))))))))))))))) . 2010-07-09 23:22 . 2010-01-17 20:00 119808 -c--a-wc:\program files \mozilla firefox\components\GoogleDesktopMozilla.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))) ))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskTo olbar.dll" [2010-05-26 1385864] . [HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D81274 40}] 2010-05-26 20:23 1385864 ----a-wc:\program files\Ask.com\Generic AskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskTo olbar.dll" [2010-05-26 1385864] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] .
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskTo olbar.dll" [2010-05-26 1385864] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-26 68856] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-0217 5244216] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883 856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2 008-04-16 178712] "AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2006-01-25 53248] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-02-05 1430824] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-12-30 875016] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDes ktop.exe" [2010-07-09 30192] "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [200 8-10-03 294544] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952] "PLFSetL"="c:\windows\PLFSetL.exe" [2008-07-03 94208] "snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2009-02-17 196608] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\b in\AppleSyncNotifier.exe" [2010-02-18 177472] "TuneClone"="c:\program files\TuneClone\TuneClone.exe" [2009-07-27 4534272] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-23 14 9280] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-16 141608] "Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010 -04-27 243544] "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\ Default Manager\DefMgr.exe" [2009-11-11 288088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_s l.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-0921 932288] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-19 421888] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "RTHDCPL"="RTHDCPL.EXE" [2009-02-24 17529856] . c:\documents and settings\Lolo\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office \Office12\ONENOTEM.EXE [2009-2-26 97680] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-3-12 565248] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8
607584] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.s ys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Authoriz edApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Acer\\Acer VCM\\VC.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/8/2010 10:11 A M 218592] R0 tclondrv;tclondrv;c:\windows\system32\drivers\tclondrv.sys [3/11/2010 11:01 P M 20352] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program fi les\Spyware Doctor\BDT\BDTUpdateService.exe [6/8/2010 10:14 AM 112592] R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [ 3/12/2009 1:32 AM 237568] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Applicat ion Virtualization Client\sftlist.exe [4/24/2010 1:10 AM 483688] R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; c:\windows\system32\drivers\l1c51x86.sys [3/3/2009 10:03 PM 38912] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [12/2/2009 10:23 PM 55434 4] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [12/2/2009 10:23 PM 211432] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [12/2/2009 10:23 PM 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [12/2/2009 10:23 PM 18 280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Ap plication Virtualization Client\sftvsa.exe [4/24/2010 1:10 AM 209768] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2/28/2010 2:33 AM 821664] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\Google Update.exe [3/23/2010 11:51 AM 135664] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [3/12/2009 12:56 AM 1 684736] S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\p rogram files\Google\Google Desktop Search\GoogleDesktop.exe [3/12/2009 1:06 AM 3 0192] S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drive
rs\nwusbser2.sys [4/19/2007 12:09 PM 99200] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Mic rosoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 464 0000] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS 5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\ windows\system32\DRIVERS\Rts516xIR.sys [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsA uxs.exe [6/15/2010 6:08 PM 366840] . Contents of the 'Scheduled Tasks' folder . 2011-01-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 16:50] . 2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-03-23 16:50] . 2011-01-13 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2010-05-26 20:23] . . ------- Supplementary Scan ------. uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=ZKman000& ptb=BBuKo8tL5gAecpOYiTNmqg uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\Google ToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\b tsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie. htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Lolo\Sta rt Menu\Programs\IMVU\Run IMVU.lnk . - - - - ORPHANS REMOVED - - - . HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE SafeBoot-mcmscsvc SafeBoot-MCODS . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http:/
/www.gmer.net Rootkit scan 2011-04-05 16:43 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------. - - - - - - - > 'explorer.exe'(1924) c:\windows\system32\btmmhook.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes -----------------------. c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceServi ce.exe c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\program files\iPod\bin\iPodService.exe c:\progra~1\Yahoo!\Messenger\ymsgr_tray.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Completion time: 2011-04-05 16:49:51 - machine was rebooted ComboFix-quarantined-files.txt 2011-04-05 21:49 . Pre-Run: 134,951,432,192 bytes free Post-Run: 134,327,083,008 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
. - - End Of File - - 3B5CF54CF2BFB7FF70E0014AA1891196

Combo Fix

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Combo Fix

Загружено:

Авторское право:

Доступные форматы

ComboFix 11-04-05.01 - Lolo 04/05/2011 16:30:04.1.2 - x86 NETWORK Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.

. - - End Of File - - 3B5CF54CF2BFB7FF70E0014AA1891196

Вам также может понравиться