ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=41912f8cea9d8d418fc20ebf26fcb992
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-11-05 07:20:28
# local_time=2010-11-05 03:20:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=769 16775141 100 98 0 224349844 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=66055
# found=2
# cleaned=0
# scan_time=1741
C:\Documents and Settings\All Users\Application Data\088357\86.mof Win32/RogueAV.A trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\drivers\etc\hosts Win32/Qhost trojan 00000000000000000000000000000000 I
ComboFix 10-11-05.01 - Hailey 11/05/2010 15:28:18.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.362 [GMT -4:00]
Running from: c:\documents and settings\Hailey\My Documents\Downloads\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 101105-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\088357
c:\documents and settings\All Users\Application Data\088357\08835717c0dfae528fe8a022051fdcd3.ocx
c:\documents and settings\All Users\Application Data\088357\86.mof
c:\documents and settings\All Users\Application Data\088357\8dxvbw2p45e7k8orku8bxwg.dll
c:\documents and settings\All Users\Application Data\088357\BackUp\HP Digital Imaging Monitor.lnk
c:\documents and settings\All Users\Application Data\088357\BackUp\HP Image Zone Fast Start.lnk
c:\documents and settings\All Users\Application Data\088357\BackUp\OpenOffice.org 3.2.lnk
c:\documents and settings\All Users\Application Data\088357\BackUp\Wireless Configuration Utility HW.15.lnk
c:\documents and settings\All Users\Application Data\088357\mozcrt19.dll
c:\documents and settings\All Users\Application Data\088357\SME.ico
c:\documents and settings\All Users\Application Data\088357\sqlite3.dll
c:\documents and settings\Hailey\Application Data\Smart Engine
c:\documents and settings\Hailey\Application Data\Smart Engine\cookies.sqlite
c:\documents and settings\Hailey\Application Data\Smart Engine\Instructions.ini
c:\documents and settings\Hailey\Start Menu\Smart Engine.lnk
.
((((((((((((((((((((((((( Files Created from 2010-10-05 to 2010-11-05 )))))))))))))))))))))))))))))))
.
2010-11-05 18:44 . 2010-11-05 18:44 -------- d-----w- c:\program files\ESET
2010-11-05 02:03 . 2010-11-05 02:03 -------- d-----w- c:\program files\7-Zip
2010-11-04 19:24 . 2010-11-04 19:26 -------- d-----w- c:\program files\CCleaner
2010-11-04 01:34 . 2010-11-04 01:34 -------- d-sh--w- c:\documents and settings\All Users\Application Data\SMWBSJMZDAE
2010-10-31 12:12 . 2010-10-31 12:12 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\HP
2010-10-31 12:11 . 2010-11-04 20:10 -------- d-----w- c:\documents and settings\Hailey\Local Settings\Application Data\ApplicationHistory
2010-10-28 22:58 . 2010-10-28 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-10-28 22:56 . 2010-10-28 22:57 -------- d-----w- c:\program files\Common Files\HP
2010-10-28 22:55 . 2010-10-28 22:55 -------- d-----w- c:\program files\Hewlett-Packard
2010-10-28 22:54 . 2010-10-28 22:54 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-10-28 22:53 . 2010-10-28 22:53 -------- d-----w- c:\windows\system32\URTTEMP
2010-10-28 22:48 . 2008-04-13 18:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-10-28 22:48 . 2008-04-13 18:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-10-28 22:38 . 2007-08-09 07:27 73728 ----a-w- c:\windows\system32\HPZipm12.exe
2010-10-28 22:38 . 2004-09-29 16:15 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-10-28 22:38 . 2004-09-29 16:12 278584 ----a-w- c:\windows\system32\HPZidr12.dll
2010-10-28 22:38 . 2004-09-29 16:09 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-10-28 22:38 . 2004-09-29 16:09 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-10-28 22:38 . 2004-09-29 16:08 61440 ----a-w- c:\windows\system32\HPZinw12.exe
2010-10-28 22:37 . 2010-10-28 22:58 -------- d-----w- c:\program files\HP
2010-10-28 22:19 . 2004-12-15 07:07 21744 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2010-10-28 22:19 . 2004-12-15 07:07 16496 ----a-w- c:\windows\system32\drivers\HPZipr12.sys
2010-10-28 22:19 . 2004-12-15 07:07 51120 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2010-10-28 22:18 . 2004-12-15 07:07 274432 ----a-w- c:\windows\system32\HPZc3212.dll
2010-10-28 22:18 . 2004-12-15 07:07 581632 ----a-w- c:\windows\system32\hpotscl.dll
2010-10-28 22:18 . 2004-12-15 07:07 229376 ----a-w- c:\windows\system32\hpovst08.dll
2010-10-28 22:18 . 2004-12-15 07:07 278528 ----a-w- c:\windows\system32\hpgwiamd.dll
2010-10-28 22:17 . 2004-12-15 07:07 139345 ----a-w- c:\windows\system32\hpzlnt12.dll
2010-10-28 22:17 . 2004-12-15 07:07 393216 ----a-w- c:\windows\system32\hpzcon12.dll
2010-10-28 22:17 . 2004-12-15 07:07 196608 ----a-w- c:\windows\system32\hpzcoi12.dll
2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\Hailey\Application Data\Malwarebytes
2010-10-17 23:10 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-10-17 23:10 . 2010-10-17 23:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-17 23:10 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-15 10:56 . 2010-10-15 10:56 -------- d-----w- c:\program files\iPod
2010-10-15 10:56 . 2010-10-15 10:57 -------- d-----w- c:\program files\iTunes
2010-10-11 10:29 . 2010-10-11 10:29 -------- d-----w- c:\documents and settings\Hailey\Application Data\Registry Mechanic
2010-10-10 15:38 . 2010-10-28 23:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-10-08 20:57 . 2010-10-08 20:57 -------- d-----w- c:\documents and settings\Hailey\Application Data\Unity
2010-10-08 10:59 . 2010-10-08 10:59 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-20 11:38 . 2009-11-07 18:36 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-09-20 11:38 . 2009-03-14 21:31 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-09-20 11:38 . 2009-03-14 21:09 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-09-08 15:17 . 2010-09-08 15:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 15:17 . 2010-09-08 15:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"Google Update"="c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-10-18 136176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-07-25 5898240]
"nwiz"="nwiz.exe" [2006-07-25 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-07-25 86016]
"AudioDeck"="c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe" [2007-06-27 540672]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-09-20 864112]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-09-24 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
c:\documents and settings\Hailey\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
Wireless Configuration Utility HW.15.lnk - c:\program files\TRENDnet\TRENDnet TEW-421PC_TEW-423PI\WlanCU.exe [2007-1-30 577536]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/14/2009 5:09 PM 64288]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/14/2010 7:43 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/14/2010 7:43 PM 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1352832]
R3 SjyPkt;SjyPkt;c:\windows\system32\drivers\SjyPkt.sys [10/2/2002 9:57 AM 13532]
S3 ftsbvcap;ftsbvcap;\??\c:\docume~1\Hailey\LOCALS~1\Temp\ftsbvcap.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\ftsbvcap.sys [?]
S3 isffp_sd;isffp_sd;\??\c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\isffp_sd.sys [?]
S3 lredbooo;lredbooo;\??\c:\docume~1\Hailey\LOCALS~1\Temp\lredbooo.sys --> c:\docume~1\Hailey\LOCALS~1\Temp\lredbooo.sys [?]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - KGPYYPOD
*Deregistered* - kgpyypod
.
Contents of the 'Scheduled Tasks' folder
2010-11-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:37]
2010-11-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004Core.job
- c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]
2010-11-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-1275210071-839522115-1004UA.job
- c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-11-04 11:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.mywebsearch.com/mywebsearch/default.jhtml?ptnrS=ZCfox000&ptb=CftqMQZLQGZ8.nq1HwPEmg
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:25579
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\documents and settings\Hailey\Application Data\Mozilla\Firefox\Profiles\mbvfz1x4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - plugin: c:\documents and settings\Hailey\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9c.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-11-05 15:32
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
AudioDeck = c:\program files\VIA\VIAudioi\SBADeck\ADeck.exe 1????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-11-05 15:34:53
ComboFix-quarantined-files.txt 2010-11-05 19:34
Pre-Run: 49,203,355,648 bytes free
Post-Run: 49,166,700,544 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 5492474331E764D98E6CC1BAFA54F25A