IEXPLORE.exe virus/spyware shall not be moved

Emachines / W3107
June 24, 2009 at 21:16:03
Specs: Windows XP
Hello,

I appear to have contracted the IEXPLORE.exe virus. It has been present in different forms for almost a week now, and I can't get rid of it. Right now it manifests itself via a box that asks you to enter your location. Sometimes it takes the form of an invisible audio commercial. It always hinders and latches up the computer, though. Any anti-spyware/viral programs I have don't see it, and the ones that are supposed to be the most effective - Spybot, Adaware, MBAM, HijackThis - the virus seems to be keeping them from running, even on safe mode, even when attempting to run them from a friend's flash drive. Can anyone think of anything that could help?


See More: IEXPLORE.exe virus/spyware shall not be moved

Report •


#1
June 25, 2009 at 13:54:22
Actually, ComboFix might have done the trick *knock on wood*

Report •

#2
June 25, 2009 at 14:39:32
You should post the log that combofix produced:

It was automatically saved and is in the C:\ directory or in the root directory of the drive it was run on.


Report •

#3
June 25, 2009 at 17:03:36
ComboFix 09-06-25.01 - Owner 06/25/2009 16:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.382.96 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix3.exe
AV: Trend Micro OfficeScan Antivirus *On-access scanning disabled* (Outdated) {CB1605CB-7C8B-4A1D-ADC0-FBB5BB80FF98}
FW: Trend Micro OfficeScan Enterprise Client Firewall *disabled* {CB1605CB-7C8B-4A1D-ADC0-FBB5BB80FF98}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Manson\liser.dll
c:\windows\Install.txt
c:\windows\system32\drivers\UACwewboemqqheltli.sys
c:\windows\system32\Install.txt
c:\windows\system32\UACadevphubxlyxuar.dll
c:\windows\system32\UACbwevxvklrxlnjsr.dll
c:\windows\system32\UACgafwrxuvjomusjd.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACjeardymrwqrefyf.dat
c:\windows\system32\UACmdpdujnsjieookx.dll
c:\windows\system32\UACrjcmohrgpidvmth.dll
c:\windows\system32\UACrsinrbgxhfkwbub.dll
c:\windows\system32\UACrudxuiiwqomffll.log
c:\windows\system32\uactmp.db
c:\windows\system32\UACuxduyxyqvleyhdr.log
c:\windows\system32\UACwiovbuwcdppxyaq.db
c:\windows\system32\UACykmxhpvjojhbabx.dll
c:\windows\system32\wiawow32.sys
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-25 20:23 . 2009-02-24 14:53 142992 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-06-25 18:25 . 2009-06-25 20:08 -------- d-----w- c:\documents and settings\Owner\.housecall6.6
2009-06-24 22:39 . 2009-06-24 22:39 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\The Weather Channel
2009-06-24 22:36 . 2009-06-24 22:36 104 ----a-w- c:\windows\system32\SBRC.dat
2009-06-24 18:38 . 2009-04-17 00:11 81920 ----a-w- c:\windows\eSellerateControl350.dll
2009-06-24 18:38 . 2009-04-16 20:36 356352 ----a-w- c:\windows\eSellerateEngine.dll
2009-06-24 18:38 . 2009-06-24 21:37 -------- d-----w- c:\program files\True Sword 5
2009-06-24 06:32 . 2009-06-24 06:32 -------- d-----w- c:\documents and settings\Owner\Application Data\Sunbelt
2009-06-24 06:29 . 2009-06-24 06:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-06-24 06:25 . 2008-10-09 13:48 202928 ----a-w- c:\windows\system32\drivers\sbtis.sys
2009-06-24 06:25 . 2009-06-24 06:25 -------- d-----w- c:\program files\Sunbelt Software
2009-06-24 04:38 . 2009-06-24 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2009-06-24 04:38 . 2009-06-24 04:38 -------- d-----w- c:\program files\RegCure
2009-06-22 21:34 . 2009-06-22 21:34 -------- d-----w- c:\documents and settings\Owner\Application Data\Uniblue
2009-06-22 21:33 . 2008-12-22 08:47 2567619 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\uniblue registrybooster.exe
2009-06-22 21:33 . 2009-06-22 21:33 -------- d-----w- c:\program files\Uniblue
2009-06-22 21:33 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-06-22 21:33 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-06-22 21:33 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-06-22 21:33 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-06-22 21:33 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-06-22 21:33 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-06-22 21:33 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-06-22 21:33 . 2009-06-22 21:33 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
2009-06-22 04:15 . 2009-06-22 04:15 -------- d-----w- C:\Alpha Centauri
2009-06-22 00:34 . 2009-06-22 00:34 -------- d-----w- c:\program files\Windows Defender
2009-06-21 21:28 . 2009-06-21 21:28 -------- d-----w- c:\program files\Alwil Software
2009-06-21 19:40 . 2009-06-21 19:40 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\threatwork.exe
2009-06-21 19:39 . 2009-06-21 19:39 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\savapibridge.dll
2009-06-21 19:39 . 2009-06-21 19:39 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-21 19:39 . 2009-06-21 19:39 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavamessage.dll
2009-06-21 19:39 . 2009-06-21 19:39 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lavalicense.dll
2009-06-21 19:38 . 2009-06-21 19:38 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Resources.dll
2009-06-21 19:38 . 2009-06-21 19:38 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-21 19:38 . 2009-06-21 19:38 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-21 19:38 . 2009-06-21 19:38 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-06-21 19:38 . 2009-06-21 19:38 72704 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-06-21 19:38 . 2009-06-21 19:38 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\CEAPI.dll
2009-06-21 19:38 . 2009-06-21 19:38 561016 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareCommand.exe
2009-06-21 19:38 . 2009-06-21 19:38 565096 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-AwareAdmin.exe
2009-06-21 19:38 . 2009-06-21 19:38 2349384 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Ad-Aware.exe
2009-06-21 19:38 . 2009-06-21 19:38 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWWSC.exe
2009-06-21 19:38 . 2009-06-21 19:38 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWTray.exe
2009-06-21 19:38 . 2009-06-21 19:38 1003344 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\AAWService.exe
2009-06-21 19:25 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-21 19:09 . 2009-06-21 19:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-21 19:06 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-21 07:39 . 2009-06-21 07:39 1152 ----a-w- c:\windows\system32\windrv.sys
2009-06-21 07:37 . 2009-06-21 07:39 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo
2009-06-21 06:59 . 2009-06-21 06:59 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-21 05:43 . 2009-06-21 18:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-21 05:43 . 2009-06-21 18:42 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-21 05:43 . 2009-06-21 18:42 -------- d-----w- c:\program files\Spyware Doctor
2009-06-21 02:21 . 2009-06-25 03:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-21 01:26 . 2009-06-25 20:35 -------- d-sh--r- c:\program files\Manson
2009-06-17 09:27 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 18:41 . 2009-05-19 05:35 172840 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\setup.exe
2009-06-14 18:41 . 2009-05-19 05:36 2884832 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\vwpt.exe
2009-06-14 18:41 . 2009-05-19 05:36 28 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unregister.bat
2009-06-14 18:41 . 2009-05-19 05:36 1484856 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\toolbar.exe
2009-06-14 18:41 . 2009-05-19 05:36 30512 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\Uninstaller.exe
2009-06-14 18:41 . 2009-05-19 05:35 376568 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\SUD4426\unagi3.exe
2009-06-10 10:00 . 2009-06-10 10:00 68392 ----a-w- c:\windows\system32\sbbd.exe
2009-06-04 18:09 . 2009-06-21 07:26 -------- d-----w- c:\program files\Enigma Software Group
2009-06-04 12:43 . 2009-05-06 18:23 372736 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
2009-06-04 12:43 . 2008-12-04 05:25 120832 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 03:20 . 2007-08-05 02:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-25 03:10 . 2007-08-05 02:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-21 18:55 . 2006-08-28 22:43 -------- d-----w- c:\program files\Lavasoft
2009-06-16 01:20 . 2007-07-28 02:54 -------- d-----w- c:\program files\AIM6
2009-06-16 01:19 . 2005-11-07 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-17 23:54 . 2006-07-07 22:02 89200 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 22:25 . 2009-05-16 22:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Sibelius Software
2009-05-16 22:25 . 2009-05-16 22:24 -------- d-----w- c:\program files\Musicnotes
2009-04-30 17:56 . 2009-04-30 17:56 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-04-17 20:58 . 2009-04-21 14:37 103424 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2009-04-17 20:58 . 2009-04-21 14:37 954368 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2009-04-17 20:58 . 2009-04-21 14:37 344064 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2009-04-17 20:58 . 2009-04-21 14:37 1161626 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\piclens@cooliris.com\libs\avcodec-51.dll
2009-04-17 20:58 . 2009-04-21 14:37 71652 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\piclens@cooliris.com\libs\avutil-49.dll
2009-04-17 20:58 . 2009-04-21 14:37 65536 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2009-04-17 20:58 . 2009-04-21 14:37 4579328 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\piclens@cooliris.com\libs\cooliris18.dll
2009-04-17 20:58 . 2009-04-21 14:37 4534272 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\piclens@cooliris.com\libs\cooliris19.dll
2009-04-17 20:58 . 2009-04-21 14:37 131868 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\nrm6xglt.default\extensions\piclens@cooliris.com\libs\avformat-52.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-27 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"OfficeScanNT Monitor"="c:\program files\Trend Micro\OfficeScan Client\pccntmon.exe" [2009-02-24 718120]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LucasArts\\Star Wars Republic Commando\\GameData\\System\\SWRepublicCommando.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
"c:\\Documents and Settings\\Owner\\Desktop\\AoE Pirate\\empires2.exe"=
"c:\\Documents and Settings\\Owner\\Desktop\\AoE Pirate\\age2_x1.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15735:TCP"= 15735:TCP:Trend Micro OfficeScan Listener

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/21/2009 3:06 PM 64160]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [4/30/2009 1:56 PM 93360]
R1 sbtis;sbtis;c:\windows\system32\drivers\sbtis.sys [6/24/2009 2:25 AM 202928]
R2 SBAMSvc;VIPRE Antivirus + Antispyware;c:\program files\Sunbelt Software\VIPRE\SBAMSvc.exe [6/10/2009 6:00 AM 980264]
R2 TmFilter;Trend Micro Filter;c:\program files\Trend Micro\OfficeScan Client\TmXPFlt.sys [11/9/2005 8:34 PM 225296]
R2 TmPreFilter;Trend Micro PreFilter;c:\program files\Trend Micro\OfficeScan Client\tmpreflt.sys [11/9/2005 8:34 PM 36368]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [11/5/2004 4:05 PM 338448]
R3 TmPfw;OfficeScan NT Firewall;c:\program files\Trend Micro\OfficeScan Client\TmPfw.exe [7/8/2007 7:30 PM 488768]
R3 TmProxy;OfficeScan NT Proxy Service;c:\program files\Trend Micro\OfficeScan Client\TmProxy.exe [7/8/2007 7:30 PM 652552]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys --> c:\windows\system32\drivers\PCTCore.sys [?]
S2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;"c:\program files\Lavasoft\Ad-Aware\AAWService.exe" --> c:\program files\Lavasoft\Ad-Aware\AAWService.exe [?]
S4 jsr468ijdfghfjsw3rw3i6tjag80;jsr468ijdfghfjsw3rw3i6tjag80;c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe --> c:\windows\jsr468ijdfghfjsw3rw3i6tjag81.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" --> c:\program files\Viewpoint\Common\ViewpointService.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 21:57]

2006-07-07 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-26 19:00]

2009-06-25 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-25 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]

2009-06-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-06-10 22:28]
.
- - - - ORPHANS REMOVED - - - -

BHO-{ad55c869-668e-457c-b270-0cfb2f61116f} - (no file)
Notify-rsvsrv - c:\documents and settings\Owner\Application Data\Leadertech\rsvsrv.dll


.
------- Supplementary Scan -------
.
uStart Page =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: amaena.com
Trusted Zone: onerateld.com
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 16:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-06-25 16:44
ComboFix-quarantined-files.txt 2009-06-25 20:44

Pre-Run: 8,901,677,056 bytes free
Post-Run: 9,129,209,856 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

235 --- E O F --- 2009-04-16 06:07


Report •

Related Solutions


Ask Question