End of Conbofix log:
c:\windows\system32\799backdo5z342.bin
c:\windows\system32\79b1v9r5698z.dll
c:\windows\system32\79cddo5zloader1288.cpl
c:\windows\system32\79f05dd9are6z.ocx
c:\windows\system32\79z95orm709.dll
c:\windows\system32\7b57s9eal81z.dll
c:\windows\system32\7bdv5r1954z.cpl
c:\windows\system32\7c30add5zre9094.ocx
c:\windows\system32\7d9aaddwzr5658.ocx
c:\windows\system32\7d9daddwarz5908.dll
c:\windows\system32\7z449i52666.cpl
c:\windows\system32\7zfcadd9are13245.cpl
c:\windows\system32\85479ro55zf.dll
c:\windows\system32\8559virus5fz9.ocx
c:\windows\system32\8598s9y59z.bin
c:\windows\system32\89vizus115.cpl
c:\windows\system32\8cv59z22.exe
c:\windows\system32\9003s9zmb5t7c2.exe
c:\windows\system32\9025haczt9ol621.exe
c:\windows\system32\90392not-a-vir5s3z5.cpl
c:\windows\system32\9059szy5d7.dll
c:\windows\system32\9080hackto5l983z.cpl
c:\windows\system32\90z8sp5rse2371.bin
c:\windows\system32\9156zworm3575.dll
c:\windows\system32\93779spz5b2.bin
c:\windows\system32\94419v5rus507z.bin
c:\windows\system32\946z1spam5ot778.ocx
c:\windows\system32\94b9downlo5der1z63.cpl
c:\windows\system32\94zcvi51560.cpl
c:\windows\system32\952wor96z5.cpl
c:\windows\system32\9548szy395.bin
c:\windows\system32\956zspy695.ocx
c:\windows\system32\958dowzloa5er2264.dll
c:\windows\system32\95zbaddware3155.exe
c:\windows\system32\9642zha5ktool468.ocx
c:\windows\system32\9672szea52502.cpl
c:\windows\system32\9685worm9dz.exe
c:\windows\system32\968zhackt5ol2f3.exe
c:\windows\system32\97012z5rus32e.bin
c:\windows\system32\97bb5hiez2614.dll
c:\windows\system32\9836v5z2360.cpl
c:\windows\system32\983b5pzrse2028.bin
c:\windows\system32\98zfdown5oader763.dll
c:\windows\system32\99178v5rus9z.exe
c:\windows\system32\994785py3z.exe
c:\windows\system32\99557wozm376.ocx
c:\windows\system32\99954sza5bot28a.dll
c:\windows\system32\99bbackdozr5434.ocx
c:\windows\system32\9bc8sp5rze2951.ocx
c:\windows\system32\9c39a5dware12z6.dll
c:\windows\system32\9d8esp5rse2z77.dll
c:\windows\system32\9dz95ddware1223.dll
c:\windows\system32\9e0spzrse2995.cpl
c:\windows\system32\9e8abzckdoo52767.cpl
c:\windows\system32\9e92down5ozder1024.bin
c:\windows\system32\9fzstea52344.bin
c:\windows\system32\9z33vi51059.cpl
c:\windows\system32\a565iz995.dll
c:\windows\system32\a72stezl3985.cpl
c:\windows\system32\d3zs95al990.ocx
c:\windows\system32\dz0t5ief5909.exe
c:\windows\system32\ecbbackdzo91315.cpl
c:\windows\system32\setup2.exe
c:\windows\system32\x64
c:\windows\system32\z011st9a52865.exe
c:\windows\system32\z0344not-a-vi9us575.bin
c:\windows\system32\z1169orm520.bin
c:\windows\system32\z132viru9534.dll
c:\windows\system32\z1thief959.exe
c:\windows\system32\z2f95pyware1714.cpl
c:\windows\system32\z32539acktool2615.exe
c:\windows\system32\z353tro926a.exe
c:\windows\system32\z3790troj245.cpl
c:\windows\system32\z39945roja8.exe
c:\windows\system32\z4919spamb5t125.exe
c:\windows\system32\z53sparse1959.bin
c:\windows\system32\z596vir1055.bin
c:\windows\system32\z598v5rus6cf9.bin
c:\windows\system32\z655thief938.cpl
c:\windows\system32\z6ffth9ef2955.ocx
c:\windows\system32\z705ste592174.cpl
c:\windows\system32\z742t5oj905.cpl
c:\windows\system32\z7b8th9ef5255.dll
c:\windows\system32\z9049wo5m597.exe
c:\windows\system32\z913steal150.ocx
c:\windows\system32\z9209s5y5d6.exe
c:\windows\system32\z9502sp9404.dll
c:\windows\system32\z9a3addw9re6305.ocx
c:\windows\system32\z9b1th5ef679.exe
c:\windows\system32\z9d9th5ef438.exe
c:\windows\system32\zb129hief5159.cpl
c:\windows\system32\zc90s9arse550.cpl
c:\windows\system32\zd3ad5wa9e324.ocx
c:\windows\system32\zdedownloader19665.cpl
c:\windows\system32\ze87ba9k5oor543.cpl
c:\windows\z0139not-a-v5r9s4d7.bin
c:\windows\z0825pyware1983.cpl
c:\windows\z1029ir525.bin
c:\windows\z309t9ief1581.cpl
c:\windows\z42895irus91.exe
c:\windows\z49735roj63f.bin
c:\windows\z5105vir9s3b2.exe
c:\windows\z59cvir2449.ocx
c:\windows\z6416v95us396.ocx
c:\windows\z692vi52437.dll
c:\windows\z695t9ief932.cpl
c:\windows\z6b6backd5or22209.ocx
c:\windows\z76065or910.cpl
c:\windows\z77155o9-a-virus4cf.exe
c:\windows\z811s9eal11625.bin
c:\windows\z8953virus54c.dll
c:\windows\z9389spy4e45.dll
c:\windows\z97v5r9397.exe
c:\windows\z9935py129.bin
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2009-05-01 to 2009-06-01 )))))))))))))))))))))))))))))))
.
2009-09-14 11:50 . 2009-09-14 11:50 5585 ----a-w- c:\windows\system32\z9219not-a-vir5s1.exe
2009-06-01 20:30 . 2009-06-01 20:32 -------- d-----w- c:\users\Bob\AppData\Local\temp
2009-06-01 19:38 . 2009-06-01 19:38 -------- d-----w- c:\windows\.jagex_cache_32
2009-06-01 19:38 . 2009-06-01 19:38 -------- d-----w- c:\windows\Sun
2009-06-01 19:18 . 2009-06-01 19:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-01 19:17 . 2009-06-01 19:17 -------- d-----w- c:\program files\Trend Micro
2009-06-01 19:15 . 2009-06-01 19:15 812344 ----a-w- c:\users\Bob\HJTInstall.exe
2009-06-01 19:13 . 2009-06-01 19:13 3371384 ----a-w- c:\users\Bob\mbam-setup.exe
2009-05-29 00:37 . 2009-05-29 00:37 102400 ----a-w- c:\windows\system32\blocker.dll
2009-05-29 00:37 . 2009-05-29 00:37 -------- d-----w- c:\program files\WinBlueSoft Software
2009-05-10 21:21 . 2009-02-13 07:26 1233408 ----a-w- c:\windows\system32\lsasrv.dll
2009-05-10 21:21 . 2009-03-17 03:16 14848 ----a-w- c:\windows\system32\apilogen.dll
2009-05-10 21:21 . 2009-03-17 03:16 25600 ----a-w- c:\windows\system32\amxread.dll
2009-05-10 21:21 . 2009-02-13 07:26 72704 ----a-w- c:\windows\system32\secur32.dll
2009-05-10 21:21 . 2009-02-13 07:26 7680 ----a-w- c:\windows\system32\lsass.exe
2009-05-10 21:17 . 2008-12-08 04:34 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-05-10 21:17 . 2008-06-05 04:50 30208 ----a-w- c:\windows\system32\xolehlp.dll
2009-05-10 21:17 . 2008-06-05 04:50 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2009-05-10 19:34 . 2009-05-10 19:34 -------- d-----w- c:\users\Bob\AppData\Roaming\Malwarebytes
2009-05-10 19:34 . 2009-05-26 19:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-10 19:34 . 2009-05-26 19:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-10 19:34 . 2009-06-01 19:18 -------- d-----w- c:\programdata\Malwarebytes
2009-05-10 16:39 . 2009-05-10 16:39 410984 ----a-w- c:\windows\system32\deploytk.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-01 19:38 . 2008-07-01 12:34 34 ----a-w- c:\users\Bob\jagex_runescape_preferences.dat
2009-05-29 18:22 . 2008-09-15 04:05 -------- d-----w- c:\program files\ETS
2009-05-27 22:30 . 2008-05-03 16:51 680 ----a-w- c:\users\Bob\AppData\Local\d3d9caps.dat
2009-05-14 16:19 . 2006-12-07 04:19 -------- d-----w- c:\programdata\Microsoft Help
2009-05-14 16:17 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-10 16:39 . 2006-12-07 05:11 -------- d-----w- c:\program files\Java
2009-03-06 23:12 . 2008-01-20 21:16 21256 ----a-w- c:\windows\Help\OEM\scripts\HPScript.exe
2009-03-05 18:29 . 2009-03-15 20:11 16648 ----a-w- c:\windows\Help\OEM\scripts\HC_ProtectSmartPatch.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-22 1474560]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2006-11-02 2159104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-10 148888]
"HostManager"="c:\program files\Common Files\AOL\1173496249\ee\AOLSoftware.exe" [2006-09-26 50736]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"PhilipsDM\SA1916"="c:\program files\Philips\SA19XX\Philips Device Manager\Bin\LaunchDM.exe" [2008-05-11 47616]
c:\users\Bob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Compaq Connections.lnk - c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe [2006-12-6 34520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"NoDispBackgroundPage"= 1 (0x1)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{256891CE-EE40-4441-BA1E-338BBB9D220F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{09D76F07-AC1B-4F74-81F4-B32273F8C7EA}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{73C03DAB-6E81-4F42-A139-B7B0FF4048E2}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{019418B7-AC27-4020-9812-B5C66470F9A3}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{256FE21D-658F-495D-86A2-61C9DCA31BE0}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{CD4D3643-9877-475F-9A67-9E967276DFD0}"= c:\program files\Compaq Connections\3572475\Program\Compaq Connections:Compaq Connections
"{099B0517-F5E2-4FB2-98F1-E5D3057A57D8}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{22802DC8-0868-4F81-B7FC-BA68324CC441}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{C14CDE25-916F-4CB1-9080-7B1001087F08}"= UDP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{F7B363F6-149F-4EA5-B91C-428DDD0018DB}"= TCP:c:\program files\Compaq Connections\3572475\Program\Compaq Connections.exe:Compaq Connections
"{9383379B-CBA0-48A4-A5F3-F3119E944ECA}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6AAC141D-F94F-492E-BBC2-942961D2434D}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{1A73AB93-3408-4940-8852-872EAE32DFC7}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{7644926C-2090-4862-ABA4-96C0E5BD8391}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E599FB17-81FA-4ED1-AAF3-AE4A4D610438}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6709371A-B982-4918-9812-855AF139A004}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{96FB740D-36FF-49B2-95AE-70F9E2D2E037}"= UDP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{9BD14177-5544-4D4A-A449-15C387640D31}"= TCP:c:\program files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{7C4160AF-8F42-4FB4-93C9-30DF04623D4C}"= UDP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{6994EE07-1D96-459D-A24F-7186820CB9FA}"= TCP:c:\program files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{2E666DF3-7EBA-42B8-8949-65E601DCAEBD}"= UDP:c:\program files\AOL 9.0\waol.exe:AOL
"{866BB341-CA7C-40E7-9BD8-552F6F66ADA5}"= TCP:c:\program files\AOL 9.0\waol.exe:AOL
"{7FAE853A-9BAA-46BC-8169-8B97362149F2}"= UDP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{44C048CA-47E2-4719-8901-3186694EC9DF}"= TCP:c:\program files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{CA4DC5B9-A63E-4DA9-918E-7F05ADD726AE}"= UDP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{B85397FC-4695-402E-9102-5DBC803B24A6}"= TCP:c:\program files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{BFF1E16F-A55A-422F-BFEF-EEC4578B0C5D}"= UDP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{5390D733-7301-42AA-BB4E-F6F401893BBF}"= TCP:c:\program files\Common Files\aol\System Information\sinf.exe:AOL System Information
"TCP Query User{321D83AF-32FF-4E04-A484-CB530772718A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{1CD435FE-DECA-42B6-8634-2F8EE877CB0E}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{B9E644D2-B255-44AC-BD3C-F3C3D2321C3D}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{A9424B44-D56F-49C0-9B67-237AD07CDF5B}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
2007-10-15 c:\windows\Tasks\HPCeeScheduleForBob.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2006-12-07 00:08]
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=PRESARIO&pf=laptop
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2009-06-01 14:32
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2056)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\windows\System32\igfxsrvc.exe
c:\program files\Philips\SA19xx\Philips Device Manager\bin\DeviceManager.exe
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\System32\wbem\unsecapp.exe
c:\progra~1\HEWLET~1\Shared\HPQTOA~1.EXE
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\rundll32.exe
.
**************************************************************************
.
Completion time: 2009-06-01 14:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-01 20:35
Pre-Run: 54,377,254,912 bytes free
Post-Run: 52,903,682,048 bytes free
926 --- E O F --- 2009-05-31 23:42