ComboFix 09-07-08.04 - Mike 07/08/2009 17:30.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2039.1319 [GMT -7:00]
Running from: c:\users\Mike\Desktop\boobooCF.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\windows\Installer\5fd27d0.msi
c:\windows\system32\drivers\MSIVXifwrjntcvtyormxmmurerbqpahwkpiww.sys
c:\windows\system32\Ijl11.dll
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXvuchpbbghnqprgdoapxxpikchbxfytpv.dll
c:\windows\system32\MSIVXxneyeaxxtdcpieqvibmnyvfeoxmrcyvg.dll
c:\windows\system32\oledb32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MSIVXserv.sys
((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.
2009-07-09 00:46 . 2009-07-09 00:46 -------- d-----w- c:\users\The McNabs\AppData\Local\temp
2009-07-08 04:46 . 2009-07-09 00:04 -------- d-----w- c:\programdata\SITEguard
2009-07-08 04:45 . 2009-07-09 00:05 -------- d-----w- c:\programdata\STOPzilla!
2009-07-08 04:45 . 2009-07-08 04:45 -------- d-----w- c:\program files\Common Files\iS3
2009-07-08 01:27 . 2009-07-08 01:27 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2009-07-08 01:27 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-08 01:27 . 2009-07-08 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-08 01:27 . 2009-07-08 01:27 -------- d-----w- c:\programdata\Malwarebytes
2009-07-08 01:27 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-07 02:20 . 2009-07-07 02:20 -------- d-----w- C:\MGADiagToolOutput
2009-07-07 02:18 . 2009-07-07 02:18 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-07-05 10:42 . 2009-07-05 08:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000360\maindata.sys
2009-07-03 11:07 . 2009-07-03 08:11 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000359\maindata.sys
2009-07-02 20:37 . 2009-07-02 20:37 -------- d-----w- c:\windows\Intuit
2009-07-01 10:06 . 2009-07-01 08:10 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000358\maindata.sys
2009-06-30 10:22 . 2009-06-30 08:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000357\maindata.sys
2009-06-28 10:01 . 2009-06-28 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000356\maindata.sys
2009-06-27 06:34 . 2009-06-27 06:34 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-26 09:55 . 2009-06-26 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000355\maindata.sys
2009-06-25 10:20 . 2009-06-25 08:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000354\maindata.sys
2009-06-23 10:06 . 2009-06-23 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000353\maindata.sys
2009-06-22 10:12 . 2009-06-22 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000352\maindata.sys
2009-06-19 10:08 . 2009-06-19 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000351\maindata.sys
2009-06-18 10:49 . 2009-06-18 08:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000350\maindata.sys
2009-06-16 10:22 . 2009-06-16 08:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000349\maindata.sys
2009-06-15 10:18 . 2009-06-15 08:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000348\maindata.sys
2009-06-13 04:27 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 04:27 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-11 21:18 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 11:02 . 2009-06-11 08:04 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000347\maindata.sys
2009-06-09 10:59 . 2009-06-09 08:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000346\maindata.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 00:28 . 2009-05-21 19:54 -------- d-----w- c:\program files\GE Security Supra
2009-07-09 00:26 . 2007-12-11 02:23 -------- d-----w- c:\program files\Weather Watcher
2009-07-08 23:11 . 2009-02-26 15:01 -------- d-----w- c:\users\Mike\AppData\Roaming\SolidDocuments
2009-07-08 16:08 . 2007-10-10 14:53 -------- d-----w- c:\programdata\Google Updater
2009-07-06 17:52 . 2009-06-20 17:50 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-06 17:52 . 2009-06-20 17:50 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-06 17:52 . 2009-06-20 17:50 2352968 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-06 03:28 . 2008-02-15 21:00 -------- d-----w- c:\users\Mike\AppData\Roaming\CoreFTP
2009-07-04 15:33 . 2007-10-08 21:09 75280 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-04 15:30 . 2009-02-26 18:28 -------- d-----w- c:\programdata\WebEx
2009-07-03 01:20 . 2009-04-11 20:43 -------- d-----w- c:\program files\Softomate
2009-07-03 01:19 . 2008-08-02 01:10 -------- d-----w- c:\programdata\Droppix
2009-07-03 01:08 . 2007-10-08 22:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 23:26 . 2009-05-08 15:51 34 ----a-w- c:\users\Mike\jagex_runescape_preferences.dat
2009-07-02 20:43 . 2007-10-16 00:41 -------- d-----w- c:\program files\Quark
2009-07-02 20:36 . 2008-02-04 20:33 -------- d-----w- c:\program files\Common Files\Intuit
2009-07-02 20:30 . 2008-03-18 23:35 -------- d-----w- c:\program files\Transaction Viewer
2009-07-02 20:29 . 2009-02-06 04:28 -------- d-----w- c:\program files\Scan2Email
2009-07-02 20:24 . 2007-11-07 15:32 -------- d-----w- c:\program files\phelios
2009-07-02 20:15 . 2008-06-08 16:02 -------- d-----w- c:\users\Mike\AppData\Roaming\uTorrent
2009-07-02 20:05 . 2007-10-11 00:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 00:22 . 2009-06-17 00:22 2678 ----a-w- c:\windows\Java\Packages\Data\GJ53RNFF.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\8OGIG5N9.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\13RFTV5V.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\0QQ2X31Z.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\XFNB571R.DAT
2009-06-08 08:04 . 2009-06-08 10:49 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000345\maindata.sys
2009-06-07 08:04 . 2009-06-07 10:53 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000344\maindata.sys
2009-06-06 08:08 . 2009-06-06 10:41 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000343\maindata.sys
2009-06-04 08:02 . 2009-06-04 10:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000342\maindata.sys
2009-06-03 08:07 . 2009-06-03 10:56 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000341\maindata.sys
2009-06-01 17:51 . 2009-06-01 17:51 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 17:51 . 2009-02-07 18:00 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-01 08:05 . 2009-06-01 10:19 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000340\maindata.sys
2009-05-31 08:01 . 2009-05-31 10:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000339\maindata.sys
2009-05-29 08:01 . 2009-05-29 09:59 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000338\maindata.sys
2009-05-28 08:01 . 2009-05-28 10:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000337\maindata.sys
2009-05-26 08:03 . 2009-05-26 10:56 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000336\maindata.sys
2009-05-25 08:06 . 2009-05-25 10:32 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000335\maindata.sys
2009-05-23 08:01 . 2009-05-23 10:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000334\maindata.sys
2009-05-22 08:01 . 2009-05-22 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000333\maindata.sys
2009-05-21 20:00 . 2009-05-21 20:00 159744 ----a-w- c:\windows\system32\libssl32.dll
2009-05-21 19:58 . 2009-05-21 19:58 -------- d-----w- c:\program files\SiLabs
2009-05-20 08:02 . 2009-05-20 10:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000332\maindata.sys
2009-05-19 08:04 . 2009-05-19 10:08 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000331\maindata.sys
2009-05-17 08:03 . 2009-05-17 10:11 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000330\maindata.sys
2009-05-16 11:17 . 2009-05-16 11:17 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-16 08:06 . 2009-05-16 10:12 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000329\maindata.sys
2009-05-15 15:07 . 2009-05-15 15:07 -------- d-----w- c:\users\Mike\AppData\Roaming\j2 Global
2009-05-15 15:06 . 2009-05-15 15:04 -------- d-----w- c:\program files\eFax Messenger 4.4
2009-05-15 15:06 . 2009-05-15 15:06 -------- d-----w- c:\users\Mike\AppData\Roaming\eFax Messenger
2009-05-15 15:06 . 2009-05-15 15:06 -------- d-----w- c:\programdata\eFax Messenger 4.4 Output
2009-05-15 15:06 . 2009-05-15 15:06 -------- d-----w- c:\programdata\eFax Messenger 4.4 Setup
2009-05-13 10:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 08:01 . 2009-05-13 09:45 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000328\maindata.sys
2009-05-12 08:03 . 2009-05-12 10:33 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000327\maindata.sys
2009-05-10 08:01 . 2009-05-10 09:47 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000326\maindata.sys
2009-05-09 08:07 . 2009-05-09 10:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000325\maindata.sys
2009-05-09 05:50 . 2009-06-11 21:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 21:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 08:05 . 2009-05-08 09:51 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000324\maindata.sys
2009-05-06 08:03 . 2009-05-06 09:45 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000323\maindata.sys
2009-05-05 08:05 . 2009-05-05 09:53 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000322\maindata.sys
2009-04-28 08:02 . 2009-04-28 10:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000321\maindata.sys
2009-04-27 08:03 . 2009-04-27 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000320\maindata.sys
2009-04-25 17:50 . 2009-04-25 17:51 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-25 17:50 . 2009-04-25 17:50 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-25 08:05 . 2009-04-25 10:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000319\maindata.sys
2009-04-24 08:06 . 2009-04-24 10:21 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000318\maindata.sys
2009-04-23 12:43 . 2009-06-11 21:18 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 21:18 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 08:02 . 2009-04-22 10:08 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000317\maindata.sys
2009-04-21 08:03 . 2009-04-21 10:13 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000316\maindata.sys
2009-04-19 08:03 . 2009-04-19 09:59 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000315\maindata.sys
2009-04-18 08:01 . 2009-04-18 09:51 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000314\maindata.sys
2009-04-17 08:05 . 2009-04-17 10:24 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000313\maindata.sys
2009-04-16 08:04 . 2009-04-16 09:57 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000312\maindata.sys
2009-04-15 08:03 . 2009-04-15 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000311\maindata.sys
2009-04-14 08:02 . 2009-04-14 09:52 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000310\maindata.sys
2009-04-13 08:01 . 2009-04-13 09:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000309\maindata.sys
2009-04-12 08:01 . 2009-04-12 09:50 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000308\maindata.sys
2009-04-11 08:03 . 2009-04-11 10:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000307\maindata.sys
2009-04-11 04:34 . 2009-04-11 04:34 1915520 ----a-w- c:\users\Mike\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2007-09-24 1024000]
"HeavyWeatherPublisher"="c:\heavyweather\HeavyWeatherPublisher.exe" [2004-02-23 1302528]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-11 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
heavy weather.lnk - c:\heavyweather\heavy weather.exe [2008-5-29 781312]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-10-16 267520]
DisplayKEY eSYNC Info.lnk - c:\program files\GE Security Supra\SyncInfoApp.exe [2009-5-21 102400]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-25 66864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1304129043-3560768821-2314269622-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EF30177E-832C-4FDC-BC0B-BC600980AD93}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{ACDE4EBC-2BFD-4F07-A787-4AD9F2DCD6ED}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{06382373-B64E-4273-9A70-EE238908FC7F}c:\\heavyweather\\heavyweatherpublisher.exe"= UDP:c:\heavyweather\heavyweatherpublisher.exe:HeavyWeatherPublisher
"UDP Query User{D36987B9-453F-42E3-8418-A0D958E4ADFA}c:\\heavyweather\\heavyweatherpublisher.exe"= TCP:c:\heavyweather\heavyweatherpublisher.exe:HeavyWeatherPublisher
"{95A2EB96-0EA2-41E6-9EEB-30B1B89CEFB9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B88C1CED-D3D3-4375-9ABA-8F788E7BFA85}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{FCD8F623-A087-4669-A53B-F32FDF4FF627}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{169C5D8E-BCC9-4515-8FC0-A5404FF608F8}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:File Transfer Program
"{012F66A6-BA01-4529-81E4-DD53DDA8580D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A1908D85-57A5-4ECC-BC58-4AF0416FB4D6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6F15B34C-CE3D-486E-B0C3-5D6E98DC5521}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16FBAFA9-5E2A-4FE6-95F8-7F705CF707F5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3664C764-F9A6-495E-A5EF-6608A8E160D3}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{631700FC-4863-4986-B7D0-F0D980218F4E}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6BD418A9-B6D8-4998-82A0-1A4DFE10F393}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{21F3024E-E12C-4EED-A0B1-68226AD0622E}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6DA64838-F3B8-4B49-9667-C93C051B8893}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3F3273D3-45E2-4A0F-8F44-4F3FE11289E3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [4/25/2009 10:51 AM 64160]
R2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [3/15/2009 6:58 PM 192512]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1029456]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/4/2007 11:31 AM 1153368]
R2 SPDFCreatorPlusReadSpool;SolidPDFPlusCreatorReadSpool;c:\windows\Installer\MSIF8BC.tmp [2/26/2009 8:00 AM 189696]
R2 SPDFToolsReadSpool;SolidPDFToolsCreatorReadSpool;c:\windows\Installer\MSIEE5E.tmp [2/26/2009 8:18 AM 189696]
S2 gupdate1c9bca6f4ea33cd;Google Update Service (gupdate1c9bca6f4ea33cd);c:\program files\Google\Update\GoogleUpdate.exe [4/13/2009 7:16 PM 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 05:47]
2009-07-08 c:\windows\Tasks\GBM - Backup Job-Full.job
- c:\program files\Genie-Soft\GBMHome8\GBM8.exe [2007-10-08 12:28]
2009-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-10 06:07]
2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:15]
2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:15]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Settings,ProxyOverride = *.local
Trusted Zone: doccentral.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: rdesk.com
Trusted Zone: rexplorer.net
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: superior-host.com
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: virtualearth.net
TCP: {30BBADAE-3AF0-48DB-BFFA-9AD645AF925A} = 208.67.220.220,208.67.222.222
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {0CE0F418-1010-442D-871C-3454827DD539} -
hxxp://facefun.com/FaceFun_webinstall/FaceFun.cabDPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} -
hxxp://download.copysafe.net/plugins5/i ... pysafe.cabDPF: {F375116A-793C-11D2-BFE1-444553540001} -
hxxp://pro.realquest.com/mapviewer/mapviewer.cab.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPDFCreatorPlusReadSpool]
"ImagePath"="c:\windows\Installer\MSIF8BC.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPDFToolsReadSpool]
"ImagePath"="c:\windows\Installer\MSIEE5E.tmp"
.
Completion time: 2009-07-09 17:51
ComboFix-quarantined-files.txt 2009-07-09 00:50
ComboFix2.txt 2009-01-20 23:56
Pre-Run: 65,305,288,704 bytes free
Post-Run: 65,407,528,960 bytes free
273 --- E O F --- 2009-07-07 07:58