ComboFix 09-08-10.06 - Rob 08/15/2009 19:10.1.2 - NTFSx86
Running from: c:\documents and settings\Rob\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\_004347_.tmp.dll
c:\windows\system32\_004348_.tmp.dll
c:\windows\system32\_004349_.tmp.dll
c:\windows\system32\_004350_.tmp.dll
c:\windows\system32\_004355_.tmp.dll
c:\windows\system32\_004356_.tmp.dll
c:\windows\system32\_004357_.tmp.dll
c:\windows\system32\_004358_.tmp.dll
c:\windows\system32\_004359_.tmp.dll
c:\windows\system32\_004360_.tmp.dll
c:\windows\system32\_004361_.tmp.dll
c:\windows\system32\_004362_.tmp.dll
c:\windows\system32\_004363_.tmp.dll
c:\windows\system32\_004364_.tmp.dll
c:\windows\system32\_004365_.tmp.dll
c:\windows\system32\_004366_.tmp.dll
c:\windows\system32\_004367_.tmp.dll
c:\windows\system32\_004368_.tmp.dll
c:\windows\system32\_004369_.tmp.dll
c:\windows\system32\_004370_.tmp.dll
c:\windows\system32\_004371_.tmp.dll
c:\windows\system32\_004372_.tmp.dll
c:\windows\system32\_004373_.tmp.dll
c:\windows\system32\_004375_.tmp.dll
c:\windows\system32\_004376_.tmp.dll
c:\windows\system32\_004378_.tmp.dll
c:\windows\system32\_004379_.tmp.dll
c:\windows\system32\_004380_.tmp.dll
c:\windows\system32\_004381_.tmp.dll
c:\windows\system32\_004382_.tmp.dll
c:\windows\system32\_004383_.tmp.dll
c:\windows\system32\_004385_.tmp.dll
c:\windows\system32\_004386_.tmp.dll
c:\windows\system32\_004387_.tmp.dll
c:\windows\system32\_004388_.tmp.dll
c:\windows\system32\_004389_.tmp.dll
c:\windows\system32\_004390_.tmp.dll
c:\windows\system32\_004391_.tmp.dll
c:\windows\system32\_004392_.tmp.dll
c:\windows\system32\_004394_.tmp.dll
c:\windows\system32\_004395_.tmp.dll
c:\windows\system32\_004396_.tmp.dll
c:\windows\system32\_004397_.tmp.dll
c:\windows\system32\_004398_.tmp.dll
c:\windows\system32\_004400_.tmp.dll
c:\windows\system32\_004401_.tmp.dll
c:\windows\system32\_004403_.tmp.dll
c:\windows\system32\_004404_.tmp.dll
c:\windows\system32\_004405_.tmp.dll
c:\windows\system32\_004406_.tmp.dll
c:\windows\system32\_004407_.tmp.dll
c:\windows\system32\_004408_.tmp.dll
c:\windows\system32\_004409_.tmp.dll
c:\windows\system32\_004410_.tmp.dll
c:\windows\system32\_004411_.tmp.dll
c:\windows\system32\_004412_.tmp.dll
c:\windows\system32\_004413_.tmp.dll
c:\windows\system32\_004415_.tmp.dll
c:\windows\system32\_004416_.tmp.dll
c:\windows\system32\_004417_.tmp.dll
c:\windows\system32\_004418_.tmp.dll
c:\windows\system32\_004420_.tmp.dll
c:\windows\system32\_004422_.tmp.dll
c:\windows\system32\_004423_.tmp.dll
c:\windows\system32\_004424_.tmp.dll
c:\windows\system32\_004425_.tmp.dll
c:\windows\system32\_004426_.tmp.dll
c:\windows\system32\_004427_.tmp.dll
c:\windows\system32\_004428_.tmp.dll
c:\windows\system32\_004429_.tmp.dll
c:\windows\system32\_004431_.tmp.dll
c:\windows\system32\_004432_.tmp.dll
c:\windows\system32\_004433_.tmp.dll
c:\windows\system32\_004434_.tmp.dll
c:\windows\system32\_004435_.tmp.dll
c:\windows\system32\_004436_.tmp.dll
c:\windows\system32\_004437_.tmp.dll
c:\windows\system32\_004438_.tmp.dll
c:\windows\system32\_004440_.tmp.dll
c:\windows\system32\_004441_.tmp.dll
c:\windows\system32\_004442_.tmp.dll
c:\windows\system32\_004445_.tmp.dll
c:\windows\system32\_004446_.tmp.dll
c:\windows\system32\_004450_.tmp.dll
c:\windows\system32\_004451_.tmp.dll
c:\windows\system32\_004453_.tmp.dll
c:\windows\system32\_004455_.tmp.dll
c:\windows\system32\_004456_.tmp.dll
c:\windows\system32\_004458_.tmp.dll
c:\windows\system32\_004459_.tmp.dll
c:\windows\system32\_004460_.tmp.dll
c:\windows\system32\_004461_.tmp.dll
c:\windows\system32\_004464_.tmp.dll
c:\windows\system32\_004465_.tmp.dll
c:\windows\system32\_004466_.tmp.dll
c:\windows\system32\_004467_.tmp.dll
c:\windows\system32\_004468_.tmp.dll
c:\windows\system32\_004473_.tmp.dll
c:\windows\system32\_004475_.tmp.dll
c:\windows\system32\_006888_.tmp.dll
c:\windows\system32\_006889_.tmp.dll
c:\windows\system32\_006890_.tmp.dll
c:\windows\system32\_006891_.tmp.dll
c:\windows\system32\_006898_.tmp.dll
c:\windows\system32\_006899_.tmp.dll
c:\windows\system32\_006900_.tmp.dll
c:\windows\system32\_006901_.tmp.dll
c:\windows\system32\_006903_.tmp.dll
c:\windows\system32\_006904_.tmp.dll
c:\windows\system32\_006907_.tmp.dll
c:\windows\system32\_006908_.tmp.dll
c:\windows\system32\_006910_.tmp.dll
c:\windows\system32\_006911_.tmp.dll
c:\windows\system32\_006912_.tmp.dll
c:\windows\system32\_006914_.tmp.dll
c:\windows\system32\_006917_.tmp.dll
c:\windows\system32\_006918_.tmp.dll
c:\windows\system32\_006922_.tmp.dll
c:\windows\system32\_006923_.tmp.dll
c:\windows\system32\_006925_.tmp.dll
c:\windows\system32\_006927_.tmp.dll
c:\windows\system32\_006928_.tmp.dll
c:\windows\system32\_006930_.tmp.dll
c:\windows\system32\_006931_.tmp.dll
c:\windows\system32\_006932_.tmp.dll
c:\windows\system32\_006933_.tmp.dll
c:\windows\system32\_006934_.tmp.dll
c:\windows\system32\_006937_.tmp.dll
c:\windows\system32\_006938_.tmp.dll
c:\windows\system32\_006939_.tmp.dll
c:\windows\system32\_006940_.tmp.dll
c:\windows\system32\_006941_.tmp.dll
c:\windows\system32\_006946_.tmp.dll
c:\windows\system32\_006948_.tmp.dll
c:\windows\system32\_006949_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2009-07-16 to 2009-08-16 )))))))))))))))))))))))))))))))
.
2009-08-15 00:02 . 2009-08-15 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
2009-08-15 00:02 . 2009-08-15 00:02 114688 ----a-w- c:\documents and settings\All Users\Application Data\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.2.20.2.dll
2009-08-10 16:10 . 2009-08-10 16:10 3942048 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-02 03:26 . 2009-08-02 03:26 -------- d-----w- c:\documents and settings\Rob\Application Data\Malwarebytes
2009-08-02 03:26 . 2009-08-03 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-02 03:26 . 2009-08-02 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-02 03:26 . 2009-08-03 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-02 03:26 . 2009-08-10 16:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-23 16:44 . 2009-07-23 16:44 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2009-07-20 21:35 . 2009-07-20 21:35 -------- d-----w- c:\program files\Trend Micro
2009-07-18 02:19 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-07-18 02:19 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-07-18 02:19 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-07-18 02:19 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-07-18 02:19 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-07-18 02:19 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-07-18 02:19 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-07-18 02:19 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-07-18 02:19 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-07-18 00:53 . 2009-07-18 00:53 -------- d-----w- c:\windows\system32\XPSViewer
2009-07-18 00:53 . 2009-07-18 00:53 -------- d-----w- c:\program files\MSBuild
2009-07-18 00:53 . 2009-07-18 00:53 -------- d-----w- c:\program files\Reference Assemblies
2009-07-18 00:53 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-07-18 00:53 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-07-18 00:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-07-18 00:53 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-07-18 00:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-07-18 00:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-07-18 00:53 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-07-18 00:53 . 2009-07-18 00:53 -------- d-----w- C:\c738e05fbbe7d68a9b6aeca816e0d896
2009-07-18 00:48 . 2009-07-18 00:48 -------- d-----w- c:\program files\MSXML 6.0
2009-07-17 16:22 . 2008-06-20 17:41 245248 ----a-w- c:\windows\system32\dllcache\mswsock.dll
2009-07-17 15:30 . 2009-07-17 15:30 -------- d-----w- c:\program files\Windows Resource Kits
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 07:19 . 2007-03-29 22:58 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-07-18 00:59 . 2007-01-16 14:02 28192 -c--a-w- c:\documents and settings\Rob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 23:03 . 2008-12-07 04:24 88 --sha-r- c:\windows\system32\76E86E7549.sys
2009-07-08 23:03 . 2008-12-07 04:24 848 -csha-w- c:\windows\system32\KGyGaAvL.sys
2009-07-07 18:17 . 2007-01-16 22:52 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-07 17:32 . 2007-01-16 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7
2009-06-30 18:24 . 2009-06-30 18:24 -------- d-----w- c:\program files\Alwil Software
2009-06-30 16:13 . 2009-06-30 16:13 -------- d-----w- c:\program files\Windows Defender
2009-06-19 16:02 . 2007-01-19 18:16 -------- d-----w- c:\program files\Common Files\Predictive Networks
2009-06-16 14:55 . 2003-03-31 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:55 . 2003-03-31 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:27 . 2003-03-31 12:00 1290752 ----a-w- c:\windows\system32\quartz.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-03 136600]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2007-06-01 257088]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-07-22 88361]
"WTClient"="WTClient.exe" - c:\windows\system32\WTClient.exe [2007-04-11 40960]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]
c:\documents and settings\Rob\Start Menu\Programs\Startup\
ImpulseNow.lnk - d:\stardock\Impulse\Now\ImpulseNow.exe [2009-4-10 356352]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-19 111376]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Microsoft Games\\Age of Mythology\\aomx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 bDMusicb;bDMusicb;c:\docume~1\Rob\LOCALS~1\Temp\bDMusicb.sys [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys [2008-12-07 10752]
S0 SSFS0BB8;Spy Sweeper File System Filer Driver: 0BB8;c:\windows\SYSTEM32\Drivers\SSFS0BB8.SYS [2007-06-22 20280]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys [2008-12-07 18944]
.
Contents of the 'Scheduled Tasks' folder
2009-08-16 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]
.
- - - - ORPHANS REMOVED - - - -
Notify-dimsntfy - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore
FF - ProfilePath - c:\documents and settings\Rob\Application Data\Mozilla\Firefox\Profiles\s8s9qhmg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - plugin: c:\program files\Mozilla Firefox\plugins\npitunes.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-15 19:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,0a,99,16,65,19,
89,dd,db,2e,e8,e1,00,eb,16,2b,de,2a,c0,47,7b,28,88,f0,d6,e2,63,26,f1,3f,c8,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,17,2e,f3,0c,df,
3b,07,af,46,47,15,b0,92,4b,c7,ef,07,a1,36,db,26,a6,d4,46,6a,9c,d6,61,af,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,bd,1c,1f,0d,7e,
a9,b0,0f,7a,45,05,fd,91,e8,6f,31,5c,6b,cf,30,75,fd,a3,26,ff,7c,85,e0,43,d4,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,0a,45,bf,ec,82,
3f,ea,1d,6b,65,49,6a,7e,99,74,f7,d0,f5,1a,68,ef,f5,18,a0,86,8c,21,01,be,91,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,b3,94,40,5f,6a,
75,21,1d,e9,02,6c,fa,fb,1d,47,57,4a,7c,40,38,e8,a1,84,b4,f5,1d,4d,73,a8,13,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,8d,5e,bf,64,d3,
1e,e7,38,50,93,e5,ab,ec,6a,4e,ab,8e,ab,5c,70,48,65,30,62,df,20,58,62,78,6b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:97,20,4e,9a,c7,f1,35,ee,d7,27,68,70,3b,
5d,7a,d5,97,20,4e,9a,c7,f1,35,ee,d9,ad,91,f4,c8,de,79,b2,fb,a7,78,e6,12,2f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,03,a3,da,15,f7,
82,02,2e,aa,52,c6,00,84,3c,26,64,d4,47,2d,f7,05,5d,97,d9,01,3a,48,fc,e8,04,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,10,c1,4b,03,3a,
23,49,5c,b2,46,9a,e2,1b,fe,1b,94,83,84,03,bc,4f,de,21,8e,f6,0f,4e,58,98,5b,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,28,56,fb,62,2c,
b7,a3,ba,37,a4,aa,c3,a6,15,56,0a,b5,56,b3,04,8f,68,f1,56,3d,ce,ea,26,2d,45,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:f8,31,0f,a9,5f,a0,ec,fb,05,7c,05,9d,19,
05,b1,24,f8,31,0f,a9,5f,a0,ec,fb,40,12,45,eb,80,0f,a8,e4,2a,b7,cc,b5,b9,7f,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,af,4d,08,ea,a3,
d1,f2,92,05,73,21,dd,54,d8,4a,c5,b0,5d,ca,fc,ae,38,62,fc,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\WRLogonNTF.dll
- - - - - - - > 'explorer.exe'(3020)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PSIService.exe
c:\program files\Webroot\Spy Sweeper\SpySweeper.exe
c:\windows\system32\drivers\WTSrv.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\system32\WISPTIS.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\HPZipm12.exe
.
**************************************************************************
.
Completion time: 2009-08-16 19:35 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-16 02:35
Pre-Run: 6,128,599,040 bytes free
Post-Run: 6,713,434,112 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
383 --- E O F --- 2009-07-18 01:50
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:05 PM, on 8/15/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\Drivers\WTSRV.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\WTClient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
D:\Stardock\Impulse\Now\ImpulseNow.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "C:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [WTClient] WTClient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-21-73586283-583907252-1801674531-1003 Startup: ImpulseNow.lnk = D:\Stardock\Impulse\Now\ImpulseNow.exe (User '?')
O4 - Startup: ImpulseNow.lnk = D:\Stardock\Impulse\Now\ImpulseNow.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/f ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: WinTab Service (WinTabService) - Tablet Driver - C:\WINDOWS\System32\Drivers\WTSRV.EXE
--
End of file - 6251 bytes