ComboFix 10-05-29.03 - Doug 05/30/2010 11:27:30.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.880 [GMT -7:00]
Running from: c:\users\Doug\Desktop\Virus Log Files\ComboFix.exe
Command switches used :: c:\users\Doug\Desktop\Virus Log Files\CfScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Doug\AppData\Roaming\Helper
.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-30 )))))))))))))))))))))))))))))))
.
2010-05-30 18:38 . 2010-05-30 18:38 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-05-30 18:38 . 2010-05-30 18:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-05-18 19:22 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-18 19:22 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-18 18:32 . 2010-05-18 18:32 -------- d-----w- c:\program files\Trend Micro
2010-05-14 01:06 . 2010-05-14 01:06 680 ----a-w- c:\users\Doug\AppData\Local\d3d9caps.dat
2010-05-13 22:29 . 2010-05-13 22:29 -------- d-----w- c:\users\Doug\AppData\Roaming\Malwarebytes
2010-05-13 22:29 . 2010-05-18 19:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 22:29 . 2010-05-13 22:29 -------- d-----w- c:\programdata\Malwarebytes
2010-05-12 02:00 . 2010-05-14 17:10 -------- dc----w- C:\PMAIL
2010-05-04 20:32 . 2010-05-14 17:10 -------- dc----w- C:\PMAILold
2010-04-30 23:11 . 2010-04-30 23:27 -------- d-----w- c:\users\Doug\AppData\Roaming\ICAClient
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 23:37 . 2008-11-05 00:53 -------- d-----w- c:\programdata\Google Updater
2010-05-29 22:56 . 2008-01-01 00:07 12 ----a-w- c:\windows\bthservsdp.dat
2010-05-29 21:37 . 2008-09-20 00:19 -------- d-----w- c:\users\Doug\AppData\Roaming\FileZilla
2010-05-20 22:54 . 2008-12-15 23:13 1 ----a-w- c:\users\Doug\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-20 19:43 . 2007-09-20 22:09 -------- d-----w- c:\users\Doug\AppData\Roaming\Image Zone Express
2010-05-20 01:39 . 2009-11-24 23:05 -------- d-----w- c:\users\Doug\AppData\Roaming\vlc
2010-05-19 03:12 . 2007-09-01 06:38 -------- d-----w- c:\program files\Google
2010-05-12 20:56 . 2009-11-12 19:06 -------- d-----w- c:\programdata\avg9
2010-05-05 22:57 . 2007-09-01 04:11 -------- d-----w- c:\users\Doug\AppData\Roaming\Skype
2010-04-30 23:10 . 2009-05-07 22:25 -------- d-----w- c:\program files\Citrix
2010-04-28 09:26 . 2009-03-21 17:13 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-28 01:49 . 2010-04-28 01:49 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-28 00:45 . 2009-06-24 00:04 -------- d-----w- c:\program files\123CopyDVD Gold 2009
2010-04-27 19:17 . 2010-04-27 19:16 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-04-27 19:17 . 2010-04-27 19:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-27 19:05 . 2006-12-02 18:49 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-26 17:07 . 2010-04-26 17:07 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-03-30 20:23 . 2007-08-31 22:08 61136 ----a-w- c:\users\Doug\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-15 09:34 . 2010-03-15 09:34 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-15 09:34 . 2007-09-01 00:02 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-15 09:34 . 2008-05-07 18:03 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2008-08-17 00:42 . 2008-08-17 00:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-08-17 00:42 . 2008-08-17 00:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-08-17 00:42 . 2008-08-17 00:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-08-17 00:42 . 2008-08-17 00:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-08-17 00:43 . 2008-08-17 00:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-08-17 00:42 . 2008-08-17 00:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-08-17 00:42 . 2008-08-17 00:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2008-05-21 15:41 . 2008-05-21 15:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2008-05-21 15:41 . 2008-05-21 15:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2008-05-21 15:41 . 2008-05-21 15:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2008-06-05 20:58 . 2008-06-05 20:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-08-17 00:42 . 2008-08-17 00:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-05-29_22.47.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-12-02 18:50 . 2010-05-29 22:58 86116 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-12-02 18:50 . 2010-05-29 22:05 86116 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2006-11-02 13:05 . 2010-05-29 22:05 99930 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-05-29 22:58 99930 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2007-08-31 22:17 . 2010-05-29 22:05 13834 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3763823291-2402736660-1404909964-1000_UserData.bin
+ 2007-08-31 22:17 . 2010-05-29 22:58 13834 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3763823291-2402736660-1404909964-1000_UserData.bin
+ 2007-02-09 16:54 . 2006-12-29 04:07 90112 c:\windows\System32\eNetHook.dll
+ 2007-08-31 22:05 . 2010-05-30 08:02 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-31 22:05 . 2010-05-29 21:30 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2007-08-31 22:05 . 2010-05-29 21:30 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2007-08-31 22:05 . 2010-05-30 08:02 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2007-08-31 22:05 . 2010-05-29 21:30 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-08-31 22:05 . 2010-05-30 08:02 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-10 21:53 . 2010-05-29 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-10 21:53 . 2010-05-29 22:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-10 21:53 . 2010-05-29 22:03 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-10 21:53 . 2010-05-29 22:57 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-10 21:53 . 2010-05-29 22:03 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-10 21:53 . 2010-05-29 22:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-29 22:03 . 2010-05-29 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-05-29 22:57 . 2010-05-29 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-29 22:03 . 2010-05-29 22:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-05-29 22:57 . 2010-05-29 22:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2007-09-01 19:28 . 2010-05-30 18:07 397634 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2010-05-29 23:02 598588 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-05-29 22:07 598588 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2010-05-29 23:02 102194 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2010-05-29 22:07 102194 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-03-29 258048]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 249856]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-10 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-09 3784704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 815104]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-01-03 464168]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768]
"LManager"="c:\program files\Launch Manager\HotkeyApp.exe" [2006-12-22 204800]
"LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2006-08-29 241664]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2006-11-09 86016]
"Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2006-12-07 1261568]
"Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2006-12-13 3166208]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-01-14 151552]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"PD0630 STISvc"="P0630Pin.dll" [2005-06-05 36864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-10 149280]
c:\users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ZoomIt.exe - Shortcut (2).lnk - c:\programs\ZoomIt\ZoomIt.exe [2008-6-27 148520]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2006-12-5 528384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Event Reminder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Event Reminder.lnk
backup=c:\windows\pss\Event Reminder.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PHOTOfunSTUDIO HD Edition.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
backup=c:\windows\pss\PHOTOfunSTUDIO HD Edition.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 21:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-11-20 21:20 290088 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 18:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-10 17:16 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
2006-03-30 23:45 313472 ----a-r- c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 17:21 648072 ----a-w- c:\windows\WindowsMobile\wmdc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
R1 mailKmd;mailKmd; [x]
R3 gbridge;Gbridge Virtual Miniport;c:\windows\system32\DRIVERS\gbridge.sys [2008-10-15 39672]
R3 P0630VID;Creative WebCam Live!;c:\windows\system32\DRIVERS\P0630Vid.sys [2005-06-06 91841]
R4 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-09-06 169312]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 135664]
R4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2006-11-18 118784]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-15 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-04-28 242896]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-15 308064]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2010-05-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-04 17:16]
2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 20:56]
2010-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-11 20:56]
2010-05-30 c:\windows\Tasks\User_Feed_Synchronization-{A2ED153B-0F85-4002-98FD-CF0516BC6238}.job
- c:\windows\system32\msfeedssync.exe [2008-12-24 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page =
hxxp://en.us.acer.yahoo.comuInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\ml6z2l3o.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.google.comFF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFxViewer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\programs\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\programs\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\programs\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-30 11:38
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1848)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\ShowErrMsg.dll
c:\acer\Empowering Technology\EPOWER\SysHook.dll
.
Completion time: 2010-05-30 11:42:34
ComboFix-quarantined-files.txt 2010-05-30 18:42
ComboFix2.txt 2010-05-29 22:51
Pre-Run: 18,684,325,888 bytes free
Post-Run: 18,675,261,440 bytes free
- - End Of File - - FC3A1215C540F8F86473F713FD41F944
Date: Today (events: 138)
My Update Center (events: 7)
5/30/2010 12:44:33 PM Task started Kaspersky Internet Security My Update Center
5/30/2010 1:00:47 PM It is necessary to restart the computer after update Kaspersky Internet Security
5/30/2010 1:00:49 PM Task completed Kaspersky Internet Security My Update Center
5/30/2010 3:20:00 PM Task started Kaspersky Internet Security My Update Center
5/30/2010 3:29:33 PM Task completed Kaspersky Internet Security My Update Center
5/30/2010 5:40:14 PM Task started Kaspersky Internet Security My Update Center
5/30/2010 5:42:45 PM Task completed Kaspersky Internet Security My Update Center
Objects Scan (events:
5/30/2010 1:14:29 PM Task started Kaspersky Internet Security Rootkit Scan
5/30/2010 1:22:39 PM Task stopped Kaspersky Internet Security Rootkit Scan
5/30/2010 1:37:15 PM Task started Kaspersky Internet Security Full Scan
5/30/2010 1:37:29 PM Task stopped Kaspersky Internet Security Full Scan
5/30/2010 1:40:23 PM Task started Kaspersky Internet Security Full Scan
5/30/2010 4:41:44 PM Task completed Kaspersky Internet Security Full Scan
5/30/2010 4:44:31 PM Task started Kaspersky Internet Security Rootkit Scan
5/30/2010 4:52:55 PM Task completed Kaspersky Internet Security Rootkit Scan
IM Anti-Virus (events: 2)
5/30/2010 12:44:23 PM Task started Kaspersky Internet Security IM Anti-Virus
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security IM Anti-Virus
Firewall (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Firewall
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Firewall
Proactive Defense (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Proactive Defense
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Proactive Defense
Application Control (events: 103)
5/30/2010 5:38:10 PM Google Updater Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 5:08:57 PM Windows Media Center Store Update Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 4:23:58 PM Windows Modules Installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 2:23:08 PM Notepad Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 2:22:50 PM Prevalence reporter Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:38:56 PM Reliability analysis metrics calculation executable Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:38:55 PM MUI Language pack cleanup Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:33:55 PM Windows SQM Consolidator Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:29:42 PM Windows Shell Common Dll Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:29:34 PM Windows Firewall Control Panel Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:29:17 PM Windows Control Panel Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:28:59 PM COM Surrogate Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:28:13 PM WMI Reverse Performance Adapter Maintenance Utility Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:40 PM gusvc Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:37 PM Problem Reports and Solutions Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:28 PM IP Configuration Utility Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:27 PM Windows Problem Reporting Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:22 PM Network Command Shell Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:14 PM DHCP.BAT Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 1:26:05 PM Microsoft Sync Center Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:05 PM Acer eAP Launch Tool Placed in group Trusted Known on the database of the known software
5/30/2010 1:26:04 PM LogitechService Launcher Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:26:04 PM Acer Product Registration Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 1:26:04 PM MBRWRWIN.EXE Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 1:25:39 PM Windows Media Player Network Sharing Service Configuration Application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:25:28 PM Acer Assist Launcher Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 1:24:28 PM Userinit Logon Application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Application Control
5/30/2010 1:22:16 PM Windows Modules Installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:22:09 PM Windows Problem Reporting Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:21:48 PM Windows Logon User Interface Host Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:21:40 PM Microsoft Windows Search Filter Host Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:21:39 PM Microsoft Windows Search Protocol Host Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:20:53 PM Bubbles Screen Saver Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 1:19:55 PM Extension CLSID Verification Host Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:45:00 PM Microsoft Feeds Synchronization Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:36 PM Kaspersky Anti-Virus GUI Windows part Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM WebToolBar component Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM Firefox Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM Windows® installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM Windows Update Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM Windows Media Player Network Sharing Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM HP CUE Status Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:35 PM Camera Control Interface Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM Application Layer Gateway Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM Sink to receive asynchronous callbacks for WMI client application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM WMI Provider Host Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM LVCom Server Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM WMIServi Application Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:34 PM Service Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:34 PM eRecoveryService Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:34 PM eRecovery agent Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:34 PM Kaspersky Internet Security Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM Acer Empowering Techonology Framework Launcher Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:34 PM Acer ePower Management DMC Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:34 PM Microsoft Windows Search Indexer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:34 PM eNMTray Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:33 PM Media Center Media Status Aggregator Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM igfxsrvc Module Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM Sysinternals Screen Magnifier Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM HP Digital Imaging Monitor Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM GoogleToolbarNotifier Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM Media Center Tray Applet Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM Windows Sidebar Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:33 PM persistence Module Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:32 PM hkcmd Module Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:32 PM Installation Plug-In Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:32 PM AVG Scanning Core Module - Server Part Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:32 PM Camera Software Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:32 PM Communications Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:31 PM AVG Cache Server Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:30 PM AVG Resident Shield Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:29 PM MOBILITYSERVICE.EXE Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:29 PM WButton MFC Application Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:29 PM OSD MFC Application Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:29 PM HotkeyApp Placed in group Low Restricted High value of threat rating calculated heuristically
5/30/2010 12:44:29 PM acer eNet Management Service Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:29 PM LaunchAp MFC Application Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:29 PM eDataSecurity System Loader( Load and prepare enviroment ) Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:28 PM Synaptics TouchPad Enhancements Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:28 PM AVG Network scanner Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:28 PM HD Audio Control Panel Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:27 PM Acer eLock Management Placed in group Trusted Known on the database of the known software
5/30/2010 12:44:27 PM eDataSecurity Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:27 PM AVG Watchdog Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:27 PM ArcSoft Connect Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:27 PM Google Installer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Windows Explorer Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Desktop Window Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Task Scheduler Engine Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Spooler SubSystem App Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Microsoft Software Licensing Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Windows Audio Device Graph Isolation Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Logitech LVPrcSrv Module. Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Host Process for Windows Services Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Windows Logon Application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Local Session Manager Service Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Local Security Authority Process Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:26 PM Services and Controller app Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:25 PM Windows Start-Up Application Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:25 PM Client Server Runtime Process Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:24 PM Windows Session Manager Placed in group Trusted Signed by the digital signature of entrusted manufacturers
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Application Control
Anti-Spam (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Anti-Spam
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Anti-Spam
Network Attack Blocker (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Network Attack Blocker
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Network Attack Blocker
Web Anti-Virus (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Web Anti-Virus
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Web Anti-Virus
Mail Anti-Virus (events: 2)
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security Mail Anti-Virus
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security Mail Anti-Virus
File Anti-Virus (events: 2)
5/30/2010 1:24:23 PM Task started Kaspersky Internet Security File Anti-Virus
5/30/2010 12:44:22 PM Task started Kaspersky Internet Security File Anti-Virus
My Protection (events: 4)
5/30/2010 12:44:21 PM Databases are obsolete Kaspersky Internet Security
5/30/2010 12:44:36 PM Your computer is protected Kaspersky Internet Security
5/30/2010 1:22:39 PM Protection is not running Kaspersky Internet Security
5/30/2010 1:24:26 PM Your computer is protected Kaspersky Internet Security
======================================================================
My computer is running fine now. After the first combofix, I stopped receiving the "error loading .. flacor.dat"
and the liveu command prompt that came up after that.
I'll be careful to keep my Java updated in the future! Thank you.
The kapersky is a slug of a program. I've deleted it, but will use it in the future if I really need to. AVG, malwarebytes and combofix are all fast and efficient programs, and free.
Thanks again for your help!
Doug