ComboFix 09-06-14.02 - AndreaWatson 06/15/2009 19:21.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.602 [GMT -4:00]
Running from: c:\documents and settings\AndreaWatson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\AndreaWatson\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-14 17:28 . 2009-06-14 17:28 -------- d-----w- c:\program files\Bluetack
2009-06-14 00:27 . 2009-06-14 00:27 -------- d-----w- c:\documents and settings\AndreaWatson\Local Settings\Application Data\AVG Security Toolbar
2009-06-13 20:10 . 2009-06-13 20:10 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-13 20:10 . 2009-06-13 20:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-13 20:04 . 2009-05-18 13:42 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-11 03:27 . 2009-06-11 03:27 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\WinPatrol
2009-06-11 03:27 . 2008-01-27 19:53 0 ----a-w- c:\documents and settings\AndreaWatson\Application Data\WinPatrol\Config.sys
2009-06-11 03:27 . 2008-01-27 19:53 0 ----a-w- c:\documents and settings\AndreaWatson\Application Data\WinPatrol\Autoexec.bat
2009-06-11 03:27 . 2009-06-11 03:27 -------- d-----w- c:\program files\BillP Studios
2009-06-10 21:10 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 21:10 . 2009-06-10 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 21:10 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 22:49 . 2009-06-09 22:50 -------- dc----w- C:\rsit
2009-06-09 14:30 . 2009-06-11 14:40 -------- dc----w- C:\ToolBar SD
2009-06-09 13:57 . 2009-06-09 13:58 -------- d-----w- c:\documents and settings\Michael Watson\Application Data\AVGTOOLBAR
2009-06-08 00:28 . 2009-06-08 00:28 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\Thunderbird
2009-06-08 00:28 . 2009-06-08 00:28 335 ----a-w- c:\windows\mozregistry.dat
2009-06-08 00:28 . 2009-06-08 00:28 -------- d-----w- c:\program files\Netscape
2009-06-08 00:27 . 2009-06-08 00:27 9728 ----a-w- c:\windows\system32\rnaph.dll
2009-06-03 22:26 . 2009-06-03 22:26 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\Symantec
2009-06-03 22:25 . 2009-06-03 22:25 83168 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-03 22:25 . 2009-06-03 22:25 104144 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-03 22:25 . 2009-06-03 22:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-03 22:24 . 2009-06-03 22:27 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-03 22:24 . 2009-06-03 22:25 -------- d-----w- c:\program files\Symantec
2009-05-29 00:58 . 2009-06-10 14:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Uniblue
2009-05-29 00:43 . 2009-05-29 01:27 266072 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-29 00:41 . 2009-05-29 00:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-29 00:40 . 2009-05-29 00:40 -------- d-----w- c:\program files\Reference Assemblies
2009-05-29 00:38 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-29 00:38 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-29 00:38 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-05-29 00:38 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-05-29 00:38 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-29 00:38 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-29 00:38 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-05-29 00:38 . 2009-05-29 00:40 -------- dc----w- C:\89469f0340b713fc958d
2009-05-28 23:59 . 2009-05-28 23:59 -------- dc-h--r- C:\AHCache
2009-05-23 23:42 . 2009-05-23 23:42 -------- d-----w- c:\program files\ZEMNOTT
2009-05-23 20:36 . 2009-05-23 20:36 -------- d-----w- c:\program files\KingsIsle Entertainment
2009-05-18 18:36 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 22:46 . 2008-01-27 19:52 83874 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-14 17:44 . 2008-01-27 21:17 122656 ----a-w- c:\documents and settings\AndreaWatson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 20:07 . 2008-05-15 22:58 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-10 14:29 . 2008-01-27 22:05 -------- d-----w- c:\program files\Lavasoft
2009-06-10 14:25 . 2008-01-27 21:12 -------- d-----w- c:\program files\Java
2009-06-10 14:21 . 2009-05-13 22:37 -------- d-----w- c:\program files\Uniblue
2009-06-10 14:20 . 2009-05-11 03:17 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\Uniblue
2009-06-09 22:32 . 2009-01-20 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-06-08 00:28 . 2008-11-02 15:09 644 -c--a-w- c:\windows\nsreg.dat
2009-06-06 00:39 . 2009-05-07 13:37 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\AVG8
2009-05-29 00:41 . 2009-05-03 00:42 -------- d-----w- c:\program files\MSBuild
2009-05-26 21:25 . 2009-03-23 01:41 -------- d-----w- c:\program files\Oberon Media
2009-05-23 23:42 . 2008-01-27 20:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 13:20 . 2009-05-04 00:35 117760 ----a-w- c:\documents and settings\AndreaWatson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-20 12:25 . 2008-05-15 22:57 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-16 11:51 . 2009-05-16 11:51 -------- d-----w- c:\program files\Trend Micro
2009-05-14 10:49 . 2009-05-14 10:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-05-14 10:26 . 2009-05-14 10:26 -------- dc----w- c:\documents and settings\All Users\Application Data\Babylon
2009-05-14 10:26 . 2009-05-14 10:26 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Babylon
2009-05-13 22:40 . 2009-05-13 22:39 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\System Tweaker
2009-05-12 10:32 . 2009-05-12 10:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVGTOOLBAR
2009-05-07 23:39 . 2009-02-27 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 15:29 . 2009-05-07 15:14 202 -c--a-w- C:\43214354.bat
2009-05-07 13:50 . 2009-05-07 13:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-05-07 13:47 . 2009-05-07 13:47 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-05-07 13:47 . 2009-05-07 13:47 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-05-04 00:34 . 2009-05-04 00:34 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-04 00:34 . 2009-05-04 00:34 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\SUPERAntiSpyware.com
2009-05-04 00:31 . 2008-01-27 21:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-04 00:05 . 2008-06-27 12:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-03 22:44 . 2009-05-03 22:44 -------- d-----w- c:\program files\Downloaded Installers
2009-05-03 21:28 . 2009-05-03 17:17 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\AVGTOOLBAR
2009-05-03 17:17 . 2008-05-15 22:58 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-03 17:17 . 2008-01-27 21:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-03 17:17 . 2008-05-15 22:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-03 12:47 . 2009-05-03 12:46 -------- d-----w- c:\program files\Defraggler
2009-04-29 22:50 . 2009-04-18 14:22 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\LimeWire
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 01:29 . 2009-01-21 00:00 2828 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-23 01:29 . 2009-01-21 00:00 2828 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-23 01:18 . 2009-04-23 01:18 -------- d-----w- c:\program files\Wyzo
2009-04-23 00:54 . 2008-02-12 22:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-17 22:11 . 2009-02-06 00:18 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\Download Manager
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 19:58 . 2009-04-10 19:58 45056 ----a-r- c:\documents and settings\AndreaWatson\Application Data\Microsoft\Installer\{0A28C610-EE06-4A33-BB56-A2155B524916}\ARPPRODUCTICON.exe
2009-04-08 11:32 . 2009-04-08 11:32 152576 ----a-w- c:\documents and settings\AndreaWatson\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 00:47 . 2009-03-28 00:47 305664 ----a-w- c:\documents and settings\AndreaWatson\Application Data\Thinstall\Program Data\40000013a000002i\Illustrator.exe
2008-09-10 05:21 . 2009-03-04 03:35 3769344 ----a-w- c:\program files\WinBootstrapper.msi
2008-09-10 04:12 . 2009-03-04 03:35 400 ----a-w- c:\program files\deployment.xml
2008-09-10 04:12 . 2009-03-04 03:35 399 ----a-w- c:\program files\uninstall.xml
2008-08-18 17:24 . 2009-03-04 03:34 2448358 ----a-w- c:\program files\WinBootstrapper1.cab
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 536576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-30 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-04-21 286720]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-13 1948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
c:\documents and settings\AndreaWatson\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-1-27 157008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-03 17:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2004-11-01 15:50 8704 ----a-w- c:\windows\system32\PCANotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2/26/2009 12:46 PM 25608]
R0 Gernuwa;Gernuwa;c:\windows\system32\drivers\GERNUWA.sys [4/21/2003 1:00 PM 13898]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/15/2008 6:58 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/15/2008 6:58 PM 108552]
R1 awecho;awecho;c:\windows\system32\drivers\awechomd.sys [3/5/2004 12:52 PM 8368]
R1 eabfiltr;EABFiltr;c:\windows\system32\drivers\eabfiltr.sys [1/27/2008 5:10 PM 7432]
R1 SCDEmu;SCDEmu;c:\windows\system32\drivers\scdemu.sys [11/2/2008 4:44 AM 56572]
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI;c:\windows\system32\drivers\wmiacpi.sys [1/27/2008 10:28 AM 8832]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/7/2009 9:47 AM 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2/26/2009 12:46 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2/26/2009 12:46 PM 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2/26/2009 12:46 PM 27232]
R3 CAMCAUD;Conexant AMC 3D Environmental Audio;c:\windows\system32\drivers\camcaud.sys [1/27/2008 4:39 PM 292352]
R3 CAMCHALA;CAMCHALA;c:\windows\system32\drivers\camchal.sys [1/27/2008 4:39 PM 274688]
R3 HSFHWICH;HSFHWICH;c:\windows\system32\drivers\HSFHWICH.sys [1/27/2008 4:39 PM 199552]
R3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\rtl8180.sys [10/1/2003 11:54 AM 184832]
R3 SynTP;Synaptics TouchPad Driver;c:\windows\system32\drivers\SynTP.sys [1/27/2008 4:40 PM 182720]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASDIFSV.SYS --> c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASKUTIL.sys --> c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 adfs;adfs; [x]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/7/2009 9:47 AM 29208]
S3 BCM42RLY;BCM42RLY; [x]
S3 BCM43XX;802.11 Network Adapter Driver;c:\windows\system32\drivers\BCMWL5.SYS [1/27/2008 4:42 PM 371712]
S3 CBTNDIS5;CBTNDIS5 NDIS Protocol Driver;c:\windows\system32\CBTNDIS5.sys [1/2/2009 3:13 PM 17142]
S3 odysseyIM4;Odyssey Network Agent Miniport;c:\windows\system32\drivers\odysseyIM4.sys [9/25/2004 12:36 AM 173056]
S3 SASENUM;SASENUM;\??\c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASENUM.SYS --> c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASENUM.SYS [?]
S3 WpdUsb;WpdUsb;c:\windows\system32\drivers\wpdusb.sys [10/18/2006 9:00 PM 38528]
.
Contents of the 'Scheduled Tasks' folder
2009-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {6AE60EAB-0EAF-4F38-AE29-EEB9A97FE632} = 216.144.187.37,204.186.0.201
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 19:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????3?7?0?3??????? ???B???????????????B? ??????
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1396)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(1776)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\docume~1\ANDREA~1\LOCALS~1\Temp\catchme.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-06-15 23:31
ComboFix2.txt 2009-06-15 02:45
Pre-Run: 14,633,574,400 bytes free
Post-Run: 14,638,964,736 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
235 --- E O F --- 2009-06-14 03:05
second requested log:
ComboFix 09-06-14.02 - AndreaWatson 06/15/2009 19:50.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.990.583 [GMT -4:00]
Running from: c:\documents and settings\AndreaWatson\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\AndreaWatson\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
FILE ::
"c:\windows\system32\drivers\gaopdxkaiddtpp.sys"
"c:\windows\system32\drivers\gaopdxserv.sys"
"c:\windows\system32\drivers\ovfsthxbborujnv.sy_"
"c:\windows\system32\drivers\ovfsthxbborujnv.sys"
"c:\windows\system32\drivers\ovfsthxdoyltfqh"
"c:\windows\system32\ovfsthxkiqorcvh.da_"
"c:\windows\system32\ovfsthxsntsecbo.dl_"
"c:\windows\system32\ovfsthxxvrtfhwx.dl_"
.
((((((((((((((((((((((((( Files Created from 2009-05-15 to 2009-06-15 )))))))))))))))))))))))))))))))
.
2009-06-14 17:28 . 2009-06-14 17:28 -------- d-----w- c:\program files\Bluetack
2009-06-14 00:27 . 2009-06-14 00:27 -------- d-----w- c:\documents and settings\AndreaWatson\Local Settings\Application Data\AVG Security Toolbar
2009-06-13 20:10 . 2009-06-13 20:10 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-13 20:10 . 2009-06-13 20:10 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-13 20:04 . 2009-05-18 13:42 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-06-11 03:27 . 2009-06-11 03:27 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\WinPatrol
2009-06-11 03:27 . 2008-01-27 19:53 0 ----a-w- c:\documents and settings\AndreaWatson\Application Data\WinPatrol\Config.sys
2009-06-11 03:27 . 2008-01-27 19:53 0 ----a-w- c:\documents and settings\AndreaWatson\Application Data\WinPatrol\Autoexec.bat
2009-06-11 03:27 . 2009-06-11 03:27 -------- d-----w- c:\program files\BillP Studios
2009-06-10 21:10 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-10 21:10 . 2009-06-10 21:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-10 21:10 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-09 22:49 . 2009-06-09 22:50 -------- dc----w- C:\rsit
2009-06-09 14:30 . 2009-06-11 14:40 -------- dc----w- C:\ToolBar SD
2009-06-09 13:57 . 2009-06-09 13:58 -------- d-----w- c:\documents and settings\Michael Watson\Application Data\AVGTOOLBAR
2009-06-08 00:28 . 2009-06-08 00:28 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\Thunderbird
2009-06-08 00:28 . 2009-06-08 00:28 335 ----a-w- c:\windows\mozregistry.dat
2009-06-08 00:28 . 2009-06-08 00:28 -------- d-----w- c:\program files\Netscape
2009-06-08 00:27 . 2009-06-08 00:27 9728 ----a-w- c:\windows\system32\rnaph.dll
2009-06-03 22:26 . 2009-06-03 22:26 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\Symantec
2009-06-03 22:25 . 2009-06-03 22:25 83168 ----a-w- c:\windows\system32\S32EVNT1.DLL
2009-06-03 22:25 . 2009-06-03 22:25 104144 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-06-03 22:25 . 2009-06-03 22:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-03 22:24 . 2009-06-03 22:27 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
2009-06-03 22:24 . 2009-06-03 22:25 -------- d-----w- c:\program files\Symantec
2009-05-29 00:58 . 2009-06-10 14:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Uniblue
2009-05-29 00:43 . 2009-05-29 01:27 266072 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-29 00:41 . 2009-05-29 00:41 -------- d-----w- c:\windows\system32\XPSViewer
2009-05-29 00:40 . 2009-05-29 00:40 -------- d-----w- c:\program files\Reference Assemblies
2009-05-29 00:38 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-05-29 00:38 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-05-29 00:38 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-05-29 00:38 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-05-29 00:38 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-05-29 00:38 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-05-29 00:38 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-05-29 00:38 . 2009-05-29 00:40 -------- dc----w- C:\89469f0340b713fc958d
2009-05-28 23:59 . 2009-05-28 23:59 -------- dc-h--r- C:\AHCache
2009-05-23 23:42 . 2009-05-23 23:42 -------- d-----w- c:\program files\ZEMNOTT
2009-05-23 20:36 . 2009-05-23 20:36 -------- d-----w- c:\program files\KingsIsle Entertainment
2009-05-18 18:36 . 2007-01-18 12:00 3968 ----a-w- c:\windows\system32\drivers\AvgArCln.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-15 22:46 . 2008-01-27 19:52 83874 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-06-14 17:44 . 2008-01-27 21:17 122656 ----a-w- c:\documents and settings\AndreaWatson\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-13 20:07 . 2008-05-15 22:58 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-10 14:29 . 2008-01-27 22:05 -------- d-----w- c:\program files\Lavasoft
2009-06-10 14:25 . 2008-01-27 21:12 -------- d-----w- c:\program files\Java
2009-06-10 14:21 . 2009-05-13 22:37 -------- d-----w- c:\program files\Uniblue
2009-06-10 14:20 . 2009-05-11 03:17 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\Uniblue
2009-06-09 22:32 . 2009-01-20 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2009-06-08 00:28 . 2008-11-02 15:09 644 -c--a-w- c:\windows\nsreg.dat
2009-06-06 00:39 . 2009-05-07 13:37 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\AVG8
2009-05-29 00:41 . 2009-05-03 00:42 -------- d-----w- c:\program files\MSBuild
2009-05-26 21:25 . 2009-03-23 01:41 -------- d-----w- c:\program files\Oberon Media
2009-05-23 23:42 . 2008-01-27 20:40 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-21 13:20 . 2009-05-04 00:35 117760 ----a-w- c:\documents and settings\AndreaWatson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-20 12:25 . 2008-05-15 22:57 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-16 11:51 . 2009-05-16 11:51 -------- d-----w- c:\program files\Trend Micro
2009-05-14 10:49 . 2009-05-14 10:49 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVGTOOLBAR
2009-05-14 10:26 . 2009-05-14 10:26 -------- dc----w- c:\documents and settings\All Users\Application Data\Babylon
2009-05-14 10:26 . 2009-05-14 10:26 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\Babylon
2009-05-13 22:40 . 2009-05-13 22:39 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\System Tweaker
2009-05-12 10:32 . 2009-05-12 10:32 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AVGTOOLBAR
2009-05-07 23:39 . 2009-02-27 23:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 15:29 . 2009-05-07 15:14 202 -c--a-w- C:\43214354.bat
2009-05-07 13:50 . 2009-05-07 13:50 -------- dc----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-05-07 13:47 . 2009-05-07 13:47 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-05-07 13:47 . 2009-05-07 13:47 29208 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-05-04 00:34 . 2009-05-04 00:34 -------- dc----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-04 00:34 . 2009-05-04 00:34 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\SUPERAntiSpyware.com
2009-05-04 00:31 . 2008-01-27 21:38 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-04 00:05 . 2008-06-27 12:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-03 22:44 . 2009-05-03 22:44 -------- d-----w- c:\program files\Downloaded Installers
2009-05-03 21:28 . 2009-05-03 17:17 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\AVGTOOLBAR
2009-05-03 17:17 . 2008-05-15 22:58 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-03 17:17 . 2008-01-27 21:31 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-05-03 17:17 . 2008-05-15 22:58 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-03 12:47 . 2009-05-03 12:46 -------- d-----w- c:\program files\Defraggler
2009-04-29 22:50 . 2009-04-18 14:22 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\LimeWire
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 01:29 . 2009-01-21 00:00 2828 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-23 01:29 . 2009-01-21 00:00 2828 -csha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-23 01:18 . 2009-04-23 01:18 -------- d-----w- c:\program files\Wyzo
2009-04-23 00:54 . 2008-02-12 22:03 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-17 22:11 . 2009-02-06 00:18 -------- d-----w- c:\documents and settings\AndreaWatson\Application Data\Download Manager
2009-04-17 12:26 . 2004-08-04 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-04 12:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 19:58 . 2009-04-10 19:58 45056 ----a-r- c:\documents and settings\AndreaWatson\Application Data\Microsoft\Installer\{0A28C610-EE06-4A33-BB56-A2155B524916}\ARPPRODUCTICON.exe
2009-04-08 11:32 . 2009-04-08 11:32 152576 ----a-w- c:\documents and settings\AndreaWatson\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-28 00:47 . 2009-03-28 00:47 305664 ----a-w- c:\documents and settings\AndreaWatson\Application Data\Thinstall\Program Data\40000013a000002i\Illustrator.exe
2008-09-10 05:21 . 2009-03-04 03:35 3769344 ----a-w- c:\program files\WinBootstrapper.msi
2008-09-10 04:12 . 2009-03-04 03:35 400 ----a-w- c:\program files\deployment.xml
2008-09-10 04:12 . 2009-03-04 03:35 399 ----a-w- c:\program files\uninstall.xml
2008-08-18 17:24 . 2009-03-04 03:34 2448358 ----a-w- c:\program files\WinBootstrapper1.cab
.
((((((((((((((((((((((((((((( SnapShot@2009-06-15_02.39.09 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-15 22:38 . 2009-06-15 22:38 16384 c:\windows\Temp\Perflib_Perfdata_a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 536576]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-30 118784]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2004-04-21 286720]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-13 1948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVGIDS"="c:\program files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" [2009-02-26 1579528]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-06-01 341312]
c:\documents and settings\AndreaWatson\Start Menu\Programs\Startup\
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-1-27 157008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-03 17:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
2004-11-01 15:50 8704 ----a-w- c:\windows\system32\PCANotify.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 AVGIDSErHr;AVGIDSErHr;c:\windows\system32\drivers\AVGIDSErHr.sys [2/26/2009 12:46 PM 25608]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/15/2008 6:58 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/15/2008 6:58 PM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/3/2008 8:35 PM 908568]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2008 8:35 PM 298776]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [5/7/2009 9:47 AM 29208]
R3 AVGIDSDriver;AVGIDSDriver;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSDriver.sys [2/26/2009 12:46 PM 121352]
R3 AVGIDSFilter;AVGIDSFilter;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSFilter.sys [2/26/2009 12:46 PM 30216]
R3 AVGIDSShim;AVGIDSShim;c:\program files\AVG\AVG8\IdentityProtection\agent\driver\platform_XP\AVGIDSShim.sys [2/26/2009 12:46 PM 27232]
R3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\rtl8180.sys [10/1/2003 11:54 AM 184832]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASDIFSV.SYS --> c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASKUTIL.sys --> c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [5/7/2009 9:47 AM 1368952]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe [2/26/2009 12:46 PM 5576712]
S2 AVGIDSWatcher;AVGIDSWatcher;c:\program files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe [2/26/2009 12:46 PM 563720]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [5/7/2009 9:47 AM 29208]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [1/21/2009 7:56 PM 33752]
S3 SASENUM;SASENUM;\??\c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASENUM.SYS --> c:\documents and settings\AndreaWatson\Desktop\SUPERAntiSpyware\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder
2009-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
.
------- Supplementary Scan -------
.
mWindow Title =
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
TCP: {6AE60EAB-0EAF-4F38-AE29-EEB9A97FE632} = 216.144.187.37,204.186.0.201
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-15 19:54
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????3?7?0?3??????? ???B???????????????B? ??????
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1396)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(748)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\docume~1\ANDREA~1\LOCALS~1\Temp\catchme.dll
.
Completion time: 2009-06-15 20:01
ComboFix-quarantined-files.txt 2009-06-16 00:00
ComboFix2.txt 2009-06-15 23:32
ComboFix3.txt 2009-06-15 02:45
Pre-Run: 14,642,135,040 bytes free
Post-Run: 14,638,903,296 bytes free
233 --- E O F --- 2009-06-14 03:05