ComboFix 09-07-09.08 - Mike 07/11/2009 20:55.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2039.1270 [GMT -7:00]
Running from: c:\users\Mike\Desktop\combofix.exe
Command switches used :: c:\users\Mike\Desktop\CFScript.txt
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\uTorrent\
c:\program files\uTorrent\\uTorrent.exe
c:\users\Mike\AppData\Roaming\uTorrent
.
((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.
2009-07-12 04:04 . 2009-07-12 04:04 -------- d-----w- c:\users\The McNabs\AppData\Local\temp
2009-07-12 04:04 . 2009-07-12 04:04 -------- d-----w- c:\users\Guest\AppData\Local\temp
2009-07-11 02:57 . 2009-07-11 02:57 -------- d-----w- c:\program files\ESET
2009-07-11 02:55 . 2009-07-11 02:55 -------- d-----w- C:\Rooter$
2009-07-09 00:51 . 2009-07-12 04:04 -------- d-----w- c:\users\Mike\AppData\Local\temp
2009-07-09 00:17 . 2009-07-09 00:51 -------- d-s---w- C:\boobooCF
2009-07-08 04:46 . 2009-07-09 00:04 -------- d-----w- c:\programdata\SITEguard
2009-07-08 04:45 . 2009-07-09 00:05 -------- d-----w- c:\programdata\STOPzilla!
2009-07-08 04:45 . 2009-07-08 04:45 -------- d-----w- c:\program files\Common Files\iS3
2009-07-08 01:27 . 2009-07-08 01:27 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes
2009-07-08 01:27 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-08 01:27 . 2009-07-08 01:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-08 01:27 . 2009-07-08 01:27 -------- d-----w- c:\programdata\Malwarebytes
2009-07-08 01:27 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-07 02:20 . 2009-07-07 02:20 -------- d-----w- C:\MGADiagToolOutput
2009-07-07 02:18 . 2009-07-07 02:18 -------- d-----w- c:\programdata\Office Genuine Advantage
2009-07-05 10:42 . 2009-07-05 08:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000360\maindata.sys
2009-07-03 11:07 . 2009-07-03 08:11 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000359\maindata.sys
2009-07-02 20:37 . 2009-07-02 20:37 -------- d-----w- c:\windows\Intuit
2009-07-01 10:06 . 2009-07-01 08:10 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000358\maindata.sys
2009-06-30 10:22 . 2009-06-30 08:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000357\maindata.sys
2009-06-28 10:01 . 2009-06-28 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000356\maindata.sys
2009-06-27 06:34 . 2009-06-27 06:34 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-26 09:55 . 2009-06-26 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000355\maindata.sys
2009-06-25 10:20 . 2009-06-25 08:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000354\maindata.sys
2009-06-23 10:06 . 2009-06-23 08:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000353\maindata.sys
2009-06-22 10:12 . 2009-06-22 08:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000352\maindata.sys
2009-06-19 10:08 . 2009-06-19 08:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000351\maindata.sys
2009-06-18 10:49 . 2009-06-18 08:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000350\maindata.sys
2009-06-16 10:22 . 2009-06-16 08:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000349\maindata.sys
2009-06-15 10:18 . 2009-06-15 08:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000348\maindata.sys
2009-06-13 04:27 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-13 04:27 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 04:04 . 2007-12-11 02:23 -------- d-----w- c:\program files\Weather Watcher
2009-07-12 03:42 . 2008-02-15 21:00 -------- d-----w- c:\users\Mike\AppData\Roaming\CoreFTP
2009-07-11 23:43 . 2009-02-26 15:01 -------- d-----w- c:\users\Mike\AppData\Roaming\SolidDocuments
2009-07-11 19:11 . 2007-10-10 14:53 -------- d-----w- c:\programdata\Google Updater
2009-07-11 18:28 . 2009-06-20 17:50 25440 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-11 18:28 . 2009-06-20 17:50 2353480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-09 00:59 . 2009-05-21 19:54 -------- d-----w- c:\program files\GE Security Supra
2009-07-06 17:52 . 2009-06-20 17:50 1630560 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-04 15:33 . 2007-10-08 21:09 75280 ----a-w- c:\users\Mike\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-04 15:30 . 2009-02-26 18:28 -------- d-----w- c:\programdata\WebEx
2009-07-03 01:20 . 2009-04-11 20:43 -------- d-----w- c:\program files\Softomate
2009-07-03 01:19 . 2008-08-02 01:10 -------- d-----w- c:\programdata\Droppix
2009-07-03 01:08 . 2007-10-08 22:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-02 23:26 . 2009-05-08 15:51 34 ----a-w- c:\users\Mike\jagex_runescape_preferences.dat
2009-07-02 20:43 . 2007-10-16 00:41 -------- d-----w- c:\program files\Quark
2009-07-02 20:36 . 2008-02-04 20:33 -------- d-----w- c:\program files\Common Files\Intuit
2009-07-02 20:30 . 2008-03-18 23:35 -------- d-----w- c:\program files\Transaction Viewer
2009-07-02 20:29 . 2009-02-06 04:28 -------- d-----w- c:\program files\Scan2Email
2009-07-02 20:24 . 2007-11-07 15:32 -------- d-----w- c:\program files\phelios
2009-07-02 20:05 . 2007-10-11 00:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 00:22 . 2009-06-17 00:22 2678 ----a-w- c:\windows\Java\Packages\Data\GJ53RNFF.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\8OGIG5N9.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\13RFTV5V.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\0QQ2X31Z.DAT
2009-06-17 00:21 . 2009-06-17 00:21 2678 ----a-w- c:\windows\Java\Packages\Data\XFNB571R.DAT
2009-06-11 08:04 . 2009-06-11 11:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000347\maindata.sys
2009-06-09 08:09 . 2009-06-09 10:59 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000346\maindata.sys
2009-06-08 08:04 . 2009-06-08 10:49 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000345\maindata.sys
2009-06-07 08:04 . 2009-06-07 10:53 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000344\maindata.sys
2009-06-06 08:08 . 2009-06-06 10:41 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000343\maindata.sys
2009-06-04 08:02 . 2009-06-04 10:07 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000342\maindata.sys
2009-06-03 08:07 . 2009-06-03 10:56 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000341\maindata.sys
2009-06-01 17:51 . 2009-06-01 17:51 15688 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 17:51 . 2009-02-07 18:00 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-01 08:05 . 2009-06-01 10:19 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000340\maindata.sys
2009-05-31 08:01 . 2009-05-31 10:05 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000339\maindata.sys
2009-05-29 08:01 . 2009-05-29 09:59 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000338\maindata.sys
2009-05-28 08:01 . 2009-05-28 10:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000337\maindata.sys
2009-05-26 08:03 . 2009-05-26 10:56 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000336\maindata.sys
2009-05-25 08:06 . 2009-05-25 10:32 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000335\maindata.sys
2009-05-23 08:01 . 2009-05-23 10:02 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000334\maindata.sys
2009-05-22 08:01 . 2009-05-22 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000333\maindata.sys
2009-05-21 20:00 . 2009-05-21 20:00 159744 ----a-w- c:\windows\system32\libssl32.dll
2009-05-21 19:58 . 2009-05-21 19:58 -------- d-----w- c:\program files\SiLabs
2009-05-20 08:02 . 2009-05-20 10:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000332\maindata.sys
2009-05-19 08:04 . 2009-05-19 10:08 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000331\maindata.sys
2009-05-17 08:03 . 2009-05-17 10:11 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000330\maindata.sys
2009-05-16 11:17 . 2009-05-16 11:17 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-16 08:06 . 2009-05-16 10:12 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000329\maindata.sys
2009-05-15 15:07 . 2009-05-15 15:07 -------- d-----w- c:\users\Mike\AppData\Roaming\j2 Global
2009-05-15 15:06 . 2009-05-15 15:04 -------- d-----w- c:\program files\eFax Messenger 4.4
2009-05-15 15:06 . 2009-05-15 15:06 -------- d-----w- c:\users\Mike\AppData\Roaming\eFax Messenger
2009-05-15 15:06 . 2009-05-15 15:06 -------- d-----w- c:\programdata\eFax Messenger 4.4 Output
2009-05-15 15:06 . 2009-05-15 15:06 -------- d-----w- c:\programdata\eFax Messenger 4.4 Setup
2009-05-13 10:03 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-13 08:01 . 2009-05-13 09:45 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000328\maindata.sys
2009-05-12 08:03 . 2009-05-12 10:33 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000327\maindata.sys
2009-05-10 08:01 . 2009-05-10 09:47 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000326\maindata.sys
2009-05-09 08:07 . 2009-05-09 10:01 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000325\maindata.sys
2009-05-09 05:50 . 2009-06-11 21:18 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-11 21:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-08 08:05 . 2009-05-08 09:51 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000324\maindata.sys
2009-05-06 08:03 . 2009-05-06 09:45 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000323\maindata.sys
2009-05-05 08:05 . 2009-05-05 09:53 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000322\maindata.sys
2009-04-28 08:02 . 2009-04-28 10:03 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000321\maindata.sys
2009-04-27 08:03 . 2009-04-27 10:06 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000320\maindata.sys
2009-04-25 17:50 . 2009-04-25 17:51 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-25 17:50 . 2009-04-25 17:50 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-04-25 08:05 . 2009-04-25 10:09 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000319\maindata.sys
2009-04-24 08:06 . 2009-04-24 10:21 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000318\maindata.sys
2009-04-23 12:43 . 2009-06-11 21:18 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 21:18 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 08:02 . 2009-04-22 10:08 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000317\maindata.sys
2009-04-21 11:55 . 2009-06-11 21:18 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-04-21 08:03 . 2009-04-21 10:13 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000316\maindata.sys
2009-04-19 08:03 . 2009-04-19 09:59 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000315\maindata.sys
2009-04-18 08:01 . 2009-04-18 09:51 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000314\maindata.sys
2009-04-17 08:05 . 2009-04-17 10:24 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000313\maindata.sys
2009-04-16 08:04 . 2009-04-16 09:57 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000312\maindata.sys
2009-04-15 08:03 . 2009-04-15 10:00 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000311\maindata.sys
2009-04-14 08:02 . 2009-04-14 09:52 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000310\maindata.sys
2009-04-13 08:01 . 2009-04-13 09:54 1109 ----a-w- c:\users\Mike\AppData\Roaming\Genie-Soft\GBMHome8\Jobs\Backup Job\00000309\maindata.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-07-09_00.48.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-08 21:43 . 2009-07-09 01:01 47830 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-07-09 01:01 51458 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-10-08 21:10 . 2009-07-09 01:01 12230 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1304129043-3560768821-2314269622-1000_UserData.bin
- 2006-11-02 13:02 . 2009-07-09 00:28 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-12 03:59 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-07-12 03:59 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-07-09 00:28 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2007-02-27 16:15 . 2007-02-27 16:15 86016 c:\windows\Downloaded Program Files\FNISPrintControl.DLL
- 2009-07-09 00:28 . 2009-07-09 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 00:59 . 2009-07-09 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 00:59 . 2009-07-09 00:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-09 00:28 . 2009-07-09 00:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-05-29 16:02 . 2009-07-12 03:59 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-29 16:02 . 2009-07-09 00:28 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2006-11-02 13:02 . 2009-07-09 00:28 409600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-07-12 03:59 409600 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2007-09-24 1024000]
"HeavyWeatherPublisher"="c:\heavyweather\HeavyWeatherPublisher.exe" [2004-02-23 1302528]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 133656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-11 289576]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-01 520024]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
c:\users\Mike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
heavy weather.lnk - c:\heavyweather\heavy weather.exe [2008-5-29 781312]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-10-16 267520]
DisplayKEY eSYNC Info.lnk - c:\program files\GE Security Supra\SyncInfoApp.exe [2009-5-21 102400]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-25 66864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1304129043-3560768821-2314269622-1000]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EF30177E-832C-4FDC-BC0B-BC600980AD93}"= UDP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"{ACDE4EBC-2BFD-4F07-A787-4AD9F2DCD6ED}"= TCP:c:\program files\SmartFTP Client\SmartFTP.exe:SmartFTP Client
"TCP Query User{06382373-B64E-4273-9A70-EE238908FC7F}c:\\heavyweather\\heavyweatherpublisher.exe"= UDP:c:\heavyweather\heavyweatherpublisher.exe:HeavyWeatherPublisher
"UDP Query User{D36987B9-453F-42E3-8418-A0D958E4ADFA}c:\\heavyweather\\heavyweatherpublisher.exe"= TCP:c:\heavyweather\heavyweatherpublisher.exe:HeavyWeatherPublisher
"{95A2EB96-0EA2-41E6-9EEB-30B1B89CEFB9}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B88C1CED-D3D3-4375-9ABA-8F788E7BFA85}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"TCP Query User{FCD8F623-A087-4669-A53B-F32FDF4FF627}c:\\windows\\system32\\ftp.exe"= UDP:c:\windows\system32\ftp.exe:File Transfer Program
"UDP Query User{169C5D8E-BCC9-4515-8FC0-A5404FF608F8}c:\\windows\\system32\\ftp.exe"= TCP:c:\windows\system32\ftp.exe:File Transfer Program
"{012F66A6-BA01-4529-81E4-DD53DDA8580D}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{A1908D85-57A5-4ECC-BC58-4AF0416FB4D6}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6F15B34C-CE3D-486E-B0C3-5D6E98DC5521}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{16FBAFA9-5E2A-4FE6-95F8-7F705CF707F5}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{3664C764-F9A6-495E-A5EF-6608A8E160D3}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{631700FC-4863-4986-B7D0-F0D980218F4E}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6BD418A9-B6D8-4998-82A0-1A4DFE10F393}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{21F3024E-E12C-4EED-A0B1-68226AD0622E}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{6DA64838-F3B8-4B49-9667-C93C051B8893}"= UDP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{3F3273D3-45E2-4A0F-8F44-4F3FE11289E3}"= TCP:c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [4/25/2009 10:51 AM 64160]
R2 CSHelper;CopySafe Helper Service;c:\windows\System32\CSHelper.exe [3/15/2009 6:58 PM 192512]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/4/2007 11:31 AM 1153368]
R2 SPDFCreatorPlusReadSpool;SolidPDFPlusCreatorReadSpool;c:\windows\Installer\MSIF8BC.tmp [2/26/2009 8:00 AM 189696]
R2 SPDFToolsReadSpool;SolidPDFToolsCreatorReadSpool;c:\windows\Installer\MSIEE5E.tmp [2/26/2009 8:18 AM 189696]
S2 gupdate1c9bca6f4ea33cd;Google Update Service (gupdate1c9bca6f4ea33cd);c:\program files\Google\Update\GoogleUpdate.exe [4/13/2009 7:16 PM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 2:34 PM 1029456]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-07-11 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 05:47]
2009-07-11 c:\windows\Tasks\GBM - Backup Job-Full.job
- c:\program files\Genie-Soft\GBMHome8\GBM8.exe [2007-10-08 12:28]
2009-07-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-10 06:07]
2009-07-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:15]
2009-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-14 02:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: fnismls.com
Trusted Zone: superior-host.com
TCP: {30BBADAE-3AF0-48DB-BFFA-9AD645AF925A} = 208.67.220.220,208.67.222.222
DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab
DPF: {0CE0F418-1010-442D-871C-3454827DD539} - hxxp://facefun.com/FaceFun_webinstall/FaceFun.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {97770E5B-2028-48AC-B4DA-1F991376D2B6} - hxxp://download.copysafe.net/plugins5/i ... pysafe.cab
DPF: {F375116A-793C-11D2-BFE1-444553540001} - hxxp://pro.realquest.com/mapviewer/mapviewer.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 21:04
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPDFCreatorPlusReadSpool]
"ImagePath"="c:\windows\Installer\MSIF8BC.tmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SPDFToolsReadSpool]
"ImagePath"="c:\windows\Installer\MSIEE5E.tmp"
.
Completion time: 2009-07-12 21:08
ComboFix-quarantined-files.txt 2009-07-12 04:08
ComboFix2.txt 2009-07-09 00:51
ComboFix3.txt 2009-01-20 23:56
Pre-Run: 63,835,328,512 bytes free
Post-Run: 63,860,453,376 bytes free
577 --- E O F --- 2009-07-09 23:05
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5886
# api_version=3.0.2
# EOSSerial=229919dd5f062e4aac4bf693c7c874d1
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2009-07-11 05:26:51
# local_time=2009-07-10 10:26:51 (-0700, US Mountain Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5889 61 66 100 465616931725047
# scanned=343980
# found=6
# cleaned=6
# scan_time=8739
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgp.zip Win32/Bagle.gen.zip worm (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\MSIVXvuchpbbghnqprgdoapxxpikchbxfytpv.dll.vir a variant of Win32/Kryptik.UX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\MSIVXxneyeaxxtdcpieqvibmnyvfeoxmrcyvg.dll.vir Win32/Agent.PRM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\senekawppoicro.dll.vir a variant of Win32/Kryptik.FX trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\senekaxdqewxri.dll.vir a variant of Win32/Adware.Virtumonde.NCB application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\Windows\System32\drivers\senekanusinvjf.sys.vir a variant of Win32/Kryptik.UZ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C