ComboFix 10-05-14.06 - Owner 05/14/2010 22:27:12.3.1 - FAT32x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.158 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Install.txt . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_WMOPTIMIZER -------\Service_WMOptimizer ((((((((((((((((((((((((( Files Created from 2010-04-15 to 2010-05-15 ))))))))))))))))))))))))))))))) . 2010-05-15 02:50 . 2010-05-15 02:50 -------- d-----w- C:\_OTL 2010-05-14 16:40 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-05-14 16:40 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-05-14 15:10 . 2010-05-14 15:10 -------- d-----w- C:\FOUND.004 2010-05-12 20:15 . 2010-05-12 20:15 -------- d-----w- C:\FOUND.003 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-15 03:40 . 2008-05-22 21:17 4128 --sha-w- c:\windows\system32\drivers\fidbox.dat 2010-05-15 03:40 . 2008-05-22 21:17 1124 --sha-w- c:\windows\system32\drivers\fidbox.idx 2010-05-12 22:35 . 2010-05-12 22:35 31853 ------w- c:\windows\Internet Logs\vsmon_2nd_2010_05_12_15_05_15_small.dmp.zip 2010-05-12 20:06 . 2010-05-12 22:24 2277376 ------w- c:\windows\Internet Logs\xDB9.tmp 2010-05-12 17:16 . 2007-04-01 21:25 18000 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-03-14 14:27 . 2009-12-02 03:15 79488 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-12-04 2356088] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\System32\igfxtray.exe" [2001-12-19 151552] "LTSMMSG"="LTSMMSG.exe" [2001-10-17 45056] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2001-08-09 118784] "IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2001-11-06 77824] "LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2001-09-10 184320] "LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2001-12-14 61440] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-12 136600] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-20 2046816] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016] c:\documents and settings\Owner\Start Menu\Programs\Startup\ Check for TWS Updates.lnk - c:\jts\WiseUpdt.exe [2008-4-1 194775] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-08-19 13:09 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= R0 IABFilt;Iomega Snapshot Volume Filter;c:\windows\system32\drivers\IABFilt.sys [10/6/2008 9:27 PM 25344] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/3/2008 1:31 PM 335240] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/18/2008 5:15 PM 108552] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [8/18/2008 5:15 PM 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [5/3/2008 1:31 PM 297752] R2 PMEMNT;PMEMNT;c:\windows\system32\Pmemnt.sys [1/9/2002 10:31 AM 7012] R3 {6D08DE67-D457-4d38-A7F5-D88CCB81EE00};AIM 3.0 NS2501;c:\windows\system32\drivers\a306.sys [1/9/2002 10:08 AM 13881] R3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\drivers\LTSM.sys [1/9/2002 10:16 AM 806435] . Contents of the 'Scheduled Tasks' folder 2010-04-01 c:\windows\Tasks\SmartDefrag.job - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-03-10 23:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: turbotax.com DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab . - - - - ORPHANS REMOVED - - - - AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-05-14 22:44 Windows 5.1.2600 Service Pack 3 FAT NTAPI scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(548) c:\windows\system32\MrvGINA.dll - - - - - - - > 'Explorer.exe'(3468) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Java\jre6\bin\jqs.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\LTSMMSG.exe c:\program files\Apoint2K\Apntex.exe c:\program files\Java\jre6\bin\jucheck.exe . ************************************************************************** . Completion time: 2010-05-14 22:53:17 - machine was rebooted ComboFix-quarantined-files.txt 2010-05-15 03:53 Pre-Run: 17,225,367,552 bytes free Post-Run: 17,128,374,272 bytes free Current=4 Default=4 Failed=1 LastKnownGood=2 Sets=1,2,3,4 - - End Of File - - 50BA1068CF2E3003DEC3F38CD70464AD