ComboFix 08-12-31.01 - jeff frary 2009-01-01 18:06:51.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.241 [GMT -5:00]
Running from: c:\documents and settings\jeff frary\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Outdated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\msqpdxqrnvoaqg.sys
c:\windows\system32\msqpdxrniqjouo.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MSQPDXSERV.SYS
((((((((((((((((((((((((( Files Created from 2008-12-01 to 2009-01-01 )))))))))))))))))))))))))))))))
.
2009-01-01 17:22 . 2009-01-01 17:22 578,560 --a--c--- c:\windows\system32\dllcache\user32.dll
2009-01-01 17:19 . 2009-01-01 17:19 <DIR> d-------- c:\windows\ERUNT
2009-01-01 17:15 . 2009-01-01 17:51 <DIR> d-------- C:\SDFix
2009-01-01 15:18 . 2009-01-01 15:18 <DIR> d-------- c:\program files\Lavasoft
2009-01-01 15:18 . 2009-01-01 15:18 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-01 15:18 . 2009-01-01 15:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-30 20:31 . 2008-12-30 20:31 <DIR> d-------- c:\documents and settings\jeff frary\Application Data\Malwarebytes
2008-12-30 20:31 . 2008-12-30 20:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-30 13:43 . 2008-12-30 13:43 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-30 13:43 . 2008-12-30 13:43 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-30 13:43 . 2008-12-30 13:43 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-30 13:43 . 2008-12-30 13:43 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-30 10:20 . 2008-12-30 10:21 <DIR> d-------- c:\documents and settings\jeff frary\.housecall6.6
2008-12-29 18:03 . 2004-04-27 10:23 <DIR> d-------- c:\documents and settings\Administrator\WINDOWS
2008-12-29 18:03 . 2004-04-27 11:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\toshiba
2008-12-29 18:03 . 2004-04-27 12:29 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2008-12-29 18:03 . 2004-05-13 12:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Sonic
2008-12-29 18:03 . 2004-04-27 15:08 <DIR> d-------- c:\documents and settings\Administrator\Application Data\MSN6
2008-12-29 18:03 . 2004-05-13 12:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Leadertech
2008-12-29 18:03 . 2004-04-27 18:14 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterVideo
2008-12-29 18:03 . 2004-04-27 12:06 <DIR> d-------- c:\documents and settings\Administrator\Application Data\InterTrust
2008-12-29 18:03 . 2008-12-30 13:43 <DIR> d-------- c:\documents and settings\Administrator
2008-12-25 11:11 . 2008-12-25 11:11 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-25 02:04 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-25 02:04 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-25 02:04 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-24 16:30 . 2008-12-24 16:43 <DIR> d-------- c:\program files\Virtual Earth 3D
2008-12-20 22:29 . 2008-12-20 22:29 40 --a------ C:\Auth.prof
2008-12-19 23:06 . 2008-12-19 23:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Azureus
2008-12-19 23:05 . 2008-12-19 23:05 <DIR> d-------- c:\program files\AskBarDis
2008-12-19 23:05 . 2009-01-01 16:17 <DIR> d-------- c:\documents and settings\jeff frary\Application Data\Azureus
2008-12-19 23:04 . 2008-12-22 00:31 <DIR> d-------- c:\program files\Vuze
2008-12-18 16:38 . 2008-12-18 16:41 <DIR> d-------- c:\program files\Google
2008-12-18 16:38 . 2009-01-01 14:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Google Updater
2008-12-17 22:31 . 2008-12-31 12:56 <DIR> d-------- c:\program files\Mozilla Thunderbird
2008-12-17 22:31 . 2008-12-17 22:31 <DIR> d-------- c:\documents and settings\jeff frary\Application Data\Thunderbird
2008-12-17 18:41 . 2008-12-17 18:41 <DIR> d-------- c:\documents and settings\jeff frary\Application Data\DivX
2008-12-17 18:39 . 2008-12-17 18:39 <DIR> d-------- c:\program files\DivX
2008-12-09 06:59 . 2008-12-26 18:48 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-09 06:59 . 2008-12-09 06:59 1,409 --a------ c:\windows\QTFont.for
2008-12-09 06:41 . 2008-12-09 07:04 <DIR> d-------- c:\program files\Ares
2008-12-08 18:17 . 2008-12-08 18:17 <DIR> d-------- c:\program files\Microsoft ActiveSync
2008-12-08 18:13 . 2008-12-08 18:15 <DIR> d-------- c:\windows\ShellNew
2008-12-07 16:19 . 2008-12-07 16:19 <DIR> d-------- C:\SVP Utility.temp
2008-12-07 15:58 . 2008-12-07 15:58 <DIR> d-------- C:\Utilities.temp
2008-12-07 15:57 . 2004-04-20 19:34 49,152 --a------ c:\windows\system32\TDVDINFO.dll
2008-12-07 15:56 . 2008-12-07 15:56 <DIR> d-------- C:\Picture Enhancement.temp
2008-12-07 15:55 . 2008-12-07 15:55 <DIR> d-------- C:\Audio.temp
2008-12-07 15:55 . 2003-07-17 17:19 230,416 --a------ c:\windows\system32\drivers\stac97.sys
2008-12-07 15:46 . 2008-12-07 15:46 <DIR> d-------- C:\Touch and Launch.temp
2008-12-07 15:44 . 2008-12-07 15:44 <DIR> d-------- C:\Console.temp
2008-12-07 15:42 . 2008-12-07 15:42 <DIR> d-------- C:\TouchPad.temp
2008-12-03 21:45 . 2008-12-03 21:27 1,158 --a------ C:\wpa.dbl
2008-12-03 20:59 . 2008-12-17 17:16 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-12-03 20:57 . 2008-12-17 17:14 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-12-03 20:38 . 2002-05-15 00:37 473 --a------ C:\rarreg.key
2008-12-03 18:13 . 2008-12-03 18:13 <DIR> d-------- c:\windows\system32\scripting
2008-12-03 18:13 . 2008-12-03 18:13 <DIR> d-------- c:\windows\system32\en
2008-12-03 18:13 . 2008-12-03 18:13 <DIR> d-------- c:\windows\l2schemas
2008-12-03 18:11 . 2008-12-03 18:11 <DIR> d-------- c:\program files\AVG
2008-12-03 18:11 . 2008-12-30 13:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-03 17:37 . 2008-12-03 17:37 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-12-03 17:31 . 2008-12-03 17:31 <DIR> d-------- c:\program files\NOS
2008-12-03 17:31 . 2008-12-03 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-03 17:05 . 2008-12-03 17:05 2,560 --a------ c:\windows\_MSRSTRT.EXE
2008-12-03 16:45 . 2008-12-03 16:45 2 --a------ c:\windows\msoffice.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-31 17:58 --------- d-----w c:\program files\Notebook Maximizer
2008-12-10 20:20 --------- d-----w c:\program files\DataLode
2008-12-07 21:19 --------- d-----w c:\program files\Toshiba
2008-12-07 20:57 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 22:30 --------- d-----w c:\program files\Common Files\Adobe
2008-12-03 22:30 --------- d-----w c:\documents and settings\jeff frary\Application Data\AdobeUM
2008-12-03 22:27 --------- d-----w c:\program files\Quicken
2008-12-03 22:21 --------- d-----w c:\program files\PartyGaming
2008-12-03 22:20 --------- d-----w c:\program files\Panicware
2008-12-03 22:19 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-03 22:04 --------- d-----w c:\documents and settings\All Users\Application Data\Napster
2008-12-03 22:00 --------- d-----w c:\documents and settings\jeff frary\Application Data\Yahoo!
2008-12-03 22:00 --------- d-----w c:\documents and settings\All Users\Application Data\yahoo!
2008-12-03 21:59 --------- d-----w c:\program files\Yahoo!
2008-12-03 21:54 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2008-12-03 21:45 --------- d-----w c:\documents and settings\All Users\Application Data\AOL
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-12-09 18:40 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PadTouch"="c:\program files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-02-03 1089589]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-04-15 3661824]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-30 1261336]
"c:\windows\system32\cfrog.exe"="c:\windows\system32\cfrog.exe" [2008-12-30 25600]
"c:\windows\system32\baloon.exe"="c:\windows\system32\baloon.exe" [2008-12-30 110592]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2003-12-16 18:49 110592 c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^RAMASST.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk
backup=c:\windows\pss\RAMASST.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00THotkey]
--a------ 2004-02-25 16:12 258048 c:\windows\system32\00THotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 02:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\baloon.exe]
--a------ 2008-12-30 20:14 110592 c:\windows\system32\baloon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\c:\windows\system32\cfrog.exe]
--a------ 2008-12-30 20:14 25600 c:\windows\system32\cfrog.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-13 19:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-04-21 03:04 118843 c:\windows\system32\dla\tfswctrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-04-13 19:12 1695232 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2004-04-15 13:23 3661824 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PadTouch]
--a------ 2004-02-03 16:47 1089589 c:\program files\Toshiba\Touch and Launch\PadExe.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pinger]
--a------ 2003-10-20 10:39 159744 c:\toshiba\IVP\ISM\pinger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PRONoMgr.exe]
--a------ 2003-12-10 04:36 86016 c:\program files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-01-16 10:54 155648 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmaTel StacMon]
--------- 2003-08-03 16:01 86073 c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2004-03-02 15:45 135168 c:\program files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2004-01-22 19:08 495616 c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2004-01-22 19:09 98304 c:\program files\Synaptics\SynTP\SynTPLpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-08-14 13:34 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TOSCDSPD]
--a------ 2003-09-05 05:24 65536 c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TouchED]
--a------ 2003-01-21 20:00 126976 c:\program files\Toshiba\TouchED\TouchED.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\000StTHK]
--a------ 2001-06-23 22:28 24576 c:\windows\system32\000StTHK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-02-20 17:00 88363 c:\windows\agrsmmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Utility]
--------- 2003-11-07 04:50 19968 c:\windows\LOGI_MWX.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2004-04-15 13:23 790528 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TFNF5]
--a------ 2003-10-15 17:03 73728 c:\windows\system32\TFNF5.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPSMain]
--a------ 2004-03-03 14:57 278528 c:\windows\system32\TPSMain.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Toshiba\\ConfigFree\\CFSServW.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-30 97928]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-19 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-19 234888]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-30 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-30 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-30 76040]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-10 24652]
S2 gupdate1c9615948e64f30;Google Update Service (gupdate1c9615948e64f30);"c:\program files\Google\Update\GoogleUpdate.exe" /svc [2008-12-18 119280]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [2008-12-03 33752]
S3 L2XPSR;L2XPSR;\??\d:\release\L2XPSR.SYS []
S3 NTSTPL1;NTSTPL1;\??\d:\release\NTSTPL1.SYS []
S3 NTSTPL2;NTSTPL2;\??\d:\release\NTSTPL2.SYS []
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2009-01-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-12-18 16:38]
2009-01-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-12-18 16:40]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{F3DF2532-A2CC-48D8-8643-A033AE4FC313} - (no file)
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe
MSConfigStartUp-PopUpStopperProfessional - c:\progra~1\PANICW~1\POP-UP~1\PopUpStopperProfessional.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\YahooMessenger.exe
MSConfigStartUp-NDSTray - NDSTray.exe
MSConfigStartUp-TFncKy - TFncKy.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: {{77E68763-4284-41d6-B7E7-B6E1F053A9E7} - c:\program files\EmpirePoker\EmpirePoker.exe
IE: {{B4B52284-A248-4c51-9F7C-F0A0C67FCC9D} - c:\program files\PartyGaming\PartyCasino\RunCasino.exe
IE: {{B987E7E7-5997-4330-A5F9-9FFEFC1CCFD0} - c:\program files\PartyGaming\PartyBingo\RunBingo.exe
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-01 18:12:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxqrnvoaqg.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(856)
c:\windows\System32\LgNotify.dll
.
Completion time: 2009-01-01 18:15:52
ComboFix-quarantined-files.txt 2009-01-01 23:14:34
Pre-Run: 51,207,499,776 bytes free
Post-Run: 51,397,926,912 bytes free
277 --- E O F --- 2008-12-26 05:28:22
Sign In
Create Account
