ComboFix 09-03-06.02 - Rodolfo Muniz 2009-03-09 11:54:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3070.1904 [GMT -7:00]
Running from: c:\users\Rodolfo Muniz\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated)
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\drivers\gaopdxpxexrqcpgkfqpuiovgyinywwkmcmmyts.sys
c:\windows\system32\gaopdxiibeeopsbmpcexlappperhkhtqboigat.dll
c:\windows\system32\skinboxer43.dll
d:\recycler\S-7-5-64-100003367-100009392-100027513-5490.com
k:\recycler\S-7-5-64-100003367-100009392-100027513-5490.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_gaopdxserv.sys
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.
2009-03-09 11:29 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix
2009-03-09 08:01 . 2009-03-09 08:01 <DIR> d-------- c:\users\Rodolfo Muniz\AppData\Roaming\Malwarebytes
2009-03-08 23:41 . 2009-03-08 23:42 301,391,764 --ah----- c:\windows\MEMORY.DMP
2009-03-08 23:40 . 2009-03-08 23:40 <DIR> d-------- c:\users\Rodolfo Muniz\AppData\Roaming\SUPERAntiSpyware.com
2009-03-08 23:40 . 2009-03-08 23:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-03-08 23:19 . 2009-03-08 23:19 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-03-08 23:19 . 2009-03-08 23:19 <DIR> d-------- c:\programdata\Malwarebytes
2009-03-08 23:19 . 2009-03-09 08:00 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-08 23:19 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-03-08 23:19 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-03-06 13:21 . 2000-07-24 10:00 188,960 --a------ c:\windows\System32\WINGDE.DLL
2009-03-06 13:21 . 2000-07-24 10:00 92,208 --a------ c:\windows\System32\WING.DLL
2009-03-06 13:21 . 2000-07-24 10:00 12,800 --a------ c:\windows\System32\WING32.DLL
2009-03-06 13:21 . 2000-07-24 10:00 6,736 --a------ c:\windows\System32\WINGDIB.DRV
2009-03-06 13:21 . 2000-07-24 10:00 5,024 --a------ c:\windows\System32\WINGPAL.WND
2009-03-06 10:51 . 2002-05-08 02:09 274,432 --ah----- c:\windows\TLCUninstall.exe
2009-03-05 23:19 . 2009-03-05 23:19 <DIR> d-------- c:\program files\HDPlugin
2009-03-05 13:43 . 2009-03-05 13:43 <DIR> d-------- c:\windows\BBSTORE
2009-03-05 13:43 . 2009-03-06 13:21 <DIR> d-------- c:\program files\The Learning Company
2009-03-05 13:43 . 2001-05-16 17:57 190,976 --ah----- c:\windows\RRKW.pol
2009-03-05 13:43 . 2001-05-16 17:57 65,536 --a------ c:\windows\System32\ADVAPI32.1
2009-03-05 13:20 . 2009-03-05 13:20 0 --ah----- c:\windows\setup32.INI
2009-03-04 11:49 . 2008-11-26 18:39 1,195,384 --a------ c:\windows\System32\drivers\vsapint.sys
2009-03-04 11:49 . 2008-11-26 18:42 205,328 --a------ c:\windows\System32\drivers\tmxpflt.sys
2009-03-04 11:49 . 2008-11-26 18:42 36,368 --a------ c:\windows\System32\drivers\tmpreflt.sys
2009-03-04 11:36 . 2009-03-06 10:48 <DIR> d-------- c:\windows\System32\Service
2009-03-04 11:16 . 2009-03-04 11:16 256,528 --a------ c:\windows\System32\drivers\tmwfp.sys
2009-03-04 11:16 . 2009-03-04 11:16 145,424 --a------ c:\windows\System32\drivers\tmlwf.sys
2009-03-04 11:16 . 2009-03-04 11:16 144,912 --a------ c:\windows\System32\drivers\tmcomm.sys
2009-03-04 11:16 . 2009-03-04 11:16 80,400 --a------ c:\windows\System32\drivers\tmtdi.sys
2009-03-04 11:16 . 2009-03-04 11:16 50,192 --a------ c:\windows\System32\drivers\tmactmon.sys
2009-03-04 11:16 . 2009-03-04 11:16 49,680 --a------ c:\windows\System32\drivers\tmevtmgr.sys
2009-02-26 20:46 . 2009-02-26 20:46 0 --ah----- c:\windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmpE3D3D.FOT
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmpB4B3D.FOT
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmp6FB3D.FOT
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmp5B93D.FOT
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmp37C3D.FOT
2009-02-26 10:40 . 2009-02-26 10:40 1,409 --a------ c:\windows\System32\tmp31A3D.FOT
2009-02-22 23:48 . 2009-02-22 23:48 <DIR> d-------- c:\program files\Stanza
2009-02-22 23:46 . 2009-02-22 23:47 <DIR> d-------- c:\program files\Java
2009-02-22 23:46 . 2009-02-22 23:46 <DIR> d-------- c:\program files\Common Files\Java
2009-02-22 23:14 . 2009-02-22 23:14 <DIR> d-------- c:\users\Rodolfo Muniz\AppData\Roaming\iSilo
2009-02-22 23:14 . 2009-02-22 23:14 <DIR> d-------- c:\program files\iSilo
2009-02-19 18:42 . 2009-02-19 18:42 1,409 --a------ c:\windows\System32\tmpFE8F0.FOT
2009-02-15 14:44 . 2008-12-04 21:32 428,544 --a------ c:\windows\System32\EncDec.dll
2009-02-15 14:44 . 2008-12-04 21:32 293,376 --a------ c:\windows\System32\psisdecd.dll
2009-02-15 14:44 . 2008-12-04 21:31 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-15 14:44 . 2008-12-04 21:31 177,664 --a------ c:\windows\System32\mpg2splt.ax
2009-02-15 14:44 . 2008-12-04 21:31 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-12 23:39 . 2009-01-14 20:36 1,383,424 --a------ c:\windows\System32\mshtml.tlb
2009-02-12 23:39 . 2009-01-14 23:11 827,392 --a------ c:\windows\System32\wininet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 06:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-09 06:11 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-09 06:11 --------- d-----w c:\program files\Disney Interactive
2009-03-08 00:03 --------- d-----w c:\users\Rodolfo Muniz\AppData\Roaming\uTorrent
2009-03-06 06:46 --------- d-----w c:\programdata\Roxio
2009-03-06 06:24 --------- d-----w c:\programdata\WinZip
2009-03-05 20:18 --------- d-----w c:\programdata\Trend Micro
2009-03-04 18:36 --------- d-----w c:\program files\Trend Micro
2009-02-23 06:48 --------- d-----w c:\program files\Bonjour
2009-02-20 01:42 --------- d-----w c:\programdata\Lx_cats
2009-02-19 03:37 --------- d-----w c:\programdata\Microsoft Help
2009-02-18 23:36 --------- d-----w c:\users\Rodolfo Muniz\AppData\Roaming\Apple Computer
2009-02-13 07:51 --------- d-----w c:\program files\Windows Mail
2009-02-01 02:45 --------- d-----w c:\program files\DivX
2009-01-28 20:30 --------- d-----w c:\program files\WinAVI MP4 Converter
2008-06-21 05:27 174 --sha-w c:\program files\desktop.ini
2008-01-24 01:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-24 01:48 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-24 01:48 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-10-26 01:43 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007102520071026\index.dat
2007-10-26 01:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat
2007-10-26 01:50 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat
2007-10-26 01:50 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-12 1773568]
"LxrAutorun"="c:\users\Rodolfo Muniz\AppData\Local\Lexar Media\LxrAutorun.exe" [2006-11-09 24576]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"L09AXLRD_15812557"="c:\program files\Microsoft Student\Microsoft Student with Encarta Premium 2009 DVD\EDICT.EXE" [2008-06-03 351000]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-04 497008]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-19 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2007-04-11 26704]
"lxdomon.exe"="c:\program files\Lexmark 9500 Series\lxdomon.exe" [2007-09-06 450560]
"lxdoamon"="c:\program files\Lexmark 9500 Series\lxdoamon.exe" [2007-08-09 20480]
"Lexmark 9500 Series Fax Server"="c:\program files\Lexmark 9500 Series\fm3032.exe" [2007-09-18 307200]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-12 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-12 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-12 81920]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-02-06 177472]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-09-29 352256]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-08-21 185896]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-03-04 970808]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 c:\windows\RtHDVCpl.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 c:\windows\KHALMNPR.Exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-03-07 44168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2009-03-04 497008]
c:\users\Ana Hernandez\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
c:\users\Rodolfo Muniz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Registration Chessmasterr Grandmaster Edition .LNK - c:\program files\Ubisoft\Chessmaster Grandmaster Edition\Register\RegistrationReminder.exe [2003-11-06 864256]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-11-03 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D2C8A134-F14A-4252-AF2C-AFFF75DB3EE1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E8892AB9-A2ED-4BBB-8CBC-6383DF734454}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D5A61B3D-E4FA-4F08-A9DE-0EFCE5F5D648}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0559A56E-7BEA-4872-8BB7-516DC2BF1FBF}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9DDF7F5D-188B-465F-819C-9545F8735E30}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EDCB6D80-D148-4376-B117-AF6DDD4926A2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{65B4BA42-510F-40DA-A186-32E513C5CB6E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5A73E01D-683E-46E2-AD8E-5D77C690A298}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{28D10C9C-A25C-4B65-AEFF-742E6E55A506}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{58030CF2-F029-46CB-AFF3-A4274316E84C}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C76707BC-B2BE-4514-B35B-5B8FF10D0350}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{9AF7E9D0-BC16-498F-9399-C721B92A3CEE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EB9EE20E-BE33-47F4-9495-EFA3CA9EBB6B}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2745670C-04B3-4FD0-AF5F-7C2AAD4588E1}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{4DFA0B28-06D0-4BD5-899C-AD1C7F0C7492}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{5D8340D4-0996-44D8-869C-2E3165DA35B3}"= UDP:c:\windows\System32\lxcqcoms.exe:Lexmark Communications System
"{BBB983FF-676E-43F0-AC8A-FF27B42DEA1E}"= TCP:c:\windows\System32\lxcqcoms.exe:Lexmark Communications System
"{C5740364-747E-43B6-81B6-E0D477DCC83F}"= Disabled:UDP:135:TCP Port 135
"{68B352EB-DE79-45F0-A558-26D03BCA0DEE}"= Disabled:UDP:5000:TCP Port 5000
"{30E08C51-5AE7-4B30-8564-DE2253986C0F}"= Disabled:UDP:5001:TCP Port 5001
"{59E2C477-B786-417F-B565-5F423E66440A}"= Disabled:UDP:5002:TCP Port 5002
"{DA803F36-C805-4B93-943D-F4C0709D3E2B}"= Disabled:UDP:5003:TCP Port 5003
"{10E4E72E-AD68-4958-A339-3227EF8E7AB7}"= Disabled:UDP:5004:TCP Port 5004
"{FE8AD386-7AC5-4D22-8922-FEF47D84D860}"= Disabled:UDP:5005:TCP Port 5005
"{C3B97FFB-8474-4A2A-B6F9-4B9FD27AD7BA}"= Disabled:UDP:5006:TCP Port 5006
"{BD4A5931-FCD8-4FD1-A935-763315416068}"= Disabled:UDP:5007:TCP Port 5007
"{14717495-8AB7-4788-9A6C-90A05658F9C9}"= Disabled:UDP:5008:TCP Port 5008
"{4C067D2A-0E52-46AB-B444-E150360CF633}"= Disabled:UDP:5009:TCP Port 5009
"{11F6D830-5FF1-4443-A099-2BA7EA359760}"= Disabled:UDP:5010:TCP Port 5010
"{CD94824A-DB10-4517-845C-4F8CCB0C4A4F}"= Disabled:UDP:5011:TCP Port 5011
"{EBA4EDBB-0F79-4DF6-999A-FE75B85D5F4C}"= Disabled:UDP:5012:TCP Port 5012
"{DA99331B-B50C-4E22-985D-5D2BF4EC7D86}"= Disabled:UDP:5013:TCP Port 5013
"{A3B10423-9916-4FE6-89F0-C95593DD90B7}"= Disabled:UDP:5014:TCP Port 5014
"{55EA5233-6708-4037-8DB1-6A05AAED1B26}"= Disabled:UDP:5015:TCP Port 5015
"{42FDE30B-6C99-41F9-86B9-ECD57D6390C7}"= Disabled:UDP:5016:TCP Port 5016
"{E58A8AE8-FD7B-42EA-A9F6-71EC65FC3A6B}"= Disabled:UDP:5017:TCP Port 5017
"{E66D5A5E-E2C5-4C24-A2D5-E709BDB99C39}"= Disabled:UDP:5018:TCP Port 5018
"{D166369B-A0DD-48DF-8B17-0CAC446EAF80}"= Disabled:UDP:5019:TCP Port 5019
"{79538558-E39B-42FD-B29A-FD35B5B5A504}"= Disabled:UDP:5020:TCP Port 5020
"{6F59CE8D-B2D9-4756-B8C5-860850CFCADD}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{046571E3-142E-4706-8B1A-EB2B075C6E55}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{0C25BD3A-D620-4343-81D5-52325E576059}"= UDP:c:\program files\Lexmark 9500 Series\lxdoamon.exe:Lexmark Device Monitor
"{08752F38-D649-4124-B697-1773D94FF5FD}"= TCP:c:\program files\Lexmark 9500 Series\lxdoamon.exe:Lexmark Device Monitor
"{B26F745C-6C5B-46F3-85B4-0DAC0DA927D8}"= UDP:c:\program files\Lexmark 9500 Series\frun.exe:Lexmark Productivity Studio
"{5FBF1D72-6B2D-4F18-B0D7-2A705AA50CA5}"= TCP:c:\program files\Lexmark 9500 Series\frun.exe:Lexmark Productivity Studio
"{55963BCC-BCC7-4611-B7DD-CCF10D0D589F}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{66411AEE-CDF5-4D43-8416-B59FADFF59CE}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{33A8E055-D164-4A29-8764-0C5153A5C9AD}"= UDP:c:\program files\Lexmark 9500 Series\lxdoFax.exe:Fax software
"{6694D65C-5C76-45FE-8D29-673390294CB0}"= TCP:c:\program files\Lexmark 9500 Series\lxdoFax.exe:Fax software
"{87B7B150-2FAE-4B2D-95E8-D2CEE3709B90}"= UDP:c:\program files\Lexmark 9500 Series\lxdomon.exe:Printer Device Monitor
"{3C7BD5DC-7B43-421B-9E94-07D654F2FE1F}"= TCP:c:\program files\Lexmark 9500 Series\lxdomon.exe:Printer Device Monitor
"{C650ED09-9201-4687-B392-FBB5444284B2}"= UDP:c:\windows\System32\lxdocoms.exe:Lexmark Communications System
"{4CBEC34E-9940-4283-96EF-CC42783E3D0C}"= TCP:c:\windows\System32\lxdocoms.exe:Lexmark Communications System
"{434D5398-822C-4C34-94C2-8105B63DA681}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdopswx.exe:Printer Status Window Interface
"{D9EB136A-DF15-4112-8739-61927C7FB7AE}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdopswx.exe:Printer Status Window Interface
"{853A0248-FF27-468A-ABC2-71C9C21F6153}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdotime.exe:Lexmark Connect Time Executable
"{D8987DEE-2361-4EDE-9EDB-24F25471E9EA}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdotime.exe:Lexmark Connect Time Executable
"{79388F63-D59B-4805-90CA-FD025F9969BC}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdojswx.exe:Job Status Window Interface
"{09187AD9-317B-4FE0-A2AF-4C727E2B0C54}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdojswx.exe:Job Status Window Interface
"TCP Query User{8FBBD174-75C0-44FC-96E6-BCDB9F59E976}c:\\program files\\lexmark 9500 series\\lxdomon.exe"= UDP:c:\program files\lexmark 9500 series\lxdomon.exe:Printer Device Monitor
"UDP Query User{5FDFE818-676A-4130-97CE-E9E940802714}c:\\program files\\lexmark 9500 series\\lxdomon.exe"= TCP:c:\program files\lexmark 9500 series\lxdomon.exe:Printer Device Monitor
"{FB1F9792-C0B7-4204-9F21-A9F1494D5F9B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{75F013AB-0206-4243-9CC1-34411E020C51}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{CFAFC9E2-AD0D-496A-9389-A83A585DF3E5}c:\\program files\\lexmark 9500 series\\frun.exe"= UDP:c:\program files\lexmark 9500 series\frun.exe:Printing Application
"UDP Query User{B85DEEB3-D486-4017-8510-9EAF2B63E0E4}c:\\program files\\lexmark 9500 series\\frun.exe"= TCP:c:\program files\lexmark 9500 series\frun.exe:Printing Application
"{06DD72A1-0C94-4EED-B135-B230E5502FC4}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{1C046F03-D438-4C6C-A1E0-CF1C0112396D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{77B2F969-55EC-4C5D-84D8-004EDD471480}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2077825F-8D26-4A9F-956F-0464382E6977}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5F5455B2-F609-4A75-B065-275F1B056E99}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D2D3951A-5113-4DB2-BD2A-6C3FD1E6C606}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\System32\drivers\tmlwf.sys [2009-03-04 145424]
R2 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-09-29 991232]
R2 lxdo_device;lxdo_device;c:\windows\system32\lxdocoms.exe -service --> c:\windows\system32\lxdocoms.exe -service [?]
R2 LxrSII1d;Secure II Driver;c:\windows\System32\drivers\LxrSII1d.sys [2007-11-28 72672]
R2 tmevtmgr;tmevtmgr;c:\windows\System32\drivers\tmevtmgr.sys [2009-03-04 49680]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [2009-03-04 492888]
R2 tmpreflt;tmpreflt;c:\windows\System32\drivers\tmpreflt.sys [2009-03-04 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [2009-03-04 677128]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\System32\drivers\tmwfp.sys [2009-03-04 256528]
S2 lxdoCATSCustConnectService;lxdoCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdoserv.exe [2007-07-17 94208]
S3 FlyUsb;FLY Fusion;c:\windows\System32\drivers\FlyUsb.sys [2008-09-29 19456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1a18b96c-5e85-11dd-b257-001bb9863122}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b97897e1-0b98-11de-a51b-001bb9863122}]
\shell\AutoRun\command - H:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d789d43d-58f6-11dd-b733-001bb9863122}]
\shell\AutoRun\command - J:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-03-09 c:\windows\Tasks\User_Feed_Synchronization-{E3673D27-D65E-4B00-91AB-003F943F0F55}.job
- c:\windows\system32\msfeedssync.exe [2008-01-19 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.yahoo.com
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=desktop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Rodolfo Muniz\AppData\Roaming\Mozilla\Firefox\Profiles\y58jrxbe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official|http://ixquick.com/|http://mail.google.com/mail/?zx=1uvred5j1uke7&shva=1#inbox|https://login.yahoo.com/config/login_verify2?.partner=sbc&.done=http%3a//att.yahoo.com/|http://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1193807976&rver=4.5.2130.0&wp=MBI&wreply=http:%2F%2Fmail.live.com%2Fdefault.aspx&id=64855|http://sfpl.org/|https://catalog.plsinfo.org/search/|https://www.bankofamerica.com/Control.do?page=corp_bofacom
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 12:01:07
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2009-03-09 12:03:54
ComboFix-quarantined-files.txt 2009-03-09 19:03:50
Pre-Run: 346,695,823,360 bytes free
Post-Run: 346,848,530,432 bytes free
282 --- E O F --- 2009-03-04 18:13:33