Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32/Rootkit.Agent.ODG.trojan, unable to clean

Started by Stanton , Apr 27 2009 05:03 PM

  • Please log in to reply

#1
Stanton
Posted 27 April 2009 - 05:03 PM

Stanton

    New Member

  • Member
  • Pip
  • 1 posts
ComboFix 09-04-27.02 - Stanton 04/27/2009 16:59.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3068.2317 [GMT -5:00]
Running from: c:\users\Stanton\Desktop\ComboFix.exe
Command switches used :: c:\users\Stanton\Desktop\CFScript.txt
* Created a new restore point

FILE ::
I:\rtyb.cmd
.
ADS - Windows: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
c:\users\Stanton\AppData\Roaming\inst.exe
c:\windows\system32\drivers\gxvxcdmycortswcqibjlfomppvpqcmpluyxca.sys
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcfmnlkakbiignxfrkpdrbgqlvvojqntqr.dll
c:\windows\system32\pthreadGC2.dll
E:\Autorun.inf
F:\Autorun.inf
G:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-24 13:29 . 2009-04-24 14:00 -------- d-----w c:\users\Stanton\.SunDownloadManager
2009-04-24 05:51 . 2009-04-24 06:02 -------- d-----w c:\users\Stanton\Movies
2009-04-24 03:46 . 2009-04-24 03:51 -------- d-----w c:\users\Stanton\AppData\Roaming\U3
2009-04-23 10:15 . 2009-04-23 10:15 -------- d-----w c:\program files\VistaCodecPack
2009-04-23 10:14 . 2009-04-23 10:14 -------- d-----w c:\programdata\VistaCodecs
2009-04-23 10:14 . 2009-04-23 10:14 -------- d-----w c:\users\All Users\VistaCodecs
2009-04-22 23:24 . 2009-04-22 23:24 -------- d-----w c:\program files\MP4 Player
2009-04-22 22:45 . 2009-04-22 22:45 -------- d-----w c:\program files\QuickyPlaeyr
2009-04-22 22:41 . 2009-04-22 23:23 -------- d-----w c:\program files\DVD Identifier
2009-04-22 22:32 . 2009-04-22 22:32 -------- d-----w c:\programdata\Apple Computer
2009-04-22 22:32 . 2009-04-22 22:32 -------- d-----w c:\users\All Users\Apple Computer
2009-04-22 22:32 . 2009-04-22 22:32 -------- d-----w c:\program files\QuickTime Alternative
2009-04-22 22:31 . 2009-04-22 22:31 -------- d-----w c:\program files\Coolsoft
2009-04-22 22:29 . 2009-04-22 22:48 -------- d-----w c:\users\Stanton\AppData\Roaming\GetRightToGo
2009-04-22 19:06 . 2009-04-22 19:06 251930 ----a-w c:\windows\system32\winreger.exe
2009-04-22 17:40 . 2009-04-22 17:40 -------- d-----w c:\program files\7-Zip
2009-04-22 01:51 . 2009-04-22 01:51 -------- d-----w c:\users\Stanton\AppData\Roaming\CyberLink
2009-04-22 01:51 . 2009-04-22 01:51 -------- d-----w c:\users\Stanton\AppData\Local\CyberLink
2009-04-22 01:51 . 2009-04-22 01:51 -------- d-----w c:\users\Stanton\AppData\Local\PowerCinema
2009-04-21 07:57 . 2009-04-21 07:57 -------- d-----w c:\program files\AccuWeather.com Stratus
2009-04-21 07:31 . 2009-04-21 07:31 -------- d-----w c:\programdata\WindowsSearch
2009-04-21 07:31 . 2009-04-21 07:31 -------- d-----w c:\users\All Users\WindowsSearch
2009-04-21 04:26 . 2009-04-21 04:26 -------- d-----w c:\program files\Photoshop
2009-04-21 04:05 . 2009-04-21 04:05 -------- d-----w c:\program files\Photoshp
2009-04-21 03:59 . 2009-04-21 03:59 -------- d-----w C:\Squizz Warp
2009-04-21 03:40 . 2009-04-21 03:40 -------- d-----w c:\users\Stanton\Open this
2009-04-21 03:30 . 2009-04-21 03:30 -------- d-----w C:\win32app
2009-04-21 02:41 . 2009-04-21 02:41 -------- d-----w C:\ColorSafe
2009-04-20 21:23 . 2009-04-20 21:23 -------- d-----w c:\users\Stanton\AppData\Roaming\onOne Software
2009-04-20 21:23 . 2009-04-20 21:23 -------- d-----w c:\programdata\onOne Software
2009-04-20 21:23 . 2009-04-20 21:23 -------- d-----w c:\users\All Users\onOne Software
2009-04-20 21:23 . 2009-04-20 21:23 -------- d-----w c:\program files\onOne Software
2009-04-20 13:42 . 2009-04-20 14:08 -------- d-----w c:\users\Stanton\AppData\Roaming\SoundSpectrum
2009-04-20 13:40 . 2009-04-20 13:40 -------- d-----w c:\programdata\Winferno
2009-04-20 13:40 . 2009-04-20 13:40 -------- d-----w c:\users\All Users\Winferno
2009-04-20 13:35 . 2009-04-20 14:08 -------- d-----w c:\program files\SoundSpectrum
2009-04-20 13:34 . 2009-04-20 13:57 -------- d-----w c:\program files\Winferno
2009-04-20 04:53 . 2009-04-20 04:53 -------- d-----w c:\users\Public\Roaming
2009-04-20 04:53 . 2009-04-20 04:53 -------- d-----w c:\users\Stanton\Library
2009-04-20 04:53 . 2009-04-20 04:53 -------- d-----w c:\users\Stanton\AppData\Roaming\com.adobe.ExMan
2009-04-20 03:56 . 2009-04-21 10:21 -------- d-----w c:\users\Stanton\{5419d92c-1804-477b-bacb-d6c477c83b1c}
2009-04-20 03:54 . 2009-04-20 03:54 -------- d-----w C:\NVIDIA
2009-04-20 03:36 . 2009-04-21 10:21 -------- d-----w c:\programdata\FLEXnet
2009-04-20 03:36 . 2009-04-21 10:21 -------- d-----w c:\users\All Users\FLEXnet
2009-04-20 03:16 . 2009-04-20 03:16 -------- d-----w c:\programdata\ALM
2009-04-20 03:16 . 2009-04-20 03:16 -------- d-----w c:\users\All Users\ALM
2009-04-20 03:11 . 2009-04-20 03:11 -------- d-----w c:\program files\Common Files\PX Storage Engine
2009-04-20 03:00 . 2008-04-07 10:38 22872 ----a-r c:\windows\system32\AdobePDFUI.dll
2009-04-20 02:52 . 2009-04-20 02:52 -------- d-----w c:\program files\Adobe Media Player
2009-04-20 02:45 . 2009-04-20 02:45 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-04-19 15:32 . 2009-04-19 15:32 -------- d-----w c:\program files\IZArc
2009-04-18 18:09 . 2009-04-18 18:09 -------- d-----w c:\programdata\Azureus
2009-04-18 18:09 . 2009-04-18 18:09 -------- d-----w c:\users\All Users\Azureus
2009-04-18 18:09 . 2009-04-27 20:49 -------- d-----w c:\users\Stanton\AppData\Roaming\Azureus
2009-04-18 18:08 . 2009-04-18 18:08 -------- d-----w c:\program files\Vuze
2009-04-18 11:02 . 2009-04-18 11:02 -------- d-----w c:\users\Stanton\AppData\Roaming\com.AccuWeather.air.stratus.6AF67E59E785A9A644FCA43BED05A7731922EF40.1
2009-04-18 11:01 . 2009-04-18 11:01 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-18 04:32 . 2009-04-18 04:36 7 ----a-w c:\windows\sbacknt.bin
2009-04-18 04:31 . 2009-04-18 04:36 152904 ----a-w c:\windows\system32\vghd.scr
2009-04-18 04:31 . 2009-04-21 10:21 -------- d-----w c:\program files\vghd
2009-04-18 04:31 . 2009-04-21 07:28 -------- d-----w c:\users\Stanton\AppData\Roaming\vghd
2009-04-18 03:31 . 2009-04-18 03:31 -------- d-----w c:\users\Stanton\AppData\Local\RapidShare
2009-04-18 03:30 . 2009-04-18 03:30 -------- d-----w c:\users\Stanton\AppData\Roaming\OpenOffice.org
2009-04-18 03:27 . 2009-04-18 03:27 -------- d-----w c:\program files\OpenOffice.org 3
2009-04-18 03:05 . 2009-04-18 03:05 -------- d-----w c:\users\Stanton\AppData\Local\Apps
2009-04-18 03:05 . 2009-04-18 03:05 -------- d-----w c:\users\Stanton\AppData\Local\Deployment
2009-04-17 22:52 . 2009-04-17 22:54 -------- d-----w c:\users\Stanton\LimeWire Downloads
2009-04-17 21:43 . 2009-04-17 21:43 -------- d-----w c:\program files\WinRAR(4)
2009-04-16 13:16 . 2009-04-16 13:17 -------- d--h--w c:\windows\msdownld.tmp
2009-04-16 13:11 . 2009-04-16 13:11 -------- d-----w c:\program files\Netdevil
2009-04-16 12:51 . 2009-04-16 12:51 -------- d-----w c:\program files\3000AD
2009-04-16 12:27 . 2009-04-16 12:27 -------- d-----w c:\windows\system32\AGEIA
2009-04-16 12:27 . 2009-04-16 12:27 -------- d-----w c:\program files\AGEIA Technologies
2009-04-16 12:27 . 2009-04-21 10:21 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-16 12:24 . 2009-04-16 12:24 -------- d-----w c:\program files\1C
2009-04-16 11:24 . 2009-04-27 20:58 -------- d-----w c:\program files\cFosSpeed
2009-04-16 01:24 . 2009-04-16 01:24 -------- d-----w c:\program files\Activision
2009-04-15 19:06 . 2009-04-15 19:06 -------- d-----w c:\program files\Sierra
2009-04-15 18:54 . 2009-04-15 18:54 -------- d-----w c:\users\Stanton\AppData\Roaming\SanDisk
2009-04-15 18:53 . 2009-04-15 18:53 -------- d-----w c:\users\Stanton\AppData\Roaming\Webroot
2009-04-15 18:53 . 2009-04-15 18:53 -------- d-----w c:\programdata\Webroot
2009-04-15 18:53 . 2009-04-15 18:53 -------- d-----w c:\users\All Users\Webroot
2009-04-15 18:53 . 2009-04-15 18:53 -------- d-----w c:\program files\Common Files\Webroot Shared
2009-04-15 18:53 . 2009-04-15 18:53 -------- d-----w c:\program files\Webroot
2009-04-15 18:53 . 2007-11-26 19:47 194888 ----a-w c:\windows\Unwash6.exe
2009-04-15 18:45 . 2009-04-27 20:29 28029 ----a-w c:\programdata\nvModes.dat
2009-04-15 18:45 . 2009-04-27 20:29 28029 ----a-w c:\users\All Users\nvModes.dat
2009-04-15 18:44 . 2009-04-15 18:44 -------- d-----w c:\program files\Mario Forever
2009-04-15 18:41 . 2009-04-26 17:50 -------- d-----w c:\users\Stanton\AppData\Roaming\LimeWire
2009-04-15 18:36 . 2009-04-15 18:36 47360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-04-15 18:36 . 2009-04-15 18:36 47360 ----a-w c:\users\Stanton\AppData\Roaming\pcouffin.sys
2009-04-15 18:36 . 2009-04-15 18:38 -------- d-----w c:\users\Stanton\AppData\Roaming\Vso
2009-04-15 18:36 . 2002-12-10 08:20 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-15 18:36 . 2006-09-29 18:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-15 18:36 . 2006-09-29 18:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-15 18:36 . 2006-09-29 18:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-15 18:36 . 2007-03-19 02:37 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-15 18:36 . 2006-05-12 01:21 626688 ----a-w c:\windows\system32\vp7vfw.dll
2009-04-15 18:36 . 2006-05-20 22:16 1184984 ----a-w c:\windows\system32\wvc1dmod.dll
2009-04-15 18:36 . 2009-04-15 18:36 -------- d-----w c:\program files\VSO
2009-04-15 18:26 . 2009-04-15 18:26 -------- d-----w c:\program files\Vstplugins
2009-04-15 18:26 . 2009-04-15 18:27 -------- d-----w c:\program files\Sony
2009-04-15 18:21 . 2009-04-15 18:21 -------- d-----w C:\PSFONTS
2009-04-15 18:21 . 2009-04-15 18:21 -------- d-----w c:\program files\Finale NotePad 2008
2009-04-15 18:20 . 2008-01-18 08:36 107864 ----a-w c:\windows\system32\tsccvid.dll
2009-04-15 18:20 . 2009-04-15 18:20 -------- d-----w c:\programdata\TechSmith
2009-04-15 18:20 . 2009-04-15 18:20 -------- d-----w c:\users\All Users\TechSmith
2009-04-15 18:20 . 2009-04-15 18:20 -------- d-----w c:\program files\Common Files\TechSmith Shared
2009-04-15 18:20 . 2009-04-15 18:20 -------- d-----w c:\program files\TechSmith
2009-04-15 17:11 . 2009-04-15 17:11 -------- d-----w c:\program files\PicLensIE
2009-04-15 17:09 . 2009-04-15 17:09 -------- d-----w c:\users\Stanton\WaterMarks
2009-04-15 16:34 . 2009-04-16 11:38 -------- d-----w c:\programdata\Watermark Factory
2009-04-15 16:34 . 2009-04-16 11:38 -------- d-----w c:\users\All Users\Watermark Factory
2009-04-15 16:32 . 2009-04-15 17:03 -------- d-----w c:\program files\Watermark Factory 2
2009-04-15 14:55 . 2009-04-15 18:37 -------- d-----w c:\users\Stanton\AppData\Local\Cooliris
2009-04-15 14:25 . 2009-04-15 14:25 -------- d-----w c:\users\Stanton\AppData\Local\Mozilla
2009-04-15 13:08 . 2009-04-15 13:08 -------- d-----w c:\users\Stanton\AppData\Local\Nero
2009-04-15 13:07 . 2009-04-15 13:07 -------- d-----w c:\programdata\LightScribe
2009-04-15 13:07 . 2009-04-15 13:07 -------- d-----w c:\users\All Users\LightScribe
2009-04-15 13:07 . 2009-04-15 13:08 -------- d-----w c:\users\Stanton\AppData\Roaming\Nero
2009-04-15 13:06 . 2009-04-15 13:06 -------- d-----w c:\users\Stanton\AppData\Local\ESET
2009-04-15 13:05 . 2009-04-15 13:05 5723432 ----a-w C:\AdvrCntr4.dll
2009-04-15 12:34 . 2009-04-15 12:47 -------- d-----w c:\program files\Nero
2009-04-15 12:33 . 2009-04-15 12:41 -------- d-----w c:\programdata\Nero
2009-04-15 12:33 . 2009-04-15 12:41 -------- d-----w c:\users\All Users\Nero

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 22:02 . 2008-08-25 20:50 12 ----a-w c:\windows\bthservsdp.dat
2009-04-20 21:23 . 2008-08-25 21:11 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-20 03:21 . 2008-08-25 23:27 -------- d-----w c:\program files\Common Files\Adobe
2009-04-20 03:01 . 2006-11-02 10:25 86016 ----a-w c:\windows\inf\infstor.dat
2009-04-20 03:01 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-20 03:01 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-15 18:56 . 2009-04-15 18:56 0 ---ha-w c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-14 19:54 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-14 18:37 . 2006-11-02 10:25 665600 ----a-w c:\windows\inf\drvindex.dat
2009-04-14 18:31 . 2009-04-14 11:52 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_HDX 18 Notebook PC_Y5335KV_0U_QCNF901106C_E488299-002_4A_I3610_SQuanta_V15.26_F.21_T090312_WV3-1_L409_M3069_J250_7Intel_8676_92.53_#090414_N10EC8168;80864237_(FF231AV)_XMOBILE_CN10_Z_2Rev 1_G10DE0649.MRK
2009-04-14 18:31 . 2008-08-25 20:56 -------- d-----w c:\program files\Hewlett-Packard
2009-04-14 18:30 . 2009-04-14 18:30 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01005.Wdf
2009-04-14 18:29 . 2009-04-14 08:21 -------- d-----w c:\program files\AVerMedia
2009-04-14 16:48 . 2008-08-25 22:32 19501 ----a-w c:\windows\hpqins13.dat
2009-04-14 13:20 . 2006-11-02 12:37 -------- d-----w c:\program files\MSBuild
2009-04-14 12:14 . 2008-08-25 21:23 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-14 11:53 . 2006-11-02 12:37 -------- d-----w c:\program files\Windows Sidebar
2009-04-14 08:30 . 2008-08-25 22:44 -------- d-----w c:\program files\Cyberlink
2009-04-14 08:26 . 2009-04-14 08:20 -------- d-----w c:\program files\Intel
2009-04-14 08:21 . 2009-04-14 08:21 -------- d-----w c:\program files\WIDCOMM
2009-04-14 08:17 . 2009-04-14 08:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01007.Wdf
2009-03-20 13:56 . 2009-03-13 14:06 357182 ----a-w c:\windows\reset.exe
2009-03-19 16:45 . 2009-03-19 16:45 38240 ----a-w c:\windows\system32\drivers\epfwwfp.sys
2009-03-19 16:45 . 2009-03-19 16:45 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-03-19 16:45 . 2009-03-19 16:45 131976 ----a-w c:\windows\system32\drivers\epfw.sys
2009-03-19 16:44 . 2009-03-19 16:44 107256 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-03-19 16:41 . 2009-03-19 16:41 113960 ----a-w c:\windows\system32\drivers\eamon.sys
2009-03-17 03:38 . 2009-04-14 19:41 40960 ----a-w c:\windows\AppPatch\apihex86.dll
2009-03-17 03:38 . 2009-04-14 19:41 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-14 19:41 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-14 19:41 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-14 19:41 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-14 19:48 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-14 19:41 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-14 19:41 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-14 19:41 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-14 19:48 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-14 19:41 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-14 19:41 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-14 19:41 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-14 19:41 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-14 19:41 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-14 19:48 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-23 16:25 . 2009-02-23 16:25 3715072 ----a-w c:\windows\system32\drivers\NETw5v32.sys
2009-02-23 16:25 . 2009-02-23 16:25 2756608 ----a-w c:\windows\system32\NETw5r32.dll
2009-02-22 21:32 . 2009-02-22 21:32 1003520 ----a-w c:\windows\system32\VSFilter.dll
2009-02-13 08:49 . 2009-04-14 19:41 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-14 19:41 1255936 ----a-w c:\windows\system32\lsasrv.dll
2008-01-21 02:43 . 2006-11-02 12:50 174 --sha-w c:\program files\desktop.ini
2008-08-25 21:37 . 2008-08-25 21:37 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-15 39408]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"MP4 Player"="c:\program files\MP4 Player\mp4Player.exe" [2008-11-06 772096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-25 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-25 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-17 1348904]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2008-07-15 814144]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-01-08 915000]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-05 442467]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-11-28 1148200]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-12-25 1316136]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-12-25 189736]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-15 68592]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"Windows Manager System"="winreger.exe" - c:\windows\System32\winreger.exe [2009-04-22 251930]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Users^Stanton^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
path=c:\users\Stanton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK
backup=c:\windows\pss\DesktopVideoPlayer.LNKStartup

[HKLM\~\startupfolder\C:^Users^Stanton^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Stanton\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SansaDispatch"=c:\users\Stanton\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6A67FBDB-BF26-4863-836C-2B9E9679A1BA}"= c:\program files\Hewlett-Packard\Media\TV\QP.exe:Quick Play
"{EAE4E6F6-8030-4008-BA08-7A44F8E69131}"= c:\program files\Hewlett-Packard\Media\TV\QPService.exe:Quick Play Resident Program
"{E0EFDDC2-AAF4-4DD6-B71B-9AEF16DAD35A}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{49A3B672-0CB1-47C4-B81A-92B624F354C7}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{0F3A748A-A360-4666-8BB3-8DE72A7A8896}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A6EA31F1-DE3A-4D26-90CB-3C6961AA3C7B}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5DBD5EC9-E110-45B6-AA9B-32D446AC6A9E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{98499CC3-B16E-4F14-B532-737E59639181}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{2C883BFE-7641-4EE5-9EB9-835BA003318A}"= c:\program files\HP\Digital Imaging\bin\hpqpse.exe:hpqpse.exe
"{E1CE3F70-9BD8-4C80-A8C1-D55FBF5BA862}"= c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe:hpqphotocrm.exe
"{13A5961A-B15F-4275-A7A7-C82DC6D28BFA}"= c:\program files\HP\Digital Imaging\bin\hpqsudi.exe:hpqsudi.exe
"{C778A55E-0682-465D-8BA0-0585847B51CA}"= c:\program files\HP\Digital Imaging\bin\hpqpsapp.exe:hpqpsapp.exe
"{808B126E-722E-4981-BE84-F34B18AA94D4}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartMusic.exe:HP TouchSmart Music
"{29AF22C2-5E85-463D-812D-25A2D4EE2ADD}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{91983C9B-22AF-4383-81D7-DDEE7111D76D}"= c:\program files\Hewlett-Packard\Media\DVD\HPTouchSmartVideo.exe:HP TouchSmart Video
"{D7ADD2A5-126E-4249-A64C-04C604FB519B}"= c:\program files\Hewlett-Packard\Media\DVD\TSMAgent.exe:HP TouchSmart Media Resident Program
"{F623E4DC-CF49-4CE5-AA22-6A736FCEFD01}"= c:\program files\Hewlett-Packard\Media\DVD\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{9E46C85B-7DB8-4C7E-A7EB-CF5761125398}"= c:\program files\Hewlett-Packard\Media\DVD\HPDVDSmart.exe:HP MediaSmart DVD
"{A014D23A-8C4A-4894-8BA4-C336DE65B5E3}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe:HP TouchSmart Music
"{A6C26BAB-1DFF-4C91-825B-4500FF75361D}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe:HP TouchSmart Photo
"{86F635DD-5748-4697-BBAB-3FD44BF9DA3D}"= c:\program files\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe:HP TouchSmart Video
"{F60638FC-DCEF-43C6-8713-7E740837285E}"= c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe:HP TouchSmart Media Resident Program
"{5BDA6582-A606-46D1-A2A6-C6CC3ECFEE92}"= c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe:CyberLink Media Service
"{8CD8DEDC-A2A1-420A-AFEC-F80048795599}"= UDP:c:\program files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat
"{47585F81-B574-48D5-8FF5-D125560E3644}"= TCP:c:\program files\Sierra\FEARCombat\FEARMP.exe:FEAR Combat
"{998407CC-BC10-4467-B1B0-5CA878C5F434}"= UDP:5353:Adobe CSI CS4
"{F0D8E147-B1EB-45BB-8446-05D45484C46F}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{99E6E2FC-BEAA-4F66-AD5F-6784103E7349}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{BE105E65-0286-4517-9D0C-B3DBB3DDA592}"= UDP:3703:Adobe Version Cue CS4 Server
"{07AE5585-602A-43F0-81F0-4477644987A5}"= UDP:3704:Adobe Version Cue CS4 Server
"{DE9EBB12-C407-47D7-B09F-7FAA65DB55E8}"= UDP:51000:Adobe Version Cue CS4 Server
"{E76C8393-BF15-4268-9F5F-D61120A6ABB3}"= UDP:51001:Adobe Version Cue CS4 Server
"{17048B99-67C6-48A2-B02D-017930DEB2DA}"= UDP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{26CE3E5D-5487-4880-8A4A-91C4DC01CE06}"= TCP:c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe:Adobe Version Cue CS4 Server
"{CA7BE2AD-7F40-4BC2-95D1-8FE7856DC77D}"= UDP:c:\program files\ESET\ESET Smart Security\egui.exe:ESET Smart Security
"{A780AD16-4DBF-4FA8-B756-87C404857CF0}"= TCP:c:\program files\ESET\ESET Smart Security\egui.exe:ESET Smart Security
"TCP Query User{835C1EEC-41DB-4010-BEE9-17AEBF11EEC6}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{D592A101-CF98-4AE3-8A22-5C66C776C0E1}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus

R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [2009-03-20 357182]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 FDelFile;FDelFile;c:\program files\Perfect Uninstaller\FDelFile.sys [2009-04-15 11840]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-05-26 40752]
R3 wrssweep;Webroots Volume Access Driver;c:\program files\Webroot\Washer\wrssweep.sys [2007-11-26 21832]
R4 AESTFilters;AESTFilters;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a33c8195\aestsrv.exe [2008-06-27 77824]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/14 13:09];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 23:04 87536]
S2 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 107256]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-03-19 38240]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-03-18 19456]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [2008-08-07 361808]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-04-15 603904]
S2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-11-18 599344]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [2007-11-26 598856]
S3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\DRIVERS\AVerBDA716x.sys [2008-12-03 1114880]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2008-04-28 54784]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-08-07 97536]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2009-02-23 3715072]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-26 44064]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-04-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 03:36]

2009-04-27 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 14:20]

2009-04-23 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 14:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://webmail.aol.com/42402/aol/en-us/suite.aspx
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=Pavilion&pf=cnnb
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - hxxp://www.cooliris.com/shared/plinstll.cab
FF - ProfilePath - c:\users\Stanton\AppData\Roaming\Mozilla\Firefox\Profiles\bvor5d7z.default\
FF - component: c:\program files\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: c:\users\Stanton\AppData\Roaming\Mozilla\Firefox\Profiles\bvor5d7z.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - component: c:\users\Stanton\AppData\Roaming\Mozilla\Firefox\Profiles\bvor5d7z.default\extensions\{D02B1E87-A8C6-433f-9B5C-2CEC4A072736}\components\susfox3.dll
FF - component: c:\users\Stanton\AppData\Roaming\Mozilla\Firefox\Profiles\bvor5d7z.default\extensions\[email protected]\components\coolirisstub.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 17:04
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe"

[HKEY_USERS\software\Classes\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\system32\\Macromed\\Flash\\Flash10b.ocx, 1"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_USERS\software\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_USERS\software\Classes\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=

[HKEY_USERS\software\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""

[HKEY_USERS\software\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"

[HKEY_USERS\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="11DB1041E1B8C7F27208888ECE9EA9437BE6B7D3C513A48C9E82705DA4C268A98BEFE69CE457B09B9E1D5EA6294EE1C
313A1A8B91FCD643E8E2BECDDB29B5E3F796BCA890A94B80826273FE0DBBFEEE84BC867FB88EC3BD3CA850C470F5F03FCCB18
7B66D10E1F91200237341CF4F1F48067EF4D8A71C7181471D5253C2F1058C745AEB74FA7DC73F58DC740B132BC8CE21030814
522D9B87FCEC3A5CC72F2A709C48B262B089BCFE82EE6C2FCFDD73A755508936B85F4C8F503C41DE5D14C25FA6F2D7CA39ABA
2A89C9FB236C267D6990D1CFA2416AD33F3378BD01C43D7272619CA5AB068ECB6ABFCCE4E986B81FEC5FA051ED216261F4489
D046DB8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC7
4CA6A0AC4980AC79335D575E7D6A3B98085D575E7D6A3B9808A2D97226D213B555964DFA26DA5BF439DD6D7B2D28DA09D4C0D
85C9E1FF9034426953FEE5AEF9C3ECA464C8A65B49A5C1B04885AA04E71C3241EB69D3E6A6630109449903D4BD13937F3E56B
0D0664793C757721A88F04003B75517FD414350D0A39DF1562AC96A184FD6FE987D0EA64E964F787452C34D0D02106D0D9B45
B369F01A8AD509C6F881E3F77FE0F0BEC02122AA16B7FA71891721514F4C87A691E9F9F2A611399861535C8EDF6DD9DCB4CE6
D3EE7E66F8EB30F27B2120200B92471D7B518B3A13267FBC5CA9F0B5698D52DBA03DC30B8B0D32E8B2B1DCE17D2FCA70AEEFD
A5AED4116EDF263DFDABCDC36AA06CF1603BEFEACAC4BB309955DBBD4330838528805ECB844B6B80E17E006AED0ABCC20E7E3
E94C5E8A74D6C4AAD6A4448A44C8E22461DB8009AA94B50EFB840FEFBE6457C417CE5E6B294AFE5BC49048EB9067888B7A0CA
6FA9E648872D4966B6114B6731AF40AD31AE7BFD655EE7F26177BAF9C723B637ED5DEC062B1C959AD459E40E0139863A8782C
E262755E6D092B4B72C600C695949597C21E5F3950631596FCCA5337578B9C56363C0CC5EB5E78A856B3D16666B8685CD4960
7A4955F7B14BE5E72ACF3EE4FA98E84DCF61E5C889ED611F8082F7F329F37ADA6B25AB35B16AACBFBF5DB070ECC185B1FEB3C
77939E4394F9BB5D408A3D7EC7302CDDBC4680B8C9EB38C8508A4B4E6A803F136B897C3D744FB6F2183DF0114D8800F814071
9349338B90407AA15055A20B004398C70BB6D64D18467C95D2C2A0C40141F1908C063C6666EAE08FCDF5991A38021F1978ABE
1B893BD0E2875D5185A12D002EDE517E72CA798CEFBBD99BDCA1932CC6F248ABC700D43D70578B34BAFE5820A98E2F280B9A2
E2BE26ABFD77F55D8A54764E67C34F7A25A0F1D6BCE5ED53BAD24ECF72AD22DA55918893547E78FFE9CE736AC7C9DDB0A150D
08891C9C480F996BB51B53027E1228F8FD"

[HKEY_USERS\system\ControlSet001\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxcbqeivqxrrpmtxuqywesfevsdtidnwiqr.sys"

[HKEY_USERS\system\ControlSet003\Services\gxvxcserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\gxvxcbqeivqxrrpmtxuqywesfevsdtidnwiqr.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(744)
c:\windows\system32\DPPWDFLT.dll

- - - - - - - > 'Explorer.exe'(2344)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
c:\windows\system32\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a33c8195\stacsv.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\dllhost.exe
c:\windows\System32\reg.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-04-27 17:10 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-27 22:10

Pre-Run: 77,219,991,552 bytes free
Post-Run: 76,666,732,544 bytes free

Attached Files


  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP