ComboFix 10-01-29.04 - tammy 01/29/2010 13:20:07.11.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1021.655 [GMT -7:00]
Running from: c:\documents and settings\tammy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\tammy\Desktop\CFScript.txt
FILE ::
"c:\windows\system32\Drivers\PsSdk30.drv"
.
PEV Error: ProgramsFolder
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Fonts\MyriadPro-Regular.otf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PSSDK30
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.
2010-01-15 15:45 . 2010-01-15 15:45 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-15 15:45 . 2010-01-15 15:45 -------- d-----w- c:\program files\Reference Assemblies
2010-01-15 15:44 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-01-15 15:44 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-01-15 15:44 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-01-15 15:44 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-01-15 15:44 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-01-15 15:44 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-01-15 15:44 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-01-15 15:44 . 2010-01-15 15:44 -------- d-----w- C:\17fa7fbb9aa743a2b4f61dd0f96e8747
2010-01-15 15:44 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-01-15 15:44 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-01-15 15:44 . 2010-01-15 16:09 -------- d-----w- c:\windows\SxsCaPendDel
2010-01-15 15:40 . 2010-01-15 15:40 -------- d-----w- c:\program files\MSXML 6.0
2010-01-14 05:21 . 2010-01-14 05:21 -------- d-----w- c:\windows\system32\KB905474
2010-01-14 05:21 . 2009-03-11 05:26 1403264 ----a-w- c:\windows\system32\KB905474\wganotifypackageinner.exe
2010-01-14 05:21 . 2009-03-11 05:18 453512 ----a-w- c:\windows\system32\KB905474\wgasetup.exe
2010-01-13 04:49 . 2010-01-13 04:49 -------- d-----w- c:\windows\ServicePackFiles
2010-01-11 22:18 . 2007-04-16 16:07 986112 ------w- C:\kernel32.dll
2010-01-07 22:35 . 2010-01-07 22:35 -------- d--h--w- c:\windows\PIF
2010-01-07 21:19 . 2010-01-07 21:19 -------- d-----w- c:\program files\ERUNT
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-21 22:37 . 2007-12-10 01:32 458216 ----a-w- c:\documents and settings\tammy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-21 22:36 . 2009-02-21 05:29 -------- d-----w- c:\program files\The Print Shop 23
2010-01-21 21:35 . 2008-10-25 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-21 21:35 . 2010-01-07 21:27 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-21 19:27 . 2008-11-14 22:09 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-16 10:19 . 2007-12-10 01:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-16 10:11 . 2007-12-10 01:40 -------- d-----w- c:\program files\Microsoft Works
2010-01-15 15:45 . 2007-12-10 01:40 -------- d-----w- c:\program files\MSBuild
2010-01-11 02:43 . 2008-02-10 03:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-07 23:07 . 2008-10-25 20:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 23:07 . 2008-10-25 20:45 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2004-08-04 05:56 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 05:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2004-08-04 05:56 17408 ------w- c:\windows\system32\corpol.dll
2009-12-18 04:44 . 2008-08-02 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\LxThumbs
2009-12-14 19:15 . 2009-12-14 19:15 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-11-21 16:36 . 2004-08-04 05:56 470528 ----a-w- c:\windows\AppPatch\aclayers.dll
2007-12-12 17:38 . 2007-12-12 17:38 23405072 -c--a-w- c:\program files\AdbeRdr811_en_US.exe
2007-03-17 06:00 . 2008-03-13 21:53 35979 ----a-w- c:\program files\Photoshop CS3 Read Me.html
2009-03-01 09:24 . 2009-02-26 19:46 11649056 -csha-w- c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-10-23 2363392]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-08 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"RTHDCPL"="c:\windows\RTHDCPL.EXE" [2008-05-14 16862720]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
"nwiz"="c:\windows\system32\nwiz.exe" [2007-12-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-04 81920]
c:\documents and settings\Gaming\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\The Print Shop 23\Remind.exe [2008-7-16 344064]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^tammy^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\tammy\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^tammy^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\tammy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-10-11 03:51 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2008-02-19 18:10 267048 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-10-25 21:33 563984 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-10-25 21:37 2178832 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-09-01 23:57 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-07-21 23:14 86016 -c----r- c:\windows\SoundMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-10-08 23:13 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-06-09 08:36 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRobotics USB Internet Mini Phone]
2007-02-15 18:31 338944 -c--a-w- c:\program files\U.S. Robotics\USB Internet Mini Phone\USRobotics USB Internet Mini Phone.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRobotics USB Internet Mini Phone Control Panel]
2007-02-15 18:29 2123264 -c--a-w- c:\program files\U.S. Robotics\USB Internet Mini Phone\USB Internet Mini Phone UI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
2007-08-30 23:43 4670704 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FLEXnet Licensing Service"=3 (0x3)
"iPod Service"=3 (0x3)
"gusvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"aawservice"=2 (0x2)
"Symantec AntiVirus"=2 (0x2)
"StkASSrv"=2 (0x2)
"SPBBCSvc"=2 (0x2)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdecoms.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\frun.exe"=
"c:\\Program Files\\Abbyy FineReader 6.0 Sprint\\Scan\\ScanMan6.exe"=
"c:\\Program Files\\Lexmark Fax Solutions\\FaxCtr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdepswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdetime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdejswx.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\Wireless\\lxdewpss.exe"=
"c:\\WINDOWS\\system32\\lxdecfg.exe"=
"c:\\Program Files\\Logitech\\QuickCam\\Quickcam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Lexmark 4800 Series\\lxdemon.exe"=
R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [10/3/2008 3:28 PM 176136]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 LxrSII1d;Secure II Driver;c:\windows\system32\drivers\LxrSII1d.sys [4/5/2008 11:35 PM 70016]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [12/12/2007 2:42 PM 99248]
S3 xbreader;MaxDrive XBox Driver (xbreader.sys);c:\windows\system32\drivers\xbreader.sys [1/2/2001 9:53 PM 19677]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/9/2007 6:29 PM 717296]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-10-23 02:55 451872 -c--a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
2010-01-29 c:\windows\Tasks\User_Feed_Synchronization-{59B3E264-20D2-4BFE-864F-F7C4E1F84BFC}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 02:36]
2010-01-29 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2010-01-14 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sparkpeople.com/websearch/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
FF - ProfilePath - c:\documents and settings\tammy\Application Data\Mozilla\Firefox\Profiles\p04rj5jz.Default User\
FF - prefs.js: browser.startup.homepage - hxxp://www.sparkpeople.com/
FF - plugin: c:\documents and settings\tammy\Application Data\Mozilla\Firefox\Profiles\p04rj5jz.Default User\extensions\
[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000004.dll
FF - plugin: c:\documents and settings\tammy\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.21\Plugins\npybrowserplus_2.4.21.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npampx3.0.84.2.dll
FF - HiddenExtension: XUL Cache: {DB1C0118-51D0-472E-B776-5A9BC86F3A1E} - c:\documents and settings\tammy\Local Settings\Application Data\{DB1C0118-51D0-472E-B776-5A9BC86F3A1E}
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-29 13:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(7772)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\lxdecoms.exe
c:\windows\system32\LxrSII1s.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-01-29 13:49:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-29 20:49
ComboFix2.txt 2010-01-18 19:47
ComboFix3.txt 2010-01-14 23:16
ComboFix4.txt 2010-01-11 21:44
ComboFix5.txt 2010-01-29 20:19
Pre-Run: 4,111,503,360 bytes free
Post-Run: 4,084,948,992 bytes free
- - End Of File - - 96D1C537582D02A24D23F61B036FAEB3
This topic is locked
Sign In
Create Account
