ComboFix 09-11-08.03 - Bruce 11/10/2009 11:07.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1509 [GMT -6:00] Running from: c:\documents and settings\Bruce\Desktop\Combo-Fix.exe Command switches used :: c:\documents and settings\Bruce\Desktop\CFScript.txt AV: avast! antivirus 4.8.1351 [VPS 091110-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . --------------- FCopy --------------- c:\windows\System32\drivers\iaStor.sys --> c:\swsetup\HDD\iastor.sys . ((((((((((((((((((((((((( Files Created from 2009-10-10 to 2009-11-10 ))))))))))))))))))))))))))))))) . 2009-11-10 01:05 . 2004-08-04 00:59 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys 2009-11-10 01:05 . 2004-08-04 00:59 95360 ------w- c:\windows\system32\drivers\atapi.sys 2009-11-09 21:08 . 2009-11-09 21:08 -------- d-----w- C:\_OTS 2009-11-09 03:14 . 2009-11-09 03:14 -------- d-----w- c:\documents and settings\Bruce\Application Data\Malwarebytes 2009-11-09 03:12 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-11-09 03:12 . 2009-11-09 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-11-09 03:12 . 2009-11-09 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-11-09 03:12 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-11-07 00:46 . 2009-11-07 00:46 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\Yahoo 2009-11-07 00:44 . 2009-05-27 01:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2009-10-28 00:22 . 2009-06-01 18:51 27792 ----a-w- c:\windows\system32\drivers\point32.sys 2009-10-28 00:20 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll 2009-10-28 00:20 . 2009-06-01 18:51 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys 2009-10-28 00:20 . 2009-06-01 18:51 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll 2009-10-28 00:20 . 2009-10-28 00:20 -------- d-----w- c:\program files\Microsoft IntelliPoint 2009-10-27 23:53 . 2009-10-27 23:55 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe 2009-10-27 23:51 . 2009-10-27 23:51 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Search 2009-10-27 23:50 . 2009-10-27 23:50 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer 2009-10-27 23:50 . 2009-10-27 23:50 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\TechSmith 2009-10-27 23:50 . 2009-10-27 23:50 -------- d-----w- c:\documents and settings\Guest\Application Data\ArcSoft 2009-10-19 03:43 . 2009-08-19 10:18 107864 ----a-w- c:\windows\system32\tsccvid.dll 2009-10-19 03:43 . 2009-10-19 03:43 -------- d-----w- c:\windows\system32\QuickTime 2009-10-19 03:42 . 2009-10-19 03:42 -------- d-----w- c:\program files\Common Files\TechSmith Shared 2009-10-18 00:52 . 2006-11-10 20:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys 2009-10-18 00:50 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL 2009-10-18 00:49 . 2005-04-27 21:36 245408 ----a-w- c:\windows\system32\unicows.dll 2009-10-18 00:49 . 2007-07-02 20:08 15616 ----a-w- c:\windows\system32\drivers\ArcSoftVirtualCapture.sys 2009-10-18 00:49 . 2006-12-07 14:22 49152 ----a-w- c:\windows\system32\ArcFakeCapture.dll 2009-10-18 00:38 . 2009-10-28 00:26 2325872 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-18 00:37 . 2004-08-04 04:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys 2009-10-18 00:37 . 2004-08-04 04:10 78464 ----a-w- c:\windows\system32\dllcache\usbvideo.sys 2009-10-17 21:04 . 2009-10-27 23:49 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-10-17 20:17 . 2009-10-17 20:17 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\TechSmith 2009-10-17 20:16 . 2009-10-19 03:42 -------- d-----w- c:\program files\TechSmith . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-09 21:02 . 2009-01-19 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-11-09 17:10 . 2008-04-01 05:51 -------- d-----w- c:\documents and settings\Bruce\Application Data\Skype 2009-11-09 15:03 . 2008-05-29 03:41 256 ----a-w- c:\windows\system32\pool.bin 2009-11-09 14:03 . 2008-04-01 05:53 -------- d-----w- c:\documents and settings\Bruce\Application Data\skypePM 2009-11-09 13:40 . 2007-07-17 04:20 108699 ----a-w- c:\windows\system32\nvModes.dat 2009-11-09 13:40 . 2009-06-09 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop 2009-11-07 00:44 . 2008-04-01 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-10-28 00:31 . 2008-03-31 20:57 109360 ----a-w- c:\documents and settings\Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-28 00:24 . 2008-03-29 00:51 -------- d-----w- c:\program files\Google 2009-10-28 00:22 . 2009-10-28 00:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf 2009-10-28 00:22 . 2009-10-28 00:22 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-10-28 00:06 . 2009-10-28 00:06 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp 2009-10-27 23:50 . 2009-06-17 00:51 108968 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-27 08:06 . 2007-07-17 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-10-27 08:04 . 2009-04-03 18:21 -------- d-----w- c:\program files\Microsoft Works 2009-10-18 23:12 . 2009-01-19 15:46 -------- d-----w- c:\documents and settings\Bruce\Application Data\Arcsoft 2009-10-18 00:53 . 2007-07-17 04:22 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-18 00:53 . 2007-07-17 04:46 -------- d-----w- c:\program files\HP 2009-10-18 00:52 . 2009-01-19 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft 2009-10-18 00:52 . 2009-01-19 15:45 -------- d-----w- c:\program files\ArcSoft 2009-10-17 20:16 . 2008-03-31 16:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-10-15 12:44 . 2008-04-01 17:31 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-10-12 17:11 . 2008-04-21 12:52 -------- d-----w- c:\documents and settings\Bruce\Application Data\U3 2009-10-10 19:46 . 2008-03-31 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-10-10 19:45 . 2008-03-31 16:27 -------- d-----w- c:\program files\Lavasoft 2009-10-10 19:43 . 2009-10-10 19:43 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe 2009-10-10 05:46 . 2009-10-10 05:46 -------- d-----w- c:\documents and settings\Bruce\Application Data\SlySoft 2009-10-10 05:45 . 2009-10-09 23:14 -------- d-----w- c:\program files\SlySoft 2009-10-09 23:20 . 2009-10-09 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft 2009-10-09 17:20 . 2009-10-09 17:20 -------- d-----w- c:\documents and settings\Bruce\Application Data\Creative 2009-10-09 17:15 . 2009-10-09 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative 2009-10-09 17:14 . 2009-10-09 17:14 -------- d--h--w- c:\documents and settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2} 2009-10-09 17:14 . 2009-10-09 17:14 -------- d-----w- c:\program files\Creative 2009-10-09 17:14 . 2009-10-09 17:14 2422433 ----a-w- c:\documents and settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe 2009-10-09 17:14 . 2009-10-09 17:13 -------- d--h--w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24} 2009-10-08 00:34 . 2008-07-07 04:26 -------- d-----w- c:\program files\Common Files\Real 2009-10-08 00:31 . 2009-10-08 00:31 452104 ----a-w- c:\documents and settings\Bruce\Application Data\Real\RealPlayer\setup\AU_setup9.exe 2009-10-06 04:14 . 2008-04-07 15:51 -------- d-----w- c:\documents and settings\Bruce\Application Data\LimeWire 2009-10-04 17:36 . 2009-10-04 17:32 -------- d-----w- c:\program files\Microsoft 2009-10-04 17:36 . 2009-10-04 17:36 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-10-04 17:35 . 2008-04-01 03:28 -------- d-----w- c:\program files\Windows Live 2009-10-04 17:35 . 2009-10-04 17:35 -------- d-----w- c:\program files\Microsoft Sync Framework 2009-10-04 17:34 . 2009-10-04 17:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-10-02 08:30 . 2008-08-06 19:15 816392 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch2.exe 2009-09-30 22:23 . 2008-04-02 13:26 -------- d-----w- c:\program files\Dentrix 2009-09-24 22:59 . 2009-09-24 22:59 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys 2009-09-22 17:02 . 2008-07-29 22:32 3788 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys 2009-09-22 13:07 . 2009-09-22 13:07 -------- d-----w- c:\documents and settings\Bruce\Application Data\Canon Electronics 2009-09-11 17:08 . 2009-09-11 17:08 24744 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys 2009-09-11 14:03 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-09 12:38 . 2009-08-31 01:45 117760 ----a-w- c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL 2009-09-04 20:45 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-30 01:30 . 2009-02-11 20:37 256 ----a-w- c:\documents and settings\Bruce\pool.bin 2009-08-29 07:36 . 2004-08-04 08:00 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2004-08-04 08:00 17408 ------w- c:\windows\system32\corpol.dll 2009-08-27 00:54 . 2009-10-09 17:14 2598110 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\Setup.exe 2009-08-26 08:16 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-25 11:00 . 2009-10-09 17:10 256512 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\E629258\AD691181\MSCPlgu.dll 2009-08-25 09:37 . 2009-10-09 17:10 999424 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\9E0A6A1D\7BA3E7CC\ZCTAUDU.dll 2009-08-21 02:43 . 2009-10-09 17:10 28672 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\9A9B0F9F\F3743052\CTMSCaps.dll 2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL 2009-08-17 16:10 . 2008-03-31 16:34 1279456 ----a-w- c:\windows\system32\aswBoot.exe 2009-08-17 16:06 . 2008-03-31 16:34 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys 2009-08-17 16:06 . 2008-03-31 16:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2009-08-17 16:05 . 2008-04-04 12:26 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys 2009-08-17 16:05 . 2008-04-04 12:26 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2009-08-17 16:04 . 2008-03-31 16:34 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2009-08-17 16:04 . 2008-03-31 16:34 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2009-08-17 16:03 . 2008-03-31 16:34 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2009-08-17 16:02 . 2008-03-31 16:34 97480 ----a-w- c:\windows\system32\AvastSS.scr 2009-08-17 10:16 . 2009-10-09 17:10 216576 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\E629258\AD691181\CDRipPlg.dll 2009-08-17 10:16 . 2009-10-09 17:10 11264 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\82935B84\9AB9D29D\CDPlgres.dll 2009-08-17 08:16 . 2009-10-09 17:10 53760 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\1F1E6D86\7178692D\AVCMPS64.dll 2009-08-17 08:16 . 2009-10-09 17:10 61440 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\9B8360E3\A3F1BD6D\AVCMPS32.dll 2009-08-17 08:15 . 2009-10-09 17:10 323584 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\9B8360E3\A3F1BD6D\AVCManU.exe 2009-11-02 09:35 . 2008-07-29 16:44 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ((((((((((((((((((((((((((((( SnapShot@2009-11-10_01.17.05 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-10 13:11 . 2009-11-10 13:11 16384 c:\windows\Temp\Perflib_Perfdata_f0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2009-07-21 2215960] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2009-07-21 14:23 2215960 ----a-w- c:\program files\Freecorder\tbFre0.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2009-07-21 2215960] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre0.dll" [2009-07-21 2215960] [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-02-01 439568] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-09 12:36 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard] 2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP] 2007-04-30 15:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard] @="Service" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk backup=c:\windows\pss\Bluetooth.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk backup=c:\windows\pss\DVD Check.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eSync Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eSync Reminder.lnk backup=c:\windows\pss\eSync Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Button Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Button Manager.lnk backup=c:\windows\pss\HP Button Manager.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Magic-i.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Magic-i.lnk backup=c:\windows\pss\Magic-i.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WebSync Reminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WebSync Reminder.lnk backup=c:\windows\pss\WebSync Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Bruce^Start Menu^Programs^Startup^Desktop Manager.lnk] path=c:\documents and settings\Bruce\Start Menu\Programs\Startup\Desktop Manager.lnk backup=c:\windows\pss\Desktop Manager.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^Bruce^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\Bruce\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WMPNetworkSvc"=3 (0x3) "USBDeviceService"=2 (0x2) "stllssvr"=3 (0x3) "SeaPort"=2 (0x2) "RoxWatch9"=2 (0x2) "RoxMediaDB9"=3 (0x3) "RoxLiveShare9"=2 (0x2) "Roxio Upnp Server 9"=2 (0x2) "Roxio UPnP Renderer 9"=3 (0x3) "QBFCService"=3 (0x3) "pdfcDispatcher"=2 (0x2) "PCPitstop Scheduling"=2 (0x2) "PCA"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NVSvc"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "MgiSvr"=2 (0x2) "MDM"=2 (0x2) "LVPrcSrv"=2 (0x2) "LVCOMSer"=2 (0x2) "LightScribeService"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "IviRegMgr"=2 (0x2) "ImapiService"=3 (0x3) "idsvc"=3 (0x3) "IDriverT"=3 (0x3) "hpqwmiex"=2 (0x2) "HpFkCryptService"=2 (0x2) "gusvc"=2 (0x2) "GoogleDesktopManager-093009-130223"=3 (0x3) "FreeAgentGoNext Service"=2 (0x2) "FLCDLOCK"=3 (0x3) "Diskeeper"=2 (0x2) "CTUPnPSv"=3 (0x3) "CTDevice_Srv"=2 (0x2) "CCALib8"=2 (0x2) "btwdins"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) "AdobeActiveFileMonitor5.0"=2 (0x2) "ACDaemon"=2 (0x2) "aawservice"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\mqsvc.exe"= "c:\\WINDOWS\\SMINST\\Scheduler.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Bruce\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [4/26/2007 8:23 PM 100095] R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 2:31 PM 44720] R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [3/29/2007 5:54 PM 13696] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/4/2008 6:26 AM 114768] R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [4/26/2007 8:23 PM 5808] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 11:53 AM 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 10:39 AM 74480] R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 2:00 AM 14336] R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 2:00 AM 14336] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2008 6:26 AM 20560] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 2:13 PM 36608] R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [7/16/2007 10:12 PM 47616] S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 2:13 PM 30008] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 4096] S4 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 5:42 AM 64000] S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 9:28 AM 172131] S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 3:42 PM 156968] S4 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/29/2008 10:44 AM 30192] S4 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [4/27/2007 11:58 AM 221184] S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [6/8/2009 8:25 PM 90352] S4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [7/16/2007 10:50 PM 540448] --- Other Services/Drivers In Memory --- *Deregistered* - mbr *Deregistered* - PROCEXP113 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 Cognizance REG_MULTI_SZ ASBroker ASChannel [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2009-11-10 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-28 16:02] 2009-10-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 18:51] . . ------- Supplementary Scan ------- . IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\9lqe2f9c.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q= FF - prefs.js: network.proxy.type - 4 FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-11-10 11:12 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher] "ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1004) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll c:\program files\Hewlett-Packard\IAM\Bin\ItDAC.dll c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL c:\program files\Hewlett-Packard\IAM\Bin\BioAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\ASBIoAT.dll c:\program files\Hewlett-Packard\IAM\Bin\ittal.dll c:\program files\Hewlett-Packard\IAM\Bin\STEngine.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll c:\program files\Hewlett-Packard\IAM\Bin\ittalsnap.dll c:\program files\Hewlett-Packard\IAM\Bin\AuthWiz.dll c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll c:\windows\system32\xenroll.dll c:\program files\Hewlett-Packard\IAM\Bin\TokenAuth.dll c:\program files\Hewlett-Packard\IAM\Bin\TpmAuth.dll c:\windows\system32\DeviceNP.dll c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll c:\windows\SbHpNp.DLL - - - - - - - > 'lsass.exe'(1064) c:\windows\SbHpNp.dll c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll - - - - - - - > 'explorer.exe'(3216) c:\windows\system32\WININET.dll c:\windows\system32\APSHook.dll c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-11-10 11:15 ComboFix-quarantined-files.txt 2009-11-10 17:14 ComboFix2.txt 2009-11-10 01:19 Pre-Run: 83,497,594,880 bytes free Post-Run: 83,471,982,592 bytes free - - End Of File - - 6D4E0EDB2B774CA41D4FA519D0D82924