Here's the avenger log:
Logfile of The Avenger Version 2.0, © by Swandog46
http://swandog46.geekstogo.comPlatform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\SwSetup\HDD\iastor.sys|C:\Windows\System32\drivers\iaStor.sys" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
And here's the combofix log:
ComboFix 09-11-08.03 - Bruce 11/09/2009 19:08.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1566 [GMT -6:00]
Running from: c:\documents and settings\Bruce\Desktop\Combo-Fix.exe
AV: avast! antivirus 4.8.1351 [VPS 091109-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Bruce\My Documents\ZbThumbnail.info
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
D:\Autorun.inf
Infected copy of c:\windows\System32\DRIVERS\iaStor.sys was found and disinfected
Restored copy from - Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-10-10 to 2009-11-10 )))))))))))))))))))))))))))))))
.
2009-11-10 01:05 . 2004-08-04 00:59 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-11-10 01:05 . 2004-08-04 00:59 95360 ----a-w- c:\windows\system32\dllcache\atapi.sys
2009-11-09 21:08 . 2009-11-09 21:08 -------- d-----w- C:\_OTS
2009-11-09 03:14 . 2009-11-09 03:14 -------- d-----w- c:\documents and settings\Bruce\Application Data\Malwarebytes
2009-11-09 03:12 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-09 03:12 . 2009-11-09 21:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-09 03:12 . 2009-11-09 03:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-09 03:12 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-07 00:46 . 2009-11-07 00:46 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\Yahoo
2009-11-07 00:44 . 2009-05-27 01:50 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe
2009-10-28 00:22 . 2009-06-01 18:51 27792 ----a-w- c:\windows\system32\drivers\point32.sys
2009-10-28 00:20 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2009-10-28 00:20 . 2009-06-01 18:51 14736 ----a-w- c:\windows\system32\drivers\nuidfltr.sys
2009-10-28 00:20 . 2009-06-01 18:51 1418120 ----a-w- c:\windows\system32\wdfcoinstaller01005.dll
2009-10-28 00:20 . 2009-10-28 00:20 -------- d-----w- c:\program files\Microsoft IntelliPoint
2009-10-27 23:53 . 2009-10-27 23:55 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Adobe
2009-10-27 23:51 . 2009-10-27 23:51 -------- d-----w- c:\documents and settings\Guest\Application Data\Windows Search
2009-10-27 23:50 . 2009-10-27 23:50 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\Apple Computer
2009-10-27 23:50 . 2009-10-27 23:50 -------- d-----w- c:\documents and settings\Guest\Local Settings\Application Data\TechSmith
2009-10-27 23:50 . 2009-10-27 23:50 -------- d-----w- c:\documents and settings\Guest\Application Data\ArcSoft
2009-10-19 03:43 . 2009-08-19 10:18 107864 ----a-w- c:\windows\system32\tsccvid.dll
2009-10-19 03:43 . 2009-10-19 03:43 -------- d-----w- c:\windows\system32\QuickTime
2009-10-19 03:42 . 2009-10-19 03:42 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2009-10-18 00:52 . 2006-11-10 20:05 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2009-10-18 00:50 . 1995-08-01 09:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-10-18 00:49 . 2005-04-27 21:36 245408 ----a-w- c:\windows\system32\unicows.dll
2009-10-18 00:49 . 2007-07-02 20:08 15616 ----a-w- c:\windows\system32\drivers\ArcSoftVirtualCapture.sys
2009-10-18 00:49 . 2006-12-07 14:22 49152 ----a-w- c:\windows\system32\ArcFakeCapture.dll
2009-10-18 00:38 . 2009-10-28 00:26 2325872 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-18 00:37 . 2004-08-04 04:10 78464 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2009-10-18 00:37 . 2004-08-04 04:10 78464 ----a-w- c:\windows\system32\dllcache\usbvideo.sys
2009-10-17 21:04 . 2009-10-27 23:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-17 20:17 . 2009-10-17 20:17 -------- d-----w- c:\documents and settings\Bruce\Local Settings\Application Data\TechSmith
2009-10-17 20:16 . 2009-10-19 03:42 -------- d-----w- c:\program files\TechSmith
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 21:02 . 2009-01-19 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-09 17:10 . 2008-04-01 05:51 -------- d-----w- c:\documents and settings\Bruce\Application Data\Skype
2009-11-09 15:03 . 2008-05-29 03:41 256 ----a-w- c:\windows\system32\pool.bin
2009-11-09 14:03 . 2008-04-01 05:53 -------- d-----w- c:\documents and settings\Bruce\Application Data\skypePM
2009-11-09 13:40 . 2007-07-17 04:20 108699 ----a-w- c:\windows\system32\nvModes.dat
2009-11-09 13:40 . 2009-06-09 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2009-11-07 00:44 . 2008-04-01 05:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-10-28 00:31 . 2008-03-31 20:57 109360 ----a-w- c:\documents and settings\Bruce\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-28 00:24 . 2008-03-29 00:51 -------- d-----w- c:\program files\Google
2009-10-28 00:22 . 2009-10-28 00:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2009-10-28 00:22 . 2009-10-28 00:22 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-10-28 00:06 . 2009-10-28 00:06 664 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\d3d9caps.tmp
2009-10-27 23:50 . 2009-06-17 00:51 108968 ----a-w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 08:06 . 2007-07-17 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-27 08:04 . 2009-04-03 18:21 -------- d-----w- c:\program files\Microsoft Works
2009-10-18 23:12 . 2009-01-19 15:46 -------- d-----w- c:\documents and settings\Bruce\Application Data\Arcsoft
2009-10-18 00:53 . 2007-07-17 04:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-18 00:53 . 2007-07-17 04:46 -------- d-----w- c:\program files\HP
2009-10-18 00:52 . 2009-01-19 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ArcSoft
2009-10-18 00:52 . 2009-01-19 15:45 -------- d-----w- c:\program files\ArcSoft
2009-10-17 20:16 . 2008-03-31 16:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-15 12:44 . 2008-04-01 17:31 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-12 17:11 . 2008-04-21 12:52 -------- d-----w- c:\documents and settings\Bruce\Application Data\U3
2009-10-10 19:46 . 2008-03-31 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-10 19:45 . 2008-03-31 16:27 -------- d-----w- c:\program files\Lavasoft
2009-10-10 19:43 . 2009-10-10 19:43 6944624 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\aaw2008_upd.exe
2009-10-10 05:46 . 2009-10-10 05:46 -------- d-----w- c:\documents and settings\Bruce\Application Data\SlySoft
2009-10-10 05:45 . 2009-10-09 23:14 -------- d-----w- c:\program files\SlySoft
2009-10-09 23:20 . 2009-10-09 23:20 -------- d-----w- c:\documents and settings\All Users\Application Data\SlySoft
2009-10-09 17:20 . 2009-10-09 17:20 -------- d-----w- c:\documents and settings\Bruce\Application Data\Creative
2009-10-09 17:15 . 2009-10-09 17:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Creative
2009-10-09 17:14 . 2009-10-09 17:14 -------- d--h--w- c:\documents and settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}
2009-10-09 17:14 . 2009-10-09 17:14 -------- d-----w- c:\program files\Creative
2009-10-09 17:14 . 2009-10-09 17:14 2422433 ----a-w- c:\documents and settings\All Users\Application Data\{615DB4DC-B7C1-4125-9858-78EF460B76D2}\setup.exe
2009-10-09 17:14 . 2009-10-09 17:13 -------- d--h--w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}
2009-10-08 00:34 . 2008-07-07 04:26 -------- d-----w- c:\program files\Common Files\Real
2009-10-08 00:31 . 2009-10-08 00:31 452104 ----a-w- c:\documents and settings\Bruce\Application Data\Real\RealPlayer\setup\AU_setup9.exe
2009-10-06 04:14 . 2008-04-07 15:51 -------- d-----w- c:\documents and settings\Bruce\Application Data\LimeWire
2009-10-04 17:36 . 2009-10-04 17:32 -------- d-----w- c:\program files\Microsoft
2009-10-04 17:36 . 2009-10-04 17:36 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-10-04 17:35 . 2008-04-01 03:28 -------- d-----w- c:\program files\Windows Live
2009-10-04 17:35 . 2009-10-04 17:35 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-10-04 17:34 . 2009-10-04 17:34 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-10-02 08:30 . 2008-08-06 19:15 816392 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\Components\DownloadQB17\Patch\qbpatch2.exe
2009-09-30 22:23 . 2008-04-02 13:26 -------- d-----w- c:\program files\Dentrix
2009-09-24 22:59 . 2009-09-24 22:59 104512 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2009-09-22 17:02 . 2008-07-29 22:32 3788 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2007\qbbackup.sys
2009-09-22 13:07 . 2009-09-22 13:07 -------- d-----w- c:\documents and settings\Bruce\Application Data\Canon Electronics
2009-09-11 17:08 . 2009-09-11 17:08 24744 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2009-09-11 14:03 . 2004-08-04 08:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 12:38 . 2009-08-31 01:45 117760 ----a-w- c:\documents and settings\Bruce\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-09-04 20:45 . 2004-08-04 08:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 01:30 . 2009-02-11 20:37 256 ----a-w- c:\documents and settings\Bruce\pool.bin
2009-08-29 07:36 . 2004-08-04 08:00 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 08:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2004-08-04 08:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-27 00:54 . 2009-10-09 17:14 2598110 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\Setup.exe
2009-08-26 08:16 . 2004-08-04 08:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 11:00 . 2009-10-09 17:10 256512 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\E629258\AD691181\MSCPlgu.dll
2009-08-25 09:37 . 2009-10-09 17:10 999424 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\9E0A6A1D\7BA3E7CC\ZCTAUDU.dll
2009-08-21 02:43 . 2009-10-09 17:10 28672 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\9A9B0F9F\F3743052\CTMSCaps.dll
2009-08-18 04:33 . 2009-08-18 04:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-17 16:10 . 2008-03-31 16:34 1279456 ----a-w- c:\windows\system32\aswBoot.exe
2009-08-17 16:06 . 2008-03-31 16:34 93392 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-08-17 16:06 . 2008-03-31 16:34 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-08-17 16:05 . 2008-04-04 12:26 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-08-17 16:05 . 2008-04-04 12:26 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-08-17 16:04 . 2008-03-31 16:34 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-08-17 16:04 . 2008-03-31 16:34 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-08-17 16:03 . 2008-03-31 16:34 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-08-17 16:02 . 2008-03-31 16:34 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-08-17 10:16 . 2009-10-09 17:10 216576 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\E629258\AD691181\CDRipPlg.dll
2009-08-17 10:16 . 2009-10-09 17:10 11264 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\82935B84\9AB9D29D\CDPlgres.dll
2009-08-17 08:16 . 2009-10-09 17:10 53760 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\1F1E6D86\7178692D\AVCMPS64.dll
2009-08-17 08:16 . 2009-10-09 17:10 61440 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\9B8360E3\A3F1BD6D\AVCMPS32.dll
2009-08-17 08:15 . 2009-10-09 17:10 323584 ----a-w- c:\documents and settings\All Users\Application Data\{1620E93A-24E3-4D30-86CE-F7F1ABB9CD24}\offline\9B8360E3\A3F1BD6D\AVCManU.exe
2009-11-02 09:35 . 2008-07-29 16:44 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2009-07-21 2215960]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2009-07-21 14:23 2215960 ----a-w- c:\program files\Freecorder\tbFre0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFre0.dll" [2009-07-21 2215960]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFre0.dll" [2009-07-21 2215960]
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-08-17 81000]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2006-11-16 35368]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2008-02-01 439568]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-09 12:36 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 15:19 49152 ----a-w- c:\windows\system32\DeviceNP.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DVD Check.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DVD Check.lnk
backup=c:\windows\pss\DVD Check.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eSync Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\eSync Reminder.lnk
backup=c:\windows\pss\eSync Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Button Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Button Manager.lnk
backup=c:\windows\pss\HP Button Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Magic-i.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Magic-i.lnk
backup=c:\windows\pss\Magic-i.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WebSync Reminder.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WebSync Reminder.lnk
backup=c:\windows\pss\WebSync Reminder.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Bruce^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\Bruce\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Bruce^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Bruce\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"USBDeviceService"=2 (0x2)
"stllssvr"=3 (0x3)
"SeaPort"=2 (0x2)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"QBFCService"=3 (0x3)
"pdfcDispatcher"=2 (0x2)
"PCPitstop Scheduling"=2 (0x2)
"PCA"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"NVSvc"=2 (0x2)
"Microsoft Office Groove Audit Service"=3 (0x3)
"MgiSvr"=2 (0x2)
"MDM"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"LVCOMSer"=2 (0x2)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"IviRegMgr"=2 (0x2)
"ImapiService"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"hpqwmiex"=2 (0x2)
"HpFkCryptService"=2 (0x2)
"gusvc"=2 (0x2)
"GoogleDesktopManager-093009-130223"=3 (0x3)
"FreeAgentGoNext Service"=2 (0x2)
"FLCDLOCK"=3 (0x3)
"Diskeeper"=2 (0x2)
"CTUPnPSv"=3 (0x3)
"CTDevice_Srv"=2 (0x2)
"CCALib8"=2 (0x2)
"btwdins"=2 (0x2)
"AVG Anti-Spyware Guard"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
"AdobeActiveFileMonitor5.0"=2 (0x2)
"ACDaemon"=2 (0x2)
"aawservice"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Bruce\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [4/26/2007 8:23 PM 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [10/9/2006 2:31 PM 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [3/29/2007 5:54 PM 13696]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/4/2008 6:26 AM 114768]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [4/26/2007 8:23 PM 5808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 11:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 10:39 AM 74480]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 2:00 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 2:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/4/2008 6:26 AM 20560]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [1/23/2007 2:13 PM 36608]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [7/16/2007 10:12 PM 47616]
S3 DAMDrv;DAMDrv;c:\windows\system32\drivers\DAMDrv.sys [4/23/2007 2:13 PM 30008]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 4096]
S4 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [5/21/2008 5:42 AM 64000]
S4 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [4/30/2007 9:28 AM 172131]
S4 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 3:42 PM 156968]
S4 GoogleDesktopManager-093009-130223;Google Desktop Manager 5.9.909.30391;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/29/2008 10:44 AM 30192]
S4 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [4/27/2007 11:58 AM 221184]
S4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [6/8/2009 8:25 PM 90352]
S4 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [7/16/2007 10:50 PM 540448]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
Cognizance REG_MULTI_SZ ASBroker ASChannel
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-11-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-28 16:02]
2009-10-28 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2009-06-01 18:51]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Bruce\Application Data\Mozilla\Firefox\Profiles\9lqe2f9c.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.msnbc.msn.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Research\HDView for Firefox\nphdview.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-AVG Anti-Spyware Driver
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-11-09 19:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(976)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll
c:\windows\system32\DeviceNP.dll
- - - - - - - > 'lsass.exe'(1032)
c:\windows\SbHpNp.dll
c:\program files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
.
Completion time: 2009-11-10 19:19
ComboFix-quarantined-files.txt 2009-11-10 01:19
Pre-Run: 83,326,685,184 bytes free
Post-Run: 83,402,067,968 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 8CDFA7E25C7889F1DAB12AC44B1B4EE5