for some reason i can not add attachments now.
KAS
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, June 5, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, June 05, 2009 01:48:03
Records in database: 2308307
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
Scan statistics:
Files scanned: 151298
Threat name: 2
Infected objects: 3
Suspicious objects: 0
Duration of the scan: 14:57:02
File name / Threat name / Threats count
C:\System Volume Information\_restore{0BCBAB29-7F6F-4A93-B308-303779668054}\RP253\A0042405.exe Infected: Trojan.Win32.Genome.agca 1
C:\System Volume Information\_restore{0BCBAB29-7F6F-4A93-B308-303779668054}\RP253\A0042620.exe Infected: not-a-virus:AdWare.Win32.Agent.lmz 1
C:\System Volume Information\_restore{0BCBAB29-7F6F-4A93-B308-303779668054}\RP253\A0042715.dll Infected: not-a-virus:AdWare.Win32.Agent.lmz 1
The selected area was scanned.
HJT LOG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:28:01 PM, on 6/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Cloudmark\SpamNet\OE\snoe.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - Global Startup: APC UPS Status.lnk = ?
O4 - Global Startup: Cloudmark Desktop for Outlook Express.lnk = ?
O4 - Global Startup: UltraMon.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185084534953
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1185084496500
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\Ronald\Desktop\first-2010-camaro-so_1600x0w.jpg
O24 - Desktop Component 1: (no name) - C:\Documents and Settings\Ronald\Desktop\2010-chevrolet-camaro.jpg
O24 - Desktop Component 2: (no name) - C:\Documents and Settings\Ronald\Desktop\mandolux-congo-r-1440.jpg
O24 - Desktop Component 3: (no name) - C:\Documents and Settings\Ronald\Desktop\mandolux-congo-l-1440.jpg
--
End of file - 7886 bytes
COMBO FIX LOG
ComboFix 09-06-04.06 - Ronald 06/04/2009 18:44.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1539 [GMT -5:00]
Running from: c:\documents and settings\Ronald\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ronald\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090604-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2009-05-04 to 2009-06-04 )))))))))))))))))))))))))))))))
.
2009-05-29 00:16 . 2009-05-29 00:16 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-29 00:16 . 2009-05-29 00:16 152576 ----a-w- c:\documents and settings\Ronald\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-28 20:07 . 2009-05-28 20:07 -------- d-----w- c:\program files\Common Files\Common Share
2009-05-28 20:07 . 2008-12-18 18:38 351744 ----a-w- c:\windows\system32\avisynth.dll
2009-05-28 20:07 . 2009-05-28 20:07 -------- d-----w- c:\program files\OJOsoft
2009-05-27 19:12 . 2009-05-27 19:12 314200 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-05-27 19:12 . 2009-05-27 19:12 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-05-27 19:12 . 2009-05-27 19:12 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-05-27 19:12 . 2009-05-27 19:12 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-05-27 19:12 . 2009-05-27 19:12 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-05-27 19:12 . 2009-05-27 19:12 294240 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-05-27 19:12 . 2009-05-27 19:12 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-05-27 19:11 . 2009-05-27 19:11 1630048 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-05-27 00:23 . 2009-05-27 00:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-05-27 00:23 . 2009-01-18 21:43 2892112 -c--a-w- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
2009-05-26 21:32 . 2009-05-26 21:32 -------- d-----w- c:\program files\Media Player Classic
2009-05-26 16:05 . 2009-05-27 00:23 -------- d-----w- c:\program files\Lavasoft
2009-05-11 02:57 . 2009-05-11 02:57 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-05-11 02:57 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-05-11 02:57 . 2009-05-11 02:57 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-03 21:10 . 2007-07-22 06:24 -------- d-----w- c:\documents and settings\Ronald\Application Data\Azureus
2009-05-29 00:16 . 2007-07-22 07:08 -------- d-----w- c:\program files\Java
2009-05-28 20:11 . 2007-07-25 03:54 -------- d-----w- c:\program files\Total Video Converter
2009-05-27 19:12 . 2009-05-27 00:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-27 19:11 . 2009-05-27 19:11 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-05-27 19:11 . 2009-05-27 19:11 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-27 19:11 . 2009-05-27 19:11 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-05-27 19:11 . 2009-05-27 00:23 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-27 19:11 . 2009-05-27 19:11 73064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-05-27 19:11 . 2009-05-27 19:11 640360 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-05-27 19:11 . 2009-05-27 19:11 540536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-05-27 19:11 . 2009-05-27 19:11 559464 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-05-27 19:11 . 2009-05-27 19:11 2352456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-05-27 19:10 . 2009-05-27 19:10 627536 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-05-27 19:10 . 2009-05-27 19:10 518488 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-05-27 19:10 . 2009-05-27 19:10 1005904 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-05-27 00:23 . 2009-01-24 19:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-05-26 21:42 . 2008-04-01 23:42 -------- d-----w- c:\program files\Image Grabber II
2009-05-26 17:02 . 2007-07-25 03:41 -------- d-----w- c:\program files\Movie Joiner
2009-05-26 17:02 . 2007-07-22 05:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 16:59 . 2009-05-02 01:20 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-26 06:01 . 2009-01-23 04:14 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-05-26 05:46 . 2007-07-22 04:00 505640 ----a-w- c:\documents and settings\Ronald\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-17 04:01 . 2008-01-27 15:34 -------- d-----w- c:\program files\Sony
2009-05-17 04:00 . 2008-01-27 15:38 -------- d-----w- c:\documents and settings\Ronald\Application Data\Sony
2009-05-17 03:59 . 2008-11-02 21:29 -------- d-----w- c:\program files\DCE AutoEnhance TRIAL
2009-05-17 03:55 . 2009-02-06 19:17 -------- d-----w- c:\program files\Uniblue
2009-05-17 03:55 . 2009-02-06 19:46 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-05-17 03:55 . 2009-02-06 19:17 -------- d-----w- c:\documents and settings\Ronald\Application Data\Uniblue
2009-05-11 02:07 . 2007-07-22 05:40 -------- d-----w- c:\program files\exPressit S.E. 2.2
2009-05-09 15:27 . 2007-08-18 18:05 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-05-06 23:36 . 2007-11-13 20:48 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-05-04 23:48 . 2009-05-04 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MainType
2009-05-04 23:11 . 2009-05-04 23:11 -------- d-----w- c:\documents and settings\Ronald\Application Data\MainType
2009-05-04 23:11 . 2009-05-04 23:11 -------- d-----w- c:\program files\High-Logic
2009-05-04 02:28 . 2009-05-04 23:11 3892808 ----a-w- c:\documents and settings\Ronald\Application Data\MainType\MainTypeSetup.exe
2009-04-23 00:44 . 2008-12-06 04:46 -------- d-----w- c:\program files\Virtual Earth 3D
2009-04-15 23:34 . 2007-07-25 23:52 -------- d-----w- c:\documents and settings\Ronald\Application Data\Nero
2009-04-15 20:00 . 2007-09-22 03:42 7114736 ----a-w- c:\documents and settings\Ronald\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-04-15 19:57 . 2007-07-22 05:55 -------- d-----w- c:\program files\Azureus
2009-04-09 02:03 . 2007-08-28 14:12 -------- d-----w- c:\program files\Registry Clean Expert
2009-04-09 01:47 . 2009-04-09 01:47 -------- d-----w- c:\documents and settings\Ronald\Application Data\Privacy center
2009-04-08 00:33 . 2009-04-08 00:33 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-04-07 23:51 . 2009-04-07 23:52 1107296 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2009-04-07 23:51 . 2008-10-05 02:27 24616 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2009-04-07 23:51 . 2008-10-05 02:27 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2009-04-07 23:06 . 2009-04-07 23:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2009-04-07 23:02 . 2008-01-27 15:34 -------- d-----w- c:\program files\Sony Setup
2009-04-07 19:03 . 2009-04-07 19:03 -------- d-----w- c:\documents and settings\Ronald\Application Data\Camfrog
2009-03-29 19:44 . 2007-07-27 02:04 59488 ----a-w- c:\windows\system32\GenSvcInst.exe
2009-03-29 19:44 . 2007-07-27 02:04 145504 ----a-w- c:\windows\system32\bgsvcgen.exe
2009-03-14 14:19 . 2008-10-19 19:16 8 ----a-w- c:\windows\system32\nvModes.dat
2006-04-05 23:53 . 2007-08-01 04:07 860160 ----a-w- c:\program files\md5summer.exe
2008-05-09 22:50 . 2007-08-13 01:56 72 --sh--w- c:\windows\S2A8CC6C3.tmp
2007-12-20 02:51 . 2007-12-20 02:51 11270 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
------- Sigcheck -------
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2009-02-12 22:41 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\dllcache\TCPIP.SYS
[-] 2009-02-12 22:41 361600 D24EA301E2B36C4E975FD216CA85D8E7 c:\windows\system32\drivers\TCPIP.SYS
.
(((((((((((((((((((((((((((((
[email protected]_01.43.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-03 21:11 . 2009-06-03 21:11 16384 c:\windows\Temp\Perflib_Perfdata_7a8.dat
+ 2009-06-03 21:11 . 2009-06-03 21:11 16384 c:\windows\Temp\Perflib_Perfdata_25c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-27 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-29 148888]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2007-12-29 221247]
Cloudmark Desktop for Outlook Express.lnk - c:\windows\Installer\{5AB0A110-C60A-4037-B9A5-F772BC647367}\SC_1.ico [2008-7-23 22486]
UltraMon.lnk - c:\windows\Installer\{AF0FA6D7-96F3-468A-ABB7-28BE006EA8E9}\IcoUltraMon.ico [2008-10-19 29310]
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source= c:\documents and settings\Ronald\Desktop\first-2010-camaro-so_1600x0w.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
Source= c:\documents and settings\Ronald\Desktop\2010-chevrolet-camaro.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
Source= c:\documents and settings\Ronald\Desktop\mandolux-congo-r-1440.jpg
FriendlyName=
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
Source= c:\documents and settings\Ronald\Desktop\mandolux-congo-l-1440.jpg
FriendlyName=
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"EPSON NX300 Series (Copy 1)"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEJA.EXE /FU "c:\docume~1\Ronald\LOCALS~1\Temp\E_S4.tmp" /EF "HKCU"
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DVDBitSet"="c:\program files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
"EPSON Stylus Photo R220 Series"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P30 "EPSON Stylus Photo R220 Series" /O6 "USB001" /M "Stylus Photo R220"
"Auto EPSON Stylus Photo R220 Series on RONALD-E649A41D"=c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE /P54 "Auto EPSON Stylus Photo R220 Series on RONALD-E649A41D" /O25 "\\RONALD-E649A41D\Printer" /M "Stylus Photo R220"
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe"
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"nwiz"=nwiz.exe /install
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Lavasoft\\Ad-Aware\\Ad-Aware.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
"45000:TCP"= 45000:TCP:azureus.exe
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/26/2009 7:23 PM 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/2/2008 7:19 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/2/2008 7:19 PM 20560]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/10/2009 9:57 PM 604416]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [9/24/2006 8:22 PM 11776]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [9/24/2006 8:23 PM 3584]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1005904]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\drivers\ousbehci.sys [7/21/2007 11:15 PM 45312]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [10/4/2008 9:27 PM 13224]
S3 glauiad;GlobespanVirata USB IAD LAN Modem; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 3:22 PM 34064]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [7/21/2007 11:15 PM 55936]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\k:\ntglm7x.sys --> k:\NTGLM7X.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
tapisrv REG_MULTI_SZ Tapisrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
2009-06-04 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-12 03:36]
2009-06-03 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:11]
2009-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 20:42]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
Trusted Zone: turbotax.com
FF - ProfilePath - c:\documents and settings\Ronald\Application Data\Mozilla\Firefox\Profiles\d5y9dumz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bootlegcoverart.com/forum/index.php?
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-04 18:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\ACPI\PNP0F13\4&11b2e0cb&0\LogConf]
@DACL=(02 0000)
"BasicConfigVector"=hex(a):48,00,00,00,0f,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,01,00,01,00,01,00,00,00,00,02,\
"BootConfig"=hex(8):01,00,00,00,0f,00,00,00,00,00,00,00,01,00,01,00,01,00,00,
00,02,01,01,00,0c,00,00,00,0c,00,00,00,ff,ff,ff,ff
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1524)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(2112)
c:\documents and settings\Ronald\Local Settings\Application Data\Cloudmark\SpamNet\snoew32h_1.dll
c:\program files\UltraMon\RTSUltraMonHook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-04 18:46
ComboFix-quarantined-files.txt 2009-06-04 23:46
ComboFix2.txt 2009-06-04 01:07
ComboFix3.txt 2009-06-03 01:44
Pre-Run: 89,101,398,016 bytes free
Post-Run: 89,079,103,488 bytes free
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
250 --- E O F --- 2009-05-30 02:38