.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 00:54 . 2009-03-15 00:11 -------- d-----w- c:\program files\Google
2009-09-03 23:09 . 2009-03-15 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-29 14:02 . 2009-02-01 11:26 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-29 07:08 . 2009-04-28 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-28 10:51 . 2009-02-01 09:13 -------- d-----w- c:\program files\Common Files\Adobe
2009-08-22 18:06 . 2009-01-26 07:20 23128 ----a-w- c:\documents and settings\danni\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 09:02 . 2009-01-26 04:04 -------- d-----w- c:\program files\Common Files\InstallShield
2009-08-17 12:18 . 2009-07-03 11:57 -------- d-----w- c:\documents and settings\danni\Application Data\LimeWire
2009-08-16 14:08 . 2009-08-16 14:06 744 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-08-16 01:46 . 2009-02-01 09:10 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-08-16 01:46 . 2009-02-01 09:10 -------- d-----w- c:\program files\NOS
2009-08-15 00:23 . 2009-04-19 07:34 -------- d-----w- c:\program files\Corel
2009-08-09 04:57 . 2009-05-27 02:55 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-08-09 04:57 . 2009-05-27 02:55 88 --sh--r- c:\documents and settings\All Users\Application Data\5E3A968772.sys
2009-08-05 09:01 . 2006-02-28 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 09:33 . 2009-08-04 09:13 68941 ----a-w- c:\windows\hpoins05.dat
2009-08-04 09:22 . 2009-01-26 04:41 -------- d-----w- c:\program files\HP
2009-08-01 06:23 . 2009-03-14 03:17 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-07-26 10:14 . 2009-07-26 10:14 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-26 09:50 . 2009-07-26 09:50 -------- d-----w- c:\documents and settings\danni\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-07-25 13:50 . 2009-07-25 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\QICAPUUCYG
2009-07-21 09:24 . 2009-03-17 09:37 -------- d-----w- c:\program files\EA GAMES
2009-07-17 19:01 . 2006-02-28 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:13 . 2006-02-28 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 13:17 . 2009-04-28 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-07-11 06:05 . 2009-07-11 06:05 -------- d-----w- c:\documents and settings\danni\Application Data\ieSpell
2009-07-11 05:57 . 2009-07-11 05:57 -------- d-----w- c:\program files\ieSpell
2009-07-09 13:36 . 2009-04-19 14:13 -------- d-----w- c:\program files\InstantEyedropper
2009-07-08 07:58 . 2009-07-08 07:58 -------- d--h--r- c:\documents and settings\danni\Application Data\SecuROM
2009-07-08 07:58 . 2009-07-08 07:58 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-03 17:09 . 2006-02-28 12:00 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 08:25 . 2006-02-28 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2006-02-28 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2006-02-28 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2006-02-28 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2006-02-28 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2006-02-28 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2006-02-28 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2006-02-28 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2006-02-28 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2006-02-28 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-09 23:49 . 2009-01-26 03:44 2066432 ----a-w- c:\windows\system32\mstscax.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-09-01_06.39.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-04 00:51 . 2009-09-04 00:51 22528 c:\windows\Installer\4319fd.msi
+ 2009-09-04 00:54 . 2009-09-04 00:54 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-09-04 00:54 . 2009-09-04 00:54 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-09-04 00:54 . 2009-09-04 00:54 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-09-04 00:54 . 2009-09-04 00:54 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-09-04 00:54 . 2009-09-04 00:54 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-09-04 00:54 . 2009-09-04 00:54 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
+ 2009-09-04 00:54 . 2009-09-04 00:54 1401344 c:\windows\Installer\431a03.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"BigPond Connection Client"="c:\program files\Telstra\BigPond Connection Client\BigPondCC.exe" [2008-09-30 1328128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-06 520024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-01-06 290088]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2008-10-28 181544]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-04-30 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-30 13750272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"CaAvTray"="c:\program files\CA\eTrust Vet Antivirus\CAVTray.exe" [2009-08-15 230952]
"CAVRID"="c:\program files\CA\eTrust Vet Antivirus\CAVRID.exe" [2009-08-15 185896]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-29 149280]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2004-10-27 61952]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-04-30 1657376]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 GRFILTER;Authentium NDIS Driver;c:\windows\system32\drivers\GRFilter.sys [17/06/2008 11:44 AM 21000]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/03/2009 4:22 PM 64160]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [14/08/2009 10:14 PM 28544]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [28/10/2008 4:42 PM 156968]
R2 GRTdiMon;Authentium TDI Mon;c:\windows\system32\drivers\GRTdiMon.sys [17/06/2008 11:44 AM 39688]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [19/01/2009 7:04 AM 1029456]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/09/2009 10:21 AM 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-08-31 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 08:01]
2009-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 02:04]
2009-09-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-15 11:25]
2009-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 00:51]
2009-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-04 00:51]
2009-09-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:50]
2009-09-04 c:\windows\Tasks\User_Feed_Synchronization-{D41236AF-9FA8-4195-A6A8-D567EC869DB1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 19:01]
.
- - - - ORPHANS REMOVED - - - -
BHO-{8F7C7F1C-8B7E-4282-1312-F28718A5BBAA} - c:\program files\GenerousAdsForYou\GenerousAdsForYou.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigpond.com/
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://files.authentium.com/bigpond/bin/wizard.exe
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-05 01:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\nvappfilter.dll
- - - - - - - > 'explorer.exe'(3464)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-04 1:40
ComboFix-quarantined-files.txt 2009-09-04 16:10
ComboFix2.txt 2009-09-01 07:17
ComboFix3.txt 2009-09-01 06:44
Pre-Run: 139,706,028,032 bytes free
Post-Run: 139,750,264,832 bytes free
228 --- E O F --- 2009-09-04 03:28