ComboFix 09-10-04.01 - Compaq_Owner 10/04/2009 19:32.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.442 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\David D. Womack\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.
2009-10-01 12:13 . 2009-10-04 18:17 -------- d-----w- C:\$AVG8.VAULT$
2009-10-01 11:10 . 2009-10-01 11:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-01 11:10 . 2009-10-01 11:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-01 11:09 . 2009-10-01 11:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-01 11:09 . 2009-10-01 11:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-01 11:07 . 2009-10-04 23:42 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-01 11:07 . 2009-10-01 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-01 11:05 . 2009-10-01 11:05 -------- d-----w- c:\program files\AVG
2009-10-01 11:05 . 2009-10-02 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-01 02:18 . 2009-10-01 02:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AVG8
2009-09-30 22:56 . 2009-09-30 22:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-09-30 22:56 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 22:56 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\McAfee.com
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-30 21:57 . 2009-10-01 03:43 -------- d-----w- c:\program files\McAfee
2009-09-30 21:23 . 2009-09-30 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 21:23 . 2009-09-30 22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 02:59 . 2009-09-13 02:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 05:00 . 2007-10-10 21:04 -------- d-----w- c:\program files\LogMeIn
2009-10-03 09:59 . 2007-10-10 21:05 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-03 09:59 . 2007-10-10 21:05 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-03 09:59 . 2007-10-10 21:05 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-30 21:43 . 2006-11-11 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 17:57 . 2006-12-20 04:46 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-09-21 15:02 . 2009-02-06 16:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-18 12:50 . 2006-07-22 22:48 -------- d-----w- c:\program files\Lx_cats
2009-09-08 01:40 . 2007-10-02 21:51 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-08 01:40 . 2007-10-02 21:51 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-08-11 19:52 . 2008-08-29 11:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 17:32 . 2009-08-15 14:57 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-15 02:31 . 2006-02-12 21:46 55632 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 18:44 . 2006-11-30 05:07 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 18:44 . 2006-11-30 05:07 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 18:44 . 2006-11-30 05:07 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 18:43 . 2006-11-30 05:07 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-30_22.36.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-10 21:05 . 2009-10-03 09:59 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
- 2007-10-10 21:05 . 2009-09-08 01:41 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2004-08-04 12:00 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
+ 2005-06-25 05:32 . 2009-10-04 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-06-25 05:32 . 2009-09-30 22:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-06-24 22:25 . 2009-10-04 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-24 22:25 . 2009-09-30 22:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-24 22:25 . 2009-09-30 22:32 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-06-24 22:25 . 2009-10-04 21:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-07-21 21:06 . 2009-08-28 19:38 24689600 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-12 50776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"HostManager"="c:\program files\Common Files\AOL\1153956942\ee\AOLSoftware.exe" [2008-06-24 41824]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"PCDrSmartMonitor"="c:\program files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2005-09-08 299008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-01 2007832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]
c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-7-24 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-01 11:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-03 09:59 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153956942\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\America Online 9.0\\aol.exe"=
"c:\\Program Files\\Logitech\\Video\\Launcher.exe"=
"c:\\Program Files\\RockWare\\LogPlot2005\\LP2005.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\mcontrol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153956942\\EE\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Safeworld PC Surveillance\\SafeWorld.exe"=
"c:\\Program Files\\RockWare\\LogPlot7\\LogPlot7.exe"=
"c:\\Program Files\\PC-Linq\\Mdi.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\putty.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\gzip32.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\pkzip25.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/6/2009 10:58 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/1/2009 6:09 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/1/2009 6:10 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/1/2009 6:05 AM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 10:21 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2007 4:05 PM 47640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\DRIVERS\dpcnet5u.sys --> c:\windows\system32\DRIVERS\dpcnet5u.sys [?]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/8/2005 2:23 AM 21120]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [6/27/2007 10:41 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [6/27/2007 10:42 AM 73856]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [3/21/2007 11:27 PM 15576]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-10-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:00]
2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 20:42]
2006-02-12 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]
2009-10-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: sd61.bc.ca\www.fslactivities
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 19:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-10-05 19:42
ComboFix-quarantined-files.txt 2009-10-05 00:42
ComboFix2.txt 2009-10-03 02:33
ComboFix3.txt 2009-09-30 22:45
Pre-Run: 129,032,429,568 bytes free
Post-Run: 129,024,135,168 bytes free
254 --- E O F --- 2009-08-14 03:25
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.442 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Owner\Desktop\David D. Womack\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Kitty ate it
.
((((((((((((((((((((((((( Files Created from 2009-09-05 to 2009-10-05 )))))))))))))))))))))))))))))))
.
2009-10-01 12:13 . 2009-10-04 18:17 -------- d-----w- C:\$AVG8.VAULT$
2009-10-01 11:10 . 2009-10-01 11:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-01 11:10 . 2009-10-01 11:10 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-01 11:09 . 2009-10-01 11:09 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-01 11:09 . 2009-10-01 11:09 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-01 11:07 . 2009-10-04 23:42 -------- d-----w- c:\windows\system32\drivers\Avg
2009-10-01 11:07 . 2009-10-01 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-10-01 11:05 . 2009-10-01 11:05 -------- d-----w- c:\program files\AVG
2009-10-01 11:05 . 2009-10-02 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-01 02:18 . 2009-10-01 02:18 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\AVG8
2009-09-30 22:56 . 2009-09-30 22:56 -------- d-----w- c:\documents and settings\Compaq_Owner\Application Data\Malwarebytes
2009-09-30 22:56 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-30 22:56 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\McAfee.com
2009-09-30 21:57 . 2009-09-30 21:57 -------- d-----w- c:\program files\Common Files\McAfee
2009-09-30 21:57 . 2009-10-01 03:43 -------- d-----w- c:\program files\McAfee
2009-09-30 21:23 . 2009-09-30 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-30 21:23 . 2009-09-30 22:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-13 02:59 . 2009-09-13 02:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-04 05:00 . 2007-10-10 21:04 -------- d-----w- c:\program files\LogMeIn
2009-10-03 09:59 . 2007-10-10 21:05 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-10-03 09:59 . 2007-10-10 21:05 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-03 09:59 . 2007-10-10 21:05 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-30 21:43 . 2006-11-11 00:56 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-29 17:57 . 2006-12-20 04:46 -------- d-----w- c:\program files\Lexmark 1200 Series
2009-09-21 15:02 . 2009-02-06 16:51 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-18 12:50 . 2006-07-22 22:48 -------- d-----w- c:\program files\Lx_cats
2009-09-08 01:40 . 2007-10-02 21:51 11552 ----a-w- c:\windows\system32\lmimirr2.dll
2009-09-08 01:40 . 2007-10-02 21:51 25248 ----a-w- c:\windows\system32\lmimirr.dll
2009-08-11 19:52 . 2008-08-29 11:48 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 17:32 . 2009-08-15 14:57 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-15 02:31 . 2006-02-12 21:46 55632 -c--a-w- c:\documents and settings\Compaq_Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-08 18:44 . 2009-07-08 18:44 214024 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-07-08 18:44 . 2006-11-30 05:07 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-07-08 18:44 . 2006-11-30 05:07 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-07-08 18:44 . 2006-11-30 05:07 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-07-08 18:43 . 2006-11-30 05:07 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-09-30_22.36.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-10-10 21:05 . 2009-10-03 09:59 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
- 2007-10-10 21:05 . 2009-09-08 01:41 47416 c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterui.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\LMIprinterdat.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 40248 c:\windows\system32\spool\drivers\w32x86\LMIprinter.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterui.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 52536 c:\windows\system32\spool\drivers\w32x86\3\LMIprinterdat.dll
- 2007-10-10 21:05 . 2009-09-08 01:40 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2007-10-10 21:05 . 2009-10-03 09:59 40248 c:\windows\system32\spool\drivers\w32x86\3\LMIprinter.dll
+ 2004-08-04 12:00 . 2008-04-13 18:40 96512 c:\windows\system32\dllcache\atapi.sys
+ 2005-06-25 05:32 . 2009-10-04 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2005-06-25 05:32 . 2009-09-30 22:32 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-06-24 22:25 . 2009-10-04 21:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-24 22:25 . 2009-09-30 22:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-06-24 22:25 . 2009-09-30 22:32 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2005-06-24 22:25 . 2009-10-04 21:45 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-07-21 21:06 . 2009-08-28 19:38 24689600 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 14:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\America Online 9.0\AOL.EXE" [2005-07-12 50776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-03-16 57344]
"HostManager"="c:\program files\Common Files\AOL\1153956942\ee\AOLSoftware.exe" [2008-06-24 41824]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-09-12 63048]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-09-21 520024]
"PCDrSmartMonitor"="c:\program files\PC-Doctor 5 for Windows\PcdSmartMonitor.exe" [2005-09-08 299008]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-01 2007832]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]
c:\documents and settings\LogMeInRemoteUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-7-24 122880]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-01 11:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-10-03 09:59 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
backup=c:\windows\pss\Compaq Connections.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153956942\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\America Online 9.0\\aol.exe"=
"c:\\Program Files\\Logitech\\Video\\Launcher.exe"=
"c:\\Program Files\\RockWare\\LogPlot2005\\LP2005.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\mcontrol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1153956942\\EE\\aolsoftware.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\Safeworld PC Surveillance\\SafeWorld.exe"=
"c:\\Program Files\\RockWare\\LogPlot7\\LogPlot7.exe"=
"c:\\Program Files\\PC-Linq\\Mdi.exe"=
"c:\\Program Files\\Windows Defender\\MSASCui.exe"=
"c:\\Program Files\\ABBYY FineReader 5.0 Sprint\\Sprint.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\putty.exe"=
"c:\\Documents and Settings\\Compaq_Owner\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\gzip32.exe"=
"c:\\Program Files\\Mudlogging Systems\\MControl\\ver2-6-3\\pkzip25.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/6/2009 10:58 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [10/1/2009 6:09 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [10/1/2009 6:10 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/1/2009 6:05 AM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1028432]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [9/12/2007 10:21 AM 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [10/10/2007 4:05 PM 47640]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 DPCNET5U;Satellite USB Driver;c:\windows\system32\DRIVERS\dpcnet5u.sys --> c:\windows\system32\DRIVERS\dpcnet5u.sys [?]
S3 PCD5SRVC{085326CB-51A3560A-05010003};PCD5SRVC{085326CB-51A3560A-05010003} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/8/2005 2:23 AM 21120]
S3 SWNC8U56;Sierra Wireless MUX NDIS Driver (UMTS56);c:\windows\system32\drivers\swnc8u56.sys [6/27/2007 10:41 AM 101248]
S3 SWUMX56;Sierra Wireless USB MUX Driver (UMTS56);c:\windows\system32\drivers\swumx56.sys [6/27/2007 10:42 AM 73856]
S3 Wdm1;USB Bridge Cable Driver;c:\windows\system32\drivers\usbbc.sys [3/21/2007 11:27 PM 15576]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder
2009-10-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:00]
2009-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 20:42]
2006-02-12 c:\windows\Tasks\Easy Internet Sign-up.job
- c:\program files\Hewlett-Packard\SDP\HPSdpApp.exe [2005-09-09 03:23]
2009-10-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://msn.com/
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=presario&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=presario&pf=desktop
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: sd61.bc.ca\www.fslactivities
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-04 19:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXCFCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\PCD5SRVC{085326CB-51A3560A-05010003}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-10-05 19:42
ComboFix-quarantined-files.txt 2009-10-05 00:42
ComboFix2.txt 2009-10-03 02:33
ComboFix3.txt 2009-09-30 22:45
Pre-Run: 129,032,429,568 bytes free
Post-Run: 129,024,135,168 bytes free
254 --- E O F --- 2009-08-14 03:25
