ComboFix 09-12-07.01 - Eddie 12/07/2009 18:13.2.2 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1633 [GMT -5:00]
Running from: c:\documents and settings\Eddie\My Documents\Netscape files\commy.exe.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\404Fix.exe
c:\windows\system32\Agent.OMZ.Fix.exe
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.C.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}
((((((((((((((((((((((((( Files Created from 2009-11-07 to 2009-12-07 )))))))))))))))))))))))))))))))
.
2009-12-07 18:05 . 2009-12-07 18:05 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2009-12-07 18:00 . 2009-12-07 18:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Windows Search
2009-12-07 17:55 . 2009-12-07 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Webroot
2009-12-07 17:46 . 2009-12-07 17:46 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Netscape
2009-12-07 17:46 . 2009-12-07 17:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Netscape
2009-12-05 16:15 . 2009-12-05 16:15 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-05 16:09 . 2009-12-05 16:09 -------- d-----r- C:\MSOCache
2009-11-30 03:11 . 2009-11-30 03:11 160032 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-30 03:10 . 2009-11-30 03:11 -------- d-----w- C:\d0d483da9881451b34
2009-11-28 15:31 . 2009-11-28 15:31 -------- d-----w- c:\program files\Handmark
2009-11-27 01:35 . 2004-03-29 20:23 90112 ----a-w- c:\windows\unvise32.exe
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\Eddie\Local Settings\Application Data\LogMeIn
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-11-24 00:10 . 2009-11-24 00:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ICS
2009-11-24 00:09 . 2009-09-29 00:34 47416 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2009-11-24 00:09 . 2009-09-29 00:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-11-24 00:09 . 2009-09-29 00:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-11-24 00:09 . 2008-08-11 17:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-11-24 00:09 . 2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-11-24 00:09 . 2009-12-07 18:06 -------- d-----w- c:\program files\LogMeIn
2009-11-24 00:06 . 2009-11-24 00:08 -------- d-----w- c:\documents and settings\Eddie\Local Settings\Application Data\Deployment
2009-11-22 13:13 . 2006-08-31 21:03 182272 ------w- c:\windows\system32\drivers\CLBUDF.sys
2009-11-22 13:13 . 2006-08-31 21:21 131072 ----a-w- c:\windows\IBUnInst.exe
2009-11-18 02:55 . 2009-11-18 03:11 -------- d-----w- c:\windows\system32\Temp
2009-11-15 23:31 . 2009-11-15 23:32 -------- d-----w- c:\documents and settings\Eddie\Application Data\vlc
2009-11-15 18:39 . 2009-11-15 18:39 -------- d-----w- c:\program files\VideoLAN
2009-11-15 18:39 . 2009-11-15 18:39 -------- d-----w- c:\program files\Sopcast_plugin
2009-11-15 18:36 . 2009-11-15 18:36 -------- d-----w- c:\program files\LIVE TV
2009-11-14 21:44 . 2009-11-14 21:44 -------- d-----w- c:\program files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-07 19:29 . 2009-04-11 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-12-05 16:27 . 2007-11-04 23:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-05 16:13 . 2009-06-06 19:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-05 16:12 . 2007-11-05 00:34 -------- d-----w- c:\program files\Microsoft Works
2009-12-05 16:08 . 2009-10-26 16:44 -------- d-----w- c:\program files\Microsoft.NET
2009-12-04 19:00 . 2009-10-26 16:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 02:42 . 2007-11-05 00:37 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-02 12:00 . 2007-10-22 20:46 70872 ----a-w- c:\documents and settings\Eddie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-30 22:42 . 2007-11-04 20:10 -------- d-----w- c:\documents and settings\Eddie\Application Data\U3
2009-11-30 00:13 . 2007-10-22 21:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-25 20:18 . 2007-11-04 21:46 -------- d-----w- c:\program files\Lx_cats
2009-11-24 16:26 . 2008-04-13 22:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-24 16:24 . 2007-12-02 23:27 -------- d-----w- c:\program files\SpywareBlaster
2009-11-18 22:20 . 2009-05-21 11:13 -------- d-----w- c:\program files\Media Key
2009-11-14 21:45 . 2007-11-05 00:49 8296 ----a-w- c:\documents and settings\Eddie\Application Data\wklnhst.dat
2009-11-14 18:12 . 2009-03-21 14:39 164 ----a-w- c:\windows\install.dat
2009-11-06 20:19 . 2008-02-02 20:56 1563008 ----a-w- c:\windows\WRSetup.dll
2009-11-06 17:00 . 2008-02-02 20:56 23152 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2009-11-06 17:00 . 2008-02-02 20:56 176752 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2009-11-06 17:00 . 2008-08-09 18:42 29808 ----a-w- c:\windows\system32\drivers\ssfs0bbc.sys
2009-11-04 03:12 . 2007-11-04 22:09 -------- d-----w- c:\documents and settings\Eddie\Application Data\.purple
2009-11-03 22:53 . 2008-09-20 19:25 -------- d-----w- c:\program files\AVS4YOU
2009-11-03 22:52 . 2008-09-20 19:32 -------- d-----w- c:\documents and settings\Eddie\Application Data\AVS4YOU
2009-11-03 01:42 . 2009-10-05 00:39 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-29 00:44 . 2009-10-27 17:41 -------- d-----w- c:\program files\Windows Desktop Search
2009-10-27 19:43 . 2009-10-27 19:43 -------- d-----w- c:\documents and settings\Eddie\Application Data\Windows Search
2009-10-27 17:42 . 2009-10-27 17:42 -------- d-----w- c:\documents and settings\Eddie\Application Data\Windows Desktop Search
2009-10-22 11:33 . 2007-10-29 15:25 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-18 20:26 . 2009-10-18 20:26 -------- dc----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-18 20:08 . 2009-02-22 17:33 -------- d-----w- c:\program files\Lavasoft
2009-10-16 21:10 . 2009-10-16 21:10 64056 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-10 12:04 . 2009-06-25 21:43 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-10-03 18:00 . 2003-02-21 12:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-03 17:57 . 2009-10-03 17:57 452104 ----a-w- c:\documents and settings\Eddie\Application Data\Real\RealPlayer\setup\AU_setup9.exe
2009-09-23 02:28 . 2009-06-19 12:52 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-09-23 02:28 . 2009-06-19 12:52 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-09-23 02:28 . 2009-06-19 12:52 168800 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-09-23 02:28 . 2009-06-09 21:46 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-23 02:28 . 2009-06-05 12:52 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-09-23 02:28 . 2009-09-23 02:28 17632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\WSCUpdate.dll
2009-09-23 02:28 . 2009-06-19 12:52 349008 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-09-23 02:28 . 2009-06-19 12:52 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-09-23 02:28 . 2009-06-05 12:51 84320 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-09-23 02:20 . 2009-09-21 01:21 54 ----a-w- c:\windows\system32\rp_stats.dat
2009-09-23 02:20 . 2009-09-21 01:21 39 ----a-w- c:\windows\system32\rp_rules.dat
2009-09-11 14:18 . 2006-02-28 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 00:35 . 2009-09-11 00:35 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-09-10 18:54 . 2009-06-06 19:16 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-06-06 19:16 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-02-23 12:16 . 2007-12-02 22:08 34048 ----a-w- c:\program files\mozilla firefox\plugins\upd62i9x.dll
2006-02-23 12:16 . 2007-12-02 22:08 45056 ----a-w- c:\program files\mozilla firefox\plugins\upd62int.dll
2006-02-23 12:16 . 2008-09-07 18:02 34048 ----a-w- c:\program files\opera\program\plugins\upd62i9x.dll
2006-02-23 12:16 . 2008-09-07 18:02 45056 ----a-w- c:\program files\opera\program\plugins\upd62int.dll
.
------- Sigcheck -------
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2006-02-28 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll
c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\BackupIconOverlayId]
@="{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}"
[HKEY_CLASSES_ROOT\CLSID\{2EE61E5C-8F94-4AAB-8A80-D2A8CD1FEDAD}]
2009-03-05 21:02 238968 ----a-w- c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Power2GoExpress"="c:\program files\NOVA Development\MediaNow CD & DVD Burning Suite\Power2Go\Power2GoExpress.exe" [2006-09-13 2441216]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-04 2334856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-05-04 312240]
"lxddmon.exe"="c:\program files\Lexmark 2500 Series\lxddmon.exe" [2007-06-12 291760]
"lxddamon"="c:\program files\Lexmark 2500 Series\lxddamon.exe" [2007-04-30 20480]
"V0400Mon.exe"="c:\windows\V0400Mon.exe" [2007-08-23 28672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-06-15 6803456]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-10-03 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"RemoteControl"="c:\program files\NOVA Development\MediaNow CD & DVD Burning Suite\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"InstantBurn"="c:\progra~1\NOVADE~1\MEDIAN~1\INSTAN~1\Win2K\IBurn.exe" [2006-08-31 733184]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"SpySweeper"="c:\program files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2009-11-06 6515784]
c:\documents and settings\Eddie\Start Menu\Programs\Startup\
Desktop Alert.lnk - c:\program files\Desktop Alert\desktopalert_3264673.exe [2008-8-28 327680]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-29 00:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Eddie^Start Menu^Programs^Startup^wkcalrem.LNK]
path=c:\documents and settings\Eddie\Start Menu\Programs\Startup\wkcalrem.LNK
backup=c:\windows\pss\wkcalrem.LNKStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 08:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
2006-05-04 20:26 2808832 ----a-w- c:\windows\alcwzrd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2005-01-07 21:07 61952 ------w- c:\windows\system32\HdAShCut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2003-05-15 23:41 163840 ----a-w- c:\program files\Microsoft IntelliPoint\point32.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-02 23:36 267048 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-06-15 21:20 6803456 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2005-06-15 21:20 86016 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-06-15 21:20 1519616 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-03-29 03:37 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-07-21 20:14 86016 ----a-w- c:\windows\SoundMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-04-11 18:51 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-10-03 18:00 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\app4r.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddpswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxddtime.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddmon.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 CLBStor;InstantBurn Storage Helper Driver;c:\windows\system32\drivers\CLBStor.sys [6/29/2009 05:56 PM 10368]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [6/5/2009 07:52 AM 64160]
R0 ssfs0bbc;ssfs0bbc;c:\windows\system32\drivers\ssfs0bbc.sys [8/9/2008 01:42 PM 29808]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 10:58 AM 93336]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 06:19 PM 13592]
R2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Spy Sweeper\WRConsumerService.exe [10/26/2008 07:26 AM 1201640]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 10:56 AM 106208]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 CLBUDF;CyberLink UDF Filesystem;c:\windows\system32\drivers\CLBUDF.sys [11/22/2009 08:13 AM 182272]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 10:57 AM 727720]
S2 gupdate1c9bad68d111286;Google Update Service (gupdate1c9bad68d111286);c:\program files\Google\Update\GoogleUpdate.exe [4/11/2009 01:51 PM 133104]
S2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\IS360srv.exe --> c:\program files\IObit\IObit Security 360\IS360srv.exe [?]
S2 JEPPDRIVE;Smart Modular JeppDrive USB Driver;c:\windows\system32\Drivers\JeppD.sys --> c:\windows\system32\Drivers\JeppD.sys [?]
S2 JEPPDRIVEG2;Smart Modular JeppDrive USB G2 Driver;c:\windows\system32\drivers\JeppDG2.sys [7/11/2009 02:22 PM 18384]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 02:06 PM 1028432]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
S2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [11/23/2009 07:09 PM 47640]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxddserv.exe [1/31/2008 08:50 PM 99248]
S2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [11/10/2008 01:10 PM 598856]
S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [5/11/2009 01:20 PM 54272]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 VF0400Afx;VF0400 Audio FX;c:\windows\system32\drivers\V0400Afx.sys [6/22/2008 05:29 PM 142656]
S3 VF0400Vfx;VF0400 Video FX;c:\windows\system32\drivers\V0400Vfx.sys [6/22/2008 05:29 PM 7424]
S3 VF0400Vid;Live! Cam Notebook Pro (VF0400);c:\windows\system32\drivers\V0400Vid.sys [6/22/2008 05:29 PM 166720]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
DPF: Garmin Communicator Plug-In - hxxps://my.garmin.com/static/m/cab/2.8.3/GarminAxControl.CAB
DPF: {4D21BDFC-A621-4DE6-87DA-7C952D0ADF7E} - hxxp://www.lorexglobal.com/see/push03.cab
FF - ProfilePath - c:\documents and settings\Eddie\Application Data\Mozilla\Firefox\Profiles\hqxo7hd2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
Notify-!SASWinLogon - (no file)
AddRemove-GARMIN 400 Series Trainer - c:\windows\IsUninst.exe -fc:\program files\GARMIN\GARMIN 400 Series Trainer\Uninst.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-07 18:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{4D37D85E-E8B0-0BAE-7454-7DBD549A050A}*\InprocServer32]
"{4D37D85E-E8B0-0BAE-7454-7DBD549A050A}"=hex:80,57,94,bd,86,d3,c3,bc,23,17,ad,
51,03,c5,ec,63,d8,68,77,8c,61,a2,f2,a5,80,57,94,bd,86,d3,c3,bc,80,57,94,bd,\
[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{86A13BC9-D69F-E772-0B8D-ECF32E54C48E}*\InprocServer32]
"{86A13BC9-D69F-E772-0B8D-ECF32E54C48E}"=hex:6f,09,b0,88,50,cb,e4,97,fc,9e,69,
f3,be,58,93,e5,b5,19,71,dc,c5,cf,7d,a9,6f,09,b0,88,50,cb,e4,97,6f,09,b0,88,\
[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{A9A012E2-7CEB-0C98-DE35-6178A2C4CD7D}*\InprocServer32]
"{A9A012E2-7CEB-0C98-DE35-6178A2C4CD7D}"=hex:0b,e6,91,e4,19,1d,1c,8e,e1,38,d3,
3b,7e,c9,01,6c,f4,14,ee,f8,52,3f,e4,74,0b,e6,91,e4,19,1d,1c,8e,0b,e6,91,e4,\
[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{EF9E6836-C7D7-8A70-AF39-1ECE1CEA2C1F}*\InprocServer32]
"{EF9E6836-C7D7-8A70-AF39-1ECE1CEA2C1F}"=hex:29,88,23,ff,70,a5,97,36,19,5c,c2,
a6,6a,a8,1d,d6,be,81,69,33,54,14,a0,0c,29,88,23,ff,70,a5,97,36,29,88,23,ff,\
[HKEY_USERS\S-1-5-21-484763869-606747145-725345543-1004_Classes\Software\CLASSES\CLSID\{FA2E45C7-625D-AB4B-7F5D-D35256E4A1B8}*\InprocServer32]
"{FA2E45C7-625D-AB4B-7F5D-D35256E4A1B8}"=hex:94,fd,fd,80,88,13,2d,af,e8,13,76,
f7,2b,f4,8b,53,01,3a,64,40,aa,4c,4b,b9,94,fd,fd,80,88,13,2d,af,94,fd,fd,80,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(468)
c:\windows\system32\LMIinit.dll
- - - - - - - > 'explorer.exe'(308)
c:\windows\system32\WININET.dll
c:\program files\Webroot\Spy Sweeper\Backup\CtxMenu_1_0_0_10.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\LMIRfsClientNP.dll
.
Completion time: 2009-12-07 18:23
ComboFix-quarantined-files.txt 2009-12-07 23:23
Pre-Run: 44,912,914,432 bytes free
Post-Run: 44,893,650,944 bytes free
- - End Of File - - C29560DA7DFE1863E5DA246B054729A7