Thread: WIN32/Heur problem in XP Home
View Single Post
  #6 (permalink)  
Old 01-08-2010, 03:30 PM
mat68046 mat68046 is offline
Junior Member

  
Join Date: Jan 2010
Posts: 17
Default Follow up: WIN32/ HEUR
Thank you for replying to my post, Kritius!

Status is: Word won't load except with the /a switch. Deleted the normal.dot and did in-program repair. No luck. I had Desktop issue that "went away" which was the I had no right-click functions. I tried to create a new folder on the desktop and couldn't. That has abated. Considering that the machine's personality isn't constant, I don't think I'm out of the woods.

Please advise if I should re-do any of the Steps.

Here's the ComboFix logfile:

ComboFix 10-01-04.01 - Mark 01/07/2010 9:42.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.679 [GMT -5:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000006_.tmp.dll

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZUMIE_SEARCH_SERVICE


((((((((((((((((((((((((( Files Created from 2009-12-07 to 2010-01-07 )))))))))))))))))))))))))))))))
.

2010-01-07 14:42 . 2010-01-07 14:42 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-01-07 03:59 . 2010-01-07 03:59 81 ----a-w- C:\CTX.DAT
2010-01-07 03:59 . 2010-01-07 03:59 -------- d-----w- c:\documents and settings\Mark\Citrix
2010-01-06 14:34 . 2010-01-06 14:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 13:28 . 2010-01-06 13:28 72192 ----a-w- C:\tasklist.exe
2010-01-05 15:56 . 2010-01-05 15:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2010-01-05 15:40 . 2010-01-05 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2010-01-05 15:28 . 2010-01-05 15:57 -------- d-----w- C:\$AVG
2010-01-05 15:27 . 2010-01-06 02:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-01-05 15:27 . 2010-01-05 15:27 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-01-05 15:27 . 2010-01-06 02:05 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-01-05 15:27 . 2010-01-07 12:58 -------- d-----w- c:\windows\system32\drivers\Avg
2010-01-05 15:26 . 2010-01-05 15:26 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-01-05 15:26 . 2010-01-05 15:26 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-01-05 15:26 . 2010-01-06 02:06 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-01-05 15:25 . 2010-01-05 15:25 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-05 15:25 . 2010-01-05 15:25 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-05 15:25 . 2010-01-05 15:25 -------- d-----w- c:\program files\AVG
2010-01-05 15:25 . 2010-01-06 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-05 06:03 . 2010-01-05 06:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-05 04:23 . 2010-01-05 23:37 -------- d-----w- c:\documents and settings\Mark\Application Data\Stamps.com Internet Postage
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2010-01-05 03:57 . 2010-01-05 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}
2010-01-05 03:56 . 2010-01-06 03:38 36 ---ha-w- c:\windows\system32\f9t.dat
2010-01-05 03:56 . 2010-01-05 06:23 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-01-05 03:52 . 2010-01-05 03:52 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Seven Zip
2010-01-03 23:44 . 2010-01-06 01:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-01 17:24 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-01-01 00:03 . 2003-04-14 03:25 151808 ----a-r- c:\windows\system32\drivers\LSRTNDS.sys
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\Mark\Application Data\Nokia
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\Mark\Application Data\PC Suite
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-29 01:41 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-29 01:41 . 2009-10-06 16:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Nokia
2009-12-29 01:40 . 2009-12-29 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-28 05:58 . 2009-12-28 05:58 -------- d-----w- c:\program files\HDD Health
2009-12-25 01:01 . 2009-12-25 01:02 -------- d-----w- C:\VProRecovery
2009-12-25 00:57 . 2009-12-25 00:57 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Symantec_Corporation
2009-12-25 00:31 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-25 00:29 . 2009-12-25 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2009-12-24 21:47 . 2009-12-24 21:59 -------- d-----w- c:\windows\system32\NtmsData
2009-12-14 15:34 . 2009-12-14 15:34 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\HP
2009-12-14 15:25 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-11 15:07 . 2009-12-11 15:07 -------- d---a-w- C:\office2003pro
2009-12-11 00:02 . 2004-03-22 07:17 25840 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.d ll
2009-12-11 00:02 . 2004-03-22 07:17 24816 ----a-w- c:\windows\system32\mdimon.dll
2009-12-10 23:59 . 2009-12-10 23:59 -------- d-----w- c:\program files\Common Files\L&H
2009-12-10 23:58 . 2009-12-10 23:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-10 23:55 . 2009-12-10 23:55 -------- d-----w- c:\program files\Microsoft Works
2009-12-10 23:52 . 2009-12-10 23:56 -------- d-----w- c:\program files\Microsoft Office2003
2009-12-10 23:52 . 2009-12-10 23:52 -------- d-----w- c:\program files\Microsoft.NET
2009-12-10 15:12 . 2010-01-07 13:02 -------- d-----w- c:\documents and settings\Mark\Application Data\HPAppData
2009-12-10 15:05 . 2009-04-16 19:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v .dll
2009-12-10 15:05 . 2009-04-16 19:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2009-12-10 14:55 . 2009-12-10 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-01-07 04:48 . 2008-01-25 04:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 18:32 . 2009-02-22 07:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-06 14:43 . 2008-01-25 03:24 -------- d-----w- c:\program files\Java
2010-01-06 14:27 . 2010-01-06 14:27 79488 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-06 12:57 . 2009-06-28 22:54 -------- d-----w- c:\documents and settings\Mark\Application Data\uTorrent
2010-01-06 01:41 . 2008-01-25 03:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-06 00:59 . 2004-08-04 12:00 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-05 17:11 . 2008-02-02 01:56 123344 ----a-w- c:\documents and settings\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 15:43 . 2008-01-25 03:40 -------- d-----w- c:\program files\HP
2010-01-05 15:27 . 2010-01-06 02:06 12464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsstx.dll
2010-01-05 15:27 . 2010-01-06 02:06 28424 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-01-05 15:26 . 2010-01-06 02:06 502040 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrsx.exe
2010-01-05 15:26 . 2010-01-06 01:58 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-01-05 15:26 . 2010-01-06 01:58 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-01-05 15:26 . 2010-01-06 01:58 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-01-05 15:26 . 2010-01-06 01:58 798488 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-01-05 15:26 . 2010-01-06 02:06 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-01-05 06:22 . 2010-01-05 03:58 2520483 ----a-w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\MSOABPstmp.exe
2010-01-05 06:21 . 2010-01-05 03:58 2513557 ----a-w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\MSW2KPIMstmp.exe
2010-01-05 06:21 . 2010-01-05 03:58 2512898 ----a-w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\MSOPIMstmp.exe
2010-01-04 15:46 . 2009-11-09 00:33 -------- d-----w- c:\documents and settings\Mark\Application Data\LimeWire
2010-01-01 00:05 . 2008-02-07 04:22 -------- d-----w- c:\program files\Speeditup Free
2009-12-31 23:25 . 2009-10-05 23:54 -------- d-----w- c:\documents and settings\Mark\Application Data\HpUpdate
2009-12-31 23:23 . 2009-07-06 23:45 256 ----a-w- c:\documents and settings\Mark\pool.bin
2009-12-30 19:55 . 2009-02-22 07:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-30 19:54 . 2009-02-22 07:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-29 01:42 . 2009-09-05 00:02 -------- d-----w- c:\program files\DIFX
2009-12-29 01:40 . 2009-12-29 01:40 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpc si.exe
2009-12-29 01:40 . 2009-12-29 01:40 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst CCD.exe
2009-12-29 01:40 . 2009-12-29 01:40 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-12-29 01:40 . 2009-12-29 01:40 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst PCS.exe
2009-12-28 02:44 . 2009-12-29 01:40 34440160 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_us_web.e xe
2009-12-25 00:31 . 2009-12-25 00:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMou nt_01009.Wdf
2009-12-25 00:31 . 2009-12-25 00:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_C oinstaller_Critical.Wdf
2009-12-17 21:26 . 2010-01-05 03:58 321108 ----a-w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\mia.dll
2009-12-17 21:26 . 2010-01-05 03:58 321108 ----a-w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\mia.dll
2009-12-17 21:26 . 2010-01-05 03:58 321108 ----a-w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\mia.dll
2009-12-17 21:26 . 2010-01-05 03:57 5121427 ----a-w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}\stamps.exe
2009-12-17 21:26 . 2010-01-05 03:57 321108 ----a-w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}\mia.dll
2009-12-15 21:40 . 2009-11-14 00:15 -------- d-----w- c:\documents and settings\Mark\Application Data\Apple Computer
2009-12-14 15:34 . 2008-02-02 01:55 -------- d-----w- c:\documents and settings\Mark\Application Data\HP
2009-12-10 15:07 . 2008-01-25 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-11-30 13:50 . 2008-02-03 11:32 79379 ----a-w- c:\windows\hpfins05.dat
2009-11-26 00:23 . 2009-06-13 01:04 256 ----a-w- c:\windows\system32\pool.bin
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 18:59 . 2009-11-14 00:14 -------- d-----w- c:\program files\iTunes
2009-11-14 00:15 . 2009-11-14 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 00:14 . 2009-11-09 00:11 -------- d-----w- c:\program files\iPod
2009-11-14 00:14 . 2009-11-14 00:11 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 00:13 . 2009-11-14 00:13 -------- d-----w- c:\program files\QuickTime
2009-11-14 00:13 . 2009-11-14 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-14 00:12 . 2009-11-14 00:12 -------- d-----w- c:\program files\Apple Software Update
2009-11-14 00:11 . 2009-11-14 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-14 00:10 . 2008-01-25 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-09 00:28 . 2009-11-09 00:28 28276 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2009-11-09 00:13 . 2009-11-09 00:13 -------- d-----w- c:\program files\MUSICMATCH
2009-11-03 02:34 . 2009-11-03 02:34 26694 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{79CA0DF6-8860-4680-BDFF-D3E34BAA9244}\BlackBerry.exe
2009-11-01 18:47 . 2009-11-01 18:47 53248 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HDDHealth"="c:\program files\HDD Health\hddhealth.exe" [2008-06-15 1692672]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HostManager"="c:\program files\Common Files\AOL\1204169715\ee\AOLSoftware.exe" [2008-06-24 41824]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-06 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-01-06 02:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-02-17 19:01 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-07 15:56 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 19:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-06-02 21:18 143360 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 15:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2005-12-12 16:39 94208 ------w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-02-01 23:41 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2009-09-08 00:41 1590616 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2008-06-08 16:24 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
2009-12-23 16:42 2274816 ----a-w- c:\program files\Speeditup Free\SpeedItUp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-02-02 19:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-02-02 19:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"TetherBerry"=2 (0x2)
"SymSnapService"=3 (0x3)
"ServiceLayer"=3 (0x3)
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"RoxLiveShare9"=2 (0x2)
"Roxio Upnp Server 9"=2 (0x2)
"Roxio UPnP Renderer 9"=3 (0x3)
"NitroDriverReadSpool"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"GenericMount Helper Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ATTRcAppSvc"=3 (0x3)
"astcc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TrkWks"=2 (0x2)
"RasMan"=3 (0x3)
"RasAuto"=3 (0x3)
"mnmsrvc"=3 (0x3)
"AOL ACS"=2 (0x2)
"BITS"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1204169715\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\driv ers\AVGIDSxx.sys [1/5/2010 10:26 AM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [1/5/2010 10:26 AM 161800]
R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sony pvl2.sys [6/27/2008 2:05 PM 19478]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/5/2010 10:27 AM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/5/2010 10:26 AM 360584]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sony pvf2.sys [6/27/2008 2:05 PM 635017]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sony pvt2.sys [6/27/2008 2:05 PM 431236]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1/5/2010 9:05 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [1/5/2010 9:05 PM 2303680]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [1/5/2010 9:05 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwd x.sys [1/5/2010 10:25 AM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.s ys [1/5/2010 10:26 AM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.s ys [1/5/2010 10:26 AM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [1/5/2010 10:26 AM 25736]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [1/24/2008 10:12 PM 200192]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sony pvd2.sys [6/27/2008 2:05 PM 64093]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 10:25 AM 30104]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sy s --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\LSRTNDS.sys [12/31/2009 7:03 PM 151808]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [11/1/2009 10:12 PM 45608]
S4 TetherBerry;TetherBerry;c:\program files\TetherBerry\TBService.exe [11/1/2009 10:12 PM 49056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-04 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-05-25 21:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: myfairpoint.net
TCP: {44960C04-0BA0-425A-A6F9-45CE1B4AC30F} = 208.67.222.222,208.67.220.220
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\ebxz7oyw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dl l
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinti ng.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.d ll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
MSConfigStartUp-AT&T Communication Manager - c:\program files\AT&T\Communication Manager\ATTCM.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-CyberDefender Early Detection Center - c:\program files\CyberDefender\AntiSpyware\cdas198.exe
MSConfigStartUp-MalwareRemovalBot - c:\program files\MalwareRemovalBot\MalwareRemovalBot.exe
MSConfigStartUp-Verizon Custom Uninstall Tracking - c:\docume~1\Mark\LOCALS~1\Temp\InstallHelper.exe
MSConfigStartUp-Verizon_McciTrayApp - c:\program files\Verizon\McciTrayApp.exe
MSConfigStartUp-Windows Update - c:\windows\system32\Updater.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-07 09:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(356)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2460)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
c:\progra~1\HPQ\SHARED\HPQTOA~1.EXE
.
************************************************** ************************
.
Completion time: 2010-01-07 10:01:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-07 15:01

Pre-Run: 27,626,311,680 bytes free
Post-Run: 27,601,297,408 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 880B7AA0049D2232043221A242FFD4F9
Reply With Quote