Thread: WIN32/Heur problem in XP Home
View Single Post
  #14 (permalink)  
Old 01-11-2010, 10:32 PM
mat68046 mat68046 is offline
Junior Member

  
Join Date: Jan 2010
Posts: 17
Default Was WIN32/ Heur now it's everything else...
Thanks for the link for AVG to remove it. AVG still came up as the virus handler although it looks like ComboFix may have cleared it. I ran the uninstaller first which forced reboot, then the ComboFix with the patch. Results below:

ComboFix 10-01-04.01 - Mark 01/11/2010 17:06:38.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.765 [GMT -5:00]
Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mark\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100111-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pcwintech\tbPcWi.dll
c:\program files\speeditup free\SpeedItUp.exe

.
((((((((((((((((((((((((( Files Created from 2009-12-11 to 2010-01-11 )))))))))))))))))))))))))))))))
.

2010-01-11 20:58 . 2010-01-11 20:58 8 --sh--r- c:\windows\system32\CE7E4175C3.sys
2010-01-10 23:21 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-10 23:21 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-10 23:21 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-10 23:21 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-10 23:21 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-10 23:21 . 2009-11-24 23:50 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-10 23:21 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-10 23:21 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-10 23:20 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-10 23:20 . 2010-01-10 23:20 -------- d-----w- c:\program files\Alwil Software
2010-01-10 17:04 . 2010-01-10 17:04 -------- d-----w- c:\windows\system32\AGEIA
2010-01-10 17:04 . 2010-01-10 17:05 -------- d-----w- c:\program files\AGEIA Technologies
2010-01-09 16:54 . 2010-01-09 16:54 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-09 16:42 . 2008-05-30 19:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2010-01-09 16:42 . 2008-05-30 19:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2010-01-09 16:42 . 2008-05-30 19:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2010-01-09 16:42 . 2008-05-30 19:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2010-01-09 16:42 . 2008-05-30 19:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2010-01-09 16:42 . 2008-05-30 19:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2010-01-09 16:42 . 2008-05-30 19:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2010-01-09 16:42 . 2008-03-05 21:03 479752 ----a-w- c:\windows\system32\XAudio2_0.dll
2010-01-09 16:42 . 2008-03-05 21:03 238088 ----a-w- c:\windows\system32\xactengine3_0.dll
2010-01-09 16:42 . 2008-03-05 21:00 25608 ----a-w- c:\windows\system32\X3DAudio1_3.dll
2010-01-09 16:40 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2010-01-09 16:38 . 2010-01-09 16:40 -------- d-----w- c:\windows\Logs
2010-01-09 16:32 . 2010-01-10 17:10 -------- d-----w- c:\program files\Crane Simulator 2009
2010-01-09 16:17 . 2010-01-09 16:33 -------- d-----w- c:\documents and settings\Mark\Application Data\ImgBurn
2010-01-09 16:11 . 2010-01-09 16:11 -------- d-----w- c:\program files\ImgBurn
2010-01-09 01:57 . 2010-01-09 01:57 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Conduit
2010-01-09 01:57 . 2010-01-09 01:57 -------- d-----w- c:\program files\Conduit
2010-01-09 01:56 . 2010-01-09 04:25 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\PcWinTech
2010-01-09 01:56 . 2010-01-11 22:13 -------- d-----w- c:\program files\PcWinTech
2010-01-09 01:56 . 2010-01-09 01:56 -------- d-----w- C:\Documents
2010-01-09 01:56 . 2009-06-10 22:22 32768 ----a-w- c:\windows\system32\CleanMem.exe
2010-01-09 01:56 . 2008-09-19 16:37 121856 ----a-w- c:\windows\system32\schtasks.exe
2010-01-09 01:56 . 2010-01-09 02:35 -------- d-----w- c:\windows\CleanMem
2010-01-09 01:56 . 2010-01-09 02:35 -------- d-----w- c:\program files\CleanMem
2010-01-08 22:45 . 2010-01-08 22:45 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\IsolatedStorage
2010-01-08 16:03 . 2010-01-08 21:19 88 --sh--r- c:\windows\system32\77C6EFDC64.sys
2010-01-08 16:03 . 2010-01-11 21:01 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-08 16:03 . 2010-01-08 16:03 -------- d-----w- c:\documents and settings\Mark\Application Data\IsolatedStorage
2010-01-08 15:59 . 2003-08-28 21:08 536576 ----a-w- c:\windows\system32\msvcr70d.dll
2010-01-08 15:59 . 2003-08-28 21:06 94208 ----a-w- c:\windows\system32\msvci70d.dll
2010-01-08 15:43 . 2010-01-08 15:43 -------- d-----w- c:\documents and settings\Mark\Application Data\ACT
2010-01-08 15:43 . 2010-01-08 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\ACT
2010-01-08 15:42 . 2010-01-08 15:48 -------- d-----w- c:\program files\Microsoft SQL Server
2010-01-08 15:42 . 2010-01-08 15:42 -------- d-----w- c:\program files\ACT
2010-01-07 19:22 . 2008-04-13 19:45 26112 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-07 19:22 . 2008-04-13 19:45 26112 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-07 03:59 . 2010-01-07 03:59 81 ----a-w- C:\CTX.DAT
2010-01-07 03:59 . 2010-01-07 03:59 -------- d-----w- c:\documents and settings\Mark\Citrix
2010-01-06 14:34 . 2010-01-06 14:34 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-06 14:27 . 2010-01-06 14:27 79488 ----a-w- c:\documents and settings\Mark\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-06 13:28 . 2010-01-06 13:28 72192 ----a-w- C:\tasklist.exe
2010-01-05 15:56 . 2010-01-05 15:56 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCach e
2010-01-05 15:40 . 2010-01-05 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AT&T
2010-01-05 15:28 . 2010-01-05 15:57 -------- d-----w- C:\$AVG
2010-01-05 15:25 . 2010-01-05 15:25 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-01-05 15:25 . 2010-01-05 15:25 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-01-05 15:25 . 2010-01-05 15:25 -------- d-----w- c:\program files\AVG
2010-01-05 15:25 . 2010-01-11 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-05 06:03 . 2010-01-05 06:03 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-01-05 04:23 . 2010-01-05 23:37 -------- d-----w- c:\documents and settings\Mark\Application Data\Stamps.com Internet Postage
2010-01-05 03:58 . 2010-01-05 06:22 2520483 ----a-w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\MSOABPstmp.exe
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}
2010-01-05 03:58 . 2009-12-17 21:26 321108 ----a-w- c:\documents and settings\All Users\Application Data\{D9AA4D17-9292-410D-9AA5-84526D062900}\mia.dll
2010-01-05 03:58 . 2010-01-05 06:21 2513557 ----a-w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\MSW2KPIMstmp.exe
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
2010-01-05 03:58 . 2009-12-17 21:26 321108 ----a-w- c:\documents and settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}\mia.dll
2010-01-05 03:58 . 2010-01-05 06:21 2512898 ----a-w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\MSOPIMstmp.exe
2010-01-05 03:58 . 2010-01-05 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}
2010-01-05 03:58 . 2009-12-17 21:26 321108 ----a-w- c:\documents and settings\All Users\Application Data\{8737778F-82C6-4680-A660-E8B2B8C8C22B}\mia.dll
2010-01-05 03:57 . 2010-01-05 03:57 -------- d-----w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}
2010-01-05 03:57 . 2009-12-17 21:26 5121427 ----a-w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}\stamps.exe
2010-01-05 03:57 . 2009-12-17 21:26 321108 ----a-w- c:\documents and settings\All Users\Application Data\{BFCD9266-8B97-4A73-8FDF-E2743DE8939E}\mia.dll
2010-01-05 03:56 . 2010-01-07 15:42 36 ---ha-w- c:\windows\system32\f9t.dat
2010-01-05 03:56 . 2010-01-05 06:23 -------- d-----w- c:\program files\Stamps.com Internet Postage
2010-01-05 03:52 . 2010-01-05 03:52 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Seven Zip
2010-01-03 23:44 . 2010-01-06 01:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-01 17:24 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys
2010-01-01 00:03 . 2003-04-14 03:25 151808 ----a-r- c:\windows\system32\drivers\LSRTNDS.sys
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\Mark\Application Data\Nokia
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\Mark\Application Data\PC Suite
2009-12-29 01:42 . 2009-12-29 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-29 01:41 . 2008-08-26 14:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-29 01:41 . 2009-10-06 16:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-12-29 01:41 . 2009-10-06 16:52 7936 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys
2009-12-29 01:41 . 2009-10-06 16:52 22016 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys
2009-12-29 01:41 . 2009-10-06 16:55 1112288 ----a-w- c:\windows\system32\wdfcoinstaller01007.dll
2009-12-29 01:41 . 2009-10-06 16:52 660480 ----a-w- c:\windows\system32\nmwcdcocls.dll
2009-12-29 01:41 . 2009-10-06 16:52 17664 ----a-w- c:\windows\system32\drivers\ccdcmb.sys
2009-12-29 01:41 . 2009-10-06 16:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-29 01:41 . 2009-12-29 01:41 -------- d-----w- c:\program files\Nokia
2009-12-29 01:40 . 2009-12-28 02:44 34440160 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_us_web.e xe
2009-12-29 01:40 . 2009-12-29 01:40 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpc si.exe
2009-12-29 01:40 . 2009-12-29 01:40 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst CCD.exe
2009-12-29 01:40 . 2009-12-29 01:40 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-12-29 01:40 . 2009-12-29 01:40 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\Uninst PCS.exe
2009-12-29 01:40 . 2009-12-29 01:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-28 05:58 . 2009-12-28 05:58 -------- d-----w- c:\program files\HDD Health
2009-12-25 01:01 . 2009-12-25 01:02 -------- d-----w- C:\VProRecovery
2009-12-25 00:57 . 2009-12-25 00:57 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\Symantec_Corporation
2009-12-25 00:31 . 2008-11-07 23:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2009-12-25 00:29 . 2009-12-25 00:30 -------- d-----w- c:\documents and settings\All Users\Application Data\{1C6FDDD8-FC9E-4C12-9FA5-1AAD377097B3}
2009-12-24 21:47 . 2009-12-24 21:59 -------- d-----w- c:\windows\system32\NtmsData
2009-12-14 15:34 . 2009-12-14 15:34 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\HP
2009-12-14 15:25 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-01-11 22:13 . 2008-02-07 04:22 -------- d-----w- c:\program files\Speeditup Free
2010-01-11 20:44 . 2009-12-10 15:12 -------- d-----w- c:\documents and settings\Mark\Application Data\HPAppData
2010-01-11 16:05 . 2008-02-05 03:54 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-10 22:46 . 2009-06-28 22:54 -------- d-----w- c:\documents and settings\Mark\Application Data\uTorrent
2010-01-10 17:36 . 2009-02-22 07:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 16:02 . 2008-01-25 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-08 15:48 . 2009-12-10 23:52 -------- d-----w- c:\program files\Microsoft.NET
2010-01-08 06:09 . 2009-07-06 23:45 256 ----a-w- c:\documents and settings\Mark\pool.bin
2010-01-08 02:55 . 2009-06-13 01:04 256 ----a-w- c:\windows\system32\pool.bin
2010-01-07 22:45 . 2009-11-02 03:12 -------- d-----w- c:\program files\TetherBerry
2010-01-07 21:07 . 2009-02-22 07:26 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 21:07 . 2009-02-22 07:26 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-07 19:22 . 2010-01-07 19:22 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2010-01-07 04:48 . 2008-01-25 04:16 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-06 14:43 . 2008-01-25 03:24 -------- d-----w- c:\program files\Java
2010-01-06 01:41 . 2008-01-25 03:57 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-06 00:59 . 2004-08-04 12:00 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-05 17:11 . 2008-02-02 01:56 123344 ----a-w- c:\documents and settings\Mark\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-05 15:43 . 2008-01-25 03:40 -------- d-----w- c:\program files\HP
2010-01-04 15:46 . 2009-11-09 00:33 -------- d-----w- c:\documents and settings\Mark\Application Data\LimeWire
2009-12-31 23:25 . 2009-10-05 23:54 -------- d-----w- c:\documents and settings\Mark\Application Data\HpUpdate
2009-12-29 01:42 . 2009-09-05 00:02 -------- d-----w- c:\program files\DIFX
2009-12-25 00:31 . 2009-12-25 00:31 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_GenericMou nt_01009.Wdf
2009-12-25 00:31 . 2009-12-25 00:31 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_C oinstaller_Critical.Wdf
2009-12-15 21:40 . 2009-11-14 00:15 -------- d-----w- c:\documents and settings\Mark\Application Data\Apple Computer
2009-12-14 15:34 . 2008-02-02 01:55 -------- d-----w- c:\documents and settings\Mark\Application Data\HP
2009-12-10 23:59 . 2009-12-10 23:59 -------- d-----w- c:\program files\Common Files\L&H
2009-12-10 23:58 . 2009-12-10 23:58 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-10 23:56 . 2009-12-10 23:52 -------- d-----w- c:\program files\Microsoft Office2003
2009-12-10 23:55 . 2009-12-10 23:55 -------- d-----w- c:\program files\Microsoft Works
2009-12-10 15:07 . 2008-01-25 04:16 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-12-10 14:55 . 2009-12-10 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-11-30 13:50 . 2008-02-03 11:32 79379 ----a-w- c:\windows\hpfins05.dat
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 18:59 . 2009-11-14 00:14 -------- d-----w- c:\program files\iTunes
2009-11-14 00:15 . 2009-11-14 00:14 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-14 00:14 . 2009-11-09 00:11 -------- d-----w- c:\program files\iPod
2009-11-14 00:14 . 2009-11-14 00:11 -------- d-----w- c:\program files\Common Files\Apple
2009-11-14 00:13 . 2009-11-14 00:13 -------- d-----w- c:\program files\QuickTime
2009-11-14 00:13 . 2009-11-14 00:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-11-14 00:12 . 2009-11-14 00:12 -------- d-----w- c:\program files\Apple Software Update
2009-11-14 00:11 . 2009-11-14 00:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-11-09 00:28 . 2009-11-09 00:28 28276 ----a-w- c:\windows\system32\drivers\MxlW2k.sys
2009-11-03 02:34 . 2009-11-03 02:34 26694 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{79CA0DF6-8860-4680-BDFF-D3E34BAA9244}\BlackBerry.exe
2009-11-01 18:47 . 2009-11-01 18:47 53248 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HDDHealth"="c:\program files\HDD Health\hddhealth.exe" [2008-06-15 1692672]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-07-14 344064]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-11-16 503808]
"HostManager"="c:\program files\Common Files\AOL\1204169715\ee\AOLSoftware.exe" [2008-06-24 41824]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-06 149280]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-06-08 236016]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp. exe" [2009-11-24 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=c:\windows\pss\Desktop Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2007-03-28 16:38 1015808 ------w- c:\program files\ACT\Act for Windows\ActSage.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2007-03-28 16:43 9728 ------w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2007-10-31 17:46 50528 ----a-w- c:\program files\AOL 9.1\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
2005-02-17 19:01 233534 ----a-w- c:\program files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
2005-12-07 15:56 409600 ----a-w- c:\program files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gStart]
2008-08-13 19:34 1891416 ----a-w- c:\garmin\gStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-12-11 01:52 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 12:00 208952 ----a-w- c:\windows\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM]
2006-09-11 08:40 218032 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-09-21 21:36 305440 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2003-06-02 21:18 143360 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 15:57 1451520 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 12:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2005-12-12 16:39 94208 ------w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-09-05 06:54 417792 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
2008-02-01 23:41 26112 ----a-w- c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RIMDeviceManager]
2009-09-08 00:41 1590616 ----a-w- c:\program files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-02-02 19:11 692316 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-02-02 19:12 102492 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
"ccEvtMgr"=2 (0x2)
"SymSnapService"=3 (0x3)
"NitroDriverReadSpool"=2 (0x2)
"LiveUpdate"=3 (0x3)
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"GenericMount Helper Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"ATTRcAppSvc"=3 (0x3)
"astcc"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"TetherBerry"=2 (0x2)
"SQLWriter"=3 (0x3)
"SQLBrowser"=2 (0x2)
"MSSQL$ACT7"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"avgfws9"=2 (0x2)
"avg9wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1204169715\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\ACT\\Act for Windows\\ActSage.exe"=

R0 sonypvl2;sonypvl2;c:\windows\system32\drivers\sony pvl2.sys [6/27/2008 2:05 PM 19478]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [1/10/2010 6:21 PM 114768]
R1 sonypvf2;sonypvf2;c:\windows\system32\drivers\sony pvf2.sys [6/27/2008 2:05 PM 635017]
R1 sonypvt2;sonypvt2;c:\windows\system32\drivers\sony pvt2.sys [6/27/2008 2:05 PM 431236]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [1/10/2010 6:21 PM 20560]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwd x.sys [1/5/2010 10:25 AM 30104]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFH WATI.sys [1/24/2008 10:12 PM 200192]
S1 sonypvd2;sonypvd2;c:\windows\system32\drivers\sony pvd2.sys [6/27/2008 2:05 PM 64093]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [1/5/2010 10:25 AM 30104]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sy s --> c:\windows\system32\DRIVERS\GenericMount.sys [?]
S3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\LSRTNDS.sys [12/31/2009 7:03 PM 151808]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 qrkis;Tether Miniport;c:\windows\system32\drivers\qrkis.sys [11/1/2009 10:12 PM 45608]
S4 MSSQL$ACT7;SQL Server (ACT7);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [6/28/2006 8:48 PM 28952920]
S4 TetherBerry;TetherBerry;c:\program files\TetherBerry\TBService.exe [11/1/2009 10:12 PM 49056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-01-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-01-11 c:\windows\Tasks\Clean System Memory.job
- c:\windows\system32\CleanMem.exe [2010-01-09 22:22]

2010-01-11 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe [2009-05-25 21:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
Trusted Zone: myfairpoint.net
TCP: {B137C99D-5365-4A2C-A95F-D1A48982983B} = 208.67.222.222,208.67.220.220
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\ebxz7oyw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://aolsearch.aol.com/aol/search?invocationType=client_searchbox&query=
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dl l
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinti ng.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.d ll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

Notify-avgrsstarter - avgrsstx.dll
MSConfigStartUp-AVG9_TRAY - c:\progra~1\AVG\AVG9\avgtray.exe
MSConfigStartUp-SpeedItUpEX - c:\program files\Speeditup Free\SpeedItUp.exe



************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 17:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(500)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-11 17:17:39
ComboFix-quarantined-files.txt 2010-01-11 22:17
ComboFix2.txt 2010-01-07 15:01

Pre-Run: 23,001,522,176 bytes free
Post-Run: 23,023,362,048 bytes free

- - End Of File - - 478F52CA32685A4D6A0F217267DA424C
Last edited by mat68046; 01-11-2010 at 10:33 PM. Reason: typo
Reply With Quote