Thread: Win32 HEUR .... Please Help!!
View Single Post
  #5 (permalink)  
Old 02-09-2010, 10:47 AM
memphius's Avatar
memphius memphius is offline
Junior Member

  
Join Date: Feb 2010
Posts: 13
Send a message via Skype™ to memphius
Default
Blinddragon, thanks for your reply. Below is the requested ComboFix Log.

ComboFix 10-02-08.09 - User 02/09/2010 10:09:52.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1109 [GMT -5:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1845945926-9116041-2765801704-1000
c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
c:\windows\system32\lsprst7.dll
c:\windows\system32\nsprs.dll
c:\windows\system32\serauth1.dll
c:\windows\system32\serauth2.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2010-01-09 to 2010-02-09 )))))))))))))))))))))))))))))))
.

2010-02-02 20:45 . 2010-02-02 20:45 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-02-02 20:45 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-02 20:45 . 2010-02-02 20:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-02 20:45 . 2010-02-02 20:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-02 20:45 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-02 20:24 . 2010-02-02 20:24 -------- d-----w- c:\program files\Trend Micro
2010-02-02 15:25 . 2010-02-02 20:10 -------- d-----w- c:\documents and settings\User\Application Data\LimeWire
2010-02-02 15:22 . 2010-02-02 15:22 -------- d-----w- c:\program files\LimeWire
2010-02-01 20:19 . 2008-04-07 10:38 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-02-01 20:19 . 2008-04-07 10:38 45392 ----a-r- c:\windows\system32\AdobePDF.dll
2010-02-01 17:50 . 2010-02-01 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2010-02-01 17:50 . 2010-02-01 18:04 -------- d-----w- c:\program files\RegCure
2010-02-01 17:41 . 2010-02-02 18:36 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-02-01 17:41 . 2010-02-02 18:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-02-01 17:40 . 2010-02-01 17:40 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Downloaded Installations
2010-02-01 17:25 . 2010-02-01 17:25 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2010-02-01 06:33 . 2010-02-01 17:17 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2010-02-01 06:33 . 2010-02-01 17:17 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2010-02-01 06:31 . 2010-02-01 06:31 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\mdnslib
2010-02-01 06:31 . 2010-02-01 06:31 -------- d-----w- c:\windows\Applian Director
2010-02-01 06:31 . 2010-02-01 06:31 -------- d-----w- c:\program files\Applian Director
2010-02-01 06:30 . 2010-02-01 16:32 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\FLVService
2010-02-01 06:30 . 2010-02-02 18:43 -------- d-----w- c:\program files\Replay Media Catcher
2010-02-01 06:30 . 2010-02-01 06:30 -------- d-----w- c:\windows\Replay Media Catcher
2010-02-01 03:36 . 2003-08-11 15:07 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-02-01 03:36 . 2003-08-11 15:13 344064 ----a-r- c:\windows\system32\msvcr70.dll
2010-01-27 18:35 . 2010-01-27 18:35 -------- d-----w- c:\program files\Common Files\Java
2010-01-24 17:56 . 2010-01-28 02:04 -------- d-----w- C:\Downloads
2010-01-24 17:56 . 2010-01-28 02:05 -------- d-----w- c:\documents and settings\User\Application Data\BitComet
2010-01-24 17:55 . 2010-01-24 17:56 -------- d-----w- c:\program files\BitComet
2010-01-23 21:55 . 2010-01-23 21:55 -------- d-----w- c:\documents and settings\User\Application Data\Apple Computer
2010-01-23 21:17 . 2010-01-23 21:17 -------- d-----w- c:\windows\system32\VirtualExpander
2010-01-21 00:51 . 2010-01-21 00:51 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2010-01-21 00:51 . 2009-11-22 20:42 69000 ----a-w- c:\windows\system32\zlcomm.dll
2010-01-21 00:51 . 2009-11-22 20:42 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2010-01-21 00:51 . 2010-01-21 00:51 -------- d-----w- c:\windows\system32\ZoneLabs
2010-01-21 00:51 . 2009-11-22 20:42 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2010-01-21 00:51 . 2010-01-21 00:51 -------- d-----w- c:\program files\Zone Labs
2010-01-21 00:50 . 2010-02-09 15:18 -------- d-----w- c:\windows\Internet Logs
2010-01-15 20:40 . 1996-01-09 15:38 283648 ----a-w- c:\windows\uninst.exe
2010-01-15 20:40 . 2010-01-15 20:40 -------- d-----w- c:\documents and settings\User\WINDOWS
2010-01-15 18:57 . 2010-01-15 20:24 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-14 23:59 . 2010-01-14 23:59 -------- d-----w- c:\program files\USArmy
2010-01-14 23:08 . 2010-01-19 05:26 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\AA2DeployClient
2010-01-14 23:08 . 2010-01-14 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AA2DeployClient
2010-01-14 23:07 . 2010-01-19 05:49 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\Deployment
2010-01-14 21:53 . 2010-01-19 05:22 139152 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-01-14 21:53 . 2010-01-19 05:22 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-01-14 21:53 . 2010-01-19 05:22 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-01-14 21:53 . 2010-01-19 05:22 794408 ----a-w- c:\windows\system32\pbsvc.exe
2010-01-14 21:53 . 2007-07-20 05:57 267112 ----a-w- c:\windows\system32\xactengine2_9.dll
2010-01-14 21:53 . 2007-07-19 23:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
2010-01-14 21:53 . 2007-07-19 23:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
2010-01-14 20:17 . 2010-01-14 20:18 -------- d-----w- C:\7c5c1ac9c239eb312fd373f5d3
2010-01-14 20:00 . 2010-01-14 20:20 -------- d-----w- c:\windows\system32\XPSViewer
2010-01-14 20:00 . 2010-01-14 20:00 -------- d-----w- c:\program files\Reference Assemblies
2010-01-14 20:00 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpi pelineprintproc.dll
2010-01-14 19:59 . 2006-06-29 18:07 14048 ------w- c:\windows\system32\spmsg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-02-09 15:21 . 2009-11-19 00:23 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-02-09 14:51 . 2009-11-19 00:25 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-02-09 14:50 . 2010-01-23 17:16 3993276 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-02-08 23:28 . 2009-11-23 14:58 0 ----a-w- c:\documents and settings\User\Local Settings\Application Data\prvlcl.dat
2010-02-03 21:06 . 2009-11-19 00:12 -------- d-----w- c:\documents and settings\User\Application Data\vlc
2010-02-02 21:07 . 2010-02-02 21:08 2828288 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-02-02 20:28 . 2009-11-19 00:14 -------- d-----w- c:\documents and settings\User\Application Data\Azureus
2010-02-01 21:29 . 2009-11-18 22:41 71184 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-01 17:50 . 2010-02-01 17:49 125952 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\Temp\Update.exe
2010-02-01 17:35 . 2009-11-23 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-01 03:41 . 2009-11-18 16:24 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-01 03:36 . 2009-11-18 15:19 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-29 00:12 . 2009-11-19 00:21 -------- d-----r- c:\program files\Skype
2010-01-27 18:35 . 2010-01-27 18:35 503808 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-2e1ec358-n\msvcp71.dll
2010-01-27 18:35 . 2010-01-27 18:35 499712 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-2e1ec358-n\jmc.dll
2010-01-27 18:35 . 2010-01-27 18:35 348160 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a2098 76-2e1ec358-n\msvcr71.dll
2010-01-27 18:35 . 2010-01-27 18:35 61440 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-2a92fc51-n\decora-sse.dll
2010-01-27 18:35 . 2010-01-27 18:35 12800 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad3 91-2a92fc51-n\decora-d3d.dll
2010-01-27 18:35 . 2009-11-18 16:25 -------- d-----w- c:\program files\Java
2010-01-25 20:47 . 2009-11-23 13:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-24 18:06 . 2009-11-19 02:31 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss
2010-01-24 18:04 . 2009-11-19 00:14 -------- d-----w- c:\program files\Vuze
2010-01-23 21:20 . 2009-12-11 00:55 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-20 23:37 . 2009-11-19 00:34 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 06:17 . 2009-12-11 00:35 -------- d-----w- c:\program files\Mozilla Firefox 3.6 Beta 4
2010-01-19 05:22 . 2010-01-14 21:53 139152 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys
2010-01-19 05:22 . 2010-01-14 21:53 139152 ----a-w- c:\documents and settings\User\Application Data\PnkBstrK.sys
2010-01-19 04:54 . 2009-12-01 16:55 -------- d-----w- c:\program files\Uninstall Tool
2010-01-19 04:42 . 2009-11-19 00:36 -------- d-----w- c:\program files\Stardock
2010-01-14 20:08 . 2009-12-13 21:50 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-14 20:01 . 2009-11-23 13:39 -------- d-----w- c:\program files\MSBuild
2010-01-14 18:27 . 2010-01-26 17:16 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-01-14 18:27 . 2009-12-10 18:50 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-01-07 17:14 . 2010-01-07 17:14 -------- d-----w- c:\program files\Adobe Media Player
2010-01-07 17:08 . 2010-01-07 17:08 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-06 03:43 . 2009-11-20 05:36 -------- d-----w- c:\documents and settings\User\Application Data\DivX
2010-01-05 20:57 . 2010-01-18 17:59 545280 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\libs\PicLensHelper.ex e
2010-01-05 20:57 . 2010-01-18 17:59 153600 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll
2010-01-05 20:57 . 2010-01-18 17:59 103424 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-05 20:57 . 2010-01-18 17:59 344064 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\libs\LaunchCooliris.e xe
2010-01-05 20:57 . 2010-01-18 17:59 57856 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
2010-01-05 20:57 . 2010-01-18 17:59 4725760 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\libs\cooliris192.dll
2009-12-21 19:14 . 2008-04-14 09:42 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-20 13:57 . 2009-12-20 13:57 -------- d-----w- c:\documents and settings\User\Application Data\AVG9
2009-12-18 16:02 . 2009-11-23 15:30 -------- d-----w- c:\program files\SPSS Evaluation
2009-12-17 22:14 . 2009-11-18 16:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 19:42 . 2010-01-06 17:59 872960 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-12-16 19:42 . 2010-01-06 17:59 43008 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 19:42 . 2010-01-06 17:59 340480 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 19:41 . 2010-01-06 17:59 346624 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-14 19:43 . 2009-11-23 21:25 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-14 19:43 . 2009-11-23 21:25 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-13 21:36 . 2009-12-13 21:36 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-12-10 21:47 . 2009-12-10 21:31 132 ----a-w- c:\windows\system32\09wutili.sys
2009-12-10 21:19 . 2009-12-10 21:19 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-11-26 03:33 . 2009-11-26 03:33 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{BEF726DD-4037-4214-8C6A-E625C02D2870}\ARPPRODUCTICON.exe
2009-11-26 03:32 . 2009-11-26 03:32 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{35725FBC-A136-4A46-9F29-091759D9BB93}\ARPPRODUCTICON.exe
2009-11-26 03:32 . 2009-11-26 03:32 10134 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{EA516024-D84D-41F1-814F-83175A6188F2}\ARPPRODUCTICON.exe
2009-11-23 21:25 . 2009-11-23 21:25 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-23 21:25 . 2009-11-23 21:25 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-23 21:24 . 2009-11-23 21:24 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-11-23 15:32 . 2009-11-23 15:32 1024 ----a-w- c:\windows\system32\clauth2.dll
2009-11-23 15:32 . 2009-11-23 15:32 1024 ----a-w- c:\windows\system32\clauth1.dll
2009-11-23 15:30 . 2009-11-23 15:30 1025 ----a-w- c:\windows\system32\sysprs7.dll
2009-11-21 15:51 . 2008-04-14 09:41 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 00:38 . 2009-11-19 00:38 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-11-19 00:25 . 2009-11-19 00:25 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-19 00:21 . 2009-11-19 00:21 0 ----a-w- c:\windows\nsreg.dat
2009-11-18 23:29 . 2009-11-18 14:46 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-18 23:10 . 2009-11-18 23:10 160288 ----a-w- c:\windows\system32\drivers\afcdp.sys
2009-11-18 23:10 . 2009-11-18 23:10 911680 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2009-11-18 23:10 . 2009-11-18 23:10 581984 ----a-w- c:\windows\system32\drivers\timntr.sys
2009-11-18 23:10 . 2009-11-18 23:10 158272 ----a-w- c:\windows\system32\drivers\snapman.sys
2009-11-18 16:24 . 2009-11-18 16:24 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-18 14:43 . 2009-11-18 14:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-14 00:49 . 2009-11-19 00:19 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2009-11-19 00:19 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
.

------- Sigcheck -------

[-] 2008-11-07 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-12-05 2295072]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-08-14 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-08-14 114688]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2006-08-14 94208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-11-18 30192]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-10-31 5106808]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 61952]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"CoolSwitch"="c:\windows\system32\taskswitch.e xe" [2002-03-19 45632]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-02-08 488984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2007-02-08 774168]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

c:\documents and settings\User\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-14 19:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2009-12-10 21:32 210168 ----a-w- c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
backupExtension=Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 03:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-10-31 08:49 361568 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 07:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 09:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 12:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2007-11-26 19:54 1057064 ----a-w- c:\program files\Nero\Nero 7\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 19:57 153136 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
2007-11-26 19:54 1629480 ----a-w- c:\program files\Nero\Nero 7\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"24974:TCP"= 24974:TCP:BitComet 24974 TCP
"24974:UDP"= 24974:UDP:BitComet 24974 UDP

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\ avgrkx86.sys [11/23/2009 4:24 PM 161800]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [11/18/2009 6:10 PM 911680]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/23/2009 4:25 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/23/2009 4:25 PM 360584]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [11/23/2009 4:24 PM 285392]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [11/18/2009 6:10 PM 160288]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [11/24/2009 12:34 PM 193840]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [11/18/2009 6:10 PM 2480048]
S3 GoogleDesktopManager-090809-085438;Google Desktop Manager 5.9.909.8267;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/18/2009 5:42 PM 30192]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\dr ivers\mbamswissarmy.sys [2/2/2010 3:45 PM 38224]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-12-05 17:27 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-02-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-02-01 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-02-09 c:\windows\Tasks\RegCure Startup.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-02-01 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2009-12-11 19:00]

2010-02-09 c:\windows\Tasks\User_Feed_Synchronization-{25A10DCB-AD8C-4A28-ABB3-0C54ACA61C63}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\components\coolirisst ub.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\USER\Application Data\Mozilla\Firefox\Profiles\9xo1y9ap.default\ext ensions\piclens@cooliris.com\plugins\npcoolirisplu gin.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabl ed", true);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 4\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 4\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-09 10:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-838170752-842925246-1003\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{00E1D732-F8C2-59B9-0984-D58E511CE07E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jaeocglnoapgplihfeki"=hex:62,61,61,6d,00,00
"jaeocglnoapgplihfegp"=hex:62,61,65,6d,00,00
"iaepgdjoplkhnlpmff"=hex:6b,61,68,6d,6f,70,69,67,6 1,6c,62,69,67,6e,64,6e,62,6a,
6b,66,66,61,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1084)
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll

- - - - - - - > 'explorer.exe'(1108)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a 1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\program files\Stardock\Object Desktop\WindowBlinds\tray.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Synaptics\SynTP\SynTPEnh.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
************************************************** ************************
.
Completion time: 2010-02-09 10:24:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-09 15:24

Pre-Run: 71,010,258,944 bytes free
Post-Run: 70,870,196,224 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /fastdetect /NoExecute=OptOut

- - End Of File - - A4F575B245702DCF6C49CE2F69C1F50B
Reply With Quote