The Howling Wolves
Vista Guru
When you have time...I am just interested in findings. House cleaning time with all the rain and wind we are getting.
ComboFix 10-01-20.03 - Dennis Wolfe 01/20/2010 15:37:33.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1977 [GMT -8:00]
Running from: c:\users\Dennis Wolfe\Downloads\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1778125892-3679122061-931157278-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\temp
c:\users\Dennis Wolfe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
.
((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 23:42 . 2010-01-20 23:42 -------- d-----w- c:\users\Dennis Wolfe\AppData\Local\temp
2010-01-19 21:25 . 2010-01-19 21:25 -------- d-----w- C:\archive_db
2010-01-19 13:48 . 2010-01-19 13:48 -------- d-----w- c:\programdata\Paragon
2010-01-19 13:41 . 2009-12-28 23:26 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-01-19 13:40 . 2010-01-19 13:40 -------- d-----w- c:\program files\Paragon Software
2010-01-19 03:05 . 2010-01-19 03:05 -------- d-----w- c:\programdata\FileCure
2010-01-18 23:22 . 2009-12-02 20:21 21896 ----a-w- c:\windows\system32\drivers\eufs.sys
2010-01-18 23:21 . 2009-12-02 20:20 15240 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2010-01-18 23:21 . 2009-12-02 20:20 27016 ----a-w- c:\windows\system32\drivers\eubakup.sys
2010-01-18 23:21 . 2009-12-02 20:20 123784 ----a-w- c:\windows\system32\drivers\EuDisk.sys
2010-01-18 23:21 . 2010-01-18 23:21 -------- d-----w- c:\program files\EASEUS
2010-01-15 18:33 . 2010-01-17 18:10 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\Western Digital
2010-01-15 18:32 . 2010-01-15 18:33 -------- d-----w- c:\users\Dennis Wolfe\AppData\Local\Western DigitalTemp
2010-01-15 18:32 . 2010-01-15 18:32 -------- d-----w- c:\programdata\Western Digital
2010-01-13 15:02 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:02 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 15:55 . 2010-01-17 18:10 -------- d-----w- c:\users\Dennis Wolfe\AppData\Local\Western Digital
2010-01-09 19:32 . 2010-01-09 19:32 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\TrojanHunter
2010-01-08 16:50 . 2010-01-08 16:50 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-06 18:06 . 2010-01-06 18:06 -------- d-----w- c:\users\Dennis Wolfe\AppData\Local\MigWiz
2010-01-04 15:26 . 2010-01-04 15:27 -------- d-----w- c:\program files\SIW
2010-01-01 18:49 . 2010-01-01 18:49 -------- d-----w- c:\program files\Microsoft LifeCam
2009-12-31 00:58 . 2009-12-31 00:58 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-30 00:14 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-30 00:14 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-30 00:14 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-30 00:14 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-30 00:14 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-30 00:14 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-30 00:14 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-12-29 23:30 . 2009-12-29 23:30 -------- d-----w- c:\program files\Realtek
2009-12-29 15:49 . 2009-12-29 15:49 -------- d-----w- c:\program files\Alwil Software
2009-12-28 23:27 . 2009-12-28 23:27 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-12-28 23:26 . 2009-12-28 23:26 249872 ----a-w- c:\windows\system32\prgiso.dll
2009-12-28 23:26 . 2009-12-28 23:26 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2009-12-28 23:26 . 2009-12-28 23:26 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2009-12-28 23:26 . 2009-12-28 23:26 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2009-12-27 15:08 . 2009-12-27 15:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-26 23:54 . 2010-01-14 19:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-26 22:35 . 2009-12-27 15:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-26 16:40 . 2009-12-26 16:40 -------- d-----w- c:\program files\Glary Utilities
2009-12-23 16:49 . 2009-12-23 16:49 -------- d-----w- c:\program files\Jasc Software Inc
2009-12-23 15:02 . 2009-12-23 15:02 -------- d-----w- c:\program files\Auslogics
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 23:31 . 2009-10-21 22:32 32536 ----a-w- c:\programdata\nvModes.dat
2010-01-20 23:30 . 2009-01-18 18:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 23:14 . 2009-11-21 14:13 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\SUPERAntiSpyware.com
2010-01-20 23:14 . 2009-01-21 21:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-20 22:06 . 2009-01-20 02:42 -------- d-----w- c:\programdata\Google Updater
2010-01-20 15:50 . 2009-04-13 13:39 -------- d-----w- c:\program files\SpywareBlaster
2010-01-19 12:57 . 2009-02-09 15:31 -------- d-----w- c:\programdata\DriverCure
2010-01-19 12:51 . 2009-02-09 15:31 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\DriverCure
2010-01-19 12:35 . 2009-02-09 15:31 -------- d-----w- c:\programdata\ParetoLogic
2010-01-13 15:49 . 2009-01-18 14:31 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 15:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 16:50 . 2009-02-09 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 00:07 . 2009-02-09 17:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2009-02-09 17:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 21:39 . 2009-11-21 14:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 18:51 . 2009-01-18 00:37 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-01-01 18:04 . 2009-03-21 15:39 -------- d-----w- c:\program files\SpeedFan
2009-12-31 00:54 . 2009-01-18 00:50 -------- d-----w- c:\programdata\Roxio
2009-12-26 17:08 . 2009-02-07 17:12 -------- d-----w- c:\programdata\PC Tools
2009-12-26 17:08 . 2009-01-18 21:26 -------- d-----w- c:\programdata\Kodak
2009-12-26 17:08 . 2009-01-18 15:38 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-26 17:08 . 2009-01-18 00:57 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-12-26 16:57 . 2009-01-18 04:12 -------- d-----w- c:\programdata\NVIDIA
2009-12-26 16:45 . 2009-11-10 00:09 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\HpUpdate
2009-12-24 21:56 . 2009-01-22 00:09 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\Roxio
2009-12-24 15:01 . 2009-10-19 18:38 -------- d-----w- c:\program files\PCPitstop
2009-12-24 15:01 . 2009-10-19 18:38 -------- d-----w- c:\programdata\PCPitstop
2009-12-22 23:53 . 2009-12-11 22:56 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-22 23:39 . 2009-01-18 00:31 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-15 15:02 . 2009-01-18 02:16 124088 ----a-w- c:\users\Dennis Wolfe\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-02 00:49 . 2009-12-02 00:48 -------- d-----w- c:\program files\Ask.com
2009-11-25 15:29 . 2009-01-18 21:39 -------- d-----w- c:\program files\Common Files\Kodak
2009-11-25 15:27 . 2009-01-18 21:36 225280 ----a-w- c:\programdata\Kodak\EasyShareSetup\wtf\finish.exe
2009-11-25 15:27 . 2009-01-18 21:35 225280 ----a-w- c:\programdata\Kodak\EasyShareSetup\wtf\start.exe
2009-11-25 15:27 . 2009-11-25 15:27 1187840 ----a-w- c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_458bbc\EasyShrx.Dll
2009-11-21 06:40 . 2009-12-09 14:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 14:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 14:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 12:31 . 2009-12-09 15:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 15:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 15:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-07 14:09 . 2009-01-31 19:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-04 15:02 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 09:17 . 2009-11-25 14:08 2048 ----a-w- c:\windows\system32\tzres.dll
2009-02-01 21:22 . 2009-02-01 21:22 22 --sha-w- c:\windows\SMINST\HPCD.sys
2009-01-18 00:16 . 2009-01-18 00:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\users\Dennis Wolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-27 3446512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Dennis Wolfe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ePrompter.lnk]
backup=c:\windows\pss\ePrompter.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Dennis Wolfe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ImpulseNow.lnk]
backup=c:\windows\pss\ImpulseNow.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Diskmd3 Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 19:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 11:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 22:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-05-24 21:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 23:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-08-05 19:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-08 00:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-27 00:32 13789728 ----a-w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-27 00:32 92704 ----a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-06-27 00:32 768544 ----a-w- c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ------w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 20:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 10:56 54936 ----a-w- c:\windows\System32\jureg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-07 14:09 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-01-06 21:39 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-20 02:42 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-27 00:21 757248 ----a-w- c:\windows\vVX3000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):15,b6,47,46,74,e0,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1778125892-3679122061-931157278-1001]
"EnableNotificationsRef"=dword:00000002
R0 hotcore3;hc3ServiceName;c:\windows\System32\drivers\hotcore3.sys [01/19/2010 5:41 AM 40560]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/29/2009 4:14 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/29/2009 4:14 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/29/2009 4:14 PM 53328]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [01/17/2009 4:53 PM 198240]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\System32\drivers\dc3d.sys [01/15/2009 9:15 AM 15360]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\System32\drivers\nvoclock.sys [03/09/2009 11:25 AM 38304]
R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [06/17/2009 4:20 AM 12648]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\System32\drivers\xcbda.sys [09/07/2007 6:36 AM 156928]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [09/03/2006 10:32 AM 208896]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [05/10/2006 9:13 AM 29696]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\System32\drivers\EuDisk.sys [01/18/2010 3:21 PM 123784]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [01/19/2009 5:30 AM 21504]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [01/17/2009 4:17 PM 265216]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05020000};PCD5SRVC{BD6912E3-AC9D80E8-05020000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [05/15/2007 4:47 PM 25632]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [01/19/2009 5:29 AM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [01/19/2009 5:29 AM 251904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-01-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-26 20:09]
2010-01-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-20 20:35]
2010-01-20 c:\windows\Tasks\Paragon Archive name arc_190110212343379.job
- c:\program files\Paragon Software\Backup and Recovery 10 Compact Edition\program\scripts.exe [2009-12-28 23:26]
2010-01-20 c:\windows\Tasks\User_Feed_Synchronization-{EBFE5E5E-E290-4C70-A235-1B1F69AAA182}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-COMODO Registry Cleaner - c:\program files\COMODO\Registry Cleaner\CRC.exe
MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-20 15:42
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05020000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-01-20 15:44:28
ComboFix-quarantined-files.txt 2010-01-20 23:44
Pre-Run: 304,081,600,512 bytes free
Post-Run: 304,032,088,064 bytes free
- - End Of File - - F859F40BD48BD9C176060F2788920A5F
ComboFix 10-01-20.03 - Dennis Wolfe 01/20/2010 15:37:33.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3071.1977 [GMT -8:00]
Running from: c:\users\Dennis Wolfe\Downloads\ComboFix.exe
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1778125892-3679122061-931157278-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\temp
c:\users\Dennis Wolfe\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SUPERAntiSpyware Free Edition.lnk
.
((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.
2010-01-20 23:42 . 2010-01-20 23:42 -------- d-----w- c:\users\Dennis Wolfe\AppData\Local\temp
2010-01-19 21:25 . 2010-01-19 21:25 -------- d-----w- C:\archive_db
2010-01-19 13:48 . 2010-01-19 13:48 -------- d-----w- c:\programdata\Paragon
2010-01-19 13:41 . 2009-12-28 23:26 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-01-19 13:40 . 2010-01-19 13:40 -------- d-----w- c:\program files\Paragon Software
2010-01-19 03:05 . 2010-01-19 03:05 -------- d-----w- c:\programdata\FileCure
2010-01-18 23:22 . 2009-12-02 20:21 21896 ----a-w- c:\windows\system32\drivers\eufs.sys
2010-01-18 23:21 . 2009-12-02 20:20 15240 ----a-w- c:\windows\system32\drivers\eudskacs.sys
2010-01-18 23:21 . 2009-12-02 20:20 27016 ----a-w- c:\windows\system32\drivers\eubakup.sys
2010-01-18 23:21 . 2009-12-02 20:20 123784 ----a-w- c:\windows\system32\drivers\EuDisk.sys
2010-01-18 23:21 . 2010-01-18 23:21 -------- d-----w- c:\program files\EASEUS
2010-01-15 18:33 . 2010-01-17 18:10 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\Western Digital
2010-01-15 18:32 . 2010-01-15 18:33 -------- d-----w- c:\users\Dennis Wolfe\AppData\Local\Western DigitalTemp
2010-01-15 18:32 . 2010-01-15 18:32 -------- d-----w- c:\programdata\Western Digital
2010-01-13 15:02 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-13 15:02 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-01-11 15:55 . 2010-01-17 18:10 -------- d-----w- c:\users\Dennis Wolfe\AppData\Local\Western Digital
2010-01-09 19:32 . 2010-01-09 19:32 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\TrojanHunter
2010-01-08 16:50 . 2010-01-08 16:50 5115824 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-06 18:06 . 2010-01-06 18:06 -------- d-----w- c:\users\Dennis Wolfe\AppData\Local\MigWiz
2010-01-04 15:26 . 2010-01-04 15:27 -------- d-----w- c:\program files\SIW
2010-01-01 18:49 . 2010-01-01 18:49 -------- d-----w- c:\program files\Microsoft LifeCam
2009-12-31 00:58 . 2009-12-31 00:58 690952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-30 00:14 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-12-30 00:14 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-12-30 00:14 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-30 00:14 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-30 00:14 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-12-30 00:14 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-12-30 00:14 . 2009-11-24 23:49 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2009-12-29 23:30 . 2009-12-29 23:30 -------- d-----w- c:\program files\Realtek
2009-12-29 15:49 . 2009-12-29 15:49 -------- d-----w- c:\program files\Alwil Software
2009-12-28 23:27 . 2009-12-28 23:27 4254224 ----a-w- c:\windows\system32\qtp-mt334.dll
2009-12-28 23:26 . 2009-12-28 23:26 249872 ----a-w- c:\windows\system32\prgiso.dll
2009-12-28 23:26 . 2009-12-28 23:26 385544 ----a-w- c:\windows\system32\drivers\Uim_IM.sys
2009-12-28 23:26 . 2009-12-28 23:26 34392 ----a-w- c:\windows\system32\drivers\UimBus.sys
2009-12-28 23:26 . 2009-12-28 23:26 261416 ----a-w- c:\windows\system32\drivers\UimFIO.sys
2009-12-27 15:08 . 2009-12-27 15:08 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-12-26 23:54 . 2010-01-14 19:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-26 22:35 . 2009-12-27 15:36 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-26 16:40 . 2009-12-26 16:40 -------- d-----w- c:\program files\Glary Utilities
2009-12-23 16:49 . 2009-12-23 16:49 -------- d-----w- c:\program files\Jasc Software Inc
2009-12-23 15:02 . 2009-12-23 15:02 -------- d-----w- c:\program files\Auslogics
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 23:31 . 2009-10-21 22:32 32536 ----a-w- c:\programdata\nvModes.dat
2010-01-20 23:30 . 2009-01-18 18:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-20 23:14 . 2009-11-21 14:13 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\SUPERAntiSpyware.com
2010-01-20 23:14 . 2009-01-21 21:23 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-20 22:06 . 2009-01-20 02:42 -------- d-----w- c:\programdata\Google Updater
2010-01-20 15:50 . 2009-04-13 13:39 -------- d-----w- c:\program files\SpywareBlaster
2010-01-19 12:57 . 2009-02-09 15:31 -------- d-----w- c:\programdata\DriverCure
2010-01-19 12:51 . 2009-02-09 15:31 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\DriverCure
2010-01-19 12:35 . 2009-02-09 15:31 -------- d-----w- c:\programdata\ParetoLogic
2010-01-13 15:49 . 2009-01-18 14:31 -------- d-----w- c:\programdata\Microsoft Help
2010-01-13 15:49 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-01-08 16:50 . 2009-02-09 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-08 00:07 . 2009-02-09 17:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-08 00:07 . 2009-02-09 17:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-06 21:39 . 2009-11-21 14:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-04 18:51 . 2009-01-18 00:37 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-01-01 18:04 . 2009-03-21 15:39 -------- d-----w- c:\program files\SpeedFan
2009-12-31 00:54 . 2009-01-18 00:50 -------- d-----w- c:\programdata\Roxio
2009-12-26 17:08 . 2009-02-07 17:12 -------- d-----w- c:\programdata\PC Tools
2009-12-26 17:08 . 2009-01-18 21:26 -------- d-----w- c:\programdata\Kodak
2009-12-26 17:08 . 2009-01-18 15:38 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-26 17:08 . 2009-01-18 00:57 -------- d-----w- c:\program files\PC-Doctor 5 for Windows
2009-12-26 16:57 . 2009-01-18 04:12 -------- d-----w- c:\programdata\NVIDIA
2009-12-26 16:45 . 2009-11-10 00:09 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\HpUpdate
2009-12-24 21:56 . 2009-01-22 00:09 -------- d-----w- c:\users\Dennis Wolfe\AppData\Roaming\Roxio
2009-12-24 15:01 . 2009-10-19 18:38 -------- d-----w- c:\program files\PCPitstop
2009-12-24 15:01 . 2009-10-19 18:38 -------- d-----w- c:\programdata\PCPitstop
2009-12-22 23:53 . 2009-12-11 22:56 -------- d-----w- c:\program files\Windows Live Safety Center
2009-12-22 23:39 . 2009-01-18 00:31 -------- d-----w- c:\program files\Hewlett-Packard
2009-12-15 15:02 . 2009-01-18 02:16 124088 ----a-w- c:\users\Dennis Wolfe\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-02 00:49 . 2009-12-02 00:48 -------- d-----w- c:\program files\Ask.com
2009-11-25 15:29 . 2009-01-18 21:39 -------- d-----w- c:\program files\Common Files\Kodak
2009-11-25 15:27 . 2009-01-18 21:36 225280 ----a-w- c:\programdata\Kodak\EasyShareSetup\wtf\finish.exe
2009-11-25 15:27 . 2009-01-18 21:35 225280 ----a-w- c:\programdata\Kodak\EasyShareSetup\wtf\start.exe
2009-11-25 15:27 . 2009-11-25 15:27 1187840 ----a-w- c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_458bbc\EasyShrx.Dll
2009-11-21 06:40 . 2009-12-09 14:54 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 14:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:34 . 2009-12-09 14:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 04:59 . 2009-12-09 14:53 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-09 12:31 . 2009-12-09 15:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-09 15:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-09 15:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-11-07 14:09 . 2009-01-31 19:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-04 15:02 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 09:17 . 2009-11-25 14:08 2048 ----a-w- c:\windows\system32\tzres.dll
2009-02-01 21:22 . 2009-02-01 21:22 22 --sha-w- c:\windows\SMINST\HPCD.sys
2009-01-18 00:16 . 2009-01-18 00:11 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
c:\users\Dennis Wolfe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2009-1-27 3446512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
backup=c:\windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
backup=c:\windows\pss\WDDMStatus.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDSmartWare.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
backup=c:\windows\pss\WDSmartWare.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Dennis Wolfe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ePrompter.lnk]
backup=c:\windows\pss\ePrompter.lnk.Startup
backupExtension=.Startup
[HKLM\~\startupfolder\C:^Users^Dennis Wolfe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ImpulseNow.lnk]
backup=c:\windows\pss\ImpulseNow.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CarboniteSetupLite
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON]
FactoryMode [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IE New Window Maximizer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Pitstop Diskmd3 Reminder
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 19:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 11:08 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2008-11-07 22:16 111936 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-05-24 21:13 71176 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-12-08 23:50 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-08-05 19:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
2007-04-18 15:01 65536 ----a-w- c:\hp\support\hpsysdrv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2009-07-24 23:05 118640 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-01-08 00:07 1394000 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2009-06-27 00:32 13789728 ----a-w- c:\windows\System32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2009-06-27 00:32 92704 ----a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2009-06-27 00:32 768544 ----a-w- c:\windows\System32\nvsvc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro]
2007-02-15 11:59 118784 ------w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2009-10-09 20:11 25623336 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg]
2007-04-07 10:56 54936 ----a-w- c:\windows\System32\jureg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-11-07 14:09 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-01-06 21:39 2002160 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-20 02:42 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX3000]
2009-06-27 00:21 757248 ----a-w- c:\windows\vVX3000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):15,b6,47,46,74,e0,c9,01
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1778125892-3679122061-931157278-1001]
"EnableNotificationsRef"=dword:00000002
R0 hotcore3;hc3ServiceName;c:\windows\System32\drivers\hotcore3.sys [01/19/2010 5:41 AM 40560]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [12/29/2009 4:14 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [12/29/2009 4:14 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [12/29/2009 4:14 PM 53328]
R2 HPBtnSrv;HP Chasis Button Service;c:\hp\HPEZBTN\HPBtnSrv.exe [01/17/2009 4:53 PM 198240]
R3 dc3d;USBCCGP filter driver (dc3d);c:\windows\System32\drivers\dc3d.sys [01/15/2009 9:15 AM 15360]
R3 nvoclock;NVIDIA Enthusiasts Platform KDM;c:\windows\System32\drivers\nvoclock.sys [03/09/2009 11:25 AM 38304]
R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [06/17/2009 4:20 AM 12648]
R3 xcbdaNtsc;ViXS Tuner Card (NTSC);c:\windows\System32\drivers\xcbda.sys [09/07/2007 6:36 AM 156928]
S2 DQLWinService;DQLWinService;c:\program files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [09/03/2006 10:32 AM 208896]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\Intel\IntelDH\Intel Media Server\tools\IntelDHSvcConf.exe [05/10/2006 9:13 AM 29696]
S3 EuDisk;EASEUS Disk Enumerator;c:\windows\System32\drivers\EuDisk.sys [01/18/2010 3:21 PM 123784]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [01/19/2009 5:30 AM 21504]
S3 netr73;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\System32\drivers\netr73.sys [01/17/2009 4:17 PM 265216]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05020000};PCD5SRVC{BD6912E3-AC9D80E8-05020000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [05/15/2007 4:47 PM 25632]
S3 VST_DPV;VST_DPV;c:\windows\System32\drivers\VSTDPV3.SYS [01/19/2009 5:29 AM 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\System32\drivers\VSTBS23.SYS [01/19/2009 5:29 AM 251904]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-01-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2009-12-26 20:09]
2010-01-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-20 20:35]
2010-01-20 c:\windows\Tasks\Paragon Archive name arc_190110212343379.job
- c:\program files\Paragon Software\Backup and Recovery 10 Compact Edition\program\scripts.exe [2009-12-28 23:26]
2010-01-20 c:\windows\Tasks\User_Feed_Synchronization-{EBFE5E5E-E290-4C70-A235-1B1F69AAA182}.job
- c:\windows\system32\msfeedssync.exe [2009-12-09 04:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Pavilion&pf=desktop
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
.
- - - - ORPHANS REMOVED - - - -
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
MSConfigStartUp-COMODO Registry Cleaner - c:\program files\COMODO\Registry Cleaner\CRC.exe
MSConfigStartUp-RtHDVCpl - RtHDVCpl.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-01-20 15:42
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05020000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2010-01-20 15:44:28
ComboFix-quarantined-files.txt 2010-01-20 23:44
Pre-Run: 304,081,600,512 bytes free
Post-Run: 304,032,088,064 bytes free
- - End Of File - - F859F40BD48BD9C176060F2788920A5F
My Computer
System One
-
- Manufacturer/Model
- HP Pavilon Elite
- CPU
- Intel(R)Core(TM)2 Quad CPU [email protected]
- Motherboard
- ASUS eK Berkeley
- Memory
- 4GB
- Monitor(s) Displays
- HP w2408 Vivid Color Widescreen LCD
- Cooling
- That's where I keep my beer
- Mouse
- MS WIRELESS
- Keyboard
- MS WIRELESS
- Internet Speed
- AT&T Uverse DSL
