ComboFix 10-07-12.02 - Anthony Laine 07/12/2010 23:01:20.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.474 [GMT -4:00]
Running from: c:\documents and settings\Anthony Laine\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anthony Laine\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\System32\ctfmon.exe was missing
Restored copy from - c:\windows\system32\dllcache\ctfmon.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-13 to 2010-07-13 )))))))))))))))))))))))))))))))
.
2010-07-13 03:05 . 2008-04-15 03:00 15360 -c--a-w- c:\windows\system32\dllcache\ctfmon.exe
2010-07-13 03:05 . 2008-04-15 03:00 15360 ----a-w- c:\windows\system32\ctfmon.exe
2010-07-09 22:33 . 2010-07-09 22:33 -------- d-s---w- c:\documents and settings\Anthony Laine\UserData
2010-07-09 22:23 . 2010-07-09 22:23 388096 ----a-r- c:\documents and settings\Anthony Laine\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-07-09 22:23 . 2010-07-09 22:23 -------- d-----w- c:\program files\TrendMicro
2010-07-09 22:17 . 2010-07-09 22:17 -------- d-----w- c:\program files\Common Files\Java
2010-07-09 22:16 . 2010-07-09 22:16 503808 ----a-w- c:\documents and settings\Anthony Laine\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64a1f27c-n\msvcp71.dll
2010-07-09 22:16 . 2010-07-09 22:16 499712 ----a-w- c:\documents and settings\Anthony Laine\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64a1f27c-n\jmc.dll
2010-07-09 22:16 . 2010-07-09 22:16 348160 ----a-w- c:\documents and settings\Anthony Laine\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-64a1f27c-n\msvcr71.dll
2010-07-09 22:16 . 2010-07-09 22:16 61440 ----a-w- c:\documents and settings\Anthony Laine\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6241b8d0-n\decora-sse.dll
2010-07-09 22:16 . 2010-07-09 22:16 12800 ----a-w- c:\documents and settings\Anthony Laine\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6241b8d0-n\decora-d3d.dll
2010-07-09 22:16 . 2010-07-09 22:15 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 22:15 . 2010-07-09 22:15 -------- d-----w- c:\program files\Java
2010-07-09 21:53 . 2010-07-09 21:53 -------- d-----w- c:\documents and settings\Anthony Laine\Application Data\Malwarebytes
2010-07-09 21:52 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-09 21:52 . 2010-07-09 21:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-07-09 21:52 . 2010-07-09 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-09 21:52 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-09 21:15 . 2010-07-09 21:15 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-07-09 20:13 . 2010-07-09 20:13 63488 ----a-w- c:\documents and settings\Anthony Laine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-09 20:13 . 2010-07-09 20:13 52224 ----a-w- c:\documents and settings\Anthony Laine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-07-09 20:13 . 2010-07-09 20:13 117760 ----a-w- c:\documents and settings\Anthony Laine\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-09 20:12 . 2010-07-09 20:12 -------- d-----w- c:\documents and settings\Anthony Laine\Application Data\SUPERAntiSpyware.com
2010-07-09 20:12 . 2010-07-09 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-07-09 20:12 . 2010-07-09 20:12 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-09 18:49 . 2010-07-09 18:49 -------- d-----w- c:\documents and settings\Anthony Laine\Application Data\OnlineArmor
2010-07-09 18:49 . 2010-07-09 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\OnlineArmor
2010-07-09 18:49 . 2010-07-07 16:25 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-07-09 18:49 . 2010-07-07 16:25 28232 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-07-09 18:49 . 2010-07-07 16:25 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-07-09 18:49 . 2010-07-09 18:49 -------- d-----w- c:\program files\Emsisoft
2010-07-08 18:01 . 2010-07-08 18:01 -------- d-----w- C:\spoolerlogs
2010-07-08 18:01 . 2010-07-09 21:56 -------- d-----w- c:\documents and settings\Anthony Laine\Local Settings\Application Data\vosbhcjbt
2010-07-04 02:01 . 2010-07-12 04:03 -------- d-----w- c:\program files\PokerStars.NET
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-09 20:08 . 2009-09-19 17:13 -------- d-----w- c:\program files\CCleaner
2010-07-08 18:09 . 2009-11-07 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-03 23:02 . 2009-02-25 08:28 -------- d-----w- c:\documents and settings\Anthony Laine\Application Data\.purple
2010-07-03 04:41 . 2009-12-05 17:12 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-11 20:53 . 2008-08-15 18:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-06-11 17:57 . 2009-04-03 13:35 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-11 17:57 . 2009-04-03 13:35 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-05-07 16:55 . 2010-05-07 16:55 255472 ----a-w- c:\documents and settings\Anthony Laine\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-05-02 05:22 . 2008-04-15 03:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-15 03:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-16 16:09 . 2007-08-14 01:54 667136 ----a-w- c:\windows\system32\wininet.dll
2010-04-16 16:09 . 2008-04-15 03:00 81920 ----a-w- c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-07-12_03.14.49 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-13 03:07 . 2010-07-13 03:07 16384 c:\windows\temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Anthony Laine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-29 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1044480]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2008-05-14 821768]
"PLFSetL"="c:\windows\PLFSetL.exe" [2007-07-05 94208]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-05-22 425984]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-06-11 2065248]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-12-25 813584]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-16 14:53 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 17:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Anthony Laine^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Anthony Laine\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ------w- c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-15 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-15 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-15 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-15 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Pidgin\\pidgin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Documents and Settings\\Anthony Laine\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Anthony Laine\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/3/2009 9:35 AM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/3/2009 9:35 AM 242896]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [7/9/2010 2:49 PM 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [7/9/2010 2:49 PM 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [7/9/2010 2:49 PM 28232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/16/2010 10:53 AM 308064]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [12/25/2009 10:50 AM 10384]
R2 NetDirectService;NetDirectService ;c:\program files\Nortel NetDirect Client\NetDirectService.exe [6/14/2008 5:16 PM 24576]
R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [7/9/2010 2:49 PM 1283400]
R3 NetDirect;TAP-Win32 NetDirect Adapter;c:\windows\system32\drivers\NetDirect.sys [8/20/2007 1:52 AM 24576]
S3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2/25/2009 6:23 AM 96856]
S3 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [7/9/2010 2:49 PM 3364680]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219689751-1163904332-3694362882-1006Core.job
- c:\documents and settings\Anthony Laine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 14:27]
2010-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3219689751-1163904332-3694362882-1006UA.job
- c:\documents and settings\Anthony Laine\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-29 14:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://exchange.wpi.edu/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Anthony Laine\Application Data\Mozilla\Firefox\Profiles\9jl2q7bx.default\
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/#inbox
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Anthony Laine\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Anthony Laine\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Anthony Laine\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-12 23:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\NdisWanIp]
@DACL=(02 0000)
"LLInterface"="WANARP"
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{21BA8B9A-DDC6-4FA1-8C66-3A5987A267C3}\00Tcpip\\Parameters\\Interfaces\\{71E173C0-ACB2-46C3-A829-CC37F70D5A89}\00\00"
"NumInterfaces"=dword:00000002
"IpInterfaces"=hex:9a,8b,ba,21,c6,dd,a1,4f,8c,66,3a,59,87,a2,67,c3,c0,73,e1,71,
b2,ac,c3,46,a8,29,cc,37,f7,0d,5a,89
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{ACE8FC8B-312B-4A38-9977-C86D826519A0}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{ACE8FC8B-312B-4A38-9977-C86D826519A0}\00\00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{B177F6D1-B797-4837-90B9-11FED540FF22}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{B177F6D1-B797-4837-90B9-11FED540FF22}\00\00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{DD06682C-87DE-422F-AC80-B2416FBA6276}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{DD06682C-87DE-422F-AC80-B2416FBA6276}\00\00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Adapters\{EC39CBED-ED6F-46E3-97F5-CDD3879E9572}]
@DACL=(02 0000)
"LLInterface"=""
"IpConfig"=multi:"Tcpip\\Parameters\\Interfaces\\{EC39CBED-ED6F-46E3-97F5-CDD3879E9572}\00\00"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{21BA8B9A-DDC6-4FA1-8C66-3A5987A267C3}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{291CE2AF-11DB-4A42-A1AC-9ADDC5F495B6}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{71E173C0-ACB2-46C3-A829-CC37F70D5A89}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A5617EB1-426F-4749-B02A-BF4A8D3F06D5}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{B2EFB668-CCFF-4C28-9228-04ED7315EFF8}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{CA06BA2D-E427-48EB-85B0-88848A6D9F07}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DE620591-3001-4E4D-BAE5-B588DE6BB204}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{E271D4AA-9E4F-43BA-8998-E974677F149D}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDHCP"=dword:00000000
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"EnableDeadGWDetect"=dword:00000001
"DontAddDefaultGateway"=dword:00000000
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{EC39CBED-ED6F-46E3-97F5-CDD3879E9572}]
@DACL=(02 0000)
"UseZeroBroadcast"=dword:00000000
"EnableDeadGWDetect"=dword:00000001
"EnableDHCP"=dword:00000001
"IPAddress"=multi:"0.0.0.0\00\00"
"SubnetMask"=multi:"0.0.0.0\00\00"
"DefaultGateway"=multi:"\00"
"DefaultGatewayMetric"=multi:"\00"
"NameServer"=""
"Domain"=""
"RegistrationEnabled"=dword:00000001
"RegisterAdapterName"=dword:00000000
"TCPAllowedPorts"=multi:"0\00\00"
"UDPAllowedPorts"=multi:"0\00\00"
"RawIPAllowedProtocols"=multi:"0\00\00"
"NTEContextList"=multi:"0x00000004\00\00"
"DhcpClassIdBin"=hex:
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(504)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(3284)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxext.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\docume~1\ANTHON~1\LOCALS~1\Temp\RtkBtMnt.exe
.
**************************************************************************
.
Completion time: 2010-07-12 23:12:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-13 03:12
ComboFix2.txt 2010-07-12 03:16
Pre-Run: 73,235,390,464 bytes free
Post-Run: 73,222,639,616 bytes free
- - End Of File - - 65C1CB9B7A703DFF58370BFA30C8745C
Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 6
Out of date! ``````````````````````````````
Antivirus/Firewall Check: Windows Firewall Enabled!
AVG Free 9.0
Online Armor 4.0
```````````````````````````````
Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 21
Out of date Java installed! Adobe Flash Player 10.0.45.2
Adobe Reader 9.3.2
Mozilla Firefox (3.0.10)
Firefox Out of Date! ````````````````````````````````
Process Check:
objlist.exe by Laurent AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
Tall Emu Online Armor OAcat.exe
````````````````````````````````
DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````