Combofix, DDS and Kaspersky Logs
ComboFix 09-06-09.06 - Administrator 06/10/2009 11:46.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1449 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\clsaar.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\cfscript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
.
((((((((((((((((((((((((( Files Created from 2009-05-10 to 2009-06-10 )))))))))))))))))))))))))))))))
.
2009-06-10 15:28 . 2009-06-10 15:28 -------- d-----w- c:\windows\LastGood
2009-06-10 12:25 . 2009-06-10 12:25 -------- d-----w- c:\program files\MSXML 6.0
2009-06-09 19:19 . 2009-06-09 19:19 -------- d-----w- C:\Rooter$
2009-06-09 12:48 . 2009-06-09 12:48 -------- d-----w- c:\program files\ERUNT
2009-06-09 12:44 . 2009-02-06 10:32 2186112 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-09 12:44 . 2009-02-06 09:49 2020864 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-09 12:44 . 2009-02-06 09:49 2062976 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-06-09 12:44 . 2009-02-06 10:29 2142720 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-09 12:44 . 2008-10-24 11:10 453632 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-06-09 12:43 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-06-08 20:36 . 2005-12-13 07:40 135168 ----a-w- c:\windows\system32\igfxres.dll
2009-06-08 20:29 . 2004-08-04 10:00 9728 -c--a-w- c:\windows\system32\dllcache\query.exe
2009-06-08 20:28 . 2004-08-04 10:00 10129408 -c--a-w- c:\windows\system32\dllcache\hwxkor.dll
2009-06-08 20:27 . 2004-08-04 10:00 45568 -c--a-w- c:\windows\system32\dllcache\browscap.dll
2009-06-08 20:24 . 2004-08-04 10:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2009-06-08 20:23 . 2004-08-04 10:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll
2009-06-08 20:23 . 2004-08-04 10:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe
2009-06-08 20:23 . 2004-08-04 10:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe
2009-06-08 20:23 . 2004-08-04 10:00 214528 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe
2009-06-08 20:00 . 2004-08-04 10:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2009-06-08 20:00 . 2004-08-04 10:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2009-06-08 20:00 . 2004-08-04 10:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2009-06-08 20:00 . 2004-08-04 10:00 13312 ----a-w- c:\windows\system32\irclass.dll
2009-06-04 16:59 . 2009-06-04 16:59 -------- d-s---w- c:\windows\system32\config\systemprofile\History
2009-06-04 11:47 . 2009-06-04 11:47 -------- d-----w- c:\windows\dell
2009-06-03 13:50 . 2009-06-03 20:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-03 13:50 . 2009-06-03 14:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 18:41 . 2009-06-03 20:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-02 16:25 . 2009-06-02 16:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Dell
2009-06-02 16:25 . 2009-06-02 16:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Symantec
2009-06-02 16:25 . 2009-06-02 16:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2009-06-02 14:18 . 2009-06-02 14:18 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-06-02 14:04 . 2007-01-19 19:46 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2009-06-02 14:04 . 2007-01-19 19:46 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2009-06-02 13:59 . 2009-06-02 14:04 156049 ----a-w- c:\windows\hpwins12.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 16:45 . 2009-04-27 19:55 -------- d-----w- c:\program files\Symantec AntiVirus
2009-06-10 15:37 . 2009-01-25 02:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-08 20:22 . 2004-08-11 22:12 23428 ----a-w- c:\windows\system32\emptyregdb.dat
2009-06-08 20:21 . 2009-06-08 20:21 1663 ----a-w- c:\windows\inf\COM158.tmp
2009-06-03 12:54 . 2009-06-02 14:02 -------- d-----w- c:\documents and settings\t.myhre\Application Data\HPAppData
2009-06-02 14:04 . 2009-06-02 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-06-02 14:04 . 2009-06-02 14:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-06-02 14:02 . 2009-06-02 14:02 -------- d-----w- c:\program files\HP
2009-06-02 14:02 . 2009-06-02 14:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-06-02 14:01 . 2009-06-02 14:01 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-04-27 20:54 . 2009-04-27 20:54 -------- d-----w- c:\program files\Lavasoft
2009-04-27 20:54 . 2009-04-27 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-27 20:03 . 2007-10-08 12:49 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-04-27 19:55 . 2007-10-08 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2006-09-07 17:47 . 2006-09-07 17:47 21100 ----a-w- c:\program files\Common Files\AllFreqCable.lst
2006-04-27 21:59 . 2006-04-27 21:59 19594 ----a-w- c:\program files\Common Files\CABLES-S8x0D.LST
.
((((((((((((((((((((((((((((( SnapShot@2009-06-10_15.10.25 )))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2005-10-07 176128]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-24 136600]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-02-20 1191936]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2007-05-29 52840]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2007-10-08 125368]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-12-13 98304]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-12-13 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-12-13 118784]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Cisco Systems VPN Client.lnk - c:\program files\Cisco Systems\VPN Client\vpngui.exe [2007-8-13 1421328]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-27 24576]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0autocheck autochk *\0lsdelete
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wltrysvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
R2 Ad-Aware Enterprise Client;Ad-Aware Enterprise Client;c:\program files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe [9/25/2008 9:44 PM 487424]
R2 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [10/7/2007 8:48 PM 116664]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [4/27/2009 3:02 PM 101936]
S2 tgnaz;tgnaz;c:\windows\system32\drivers\ogrmvx.sys --> c:\windows\system32\drivers\ogrmvx.sys [?]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [8/13/2007 12:35 PM 55344]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [8/13/2007 12:35 PM 9200]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [8/13/2007 12:35 PM 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [8/13/2007 12:35 PM 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [8/13/2007 12:35 PM 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-03-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 20:57]
2009-06-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-13 20:57]
2009-06-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = http://www.google.com/ig/dell?hl=en&...us&ibd=6070727
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070727
LSP: vlsp.dll
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 11:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1292)
c:\windows\system32\vlsp.dll
c:\windows\system32\igfxdev.dll
- - - - - - - > 'lsass.exe'(1360)
c:\windows\system32\vlsp.dll
.
Completion time: 2009-06-10 11:48
ComboFix-quarantined-files.txt 2009-06-10 16:48
ComboFix2.txt 2009-06-10 15:12
Pre-Run: 61,343,989,760 bytes free
Post-Run: 61,335,044,096 bytes free
Current=4 Default=4 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
162 --- E O F --- 2009-06-10 15:28
DDS (Ver_09-05-14.01) - NTFSx86
Run by Administrator at 14:01:06.72 on Wed 06/10/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1357 [GMT -5:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware Enterprise Client\aaclient.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
c:\program files\verizon wireless\venturi\Client\ventc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = http://www.google.com/ig/dell?hl=en&...us&ibd=6070727
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=6070727
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [DellSupport] "c:\program files\dell support\DSAgnt.exe" /startup
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ciscos~1.lnk - c:\program files\cisco systems\vpn client\vpngui.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
LSP: vlsp.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
============= SERVICES / DRIVERS ===============
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-17 611664]
R2 Ad-Aware Enterprise Client;Ad-Aware Enterprise Client;c:\program files\lavasoft\ad-aware enterprise client\aaclient.exe [2008-9-25 487424]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2007-5-29 192104]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2007-5-29 169576]
R2 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2007-10-7 116664]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2007-10-7 1822648]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-6-10 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090609.022\naveng.sys [2009-6-10 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090609.022\navex15.sys [2009-6-10 876144]
S2 tgnaz;tgnaz;c:\windows\system32\drivers\ogrmvx.sys --> c:\windows\system32\drivers\ogrmvx.sys [?]
S3 pwi_bus;Curitel PC Card Composite Device driver (WDM);c:\windows\system32\drivers\pwi_bus.sys [2007-8-13 55344]
S3 pwi_mdfl;Curitel PC Card Filter;c:\windows\system32\drivers\pwi_mdfl.sys [2007-8-13 9200]
S3 pwi_mdm;Curitel PC Card Drivers;c:\windows\system32\drivers\pwi_mdm.sys [2007-8-13 89936]
S3 pwi_oflt;Curitel PC Card OHCI Filter;c:\windows\system32\drivers\pwi_oflt.sys [2007-8-13 9472]
S3 pwi_serd;Curitel PC Card Diagnostic Serial Port (WDM);c:\windows\system32\drivers\pwi_serd.sys [2007-8-13 69632]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-8-13 278384]
=============== Created Last 30 ================
2009-06-10 12:19 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-10 09:52 <DIR> a-dshr-- C:\cmdcons
2009-06-10 09:51 161,792 a------- c:\windows\SWREG.exe
2009-06-10 09:51 155,136 a------- c:\windows\PEV.exe
2009-06-10 09:51 98,816 a------- c:\windows\sed.exe
2009-06-10 07:25 <DIR> --d----- c:\program files\MSXML 6.0
2009-06-09 14:19 <DIR> --d----- C:\Rooter$
2009-06-09 07:44 2,186,112 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-06-09 07:44 2,062,976 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-06-09 07:44 2,020,864 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-06-09 07:44 2,142,720 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-06-09 07:44 453,632 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-06-09 07:43 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-06-08 15:36 135,168 a------- c:\windows\system32\igfxres.dll
2009-06-08 15:29 77,824 ac------ c:\windows\system32\dllcache\quick.ime
2009-06-08 15:28 10,129,408 ac------ c:\windows\system32\dllcache\hwxkor.dll
2009-06-08 15:27 45,568 ac------ c:\windows\system32\dllcache\browscap.dll
2009-06-08 15:24 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-06-08 15:24 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-06-08 15:24 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-06-08 15:24 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-06-08 15:24 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-06-08 15:24 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-06-08 15:24 16,384 ac------ c:\windows\system32\dllcache\isignup.exe
2009-06-08 15:23 32,768 ac------ c:\windows\system32\dllcache\icwdl.dll
2009-06-08 15:23 20,480 ac------ c:\windows\system32\dllcache\inetwiz.exe
2009-06-08 15:23 214,528 ac------ c:\windows\system32\dllcache\icwconn1.exe
2009-06-08 15:23 86,016 ac------ c:\windows\system32\dllcache\icwconn2.exe
2009-06-08 15:00 24,661 ac------ c:\windows\system32\dllcache\spxcoins.dll
2009-06-08 15:00 13,312 ac------ c:\windows\system32\dllcache\irclass.dll
2009-06-08 15:00 24,661 a------- c:\windows\system32\spxcoins.dll
2009-06-08 15:00 13,312 a------- c:\windows\system32\irclass.dll
2009-06-08 10:01 19,569 a------- c:\windows\003499_.tmp
2009-06-04 12:00 10,559 a----r-- c:\windows\SETBB.tmp
2009-06-04 12:00 7,334 ac------ c:\windows\system32\dllcache\wmerrenu.cat
2009-06-04 12:00 22,339 a----r-- c:\windows\SETBA.tmp
2009-06-04 12:00 1,042,903 ac------ c:\windows\system32\dllcache\SP2.CAT
2009-06-04 12:00 13,753 a----r-- c:\windows\SET7F.tmp
2009-06-04 12:00 1,086,058 a----r-- c:\windows\SET73.tmp
2009-06-04 12:00 1,042,903 a----r-- c:\windows\SET70.tmp
2009-06-04 07:54 2,008 a------- c:\windows\wininit.ini
2009-06-04 06:47 <DIR> --d----- c:\windows\dell
2009-06-03 08:50 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-06-03 08:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-06-02 11:25 <DIR> --d----- c:\docume~1\admini~1\applic~1\Dell
2009-06-02 09:04 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-06-02 09:04 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-06-02 09:03 117,760 a------- c:\windows\system32\hpz3l5k2.dll
2009-06-02 09:03 267,864 a----r-- c:\windows\system32\hpzids01.dll
2009-06-02 09:03 364,544 a----r-- c:\windows\system32\hppldcoi.dll
2009-06-02 09:03 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-06-02 09:03 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-06-02 09:03 <DIR> --d----- c:\windows\aqmlk
2009-06-02 09:02 <DIR> --d----- c:\program files\HP
2009-06-02 09:02 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-06-02 08:59 156,049 a------- c:\windows\hpwins12.dat
==================== Find3M ====================
2009-06-10 12:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-08 15:22 23,428 a------- c:\windows\system32\emptyregdb.dat
2009-04-27 14:56 110,952 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-27 14:56 48,768 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-27 14:56 8,014 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-27 14:56 805 a------- c:\windows\system32\drivers\SYMEVENT.INF
2006-09-07 12:47 21,100 a------- c:\program files\common files\AllFreqCable.lst
2006-04-27 16:59 19,594 a------- c:\program files\common files\CABLES-S8x0D.LST
============= FINISH: 14:01:29.99 ===============
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, June 10, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 10, 2009 19:24:45
Records in database: 2335082
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 52287
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 00:57:19
File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACxmofrrpdqbpxnsp.sys.vir Infected: Rootkit.Win32.Agent.lae 1
The selected area was scanned.