Updated combofix log to follow....
ComboFix 09-06-01.03 - NEC User 03/06/2009 23:47.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.522 [GMT 8:00]
Running from: c:\documents and settings\NEC User\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\NEC User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
FILE ::
"c:\documents and settings\NEC User\Application Data\asd.bat"
"C:\MGlogs.zip"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\NEC User\Application Data\asd.bat
C:\MGlogs.zip
C:\MGTools
c:\mgtools\analyse.exe
c:\mgtools\chodefix.bat
c:\mgtools\config.reg
c:\mgtools\DisableUAC.reg
c:\mgtools\EnableUAC.reg
c:\mgtools\ffdata.txt
c:\mgtools\filelog.txt
c:\mgtools\FindOVL.bat
c:\mgtools\FixBagle.bat
c:\mgtools\fixBagle.reg
c:\mgtools\FixCF.bat
c:\mgtools\fixCF.reg
c:\mgtools\fixChode.reg
c:\mgtools\FixFA.bat
c:\mgtools\fixFA.reg
c:\mgtools\GetDetails.exe
c:\mgtools\GetLogs.Bat
c:\mgtools\GetRunKey.bat
c:\mgtools\GetUnKey.txt
c:\mgtools\GetUnKeys.bat
c:\mgtools\grep.exe
c:\mgtools\GRK64.bat
c:\mgtools\hide.reg
c:\mgtools\hijackthis.log
c:\mgtools\history.txt
c:\mgtools\HTAfind.bat
c:\mgtools\IEFIX.reg
c:\mgtools\locate.com
c:\mgtools\ltime.exe
c:\mgtools\newfiles.txt
c:\mgtools\procdll.txt
c:\mgtools\Process.exe
c:\mgtools\ProcessDll.exe
c:\mgtools\Regfix.bat
c:\mgtools\runkeys.txt
c:\mgtools\sed.exe
c:\mgtools\ShowNew.bat
c:\mgtools\SN64.bat
c:\mgtools\swreg.exe
c:\mgtools\swwhoami.exe
c:\mgtools\sysinfo.txt
c:\mgtools\sysrest.txt
c:\mgtools\unhide.reg
c:\mgtools\UserInfo.bat
c:\mgtools\UserInfo.txt
c:\mgtools\vfind.exe
c:\mgtools\VunFind.bat
c:\mgtools\winfiles.txt
c:\mgtools\zip.exe
.
((((((((((((((((((((((((( Files Created from 2009-05-03 to 2009-06-03 )))))))))))))))))))))))))))))))
.
2009-05-28 20:23 . 2009-05-08 10:17 2051864 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-05-28 20:23 . 2009-05-08 10:17 354584 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgxch32.dll
2009-05-28 20:23 . 2009-05-08 10:16 3288344 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-05-28 20:23 . 2009-05-08 10:16 424472 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-28 20:23 . 2009-05-08 10:16 312088 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglngx.dll
2009-05-28 20:23 . 2009-05-08 10:16 177432 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmail.dll
2009-05-28 20:23 . 2009-05-08 10:17 486168 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe
2009-05-16 00:43 . 2009-05-16 00:43 -------- d-----w- C:\40489987797f8ac16b
2009-05-15 10:43 . 2009-05-08 10:17 2302232 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avguiadv.dll
2009-05-15 10:43 . 2009-05-08 10:17 3399960 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-05-11 17:07 . 2009-05-11 17:07 -------- d-----w- c:\program files\Common Files\Windows Live
2009-05-08 10:15 . 2009-05-06 06:47 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-05-08 10:15 . 2009-05-22 06:12 1439488 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-05-08 10:15 . 2009-05-06 06:47 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe
2009-05-08 10:15 . 2009-05-22 06:12 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 10:20 . 2008-10-05 07:21 -------- d-----w- c:\program files\Windows Live
2009-05-17 10:07 . 2007-09-26 05:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-05-12 04:25 . 2008-09-11 00:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-05-08 10:17 . 2008-09-11 00:44 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-08 10:17 . 2008-09-11 00:44 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-08 10:17 . 2008-09-11 00:44 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w- c:\windows\system32\pdh.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 138008]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-15 888832]
"PowerPlan"="c:\program files\QuickButtonV1.0020\PowerPlanGUI.EXE" [2007-06-20 61440]
"CSKYPE"="c:\program files\QuickButtonV1.0020\CSKYPE.EXE" [2007-04-18 249856]
"QButton"="c:\program files\QuickButtonV1.0020\QButton.EXE" [2007-06-19 69632]
"GPIO"="c:\program files\USB_HD\GPIOManager\GPIOManager.exe" [2005-04-14 704000]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-08 1947928]
"{F7D90BD2-14A9-11d3-AD9E-00AA0064EC94}"="c:\program files\Telstra\Signup\tbpt.exe" [2000-10-20 81920]
"BigPondWirelessBroadbandCM"="c:\program files\Telstra\BigPond Wireless Broadband 2.0\BigPond_CM.exe" [2008-09-16 2256896]
"BarbieGirlsTray"="c:\program files\Mattel\Barbie Girls\Mattel.BarbieGirls.Tray.exe" [2007-03-15 24576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"YMailAdvisor"="c:\program files\Yahoo!\Common\YMailAdvisor.exe" [2008-06-05 125208]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-07-11 223984]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 227328]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-04-17 98616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-05-10 16342528]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-06-29 89541]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
Hiro-Media Client.lnk - c:\program files\Hiro-Media\HiroClient\HiroClient.exe [2009-1-22 2860312]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
VersionTrackerPro.lnk - c:\windows\Installer\{64A32253-A906-4AEB-B6A7-A90512B68D87}\New_Shortcut_S1699_A8EB5A2133B04A97AEEFDFB17E2E701D.exe [2008-12-8 53248]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-08 10:17 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/09/2008 8:44 AM 325896]
R1 MyPort;MyPort;c:\windows\system32\drivers\MyPort.sys [26/09/2007 11:36 PM 2127]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/09/2008 8:43 AM 298776]
S3 ASNDIS5;ASNDIS5 Protocol Driver;c:\windows\system32\ASNDIS5.sys [27/08/2008 12:34 AM 16269]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [25/11/2008 5:50 PM 7680]
S3 ZTEusbnet;ZTE USB-NDIS miniport;c:\windows\system32\drivers\ZTEusbnet.sys [25/11/2008 5:50 PM 110080]
.
Contents of the 'Scheduled Tasks' folder
2008-12-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
2009-06-03 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 03:20]
2009-04-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 08:04]
2009-06-03 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 08:04]
2009-06-03 c:\windows\Tasks\WebReg Deskjet F300 series.job
- c:\program files\HP\Digital Imaging\bin\hpqwrg.exe [2006-02-18 07:45]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.bigpond.com/uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: hiro - {50BA1131-168F-4c08-A69B-4012273F222E} - c:\program files\Hiro-Media\HiroClient\OldHiroProtocolHandler.dll
Handler: hirodownload - {77F2FF4C-CEDD-4c71-8ABF-DF7CC05EFC63} - c:\program files\Hiro-Media\HiroClient\HiroProtocolHandler.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-03 23:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1540)
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Synaptics\SynTP\SynNEC.exe
c:\windows\system32\searchindexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\TechTracker\VersionTracker Pro\VersionTrackerPro.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\searchprotocolhost.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
c:\windows\system32\searchfilterhost.exe
.
**************************************************************************
.
Completion time: 2009-06-03 23:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-03 15:54
ComboFix2.txt 2009-06-03 15:34
Pre-Run: 39,728,406,528 bytes free
Post-Run: 39,726,759,936 bytes free
218 --- E O F --- 2009-05-17 10:07