Ok heres the Log
ComboFix 09-12-26.05 - user 12/27/2009 12:12:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.339 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\commy.exe.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
((((((((((((((((((((((((( Files Created from 2009-11-27 to 2009-12-27 )))))))))))))))))))))))))))))))
.
2009-12-27 04:52 . 2009-12-27 04:52 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\AutoTyperMurGee
2009-12-27 04:51 . 2009-12-27 04:53 -------- d-----w- c:\program files\Auto Typer by MurGee
2009-12-27 02:13 . 2009-12-03 21:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-27 02:13 . 2009-12-27 02:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 02:13 . 2009-12-03 21:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-27 00:31 . 2009-12-27 00:31 -------- d-----w- c:\program files\ESET
2009-12-27 00:27 . 2009-12-27 00:29 4072 ----a-w- C:\BdUninstallTool2009.12.26-07.27.32.reg
2009-12-26 05:46 . 2009-12-26 05:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-12-26 00:30 . 2009-12-26 00:30 -------- d-----w- C:\$AVG
2009-12-26 00:29 . 2009-12-26 05:52 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-25 02:28 . 2009-12-25 02:31 38 ----a-w- C:\BdUninstallTool2009.12.24-09.28.13.reg
2009-12-25 02:21 . 2009-12-25 02:25 13322 ------w- C:\BdUninstallTool2009.12.24-09.21.53.reg
2009-12-24 03:26 . 2009-12-24 03:26 -------- d-----w- C:\Downloads
2009-12-22 16:38 . 2009-12-22 16:38 132 ----a-w- c:\windows\system32\rezumatenoi.dat
2009-12-21 16:20 . 2009-12-21 16:20 4 ----a-w- c:\windows\system32\aspdict-en.dat
2009-12-21 16:20 . 2009-12-21 16:20 16 ----a-w- c:\windows\system32\asdict.dat
2009-12-21 05:41 . 2009-12-21 05:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\wsbl.dat
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\ph_white.dat
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\ph_summ.dat
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\ph_black.dat
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\pcwords2.dat
2009-12-21 05:17 . 2009-12-21 05:17 0 ----a-w- c:\windows\system32\pcwords.dat
2009-12-20 19:32 . 2009-12-25 22:00 -------- d-----w- c:\program files\Microsoft Works
2009-12-20 19:29 . 2009-12-20 19:29 -------- d-----w- c:\program files\Microsoft.NET
2009-12-20 19:25 . 2009-12-20 19:25 -------- d-----r- C:\MSOCache
2009-12-19 18:10 . 2009-12-19 18:10 -------- d-----w- c:\documents and settings\user\Application Data\ESET
2009-12-18 00:33 . 2009-12-19 17:46 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-12-14 20:07 . 2009-12-14 20:07 -------- d-----w- C:\GMouse20
2009-12-14 20:07 . 1996-01-09 15:38 283648 ----a-w- c:\windows\uninst.exe
2009-12-14 20:07 . 2009-12-14 20:07 -------- d-----w- c:\documents and settings\user\WINDOWS
2009-12-12 00:17 . 2009-12-18 16:17 0 ----a-w- c:\documents and settings\user\Local Settings\Application Data\prvlcl.dat
2009-12-10 22:09 . 2009-12-10 22:09 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Help
2009-12-09 00:42 . 2009-12-09 00:42 -------- d--h--w- c:\windows\PIF
2009-12-08 21:49 . 2009-12-08 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-12-06 22:03 . 2009-12-06 22:03 -------- d-----w- C:\zee_store
2009-12-06 20:50 . 2009-12-06 20:50 0 ----a-w- c:\windows\nsreg.dat
2009-12-06 20:49 . 2009-12-06 20:49 -------- d-----w- c:\documents and settings\user\Local Settings\Application Data\Mozilla
2009-11-30 02:45 . 2009-11-30 02:45 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-11-30 02:45 . 2009-11-30 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-26 07:01 . 2008-10-04 06:36 -------- d-----w- c:\program files\Alwil Software
2009-12-25 22:27 . 2009-10-04 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-24 18:10 . 2009-10-04 08:36 68128 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-22 03:16 . 2009-10-06 22:49 -------- d-----w- c:\documents and settings\user\Application Data\TeamViewer
2009-12-22 03:15 . 2009-10-25 20:50 -------- d-----w- c:\program files\TeamViewer
2009-12-21 16:14 . 2009-11-22 04:01 -------- d-----w- c:\documents and settings\user\Application Data\Notepad++
2009-12-21 16:14 . 2009-11-22 04:01 -------- d-----w- c:\program files\Notepad++
2009-12-10 22:09 . 2009-10-06 02:06 -------- d-----w- c:\program files\AceHide Free
2009-12-01 02:55 . 2009-11-10 01:02 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-27 04:45 . 2009-11-27 04:45 79488 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-23 23:21 . 2009-11-23 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-11-22 04:49 . 2009-11-21 21:12 -------- d-----w- c:\documents and settings\user\Application Data\mIRC
2009-11-15 06:01 . 2009-10-19 21:12 77656 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-11-12 01:47 . 2009-11-12 01:47 -------- d-----w- c:\documents and settings\user\Application Data\SMART Technologies Inc
2009-11-12 01:29 . 2009-11-12 01:29 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies Inc
2009-11-10 01:02 . 2009-11-10 01:02 -------- d-----w- c:\documents and settings\user\Application Data\JCreator
2009-11-10 01:02 . 2009-11-10 01:02 -------- d-----w- c:\documents and settings\All Users\Application Data\JCreator
2009-11-10 01:02 . 2009-11-10 01:02 -------- d-----w- c:\program files\Xinox Software
2009-11-09 18:22 . 2009-11-09 18:22 845800 ----a-w- c:\documents and settings\user\Application Data\MSNInstaller\msnauins.exe
2009-11-09 18:22 . 2009-11-09 18:21 -------- d-----w- c:\documents and settings\user\Application Data\MSNInstaller
2009-11-03 00:57 . 2009-11-03 00:57 -------- d-----w- c:\program files\ViSplore
2009-11-03 00:57 . 2009-11-03 00:57 -------- d-----w- c:\program files\TrueTransparency
2009-11-03 00:57 . 2009-11-03 00:57 -------- d-----w- c:\program files\WinFlip
2009-11-01 19:32 . 2009-11-01 19:31 -------- d-----w- c:\documents and settings\user\Application Data\ViStart
2009-11-01 19:31 . 2009-11-01 19:31 -------- d-----w- c:\documents and settings\user\Application Data\ViSplore
2009-11-01 19:31 . 2009-11-01 19:31 -------- d-----w- c:\documents and settings\user\Application Data\ViGlance
2009-10-29 07:45 . 2004-08-04 00:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-23 20:54 . 2009-10-06 02:13 63 ----a-w- c:\documents and settings\user\jagex_runescape_preferences2.dat
2009-10-23 20:53 . 2009-10-06 02:03 38 ----a-w- c:\documents and settings\user\jagex_runescape_preferences.dat
2009-10-21 06:00 . 2004-08-04 00:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-04 00:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-10-20 14:58 . 2004-08-03 23:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 16:49 . 2009-10-18 16:50 38208 ----a-w- c:\documents and settings\user\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe2009-10-18 16:49 . 2009-10-18 16:50 38208 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe2009-10-18 16:48 . 2009-10-18 16:48 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-10-13 10:53 . 2004-08-04 00:56 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 20:24 . 2009-10-12 20:23 52770576 ----a-w- c:\documents and settings\user\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-10-12 13:54 . 2004-08-04 00:56 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-04 00:56 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-06 01:43 . 2009-10-06 01:42 1962544 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-10-06 01:33 . 2009-10-06 01:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-06 01:32 . 2009-10-06 01:32 152576 ----a-w- c:\documents and settings\user\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-10-04 21:45 . 2008-10-04 04:57 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-13 22:55 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-06 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AdobeUpdate.jar [2009-12-6 57391]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\user\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Java\\jdk1.6.0_16\\bin\\java.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"43594:TCP"= 43594:TCP:PServer
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/26/2009 9:13 PM 276816]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/26/2009 9:13 PM 19160]
S2 ekrn;ESET Service;"c:\program files\ESET\ESET Smart Security\ekrn.exe" --> c:\program files\ESET\ESET Smart Security\ekrn.exe [?]
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.ca/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\xb22q9ea.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: keyword.URL -
hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Cmaudio - cmicnfg.cpl
ActiveSetup-{0DF7DD50-867C-84C6-D640-CF767142E512} - c:\windows\system32:client.exe
**************************************************************************
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3072)
c:\windows\system32\WININET.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-12-27 12:17:40
ComboFix-quarantined-files.txt 2009-12-27 17:17
Pre-Run: 19,367,055,360 bytes free
Post-Run: 19,413,745,664 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 75CAC1A24AA72F1424235D3795867F66