Here we are....
((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.
2010-01-07 21:21 . 2009-11-10 15:26 767952 ----a-w- c:\windows\BDTSupport.dll
2010-01-07 21:20 . 2009-11-10 15:28 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-01-07 21:20 . 2009-11-10 15:28 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-01-07 21:20 . 2009-11-10 15:28 1640400 ----a-w- c:\windows\PCTBDCore.dll
2010-01-07 21:20 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip
2010-01-07 21:20 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip
2010-01-07 21:20 . 2010-01-07 21:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2010-01-07 20:38 . 2010-01-07 20:38 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-01-07 20:25 . 2010-01-07 20:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-07 20:25 . 2010-01-07 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-07 20:20 . 2010-01-07 20:20 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-07 20:20 . 2010-01-07 20:20 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-07 18:23 . 2009-10-30 16:11 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-07 18:23 . 2009-11-09 16:20 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-07 18:23 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-07 18:23 . 2009-09-03 14:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-07 18:23 . 2010-01-09 23:18 -------- d-----w- c:\program files\Spyware Doctor
2010-01-07 18:23 . 2010-01-07 21:53 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-07 18:23 . 2010-01-07 18:23 -------- d-----w- c:\documents and settings\User\Application Data\PC Tools
2010-01-07 18:23 . 2010-01-07 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-01-07 18:15 . 2009-12-16 19:42 872960 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-01-07 18:15 . 2009-12-16 19:42 43008 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-01-07 18:15 . 2009-12-16 19:42 340480 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-01-07 18:15 . 2009-12-16 19:41 346624 ----a-w- c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-24 12:22 . 2009-12-31 23:21 -------- d-----w- c:\documents and settings\User\Application Data\passionuptoolbar
2009-12-21 00:49 . 2009-12-21 00:49 -------- d-----w- c:\documents and settings\Guest\Application Data\passionuptoolbar
2009-12-14 23:02 . 2009-12-14 23:12 19517 ----a-w- c:\windows\hpqins13.dat
2009-12-14 21:06 . 2009-12-28 15:46 -------- d-----w- c:\temp\DMTemp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 15:50 . 2009-04-28 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-10 12:01 . 2009-04-28 19:30 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-09 19:02 . 2010-01-08 03:45 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-01-07 22:09 . 2009-11-03 21:59 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-07 22:03 . 2009-11-03 22:02 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-01-07 11:22 . 2009-04-28 19:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-05 16:45 . 2009-11-10 16:29 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-01 20:03 . 2009-04-28 19:29 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-12-24 12:23 . 2009-12-05 13:20 -------- d-----w- c:\program files\passionuptoolbar
2009-12-24 12:22 . 2009-12-05 13:20 -------- d-----w- c:\program files\Free Offers from Freeze.com
2009-12-21 13:28 . 2009-12-11 14:05 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-19 05:52 . 2009-04-28 19:28 -------- d-----w- c:\program files\Google
2009-12-05 13:21 . 2009-12-05 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\EmailNotifier
2009-12-03 00:47 . 2009-12-03 00:47 33558 ----a-w- c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\Firefox_Toolbar_Uninstaller.exe
2009-12-02 22:28 . 2009-10-11 21:57 -------- d-----w- c:\program files\MSECache
2009-11-29 04:31 . 2009-09-13 16:15 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-03 22:02 . 2009-11-03 22:02 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-11-02 17:52 . 2008-05-21 20:06 22392 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-29 07:45 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2006-02-28 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-02-28 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2006-02-28 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-02-28 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}]
2009-09-25 14:33 91608 ----a-w- c:\program files\passionuptoolbar\passionupdx.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9A782146-1AEF-4ebc-9641-D4309F8A67A4}]
2009-10-20 15:47 258008 ----a-w- c:\program files\passionuptoolbar\auxi\passionuptoolbAu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]
"{2A1998DF-70D2-4b25-B59E-868FBCA20BA1}"= "c:\program files\passionuptoolbar\passionupdx.dll" [2009-09-25 91608]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CLASSES_ROOT\clsid\{2a1998df-70d2-4b25-b59e-868fbca20ba1}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-09 279944]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"NetZero_uoltray"="c:\program files\NetZero\exec.exe" [2008-05-07 1701376]
"cdloader"="c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-28 39408]
"Google Update"="c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-20 133104]
"eFax 4.4"="c:\program files\eFax Messenger 4.4\J2GDllCmd.exe" [2008-10-07 95744]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-10-09 25623336]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"untd_recovery"="c:\program files\NetZero\qsacc\x1exec.exe" [2005-06-28 241664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2006-01-13 196608]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hp 1000 firmware"="c:\program files\hp LaserJet 1000\fwdl.exe" [2001-12-15 36864]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-04-28 68592]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-11 2043160]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-11-18 1243088]
c:\documents and settings\User\Start Menu\Programs\Startup\
eFax 4.4.lnk - c:\program files\eFax Messenger 4.4\J2GTray.exe [2008-10-7 656896]
FrostWire On Startup.lnk - c:\program files\FrostWire\FrostWire.exe [2008-9-3 114688]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-30 12:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Documents and Settings\\User\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/7/2010 1:23 PM 207792]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/28/2009 3:36 PM 108552]
R2 sdauxservice;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [1/7/2010 1:23 PM 359624]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/28/2009 3:36 PM 335240]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [4/28/2009 3:35 PM 297752]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [1/7/2010 4:21 PM 112592]
S2 gupdate1c9f021dfccbd36;Google Update Service (gupdate1c9f021dfccbd36);c:\program files\Google\Update\GoogleUpdate.exe [6/18/2009 9:34 AM 133104]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [5/20/2008 3:11 PM 20160]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [6/14/2008 9:26 AM 18864]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-01-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-28 19:28]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 14:33]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 14:33]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-117609710-839522115-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 11:21]
2010-01-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-117609710-839522115-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-20 11:21]
2010-01-01 c:\windows\Tasks\Norton Security Scan for User.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.3.0.44\Nss.exe [2009-07-17 20:45]
2010-01-07 c:\windows\Tasks\User_Feed_Synchronization-{1D49D00C-5343-4779-9534-E4BCCE4C4AAB}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://my.netzero.net/s/search?r=minisearch
IE: Display All Images with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/228"
IE: Display Image with Full Quality - "c:\program files\NetZero\qsacc\appres.dll/227"
TCP: {371D348B-9F92-4365-80DB-72C60FDD627B} = 192.168.1.254
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?gcht=HC&o=101676&l=dis
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=SOLTDF&q=
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\8vfd0b8i.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-vnxrqfnh - c:\documents and settings\User\Local Settings\Application Data\iisvgg\ejnxsysguard.exe
HKLM-Run-HPHmon03 - c:\windows\system32\hphmon03.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 11:06
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
Completion time: 2010-01-10 11:09:16
ComboFix-quarantined-files.txt 2010-01-10 16:08
Pre-Run: 63,847,583,744 bytes free
Post-Run: 65,289,359,360 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 61A6621FC9BDEABD1BE7D63287C28657