ComboFix 09-07-28.01 - User 07/28/2009 12:49.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1420 [GMT -7:00]
Running from: c:\documents and settings\User\My Documents\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\MRsdrfesa3J2.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 )))))))))))))))))))))))))))))))
.
2009-07-28 00:57 . 2009-07-28 00:57 -------- d-----w- c:\program files\Trend Micro
2009-07-27 19:27 . 2009-07-27 19:33 -------- d-----w- c:\program files\Exterminate It!
2009-07-27 18:58 . 2009-07-27 18:58 27136 ----a-w- c:\windows\system32\UACjcfmlidqvp.dll
2009-07-25 10:37 . 2009-07-25 10:37 -------- d-----w- c:\program files\SnailWeb
2009-07-25 10:37 . 2009-07-25 10:37 -------- d-----w- c:\windows\system32\Temp
2009-07-25 10:29 . 2009-07-28 00:58 -------- d-----w- c:\program files\AOA
2009-07-21 03:35 . 2009-07-21 03:35 -------- d-----w- c:\documents and settings\User\Application Data\Ultra Fractal 5
2009-07-20 06:45 . 2009-07-20 06:45 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-20 06:45 . 2009-07-28 19:20 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-07-20 06:43 . 2009-07-28 19:42 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-07-20 06:42 . 2009-07-20 06:42 -------- d-----w- c:\program files\Common Files\Skype
2009-07-20 06:42 . 2009-07-20 23:02 -------- d-----r- c:\program files\Skype
2009-07-20 06:42 . 2009-07-20 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-07-16 12:51 . 2009-07-16 12:51 -------- d-sh--w- C:\found.005
2009-07-15 11:45 . 2009-07-15 11:49 -------- d-----w- c:\program files\Realspace3_at
2009-07-11 17:24 . 2009-07-11 17:25 -------- d-----w- c:\program files\Shockwave.com
2009-07-07 02:16 . 2009-07-07 03:32 -------- d-----w- c:\windows\system32\Adobe
2009-07-04 15:08 . 2009-07-04 15:07 2054424 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-04 15:08 . 2009-07-04 15:07 2167576 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgresf.dll
2009-07-04 15:08 . 2009-07-04 15:07 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-02 12:58 . 2009-07-02 12:58 -------- d-sh--w- C:\found.004
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-28 19:49 . 2009-06-27 22:43 -------- d-----w- c:\documents and settings\User\Application Data\DNA
2009-07-28 19:19 . 2009-06-27 22:43 -------- d-----w- c:\program files\DNA
2009-07-25 03:24 . 2009-06-20 00:44 -------- d-----w- c:\program files\Apophysis 2.0
2009-07-25 02:13 . 2009-04-14 00:19 3782 ----a-w- c:\documents and settings\User\Application Data\wklnhst.dat
2009-07-19 05:28 . 2009-05-13 19:46 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLec.DAT
2009-07-19 05:28 . 2009-05-13 19:43 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLds.DAT
2009-07-04 15:07 . 2009-04-08 19:11 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-27 23:20 . 2009-06-27 22:42 -------- d-----w- c:\program files\GamersFirst
2009-06-27 23:20 . 2008-02-10 19:54 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-26 08:28 . 2009-04-22 02:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2009-06-26 06:55 . 2009-06-25 11:17 -------- d-----w- c:\documents and settings\User\Application Data\GetRightToGo
2009-06-25 22:46 . 2009-06-25 22:46 -------- d-----w- c:\program files\Acclaim
2009-06-25 01:51 . 2009-06-25 01:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-06-25 01:51 . 2009-06-25 01:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVGTOOLBAR
2009-06-25 01:51 . 2009-04-08 19:11 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-25 01:51 . 2009-04-08 19:11 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-18 00:44 . 2008-02-10 20:08 -------- d-----w- c:\program files\Google
2009-06-18 00:42 . 2009-06-18 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-16 14:55 . 2004-08-10 18:51 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2004-08-10 18:51 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-14 23:07 . 2009-06-27 13:44 1004800 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-06-14 08:33 . 2008-02-10 20:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-14 08:25 . 2009-06-12 20:21 -------- d-----w- c:\program files\iWin Games
2009-06-13 14:53 . 2009-06-12 20:12 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-13 13:40 . 2009-06-13 13:40 -------- d-----w- c:\documents and settings\Debbie\Application Data\iWin
2009-06-12 20:22 . 2009-06-12 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games
2009-06-12 20:12 . 2009-06-12 20:12 -------- d-----w- c:\documents and settings\Debbie\Application Data\pixelStorm
2009-06-11 19:28 . 2008-02-10 20:45 -------- d-----w- c:\program files\Microsoft Works
2009-06-11 17:29 . 2009-06-11 03:21 -------- d-----w- c:\documents and settings\Debbie\Application Data\AVGTOOLBAR
2009-06-11 03:21 . 2009-06-11 03:21 -------- d-----w- c:\documents and settings\Debbie\Application Data\Yahoo!
2009-06-05 01:04 . 2009-06-05 01:04 -------- d-----w- c:\documents and settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-06-03 19:27 . 2004-08-10 18:51 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 23:14 . 2009-06-01 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-01 01:59 . 2009-06-01 01:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-01 01:59 . 2009-06-05 01:04 38200 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe2009-05-23 06:56 . 2009-04-08 17:18 56528 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-19 10:59 . 2009-05-19 11:00 17416 ----a-w- c:\windows\Fonts\RUNE.TTF
2009-05-08 23:56 . 2009-05-08 23:56 92 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\uninst2.bat
2009-05-08 23:55 . 2009-05-08 23:55 683801 ----a-w- c:\documents and settings\All Users\Application Data\Last.fm\Client\UninstWMP\unins000.exe
2009-05-07 15:44 . 2004-08-10 18:51 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-02 19:55 . 2009-04-08 19:11 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-23 04:01 . 2009-04-10 17:03 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-02-10 19:55 . 2008-02-10 19:55 76 --sh--r- c:\windows\CT4CET.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-06-26 17:36 1008896 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-06-26 1008896]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-06-18 39408]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-27 318272]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-06-26 25604904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-25 1948440]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NkbMonitor.exe.lnk - c:\program files\Nikon\PictureProject\NkbMonitor.exe [2009-5-13 118784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-25 01:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57866:TCP"= 57866:TCP:Pando Media Booster
"57866:UDP"= 57866:UDP:Pando Media Booster
"56882:TCP"= 56882:TCP:Pando Media Booster
"56882:UDP"= 56882:UDP:Pando Media Booster
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/8/2009 12:11 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/8/2009 12:11 PM 108552]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [9/10/2007 11:45 PM 124832]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/24/2009 6:51 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/24/2009 6:51 PM 298776]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2/10/2008 12:27 PM 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2/10/2008 12:27 PM 7424]
S2 gupdate1c9efadd513e000;Google Update Service (gupdate1c9efadd513e000);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2009 5:43 PM 133104]
S3 vtayn;vtayn;\??\c:\docume~1\User\LOCALS~1\Temp\vtayn.sys --> c:\docume~1\User\LOCALS~1\Temp\vtayn.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-07-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2009-07-28 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-18 00:42]
2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 00:43]
2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-06-18 00:43]
.
.
------- Supplementary Scan -------
.
uStart Page =
www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4080210FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\hhawh3vp.default\
FF - prefs.js: browser.startup.homepage -
hxxp://zeldaconnetion.deviantart.com/FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
.
**************************************************************************
driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-28 12:53
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-07-28 12:55
ComboFix-quarantined-files.txt 2009-07-28 19:55
Pre-Run: 205,270,777,856 bytes free
Post-Run: 205,440,528,384 bytes free
187 --- E O F --- 2009-07-15 10:00