ComboFix 09-09-06.02 - Kamal 07/09/2009 2:11.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2047.1532 [GMT 1:00]
Running from: c:\documents and settings\Kamal\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Kamal\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\01.tmp"
"c:\windows\system32\02.tmp"
"c:\windows\system32\jmygdh.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
c:\windows\system32\01.tmp
c:\windows\system32\02.tmp
c:\windows\system32\jmygdh.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_qycxkvvx
-------\Service_wgpzwosp
-------\Legacy_tawdl
-------\Service_tawdl
((((((((((((((((((((((((( Files Created from 2009-08-07 to 2009-09-07 )))))))))))))))))))))))))))))))
.
2009-09-06 17:12 . 2009-09-06 17:12 -------- d-----w- c:\program files\tricker
2009-09-04 21:02 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-04 21:02 . 2009-04-03 09:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-04 21:02 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-04 21:02 . 2009-09-04 21:02 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-04 21:02 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-04 21:02 . 2009-09-04 21:03 -------- d-----w- c:\program files\Spyware Doctor
2009-09-04 21:02 . 2009-09-04 21:02 -------- d-----w- c:\documents and settings\Kamal\Application Data\PC Tools
2009-09-04 21:02 . 2009-09-04 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-04 21:00 . 2009-09-04 21:02 -------- d-----w- c:\documents and settings\Kamal\Application Data\GetRightToGo
2009-09-04 17:32 . 2009-09-04 17:32 -------- d-----w- c:\documents and settings\Kamal\Application Data\Malwarebytes
2009-09-04 17:28 . 2009-09-04 17:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-04 17:08 . 2009-09-04 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-04 17:04 . 2009-09-04 17:04 -------- d-----w- c:\documents and settings\Kamal\Application Data\SUPERAntiSpyware.com
2009-08-31 19:47 . 2009-08-31 19:47 40156 ---ha-w- c:\windows\system32\mlfcache.dat
2009-08-31 19:46 . 2009-09-01 02:59 -------- d-----w- c:\program files\Safari
2009-08-27 13:44 . 2009-08-27 13:44 -------- d-----w- c:\documents and settings\Kamal\Local Settings\Application Data\Help
2009-08-26 10:44 . 2009-08-26 10:45 -------- d-----w- c:\program files\SpywareBlaster
2009-08-24 17:52 . 2009-08-24 17:52 -------- d-----w- C:\CloneDVDTemp
2009-08-24 17:46 . 2009-08-24 17:46 -------- d-----w- c:\program files\Elaborate Bytes
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-07 01:17 . 2008-10-02 21:17 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-06 20:22 . 2004-08-04 12:00 56320 ------w- c:\windows\system32\eventlog.dll
2009-09-06 16:50 . 2008-10-02 22:00 -------- d-----w- c:\program files\Java
2009-09-06 16:46 . 2008-12-24 05:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-04 20:56 . 2008-10-04 18:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-04 20:56 . 2008-10-04 18:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-31 19:47 . 2008-10-02 21:09 -------- d-----w- c:\documents and settings\Kamal\Application Data\Apple Computer
2009-08-29 23:49 . 2008-10-02 02:47 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-25 03:40 . 2009-02-14 23:59 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-08-24 18:05 . 2009-02-14 23:56 -------- d-----w- c:\documents and settings\Kamal\Application Data\DVD Flick
2009-08-24 17:42 . 2009-02-15 00:08 -------- d-----w- c:\documents and settings\Kamal\Application Data\Vso
2009-08-24 17:42 . 2009-02-15 00:08 47360 ----a-w- c:\documents and settings\Kamal\Application Data\pcouffin.sys
2009-08-20 13:03 . 2008-10-02 02:47 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-20 13:03 . 2008-10-02 02:47 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-20 13:03 . 2008-10-02 02:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
(((((((((((((((((((((((((((((
SnapShot@2009-09-06_20.34.24 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-09-07 01:17 . 2009-09-07 01:17 16384 c:\windows\temp\Perflib_Perfdata_258.dat
+ 2004-08-04 12:00 . 2009-09-07 01:08 41068 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2009-09-06 20:31 41068 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-09-07 01:08 315124 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-09-06 20:31 315124 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-02 39408]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-10-02 3061248]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-04-24 203928]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-20 2007832]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-02 185872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-06 149280]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-24 16859648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2009-1-23 36864]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2007-9-12 1527808]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2008-10-12 802816]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-20 13:03 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [04/09/2009 22:02 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02/10/2008 03:47 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02/10/2008 03:47 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [02/10/2008 03:47 297752]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [23/04/2007 14:11 224896]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [02/10/2008 03:47 908056]
S2 tawdl;Time Update;c:\windows\system32\svchost.exe -k netsvcs [04/08/2004 13:00 14336]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [04/09/2009 22:02 348752]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
tawdl