ComboFix 09-12-29.06 - davi2807 12/30/2009 19:54:34.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.670 [GMT -5:00]
Running from: c:\documents and settings\davi2807\Desktop\commy.exe
AV: AVG Anti-Virus Network Edition *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\davi2807\Local Settings\Application Data\fouqxu
c:\documents and settings\davi2807\Local Settings\Application Data\fouqxu\egeesysguard.exe
c:\recycler\S-1-5-21-1453792206-2000060499-842820122-500
c:\recycler\S-1-5-21-2388196101-4162543526-2493488983-500
c:\recycler\S-1-5-21-3652250942-741021395-2200178515-500
c:\recycler\S-1-5-21-3726039340-1955672276-3039341588-500
c:\recycler\S-1-5-21-4240074935-2429360420-984205450-500
c:\recycler\S-1-5-21-4282068166-3347816414-3832364116-500
c:\recycler\S-1-5-21-909447240-978035807-2044221565-500
c:\windows\system32\Thumbs.db
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-31 )))))))))))))))))))))))))))))))
.
2009-12-29 05:20 . 2009-12-29 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\GameHouse
2009-12-17 22:01 . 2009-12-17 22:01 -------- d-----w- c:\documents and settings\davi2807\Local Settings\Application Data\Temp
2009-12-10 18:58 . 2009-12-21 16:03 2066200 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-06 02:21 . 2009-12-06 02:21 -------- d-----w- c:\program files\Graboid
2009-12-04 14:19 . 2009-12-04 14:19 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-12-04 14:18 . 2009-12-04 14:18 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-04 14:09 . 2009-12-04 14:09 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2009-12-03 17:17 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-12-03 17:15 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-03 17:15 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-03 16:57 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-03 15:14 . 2009-08-07 00:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-03 15:14 . 2009-08-07 00:23 274288 ----a-w- c:\windows\system32\mucltui.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-31 00:30 . 2008-08-12 18:35 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2009-12-31 00:28 . 2009-02-26 16:57 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-31 00:07 . 2008-08-12 18:51 56680 ----a-w- c:\windows\system32\rpcnet.dll
2009-12-31 00:07 . 2008-08-12 18:45 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2009-12-30 04:14 . 2009-09-19 15:40 70016 ----a-w- c:\documents and settings\davi2807\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-30 04:03 . 2008-08-12 19:11 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-12-30 00:36 . 2009-11-28 17:16 79488 ----a-w- c:\documents and settings\davi2807\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-29 05:57 . 2009-11-27 21:46 -------- d-----w- c:\program files\RealArcade
2009-12-09 14:47 . 2008-08-12 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-04 20:14 . 2008-08-12 18:54 -------- d-----w- c:\program files\Microsoft Works
2009-11-27 22:10 . 2009-11-27 22:10 -------- d-----w- c:\documents and settings\davi2807\Application Data\ElementalsTheMagicKey
2009-11-27 21:54 . 2009-11-27 21:54 -------- d-----w- c:\documents and settings\davi2807\Application Data\PlayFirst
2009-11-27 21:54 . 2009-11-27 21:54 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-11-27 21:53 . 2009-11-27 21:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
2009-11-27 21:53 . 2008-08-12 18:40 -------- d-----w- c:\program files\Google
2009-11-22 23:13 . 2009-11-22 23:13 -------- d-----w- c:\program files\Unity
2009-11-15 20:50 . 2009-11-15 20:50 -------- d-----w- c:\program files\DivX
2009-11-15 20:50 . 2009-11-15 20:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-11 22:10 . 2009-09-08 19:40 -------- d-----w- c:\program files\SaversPlanet
2009-10-29 07:45 . 2006-06-22 21:07 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 16:45 . 2008-10-10 14:57 33792 ----a-w- c:\windows\system32\identprv.dll
2009-10-21 05:38 . 2006-06-22 21:06 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2006-06-22 21:06 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2006-06-22 21:06 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2006-06-22 21:06 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2006-06-22 21:06 79872 ----a-w- c:\windows\system32\raschap.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d930602d-a752-4287-828b-ef0b1f48825c}"= "c:\program files\SaversPlanet\tbSav1.dll" [2009-11-11 2166296]
[HKEY_CLASSES_ROOT\clsid\{d930602d-a752-4287-828b-ef0b1f48825c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d930602d-a752-4287-828b-ef0b1f48825c}]
2009-11-11 22:10 2166296 ----a-w- c:\program files\SaversPlanet\tbSav1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{d930602d-a752-4287-828b-ef0b1f48825c}"= "c:\program files\SaversPlanet\tbSav1.dll" [2009-11-11 2166296]
[HKEY_CLASSES_ROOT\clsid\{d930602d-a752-4287-828b-ef0b1f48825c}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D930602D-A752-4287-828B-EF0B1F48825C}"= "c:\program files\SaversPlanet\tbSav1.dll" [2009-11-11 2166296]
[HKEY_CLASSES_ROOT\clsid\{d930602d-a752-4287-828b-ef0b1f48825c}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2008-04-14 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2008-04-14 271872]
"Snippet"="c:\program files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" [2005-02-26 68296]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 32768]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-05 827392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-04 138008]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-04 162584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-04 138008]
"AGRSMMSG"="AGRSMMSG.exe" [2006-08-30 89542]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-27 518488]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
1-Click Answers.lnk - c:\program files\1-Click Answers\answers.exe [2008-11-26 806912]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonscripts"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-03 19:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 17:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-932917755-891632697-413896786-7379\scripts\Logon\0\0]
"script"=\\CRBC\SysVol\CRBC\Policies\{F9B93C00-7C81-49DC-AA28-CCD2129785B0}\User\scripts\Logon\NewJStudentHomeDirectory.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/12/2008 2:11 PM 12552]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/26/2009 12:18 PM 64160]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/12/2008 2:11 PM 108552]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1005904]
R3 MSTabBtn;Quanta Computer Tablet PC Buttons HID Driver;c:\windows\system32\drivers\mstabbtn.sys [8/12/2008 1:24 PM 10496]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [8/12/2008 1:37 PM 14208]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/12/2008 2:11 PM 335240]
S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2/26/2009 11:48 AM 908056]
S2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/26/2009 11:48 AM 297752]
S2 gupdate1ca66354569d406;Google Update Service (gupdate1ca66354569d406);c:\program files\Google\Update\GoogleUpdate.exe [11/15/2009 3:50 PM 133104]
S2 rpcnetp;rpcnetp;c:\windows\system32\rpcnetp.exe [8/12/2008 1:35 PM 17408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - RPCNETP
.
Contents of the 'Scheduled Tasks' folder
2009-12-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 15:34]
2009-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:50]
2009-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-15 20:50]
2008-08-12 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-23 00:12]
2008-08-12 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-23 00:12]
2008-08-12 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2006-06-23 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} - hxxp://download1.answers.com/pub/AnswersSetup.cab
FF - ProfilePath - c:\documents and settings\davi2807\Application Data\Mozilla\Firefox\Profiles\rkvi6x10.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-uwkpffel - c:\documents and settings\davi2807\Local Settings\Application Data\fouqxu\egeesysguard.exe
HKLM-Run-uwkpffel - c:\documents and settings\davi2807\Local Settings\Application Data\fouqxu\egeesysguard.exe
Notify-NavLogon - (no file)
**************************************************************************
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-12-30 19:59:40
ComboFix-quarantined-files.txt 2009-12-31 00:59
Pre-Run: 58,179,448,832 bytes free
Post-Run: 58,469,175,296 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 9D1809A1298A3CA3D5582DE5DC3C32B4