Joined
·
14 Posts
having trouble with viruses, ran combofix, these are the results. please help
ComboFix 12-02-09.04 - Dan 09/02/2012 20:11:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1022.729 [GMT 0:00]
Running from: c:\documents and settings\Dan\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security 2006 *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB54802$
c:\windows\$NtUninstallKB54802$\1602521494\@
c:\windows\$NtUninstallKB54802$\1602521494\cfg.ini
c:\windows\$NtUninstallKB54802$\1602521494\Desktop.ini
c:\windows\$NtUninstallKB54802$\1602521494\L\ceqhhore
c:\windows\$NtUninstallKB54802$\1602521494\oemid
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\version
c:\windows\$NtUninstallKB54802$\209644680
c:\windows\kb913800.exe
c:\windows\ocgen.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 19:49 . 2012-02-09 19:49 -------- d-----w- c:\documents and settings\Dan\Application Data\Blitware
2012-02-09 19:49 . 2012-02-09 19:49 -------- d-----w- c:\program files\Driver Robot
2012-02-09 19:49 . 2012-02-09 19:49 -------- d-----w- c:\documents and settings\Dan\Application Data\Uniblue
2012-02-09 19:48 . 2012-02-09 19:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-09 19:48 . 2012-02-09 19:48 -------- d-----w- c:\program files\Uniblue
2012-02-09 19:46 . 2012-02-09 19:46 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\PackageAware
2012-02-09 16:17 . 2012-02-09 16:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-09 15:49 . 2012-02-09 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2012-02-09 15:49 . 2012-02-09 16:05 -------- d-----w- c:\program files\RegCure
2012-02-08 23:45 . 2012-02-08 23:45 -------- d-----w- C:\$AVG
2012-02-07 22:05 . 2012-02-07 22:05 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\VS Revo Group
2012-02-07 22:05 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-02-07 22:05 . 2012-02-07 22:05 -------- d-----w- c:\program files\VS Revo Group
2012-02-07 22:00 . 2012-02-07 22:00 -------- d-----w- c:\documents and settings\Dan\Application Data\AVG2012
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\documents and settings\Dan\Application Data\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\program files\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-02-07 21:58 . 2012-02-09 17:45 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-07 21:58 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-02-07 21:58 . 2012-02-07 21:58 -------- d-----w- c:\program files\AVG
2012-02-07 21:53 . 2012-02-07 21:55 -------- d-----w- c:\program files\Mighty Uninstaller
2012-02-07 21:52 . 2012-02-09 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-02-07 21:49 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-06 00:20 . 2012-02-06 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TrojanHunter
2012-02-06 00:19 . 2012-02-09 15:41 -------- d-----w- c:\program files\TrojanHunter 5.5
2012-02-06 00:16 . 2012-02-06 00:16 -------- d-----w- c:\documents and settings\Dan\Application Data\TrojanHunter
2012-02-06 00:05 . 2012-02-06 00:17 -------- d-----w- c:\program files\TrojanHunter 5.3
2012-02-05 22:25 . 2012-02-09 20:23 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 15:45 . 2012-02-04 15:45 -------- d-----w- c:\windows\Sun
2012-02-03 03:09 . 2012-02-03 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2012-02-03 03:09 . 2012-02-03 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-02-03 01:48 . 2012-02-07 22:10 -------- d-----w- c:\program files\Ableton
2012-01-31 19:31 . 2012-01-31 19:31 -------- d-sh--w- c:\documents and settings\Dan\PrivacIE
2012-01-31 19:31 . 2012-01-31 19:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-31 19:30 . 2012-01-31 19:30 -------- d-sh--w- c:\documents and settings\Dan\IETldCache
2012-01-31 18:15 . 2012-01-31 18:16 -------- dc-h--w- c:\windows\ie8
2012-01-31 18:06 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-31 18:06 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-31 18:06 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-01-31 18:06 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-31 18:06 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-31 18:06 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-01-31 18:06 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-01-26 02:08 . 2012-02-03 02:07 474 ----a-w- C:\user.js
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\program files\BabylonToolbar
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Babylon
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\documents and settings\Dan\Application Data\Babylon
2012-01-23 22:04 . 2012-01-23 22:04 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\WMTools Downloaded Files
2012-01-23 17:05 . 2012-01-23 17:05 -------- d-----w- c:\documents and settings\Dan\Application Data\VadeRetro
2012-01-23 17:05 . 2012-01-23 17:05 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Identities
2012-01-13 17:01 . 2012-01-13 17:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-01-13 11:29 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-01-13 11:29 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-01-12 15:57 . 2012-01-12 15:57 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 17:02 . 2004-09-10 13:57 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-09 16:29 . 2004-09-10 13:57 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-09 16:18 . 2004-08-03 22:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-11-17 11:40 . 2007-01-22 17:39 45056 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2011-11-17 11:40 . 2007-01-22 17:39 45056 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2011-11-17 11:40 . 2007-01-22 17:39 45056 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\ARPPRODUCTICON.exe
2011-11-16 17:12 . 2011-11-16 17:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 20:11 . 2011-11-13 20:11 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-11-13 20:11 . 2011-11-13 20:11 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-11-13 20:11 . 2011-11-13 20:11 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-11-13 20:11 . 2011-11-13 20:11 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-11-13 20:11 . 2011-11-13 20:11 100224 ----a-w- c:\windows\system32\drivers\ewsercd.sys
2011-11-05 07:10 . 2011-11-16 17:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-07 21:59 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-07 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-11-07 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-17 26112]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-16 52848]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-07 939872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\InternetEverywhere\Launcher.exe [2011-11-13 472528]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\APPS\\SKYPE\\PHONE\\SKYPE.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [17/11/2011 11:39 632792]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [07/02/2012 21:59 909152]
R2 WTGService;WTGService;c:\program files\InternetEverywhere\WTGService.exe [13/11/2011 20:11 308688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S3 9571cd3a-8209-4d3b-9994-0b315478764b;9571cd3a-8209-4d3b-9994-0b315478764b;\??\d:\rgasdev.sys --> d:\rgasdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [13/11/2011 20:11 103040]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [07/02/2012 22:05 27064]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
epson_pm_rpcv2_01
tsscoreservice
rt2500usb
v124
dnserver32
grmnusb
rnadirectory
UMAXPCLS
cdr4_xp
DfwWebAgent
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\Driver Robot.lnk [2012-02-09 19:49]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155635789-1173123948-1868127050-1005Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 18:26]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155635789-1173123948-1868127050-1005UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 18:26]
.
2012-02-09 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
.
2011-12-31 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Dan.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-06 23:26]
.
2012-02-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-02-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-02-09 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-02-09 08:26]
.
2012-02-09 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-11-17 10:02]
.
2012-02-09 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-11-17 13:23]
.
2007-07-29 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-10-17 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=f0b247ab000000000000001617e8f88a
uInternet Connection Wizard,ShellNext = hxxp://google.com/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
LSP: mswsock.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\yix0xle3.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=f0b247ab000000000000001617e8f88a
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=101067&mntrId=f0b247ab000000000000001617e8f88a&q=
FF - user.js: extensions.BabylonToolbar_i.id - f0b247ab000000000000001617e8f88a
FF - user.js: extensions.BabylonToolbar_i.hardId - f0b247ab000000000000001617e8f88a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15373
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)
SafeBoot-14860305.sys
SafeBoot-16942971.sys
SafeBoot-53103880.sys
SafeBoot-82344209.sys
SafeBoot-97355549.sys
MSConfigStartUp-Media Finder - c:\program files\Media Finder\MF.exe
AddRemove-Shogun Total War - Warlord Edition - c:\program files\Total War\Shogun - Total War - Warlord Edition\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-09 20:24
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB54802$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.avgldx86]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.avgtdix]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-155635789-1173123948-1868127050-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f4,c4,3b,4a,05,7b,ac,bf,08,dc,c0,13,de,b1,2a,aa,27,91,45,3c,6a,c2,3f,
10,ce,87,02,68,21,e5,1e,e7,d2,8c,af,38,c6,60,7f,80,82,7a,fa,37,d3,11,d1,21,\
"??"=hex:c4,d6,3a,f1,13,08,8b,93,b5,cf,71,67,e0,96,84,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\WININET.dll
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\apps\ABoard\AOSD.exe
c:\program files\Uniblue\RegistryBooster\registrybooster.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-02-09 20:28:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 20:28
.
Pre-Run: 169,472,610,304 bytes free
Post-Run: 170,199,248,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 8711146A18817763D80E4EA15E7E0ADD
ComboFix 12-02-09.04 - Dan 09/02/2012 20:11:14.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.1022.729 [GMT 0:00]
Running from: c:\documents and settings\Dan\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security 2006 *Enabled/Outdated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security 2006 *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
FW: Norton Internet Worm Protection *Disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\$NtUninstallKB54802$
c:\windows\$NtUninstallKB54802$\1602521494\@
c:\windows\$NtUninstallKB54802$\1602521494\cfg.ini
c:\windows\$NtUninstallKB54802$\1602521494\Desktop.ini
c:\windows\$NtUninstallKB54802$\1602521494\L\ceqhhore
c:\windows\$NtUninstallKB54802$\1602521494\oemid
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\U\[email protected]
c:\windows\$NtUninstallKB54802$\1602521494\version
c:\windows\$NtUninstallKB54802$\209644680
c:\windows\kb913800.exe
c:\windows\ocgen.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\Thumbs.db
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-01-09 to 2012-02-09 )))))))))))))))))))))))))))))))
.
.
2012-02-09 19:49 . 2012-02-09 19:49 -------- d-----w- c:\documents and settings\Dan\Application Data\Blitware
2012-02-09 19:49 . 2012-02-09 19:49 -------- d-----w- c:\program files\Driver Robot
2012-02-09 19:49 . 2012-02-09 19:49 -------- d-----w- c:\documents and settings\Dan\Application Data\Uniblue
2012-02-09 19:48 . 2012-02-09 19:48 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
2012-02-09 19:48 . 2012-02-09 19:48 -------- d-----w- c:\program files\Uniblue
2012-02-09 19:46 . 2012-02-09 19:46 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\PackageAware
2012-02-09 16:17 . 2012-02-09 16:17 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-09 15:49 . 2012-02-09 15:49 -------- d-----w- c:\documents and settings\All Users\Application Data\RegCure
2012-02-09 15:49 . 2012-02-09 16:05 -------- d-----w- c:\program files\RegCure
2012-02-08 23:45 . 2012-02-08 23:45 -------- d-----w- C:\$AVG
2012-02-07 22:05 . 2012-02-07 22:05 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\VS Revo Group
2012-02-07 22:05 . 2009-12-30 10:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-02-07 22:05 . 2012-02-07 22:05 -------- d-----w- c:\program files\VS Revo Group
2012-02-07 22:00 . 2012-02-07 22:00 -------- d-----w- c:\documents and settings\Dan\Application Data\AVG2012
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\documents and settings\Dan\Application Data\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\program files\Common Files\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d-----w- c:\program files\AVG Secure Search
2012-02-07 21:59 . 2012-02-07 21:59 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2012-02-07 21:58 . 2012-02-09 17:45 -------- d-----w- c:\windows\system32\drivers\AVG
2012-02-07 21:58 . 2012-02-08 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2012
2012-02-07 21:58 . 2012-02-07 21:58 -------- d-----w- c:\program files\AVG
2012-02-07 21:53 . 2012-02-07 21:55 -------- d-----w- c:\program files\Mighty Uninstaller
2012-02-07 21:52 . 2012-02-09 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2012-02-07 21:49 . 2011-06-21 04:09 200976 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-02-06 00:20 . 2012-02-06 00:20 -------- d-----w- c:\documents and settings\All Users\Application Data\TrojanHunter
2012-02-06 00:19 . 2012-02-09 15:41 -------- d-----w- c:\program files\TrojanHunter 5.5
2012-02-06 00:16 . 2012-02-06 00:16 -------- d-----w- c:\documents and settings\Dan\Application Data\TrojanHunter
2012-02-06 00:05 . 2012-02-06 00:17 -------- d-----w- c:\program files\TrojanHunter 5.3
2012-02-05 22:25 . 2012-02-09 20:23 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
2012-02-04 15:45 . 2012-02-04 15:45 -------- d-----w- c:\windows\Sun
2012-02-03 03:09 . 2012-02-03 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Premium
2012-02-03 03:09 . 2012-02-03 03:09 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallMate
2012-02-03 01:48 . 2012-02-07 22:10 -------- d-----w- c:\program files\Ableton
2012-01-31 19:31 . 2012-01-31 19:31 -------- d-sh--w- c:\documents and settings\Dan\PrivacIE
2012-01-31 19:31 . 2012-01-31 19:31 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-01-31 19:30 . 2012-01-31 19:30 -------- d-sh--w- c:\documents and settings\Dan\IETldCache
2012-01-31 18:15 . 2012-01-31 18:16 -------- dc-h--w- c:\windows\ie8
2012-01-31 18:06 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2012-01-31 18:06 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-01-31 18:06 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2012-01-31 18:06 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2012-01-31 18:06 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2012-01-31 18:06 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2012-01-31 18:06 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2012-01-26 02:08 . 2012-02-03 02:07 474 ----a-w- C:\user.js
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\program files\BabylonToolbar
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Babylon
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-01-26 02:08 . 2012-01-26 02:08 -------- d-----w- c:\documents and settings\Dan\Application Data\Babylon
2012-01-23 22:04 . 2012-01-23 22:04 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\WMTools Downloaded Files
2012-01-23 17:05 . 2012-01-23 17:05 -------- d-----w- c:\documents and settings\Dan\Application Data\VadeRetro
2012-01-23 17:05 . 2012-01-23 17:05 -------- d-----w- c:\documents and settings\Dan\Local Settings\Application Data\Identities
2012-01-13 17:01 . 2012-01-13 17:01 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2012-01-13 11:29 . 2009-08-06 19:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2012-01-13 11:29 . 2009-08-06 19:23 215920 ----a-w- c:\windows\system32\muweb.dll
2012-01-12 15:57 . 2012-01-12 15:57 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-09 17:02 . 2004-09-10 13:57 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-02-09 16:29 . 2004-09-10 13:57 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2012-02-09 16:18 . 2004-08-03 22:07 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2011-11-17 11:40 . 2007-01-22 17:39 45056 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2011-11-17 11:40 . 2007-01-22 17:39 45056 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2011-11-17 11:40 . 2007-01-22 17:39 45056 ----a-r- c:\documents and settings\Dan\Application Data\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\ARPPRODUCTICON.exe
2011-11-16 17:12 . 2011-11-16 17:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-13 20:11 . 2011-11-13 20:11 621056 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-11-13 20:11 . 2011-11-13 20:11 112128 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-11-13 20:11 . 2011-11-13 20:11 23424 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-11-13 20:11 . 2011-11-13 20:11 103040 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-11-13 20:11 . 2011-11-13 20:11 100224 ----a-w- c:\windows\system32\drivers\ewsercd.sys
2011-11-05 07:10 . 2011-11-16 17:04 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-02-07 21:59 1811296 ----a-w- c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.0.0.7\AVG Secure Search_toolbar.dll" [2012-02-07 1811296]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="c:\apps\SMP\SmpSys.exe" [2005-11-17 975360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"RegistryBooster"="c:\program files\Uniblue\RegistryBooster\launcher.exe" [2011-11-07 67456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vade Retro Outlook Express"="c:\progra~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 310272]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_04\bin\jusched.exe" [2005-06-03 36975]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2006-10-17 26112]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7573504]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DetectorApp"="c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 102400]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-09-16 52848]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 24576]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-02-07 939872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launcher.lnk - c:\program files\InternetEverywhere\Launcher.exe [2011-11-13 472528]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NSCService"=3 (0x3)
"navapsvc"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccProxy"=2 (0x2)
"ccISPwdSvc"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\AOL 9.0\\aol.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\logo_ubi.exe"=
"%ProgramFiles%\\UBISOFT\\Splinter Cell Pandora Tomorrow\\pandora.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\APPS\\SKYPE\\PHONE\\SKYPE.EXE"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [11/07/2011 01:14 23120]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [13/09/2011 06:30 32592]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [17/11/2011 11:39 632792]
R2 vToolbarUpdater;vToolbarUpdater;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe [07/02/2012 21:59 909152]
R2 WTGService;WTGService;c:\program files\InternetEverywhere\WTGService.exe [13/11/2011 20:11 308688]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [11/07/2011 01:14 134608]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [11/07/2011 01:14 24272]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [04/10/2011 06:21 16720]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys --> c:\windows\system32\DRIVERS\avgldx86.sys [?]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys --> c:\windows\system32\DRIVERS\avgtdix.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [12/10/2011 06:25 4433248]
S3 9571cd3a-8209-4d3b-9994-0b315478764b;9571cd3a-8209-4d3b-9994-0b315478764b;\??\d:\rgasdev.sys --> d:\rgasdev.sys [?]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [13/11/2011 20:11 103040]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 12:49 227232]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [07/02/2012 22:05 27064]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
epson_pm_rpcv2_01
tsscoreservice
rt2500usb
v124
dnserver32
grmnusb
rnadirectory
UMAXPCLS
cdr4_xp
DfwWebAgent
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-09 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\Driver Robot.lnk [2012-02-09 19:49]
.
2012-02-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155635789-1173123948-1868127050-1005Core.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 18:26]
.
2012-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-155635789-1173123948-1868127050-1005UA.job
- c:\documents and settings\Dan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-16 18:26]
.
2012-02-09 c:\windows\Tasks\Master CD_DVD Creator.job
- c:\apps\SMP\MCDCHECK.EXE [2005-11-08 14:26]
.
2011-12-31 c:\windows\Tasks\Norton AntiVirus - Run Full System Scan - Dan.job
- c:\progra~1\NORTON~1\NORTON~1\Navw32.exe [2005-10-06 23:26]
.
2012-02-09 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-02-09 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2010-05-19 23:20]
.
2012-02-09 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-02-09 08:26]
.
2012-02-09 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-11-17 10:02]
.
2012-02-09 c:\windows\Tasks\RMSmartUpdate.job
- c:\program files\Registry Mechanic\Update.exe [2011-11-17 13:23]
.
2007-07-29 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2006-10-17 13:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=f0b247ab000000000000001617e8f88a
uInternet Connection Wizard,ShellNext = hxxp://google.com/
IE: Download with &Media Finder - c:\program files\Media Finder\hook.html
LSP: mswsock.dll
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Dan\Application Data\Mozilla\Firefox\Profiles\yix0xle3.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?babsrc=HP_ss&affID=101067&mntrId=f0b247ab000000000000001617e8f88a
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=adbartrp&affID=101067&mntrId=f0b247ab000000000000001617e8f88a&q=
FF - user.js: extensions.BabylonToolbar_i.id - f0b247ab000000000000001617e8f88a
FF - user.js: extensions.BabylonToolbar_i.hardId - f0b247ab000000000000001617e8f88a
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15373
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:06
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.newTab - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=101067
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - (no file)
SafeBoot-14860305.sys
SafeBoot-16942971.sys
SafeBoot-53103880.sys
SafeBoot-82344209.sys
SafeBoot-97355549.sys
MSConfigStartUp-Media Finder - c:\program files\Media Finder\MF.exe
AddRemove-Shogun Total War - Warlord Edition - c:\program files\Total War\Shogun - Total War - Warlord Edition\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2012-02-09 20:24
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB54802$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.avgldx86]
"ImagePath"="\?"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.avgtdix]
"ImagePath"="\?"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-155635789-1173123948-1868127050-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f4,c4,3b,4a,05,7b,ac,bf,08,dc,c0,13,de,b1,2a,aa,27,91,45,3c,6a,c2,3f,
10,ce,87,02,68,21,e5,1e,e7,d2,8c,af,38,c6,60,7f,80,82,7a,fa,37,d3,11,d1,21,\
"??"=hex:c4,d6,3a,f1,13,08,8b,93,b5,cf,71,67,e0,96,84,3c
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3716)
c:\windows\system32\WININET.dll
c:\progra~1\GOTOSO~1\VADERE~1\VrOe_hook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\progra~1\COMMON~1\AOL\ACS\AOLacsd.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\AVG\AVG2012\avgemcx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\apps\ABoard\AOSD.exe
c:\program files\Uniblue\RegistryBooster\registrybooster.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2012-02-09 20:28:12 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-09 20:28
.
Pre-Run: 169,472,610,304 bytes free
Post-Run: 170,199,248,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - 8711146A18817763D80E4EA15E7E0ADD
