ComboFix 10-03-06.08 - Owner 03/07/2010 12:09:15.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.607.344 [GMT -6:00]
Running from: C:\cypher.exe
Command switches used :: C:\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Personal Firewall *disabled* {E641AC2D-955F-4A05-ABE7-F9C534ABDB46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\WeatherBug
c:\documents and settings\Owner\Application Data\WeatherBug\102x96_Allergy-09.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96_ColdFlu_Haiti.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96_ColdFlu_SnowSki_Plus.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96_Disney_2.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96_Disney_3.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96_NWF.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96_Unicef2.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96AchieveTile.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96BlowoutSale.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96BlowoutSalev2.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96FOG_Lightning.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96FreeTrial.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96IvanTeam.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96Ryan.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96UniqueGift.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96uniquegifts.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96vidgallery.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96vidgallery2.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless10.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless12.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless13.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless18.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless20.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless21.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless22.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless24.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless27.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless4.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless5.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless6.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless8.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\102x96wireless9.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\2009_Fall_SMS_DefaultWrap_Bubble_APPROVED.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\2009_Fall_SMS_DefaultWrap_Bubble_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\2009_Thanksgiving.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\2009_Thanksgiving_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\528b.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_blueyellow.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_blueyellow_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_blueyellow_nav.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_blueyellow_nav_traffic.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_APPROVED.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_cherryb_approved.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_cherryb_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_mobile.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_mobile_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_Mobile_MASK_bubble.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_MobileAPPROVED.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_plus.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_PLUS_AP_Holiday.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_plus_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_PLUS_MASK_Holiday.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_pws.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_pws_mask_new.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_spring2.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_spring2_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_valAPPROVED.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_valMASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_winter_PLUS.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_brandwrap_winter_Plus_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_Default_Spring_Mobile_BG_0506.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_Default_Spring_Mobile_MASK_0506.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_default_winter_0106_Background.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_default_winter_0106_bg_updated.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_default_winter_0106_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_fall_mobile1_new.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_fall_mobile2_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_fallbrandwrap_mobile1.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_fallbrandwrap_mobile2B.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_fallbrandwrap_plus.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_fallbrandwrap_plus_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_Fixed_BRWP_valMASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_FixedBRWP_valAPPROVED.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_Generic_Forecast_BG_0206.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_Generic_Forecast_MASK_0206.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_Generic_Photo_Approved.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_Generic_Photo_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_Generic_Sun_0306_Final.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_Generic_Sun_0306_Final.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_Generic2005_Final.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_Generic2005_Final.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_GenericRadarMaps_Final.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_GenericRadarMaps_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_GroundhogDay_2010.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_GroundhogDay_2010_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_nav_dark_round_1105.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_nav_light_round_0206.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_nav_light_square_0206.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_Shamrock-mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60_Shamrock.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_Share_alert_tab2.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60_Share_alert_tab2_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\603a.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\605_NewDefault-maskl.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\605_NewDefault.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60brandwrap.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60brandwrap_plus.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Default-mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Default.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60fall_mobiletile.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Mktg-Enterprise-mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Mktg-Enterprise.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60nav_dark_round.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60nav_Generic2005.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60nav_Generic2005_1.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60nav_light_square.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60nav_light_square1.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-AmexUP-SP-mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-AmexUP-SP.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Bose.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Bose_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Campbells-mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Campbells.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Castrol-mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Castrol.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Catepillar_maskNew.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-CatepillarNew.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Nexium6-mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Nexium6.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Suzuki_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Suzuki_shell.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Wyndham-mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales-Wyndham.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60sales_ESUVEE_approved.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60sales_ESUVEE_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales_historychannel_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales_historychannel_shell.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales_monopoly_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales_monopoly_shell.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales_Strattera_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\60Sales_Strattera_shell.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Chamberlain.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Chamberlain_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\Default_NationalTile_Tip.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\disney_wrap.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\disney_wrap_background.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\Fall_DefaultWrap_Bubble_APPROVED_1109.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Fall_DefaultWrap_Bubble_APPROVED_1209.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Fall_DefaultWrap_Bubble_MASK_1109.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\Fall_DefaultWrap_Bubble_MASK_1209.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\Free_topnav_sqr_WxStore.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Free_topnav_WxStore.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\GoldTopNav_Wireless_Round.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\GoldTopNav_Wireless_sq.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Holiday0110.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Holiday0110_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\Holiday2009.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Holiday2009_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\HurricaneRelief.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\katrina.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\KatrinaRelief.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\leftnav_605Generic.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\LocalWeather.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\LocalWeather_Mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\MasterCard_APPROVED.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\MasterCard_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\nav_07182007.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\nav_alt2.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\nav_Generic_Forecast_0206.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\nav_Generic_Photos_0206.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\nav_Generic_Radar_0206.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\nav_Generic2005_0106.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\nav_Generic2006.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\nav_square.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\nav_square_traffic.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\nav_square2.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\newkatrina.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\NewYears2010_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\NewYears2010_v3.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\NWS_102x96_2.jpeg
c:\documents and settings\Owner\Application Data\WeatherBug\pwstile.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\rita.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Robitussin.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Robitussin_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\SponsorFreeTrial.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\SponsorTile28b.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\sponsortile34.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\SponsorTile37.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\SponsorTile38.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\SponsorTile39.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\SponsorTile40.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\SponsorTile42.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\SurveyAIMTile.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Takeda_APPROVED.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Takeda_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\team102x96.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\topnav_605Generic.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\topnav_Business.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\TopNav_Free_Round_Green.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\TopNav_Free_Sq_Green.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\topnav_Generic2005.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\topnav_Generic2005_121505.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\topnav_round.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\topnav_round_121505.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\topnav_square_121505.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\topnav_stations_generic.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\topnav_stations_round.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\topnav_stations_square.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\TopNav_Wireless_round.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\TopNav_Wireless_square.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\ValentinesDay0210.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Video21_60_nav_dark_square.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Video21_nav_Generic2005.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\visaNFL.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\visaNFL_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\Walgreens.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Walgreens_mask.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\wilma.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Winter0110_Approved.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Winter0110_MASK.bmp
c:\documents and settings\Owner\Application Data\WeatherBug\Winter0210_Approved.jpg
c:\documents and settings\Owner\Application Data\WeatherBug\Winter0210_MASK.bmp
c:\program files\Ares
c:\program files\Ares\My Shared Folder\09-kelis-milkshake-rbg.mp3
c:\program files\AWS
c:\program files\Total PC Defender
.
((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 )))))))))))))))))))))))))))))))
.
2010-03-06 21:08 . 2010-03-06 21:08 -------- d-----w- C:\tdsskiller
2010-03-06 21:07 . 2010-03-06 21:07 154657 ----a-w- C:\tdsskiller.zip
2010-03-06 19:47 . 2010-03-07 17:59 4122037 ----a-r- C:\cypher.exe
2010-03-06 19:41 . 2010-03-06 19:43 -------- d-----w- c:\program files\ERUNT
2010-03-05 20:09 . 2010-03-05 20:10 1137360 ----a-w- C:\fsbl.exe
2010-03-02 21:38 . 2010-03-02 21:40 -------- d-----w- C:\rsit
2010-02-24 21:47 . 2010-02-24 21:47 -------- d-----w- c:\program files\Trend Micro
2010-02-23 22:48 . 2010-02-23 22:48 44784 ----a-w- c:\documents and settings\barryndiane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-23 22:44 . 2010-02-23 22:44 -------- d-sh--w- c:\documents and settings\barryndiane\IECompatCache
2010-02-23 22:43 . 2010-02-23 22:43 -------- d-sh--w- c:\documents and settings\barryndiane\PrivacIE
2010-02-15 22:46 . 2003-11-24 21:20 0 ---ha-w- c:\documents and settings\Guest\hpothb07.dat
2010-02-15 19:31 . 2009-11-25 19:01 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-15 19:07 . 2010-02-15 19:11 -------- d-----w- C:\$AVG
2010-02-15 19:06 . 2010-02-15 19:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-15 19:06 . 2010-02-15 19:06 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-15 19:06 . 2010-02-15 19:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-15 19:06 . 2010-02-15 19:06 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-15 19:06 . 2010-03-07 14:49 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-15 19:06 . 2010-02-15 19:31 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-15 19:05 . 2010-02-15 19:05 -------- d-----w- c:\program files\AVG
2010-02-15 19:05 . 2010-02-15 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-14 02:40 . 2010-02-15 18:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-14 02:40 . 2010-02-14 02:40 -------- d-----w- c:\program files\Hard Disk Tune-Up
2010-02-14 00:44 . 2010-02-14 02:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Sammsoft
2010-02-14 00:44 . 2010-02-14 00:45 -------- d-----w- c:\program files\MemTurbo 4
2010-02-14 00:44 . 2010-02-14 01:46 -------- d-----w- c:\program files\Advanced Registry Optimizer
2010-02-13 23:57 . 2010-02-13 23:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2010-02-13 01:41 . 2010-02-13 01:41 -------- d-----w- c:\windows\system32\wbem\Repository
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-07 17:52 . 2003-04-10 10:53 -------- d-----w- c:\program files\WildTangent
2010-02-23 23:33 . 2003-11-25 00:14 984 -c--a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\mmap.bat
2010-02-23 23:33 . 2003-11-25 00:14 413696 -c--a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\bin\motkt.dll
2010-02-23 23:33 . 2003-11-25 00:14 311296 -c--a-w- c:\documents and settings\Owner\Application Data\Motive\Acme\plugin\maps\resources\deusr\bin\motivede.dll
2010-02-23 22:19 . 2009-11-19 02:27 -------- d-----w- c:\program files\McAfee Security Scan
2010-02-15 18:23 . 2003-08-25 15:01 44784 -c--a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-15 18:23 . 2003-04-10 10:50 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-14 00:01 . 2003-04-10 10:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-08 18:08 . 2009-11-30 14:05 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-16 18:19 . 2009-12-16 18:19 21035 ----a-w- c:\windows\system32\drivers\AegisP.sys
2005-07-09 22:22 . 2005-07-09 22:22 774144 -c--a-w- c:\program files\RngInterstitial.dll
2003-09-08 13:47 . 2003-09-08 13:47 32 -csha-w- c:\windows\{A217E0A5-7FF5-46B6-914D-92B83D14BDDA}.dat
2005-01-08 09:00 . 2005-01-08 09:00 56 -csh--r- c:\windows\system32\C70B12D71A.sys
2005-01-08 09:00 . 2005-01-08 09:00 1682 -csha-w- c:\windows\system32\KGyGaAvL.sys
2003-09-08 13:47 . 2003-09-08 13:47 32 -csha-w- c:\windows\system32\{CD0490BD-D74F-4446-82D9-0E27308FDBD8}.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TeamOnPwpUpdater-TMPwpCli"="c:\program files\TMobile\PwpUpdtr.exe" [2003-10-06 81920]
"PromptCast"="c:\program files\PromptCast\PromptCast.exe" [2004-05-04 221184]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
Drempels Desktop.lnk - c:\windows\drempels.exe [2001-4-6 196608]
MemTurbo.lnk - c:\program files\MemTurbo 4\MemTurbo.exe [2010-2-13 3121760]
PowerReg SchedulerV2.exe [2003-8-27 256000]
spamsubtract.lnk - c:\program files\interMute\SpamSubtract\SpamSubtract.exe [2003-4-10 552960]
wkcalrem.LNK - c:\program files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2002-6-20 24651]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Compaq Connections.lnk - c:\program files\Compaq Connections\1940576\Program\BackWeb-1940576.exe [2003-4-10 16384]
Image Transfer.lnk - c:\program files\Sony Corporation\Image Transfer\SonyTray.exe [2003-8-23 73728]
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-12-11 2322432]
QuickBooks 2002 Delivery Agent.lnk - c:\program files\Intuit\QuickBooks Pro\Components\QBAgent\qbdagent2002.exe [2003-11-27 311296]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-15 19:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 10:50 40960 ----a-w- c:\program files\Softex\OmniPass\OPXPGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Compaq Connections\\1940576\\Program\\BackWeb-1940576.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/15/2010 1:06 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/15/2010 1:06 PM 360584]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2/15/2010 1:05 PM 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/15/2010 1:05 PM 285392]
R2 ccPxySvc;Symantec Proxy Service;c:\program files\Norton Personal Firewall\CCPXYSVC.EXE [9/8/2003 1:49 PM 34040]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [10/9/2007 1:13 PM 38144]
R2 Hard Disk Tune-Up;Hard Disk Tune-Up;c:\program files\Hard Disk Tune-Up\HDTuneUpSrv.exe [2/13/2010 8:40 PM 441344]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys --> c:\progra~1\PC-DOC~1\DIAGNO~1\PCDRDRV.sys [?]
S3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [12/28/2007 3:02 PM 287232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-03-07 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2003-04-26 07:56]
2010-03-07 c:\windows\Tasks\HP Usg Login.job
- c:\program files\hp photosmart 11\printer\Hphusg04.exe [2002-11-22 19:50]
2010-03-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2003-04-10 23:04]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.msn.comuInternet Connection Wizard,ShellNext =
hxxp://qus8.hpwis.com/uInternet Settings,ProxyOverride = 127.0.0.1;localhost
LSP: SpSubLSP.dll
Trusted Zone: 3dcartstores.com\nwpublicsafetysupply
Trusted Zone: aol.com\free
Trusted Zone: buy-internetsecurity10.com
Trusted Zone: buy-is2010.com
Trusted Zone: craigslist.org\www
Trusted Zone: ebay.com\www
Trusted Zone: is-software-download.com
Trusted Zone: is-software-download25.com
Trusted Zone: is10-soft-download.com
Trusted Zone: youtube.com\www
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java
DPF: {50D05FAC-D462-4795-8818-738FCF776FBC} -
hxxps://myemail.t-mobile.com/html/web/c ... Client.cabDPF: {70647AB5-18FD-4142-82B0-5852478DD0D4} -
hxxp://xms.keynote.com/applications/con ... uncher.cabDPF: {77DD44BF-551D-4E3C-82CD-D637D5018D3C} -
hxxp://www.surveys.com/promptcast/Insta ... 0SETUP.cabDPF: {A48D0309-8DA3-41AA-98E4-89194D471890} -
hxxp://www.pulse3d.com/players/english/ ... 2AxWin.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-07 12:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0xF8AD1C51]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf87e3fc3
\Driver\ACPI -> ACPI.sys @ 0xf8756cb8
\Driver\atapi -> atapi.sys @ 0xf870e7b4
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->NDIS: Linksys NC100 Fast Ethernet Adapter -> SendCompleteHandler -> NDIS.sys @ 0xf85e2af9
PacketIndicateHandler -> NDIS.sys @ 0xf85edb21
SendHandler -> NDIS.sys @ 0xf85e2938
user & kernel MBR OK
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(520)
c:\program files\Softex\OmniPass\opxpgina.dll
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\SpSubLSP.dll
.
Completion time: 2010-03-07 12:18:10
ComboFix-quarantined-files.txt 2010-03-07 18:18
ComboFix2.txt 2010-03-06 20:22
Pre-Run: 27,215,802,368 bytes free
Post-Run: 27,219,750,912 bytes free
- - End Of File - - 650965164A60380E2801F70FBB61D51B