Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1022.607 [GMT 1:00]
Running from: c:\documents and settings\MUM\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\MUM\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: PCguard Anti-Virus *On-access scanning disabled* (Outdated) {5B5A3BD7-8573-4672-AEA8-C9BB713B6755}
FW: PCguard Firewall *enabled* {80593BF4-D969-4EC5-ADAE-A22F2DFC7A22}
FILE ::
"c:\windows\52289vzrus9.dll"
"c:\windows\System32\55991spambotz.dll"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\52289vzrus9.dll
c:\windows\System32\55991spambotz.dll
.
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.
2009-06-12 18:48 . 2009-06-12 18:49 -------- d-----w- C:\rsit
2009-06-12 13:18 . 2009-06-12 13:21 -------- d-----w- c:\documents and settings\MUM\DoctorWeb
2009-06-10 17:20 . 2009-06-10 17:21 -------- d-----w- c:\program files\QuickTime
2009-06-09 08:54 . 2009-06-09 08:54 -------- d-----w- c:\documents and settings\MUM\Application Data\Malwarebytes
2009-06-09 06:16 . 2009-05-26 12:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-09 06:16 . 2009-06-09 09:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-09 06:16 . 2009-06-09 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-09 06:16 . 2009-05-26 12:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-08 20:13 . 2009-06-08 20:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-08 20:13 . 2009-06-08 20:13 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-06-08 20:13 . 2009-06-08 20:13 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-08 20:13 . 2009-06-08 20:13 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-08 20:13 . 2009-06-17 03:29 -------- d-----w- c:\windows\system32\drivers\Avg
2009-06-08 20:13 . 2009-06-08 20:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-06-08 20:13 . 2009-06-08 20:13 -------- d-----w- c:\program files\AVG
2009-06-08 19:45 . 2009-06-09 19:14 -------- d--h--w- C:\$AVG8.VAULT$
2009-06-04 18:22 . 2009-06-04 18:22 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-03 22:46 . 2009-06-06 16:46 -------- d-----w- c:\windows\Application Data
2009-06-03 22:06 . 2009-06-03 22:06 1506712 ----a-w- c:\documents and settings\MUM\Application Data\Virgin Broadband\advisor\downloads\advisor.41.exe.dir\advisor.exe
2009-05-18 20:28 . 2009-05-18 20:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-05-18 19:45 . 2009-05-18 19:45 -------- d-----w- c:\program files\NCH Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-10 09:48 . 2005-05-16 15:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-09 16:14 . 2004-02-01 19:42 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-09 09:58 . 2009-04-03 14:12 -------- d-----w- c:\program files\Norton Security Scan
2009-06-09 09:57 . 2002-01-01 22:20 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-09 09:55 . 2009-01-10 13:30 -------- d-----w- c:\program files\iTunes
2009-06-09 09:55 . 2006-02-25 09:41 -------- d-----w- c:\program files\Google
2009-06-09 09:54 . 2009-01-13 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-09 09:54 . 2009-01-13 12:21 -------- d-----w- c:\program files\NOS
2009-06-08 20:20 . 2007-03-23 00:53 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-08 20:06 . 2007-03-22 23:32 -------- d-----w- c:\program files\Virgin Broadband
2009-06-08 20:05 . 2004-07-12 12:51 -------- d-----w- c:\program files\VideoLAN
2009-06-08 19:55 . 2007-03-22 23:39 -------- d-----w- c:\program files\Common Files\PestPatrol
2009-06-04 13:04 . 2009-02-23 13:34 -------- d-----w- c:\documents and settings\MUM\Application Data\HPAppData
2009-05-27 10:49 . 2009-04-22 10:30 -------- d-----w- c:\documents and settings\MUM\Application Data\U3
2009-05-07 15:32 . 2002-01-02 04:53 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-05 17:16 . 2009-05-05 17:16 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-05 17:16 . 2006-04-24 14:48 -------- d-----w- c:\program files\iPod
2009-05-05 17:16 . 2007-10-02 14:03 -------- d-----w- c:\program files\Common Files\Apple
2009-05-05 17:13 . 2009-05-05 17:13 -------- d-----w- c:\program files\Bonjour
2009-05-05 17:03 . 2009-05-05 17:03 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-29 04:56 . 2004-02-06 17:05 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2002-01-02 04:53 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-04-14 01:09 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-03 10:55 . 2007-05-20 16:18 52240 ----a-w- c:\documents and settings\OLIVER\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-19 15:32 . 2008-01-29 11:01 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-06-14_18.18.04 )))))))))))))))))))))))))))))))))))))))))
.
+ 2002-01-02 04:53 . 2009-06-16 12:55 71764 c:\windows\system32\perfc009.dat
- 2002-01-02 04:53 . 2009-06-12 10:42 71764 c:\windows\system32\perfc009.dat
+ 2002-01-02 04:53 . 2009-06-16 12:55 442398 c:\windows\system32\perfh009.dat
- 2002-01-02 04:53 . 2009-06-12 10:42 442398 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [2000-07-13 28739]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"OneTouch Monitor"="c:\program files\Xerox One Touch\OneTouchMon.exe" [2003-06-12 86016]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"Motive SmartBridge"="c:\progra~1\BLUEYO~1\SMARTB~1\blueyonder-istnotifier.exe" [2005-09-22 438359]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-08 1947928]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
c:\documents and settings\MUM\Start Menu\Programs\Startup\
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2006-8-15 19968]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\BigFix.exe [2002-1-1 1742384]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-08 20:13 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\WinMX\\WinMX.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\DarkCrusade.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\THQ\\Dawn of War - Dark Crusade\\ttru_DarkCrusade.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/06/2009 21:13 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/06/2009 21:13 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/06/2009 21:13 298776]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [25/06/2008 17:12 53307]
S3 gbalink;GBA Link Driver (gbalink.sys);c:\windows\system32\drivers\gbalink.sys [27/02/2005 18:45 19677]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.medway-magic.org/
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;*.local
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 11:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2009-06-17 11:55
ComboFix-quarantined-files.txt 2009-06-17 10:55
ComboFix2.txt 2009-06-14 20:57
ComboFix3.txt 2009-06-14 18:20
Pre-Run: 3,273,715,712 bytes free
Post-Run: 3,277,524,992 bytes free
175 --- E O F --- 2009-06-12 02:01