combofix log:
ComboFix 09-06-29.07 - Betty Lovelace 07/02/2009 22:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1585 [GMT -4:00]
Running from: c:\documents and settings\Betty Lovelace\Desktop\Combo.exe
Command switches used :: c:\documents and settings\Betty Lovelace\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
"c:\windows\system32\08BBC56ECE.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\08BBC56ECE.sys
.
((((((((((((((((((((((((( Files Created from 2009-06-03 to 2009-07-03 )))))))))))))))))))))))))))))))
.
2009-07-03 02:34 . 2009-07-03 02:34 -------- d-----w- c:\documents and settings\Betty Lovelace\Local Settings\Application Data\Help
2009-07-01 04:08 . 2009-07-01 04:08 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-01 04:08 . 2009-07-02 18:01 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-01 04:08 . 2009-07-03 02:25 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-07-01 03:19 . 2009-07-01 03:19 -------- d-----w- c:\documents and settings\Betty Lovelace\Application Data\Malwarebytes
2009-07-01 03:19 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-01 03:19 . 2009-07-01 03:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-01 03:19 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-30 22:18 . 2009-06-30 22:18 -------- d-----w- C:\Arcade Tribe
2009-06-23 00:43 . 2009-06-23 01:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2009-06-23 00:36 . 2009-06-23 00:36 -------- d-s---w- C:\Combo-Fix
2009-06-19 22:53 . 2009-06-19 22:53 -------- d-----w- c:\program files\Trend Micro
2009-06-18 23:36 . 2009-06-18 23:36 -------- d-----w- c:\documents and settings\Betty Lovelace\Application Data\ArcSoft
2009-06-18 01:15 . 2009-06-18 01:15 -------- d-----w- c:\program files\AVG
2009-06-17 23:19 . 2009-06-17 23:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
2009-06-16 23:24 . 2009-06-16 23:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software
2009-06-16 21:23 . 2009-06-16 21:23 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-16 20:55 . 2009-06-18 02:39 -------- d-----w- c:\program files\Panda Security
2009-06-16 00:16 . 2009-06-18 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\90869676
2009-06-16 00:16 . 2009-06-18 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\10859684
2009-06-07 19:44 . 2005-02-23 18:58 11776 ----a-w- c:\windows\system32\drivers\afc.sys
2009-06-07 19:44 . 1995-08-01 08:44 212480 ----a-w- c:\windows\PCDLIB32.DLL
2009-06-07 19:43 . 2006-11-03 14:59 48128 ----a-w- c:\windows\system32\Remove.exe
2009-06-07 19:43 . 2009-06-07 19:43 -------- d-----w- c:\windows\PixArt
2009-06-07 19:43 . 2009-06-07 19:43 -------- d-----w- c:\program files\Common Files\PAC7302
2009-06-07 19:43 . 2009-06-07 19:43 -------- d-----w- c:\program files\PC VGA Camer@ Plus
2009-06-07 19:43 . 2009-06-07 19:43 -------- d-----w- c:\windows\Downloaded Installations
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-03 02:34 . 2007-03-15 15:26 -------- d-----w- c:\program files\RDS
2009-07-03 02:06 . 2008-08-29 20:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-01 19:01 . 2009-07-01 04:08 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-01 04:08 . 2009-07-01 04:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-01 04:08 . 2009-07-01 04:08 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-01 04:08 . 2009-07-01 19:01 327688 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys
2009-07-01 04:08 . 2009-07-01 19:01 3298072 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\setup.exe
2009-07-01 04:08 . 2009-07-01 19:01 337176 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avglogx.dll
2009-07-01 04:08 . 2009-07-01 19:01 2052888 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-07-01 04:08 . 2009-07-01 19:01 3402008 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-07-01 04:08 . 2009-07-01 19:01 1204504 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgabout.dll
2009-07-01 04:08 . 2009-07-01 19:01 829208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcfgx.dll
2009-07-01 04:08 . 2009-07-01 19:00 1454360 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll
2009-07-01 04:08 . 2009-07-01 19:00 1085208 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
2009-07-01 03:31 . 2007-01-15 21:58 139840 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-18 02:41 . 2007-01-22 16:02 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-18 02:41 . 2007-01-22 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-07 19:44 . 2007-01-15 21:39 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-22 23:14 . 2007-01-15 21:49 -------- d-----w- c:\program files\Google
2009-05-22 03:43 . 2008-12-10 15:08 -------- d-----w- c:\program files\Brownie
2009-05-22 03:43 . 2007-01-15 21:46 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-05-22 03:19 . 2009-05-22 03:13 -------- d-----w- c:\documents and settings\Betty Lovelace\Application Data\vlc
2009-05-22 03:13 . 2009-05-22 03:13 -------- d-----w- c:\documents and settings\Betty Lovelace\Application Data\dvdcss
2009-05-22 03:06 . 2009-05-22 03:06 -------- d-----w- c:\program files\VideoLAN
2009-05-22 02:12 . 2008-06-16 12:38 -------- d-----w- c:\program files\Norton Security Scan
2009-05-22 01:56 . 2009-05-22 01:45 -------- d-----w- c:\program files\AVS4YOU
2009-05-22 01:55 . 2009-05-22 01:45 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-05-22 01:46 . 2009-05-22 01:46 -------- d-----w- c:\documents and settings\Betty Lovelace\Application Data\AVS4YOU
2009-05-22 01:46 . 2009-05-22 01:46 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-05-22 01:36 . 2007-01-15 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-05-22 01:13 . 2007-01-15 21:40 -------- d-----w- c:\program files\Dell
2009-05-22 01:03 . 2009-05-22 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2009-05-21 23:32 . 2009-05-21 23:23 -------- d-----w- c:\documents and settings\Betty Lovelace\Application Data\Corel
2009-05-21 23:32 . 2007-01-15 21:41 -------- d-----w- c:\program files\Corel
2009-05-21 23:31 . 2008-12-10 15:07 -------- d-----w- c:\program files\Brother
2009-05-21 23:25 . 2007-02-09 21:51 2516 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-05-21 23:07 . 2009-05-21 23:07 137 ----a-w- c:\documents and settings\Betty Lovelace\Local Settings\Application Data\fusioncache.dat
2009-05-21 20:53 . 2009-05-21 20:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-05-07 15:32 . 2004-08-11 22:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-11 22:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-11 22:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-08-11 22:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-08-11 22:00 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-08 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-01-15 26112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-01-15 98304]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UdaterUI.exe" [2008-07-17 136512]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-01 1948440]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]
Auto Document Link.lnk - c:\program files\RDS\PLDlnk.exe [2007-3-15 286720]
Function Palette.lnk - c:\program files\RDS\PLTBar.exe [2007-3-15 114688]
Wall Server.lnk - c:\program files\TUN\tcpw\walld32.exe [2007-1-19 35840]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-01 04:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Persistence"=c:\windows\system32\igfxpers.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TUN\\tcpw\\wportm32.exe"=
"c:\\Program Files\\TUN\\tcpw\\walld32.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/1/2009 12:08 AM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/1/2009 12:08 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/1/2009 12:08 AM 298776]
S3 IBMPrinterds;Esker IBM Printer;c:\progra~1\TUN\EMUL\IBMPRSNT.EXE [1/19/2007 4:10 PM 45056]
S3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [9/10/2007 8:50 AM 457984]
S4 TunLprNP;Tun LPR Network Provider; [x]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-02 22:45
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{CD78DEAB-EC34-4DBA-708695CFC66C434E}\{9B07BBBD-296F-3B7C-2BDF54F1C8A81F31}\{FDFE4940-DE05-5675-1C56B565A6F7C9A3}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{D96284CB-92E6-3E1E-196BB0273B005327}\{BCF0CDFC-4A0B-26E5-259182A4D665E8F2}\{6E248836-421D-F84C-CF6B8AC08EBF0D43}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,4b,37,11,
a4,f3,d7,a6,81,f0,c0,41,6d,86,8d,f8,42,7a,23,de,fe,93,c5,80,36,9b,5b,75,9a,\
.
Completion time: 2009-07-03 22:47
ComboFix-quarantined-files.txt 2009-07-03 02:47
ComboFix2.txt 2009-07-01 03:38
ComboFix3.txt 2009-06-23 00:21
Pre-Run: 64,816,934,912 bytes free
Post-Run: 64,886,267,904 bytes free
166 --- E O F --- 2009-06-10 23:19