ComboFix 11-07-25.02 - David 07/25/2011 10:40:06.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2337 [GMT -5:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\David\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\dtx.ini
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\guid.dat
c:\documents and settings\NetworkService\Application Data\whitesmoketoolbar\setupCfg.xml
c:\program files\yontoo layers client
c:\windows\system32\searchindexer.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TERMSERVICES
-------\Service_TermServices
-------\Legacy_WSearch
-------\Service_WSearch
.
.
((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 )))))))))))))))))))))))))))))))
.
.
2011-07-24 13:05 . 2011-07-24 13:05 -------- d-----w- c:\program files\ESET
2011-07-24 12:59 . 2011-07-24 12:59 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Stardock_Corporation
2011-07-23 16:50 . 2011-07-23 16:52 -------- d-----w- c:\documents and settings\David\Application Data\Apple Computer
2011-07-23 16:50 . 2009-05-18 18:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-07-23 16:50 . 2008-04-17 17:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-07-23 16:49 . 2011-07-23 16:49 -------- d-----w- c:\program files\iPod
2011-07-23 16:49 . 2011-07-23 16:50 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-07-23 16:49 . 2011-07-23 16:50 -------- d-----w- c:\program files\iTunes
2011-07-23 16:49 . 2011-07-23 16:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-07-23 16:49 . 2011-07-23 16:49 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-07-23 16:47 . 2011-07-23 16:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-07-23 16:47 . 2011-07-23 16:50 -------- d-----w- c:\documents and settings\David\Local Settings\Application Data\Apple Computer
2011-07-22 19:11 . 2011-07-22 19:11 664 ----a-w- c:\documents and settings\NetworkService\Local Settings\Application Data\d3d9caps.tmp
2011-07-22 18:02 . 2011-07-22 18:02 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Identities
2011-07-22 13:25 . 2011-07-22 13:25 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2011-07-22 13:25 . 2011-07-22 13:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2011-07-22 13:23 . 2011-07-23 16:49 -------- d-----w- c:\program files\QuickTime
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-12 16:20 . 2011-07-12 16:20 50536 ----a-w- c:\windows\system32\jdns_sd.dll
2011-07-12 16:20 . 2011-07-12 16:20 178536 ----a-w- c:\windows\system32\dnssdX.dll
2011-07-01 12:22 . 2011-07-01 12:22 -------- d-----w- c:\program files\Common Files\Java
2011-07-01 12:21 . 2011-07-01 12:21 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-07-01 12:21 . 2011-07-01 12:21 -------- d-----w- c:\program files\Java
2011-06-28 16:41 . 2011-06-28 16:41 -------- d-----w- c:\documents and settings\David\Application Data\vmntemplate
2011-06-27 14:02 . 2011-06-27 14:02 398760 ----a-r- c:\windows\cpnprt2.cid
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 00:52 . 2010-10-19 04:33 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-10-19 04:33 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-01 12:21 . 2011-05-22 05:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-06-27 14:02 . 2010-09-21 21:26 398760 ------w- c:\windows\system32\cpnprt2.cid
2011-06-03 13:09 . 2011-06-03 13:09 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-02 14:07 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 17:25 . 2008-04-25 16:16 151552 ----a-w- c:\windows\system32\schannel.dll
2011-04-29 16:19 . 2008-04-25 16:16 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-07-23_22.27.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-25 15:46 . 2011-07-25 15:46 16384 c:\windows\Temp\Perflib_Perfdata_178.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-05-30 16:33 2495816 ----a-w- c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll" [2011-05-30 2495816]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-10-13 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-04 18084864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-04 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-04 150040]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"USSShReg"="c:\progra~1\ULEADS~1\ULEADP~1.2\SSaver\Ussshreg.exe" [1997-11-23 20992]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2009-11-03 86016]
"CamserviceDeluxe2"="c:\program files\Hercules\Deluxe Optical Glass\Camservice.exe" [2007-08-10 81920]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-04-18 2334560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-22 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
.
c:\documents and settings\David\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
Trillian.lnk - c:\program files\Trillian\trillian.exe [2011-6-28 2068832]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Hercules\\Deluxe Optical Glass\\Station2.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Turbine\\DDO Unlimited\\dndclient.exe"=
"c:\\Program Files\\Trillian\\trillian.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56880:TCP"= 56880:TCP:Pando Media Booster
"56880:UDP"= 56880:UDP:Pando Media Booster
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 4:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [12/8/2010 5:12 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [11/12/2010 2:19 PM 297168]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [4/18/2011 5:39 PM 7398752]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [12/18/2008 2:05 PM 155648]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 27216]
R3 camfilt2;camfilt2;c:\windows\system32\drivers\camfilt2.sys [1/6/2010 12:57 PM 94720]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 12:52 PM 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [5/12/2011 8:52 AM 1025352]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3/13/2010 12:52 PM 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 17:52]
.
2011-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-13 17:52]
.
2011-07-14 c:\windows\Tasks\Norton Security Scan for Kristy.job
- c:\program files\Norton Security Scan\Engine\3.0.1.8\Nss.exe [2011-01-15 14:06]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG10\Toolbar\IEToolbar.dll
DPF: {E7DA7F8D-27AB-4EE9-8FC0-3FEC9ECFE758} -
hxxps://access.wisconsin.gov/access/DynamicWebTWAIN.cab.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2011-07-25 10:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(168)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Apple\Apple Application Support\distnoted.exe
c:\program files\Common Files\Apple\Mobile Device Support\SyncServer.exe
.
**************************************************************************
.
Completion time: 2011-07-25 10:51:40 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-25 15:51
ComboFix2.txt 2011-07-23 22:31
.
Pre-Run: 440,854,245,376 bytes free
Post-Run: 440,925,429,760 bytes free
.
- - End Of File - - 7D0EAA827A4FDFF17E9C1E8A69FBF006