Okay,
Hijack File:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:03 PM, on 3/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WUSB54GC.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\RTDCPL.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\CreataCard\Plus\FMRemind.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_01\bin\jucheck.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTDCPL] RTDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [The Rush Limbaugh Show] C:\Program Files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe /noopen
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
O4 - Global Startup: CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk = C:\Program Files\CreataCard\Plus\FMRemind.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell.com/systemprofiler/SysPro.CABO16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
https://linksyssupport.webex.com/client ... eatgpc.cabO16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) -
https://juniper.net/dana-cached/setup/J ... tupSP1.cabO16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} (JuniperSetupClient Control) -
https://juniper.net/dana-cached/sc/Juni ... Client.cabO18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Juniper Unified Network Service (JuniperAccessService) - Juniper Networks - C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: WUSB54GCSVC - GEMTEKS - C:\Program Files\Compact Wireless-G USB Adapter Wireless Network Monitor\WLService.exe
--
End of file - 11437 bytes
Combo Fix File:ComboFix 09-03-19.02 - Dave 2009-03-20 21:00:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2045.1471 [GMT -4:00]
Running from: c:\documents and settings\Dave\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dave\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\system32\yigejiyu.exe
c:\windows\Tasks\Auto-scheduled task of Free Registry Fix.job
c:\windows\Tasks\Free Registry Fix.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Free Registry Fix
c:\program files\Free Registry Fix\Backup\Backup.dat
c:\program files\Free Registry Fix\common\errmail.dll
c:\program files\Free Registry Fix\common\hlpmngr.dll
c:\program files\Free Registry Fix\common\pcrepgen.dll
c:\program files\Free Registry Fix\common\rdump.dll
c:\program files\Free Registry Fix\freeregfix.chm
c:\program files\Free Registry Fix\liveupd.exe
c:\program files\Free Registry Fix\regfixf.exe
c:\program files\Free Registry Fix\stat.dat
c:\program files\Free Registry Fix\support.ico
c:\program files\Free Registry Fix\Technical support.url
c:\program files\Free Registry Fix\uninst.exe
c:\program files\Promosoft Corporation
c:\program files\Promosoft Corporation\Free Registry Fix\buy.url
c:\program files\Promosoft Corporation\Free Registry Fix\default.skn
c:\program files\Promosoft Corporation\Free Registry Fix\help.chm
c:\program files\Promosoft Corporation\Free Registry Fix\regfix.exe
c:\program files\Promosoft Corporation\Free Registry Fix\regfix.wav
c:\program files\Promosoft Corporation\Free Registry Fix\unicows.dll
c:\program files\Promosoft Corporation\Free Registry Fix\uninst.exe
c:\program files\Promosoft Corporation\support.ico
c:\program files\Promosoft Corporation\Technical support.url
c:\windows\system32\yigejiyu.exe
c:\windows\Tasks\Auto-scheduled task of Free Registry Fix.job
c:\windows\Tasks\Free Registry Fix.job
.
((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.
2009-03-20 20:50 . 2009-03-20 20:50 <DIR> d-------- c:\documents and settings\Dave\Application Data\deskPDF
2009-03-20 20:49 . 2009-03-20 20:50 <DIR> d-------- c:\program files\Docudesk
2009-03-20 20:49 . 2008-03-25 13:51 18,790 --a------ c:\windows\system32\ddmon.dll
2009-03-18 21:22 . 2009-03-18 21:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-18 21:21 . 2009-03-18 21:21 <DIR> d-------- c:\program files\Bonjour
2009-03-15 10:27 . 2009-03-15 10:27 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-15 10:27 . 2009-03-15 10:27 <DIR> d-------- c:\documents and settings\Dave\Application Data\Malwarebytes
2009-03-15 10:27 . 2009-03-15 10:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-15 10:27 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-15 10:27 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-13 19:16 . 2009-03-13 19:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Juniper Networks
2009-03-13 19:16 . 2009-03-13 19:16 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Intuit
2009-03-11 22:17 . 2009-03-11 22:17 578,560 --a------ c:\windows\system32\dllcache\user32.dll
2009-03-11 22:06 . 2009-03-11 22:06 <DIR> d-------- c:\windows\ERUNT
2009-03-11 22:05 . 2009-03-13 22:04 <DIR> d-------- C:\SDFix
2009-03-11 21:32 . 2009-03-11 21:56 <DIR> d-------- c:\program files\RegCure
2009-03-11 21:21 . 2009-03-11 21:48 <DIR> d-------- c:\program files\XoftSpySE
2009-03-10 22:40 . 2009-03-15 13:46 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-03-10 20:23 . 2009-03-17 20:02 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-10 14:00 . 2009-03-10 14:03 <DIR> d-------- c:\documents and settings\Cindy\Application Data\AVGTOOLBAR
2009-03-10 00:15 . 2009-03-20 18:33 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-10 00:15 . 2009-03-12 08:35 <DIR> d-------- c:\documents and settings\Dave\Application Data\AVGTOOLBAR
2009-03-10 00:15 . 2009-03-10 00:15 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-10 00:15 . 2009-03-10 00:15 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-10 00:15 . 2009-03-10 00:15 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-10 00:14 . 2009-03-10 00:14 <DIR> d-------- c:\program files\AVG
2009-03-10 00:14 . 2009-03-17 22:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-09 23:31 . 2009-03-10 20:19 <DIR> d-------- c:\program files\Lavasoft
2009-03-09 23:31 . 2009-03-10 20:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-02 14:01 . 2009-03-02 14:01 <DIR> d-------- c:\program files\Common Files\AnswerWorks 5.0
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 01:23 --------- d-----w c:\program files\iTunes
2009-03-19 01:22 --------- d-----w c:\program files\iPod
2009-03-19 01:22 --------- d-----w c:\program files\Common Files\Apple
2009-03-19 01:21 --------- d-----w c:\program files\QuickTime
2009-03-12 21:57 --------- d-----w c:\program files\Trend Micro
2009-03-02 17:59 --------- d-----w c:\program files\Common Files\Intuit
2009-03-02 17:59 --------- d-----w c:\documents and settings\All Users\Application Data\Intuit
2009-03-02 17:58 --------- d-----w c:\program files\TurboTax
2009-02-19 19:16 --------- d-----w c:\program files\Bodog Poker
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-09 11:13 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
2009-01-24 02:29 --------- d-----w c:\program files\Google
2009-01-21 00:52 --------- d-----w c:\documents and settings\Dave\Application Data\Sony Corporation
2009-01-21 00:51 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-21 00:47 --------- d-----w c:\program files\Sony
2009-01-17 02:35 3,594,752 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-12-30 02:13 1,682 --sha-w c:\windows\system32\KGyGaAvL.sys
2007-12-12 02:38 22,328 ----a-w c:\documents and settings\Dave\Application Data\PnkBstrK.sys
2006-12-18 14:36 1 -c--a-w c:\documents and settings\Dave\SI.bin
2007-11-09 21:10 30,288 -c--a-w c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-11-09 21:10 79,440 -c--a-w c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-11-09 21:10 75,344 -c--a-w c:\program files\mozilla firefox\plugins\confmgr.dll
2007-11-09 21:10 140,880 -c--a-w c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-11-09 21:10 42,576 -c--a-w c:\program files\mozilla firefox\plugins\icafile.dll
2007-11-09 21:10 50,768 -c--a-w c:\program files\mozilla firefox\plugins\icalogon.dll
2007-11-09 21:10 34,384 -c--a-w c:\program files\mozilla firefox\plugins\logging.dll
2007-11-09 21:11 685,648 -c--a-w c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-11-09 21:11 30,288 -c--a-w c:\program files\mozilla firefox\plugins\TcpPServ.dll
2006-12-04 03:47 785 --sha-w c:\windows\system32\mmf.sys
2008-11-19 00:42 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008111820081119\index.dat
.
((((((((((((((((((((((((((((( SnapShot@2009-03-18_18.22.16.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-19 01:21:57 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-03-19 01:23:35 102,400 ----a-r c:\windows\Installer\{C26B06A9-27BB-45B0-9873-9C623EC2BA38}\iTunesIco.exe
+ 2004-08-09 19:27:16 40,960 ----a-w c:\windows\system32\ddcvt.exe
- 2008-08-29 15:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-12-12 15:18:16 87,336 ----a-w c:\windows\system32\dns-sd.exe
- 2008-08-29 14:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-12-12 15:11:46 61,440 ----a-w c:\windows\system32\dnssd.dll
- 2008-04-17 18:12:54 15,464 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2009-01-15 16:19:36 23,848 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
+ 2008-04-17 16:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86\GEARAspi.dll
+ 2009-01-15 16:19:36 23,848 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_4F4AA3475F1B13A1E8212B6D40B351211BC358CE\x86\GEARAspiWDM.sys
+ 2009-03-06 03:59:00 36,864 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.sys
+ 2009-03-06 03:59:00 1,900,544 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaaplrc.dll
- 2008-04-17 18:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 16:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2009-02-25 16:55:00 24,768,960 ----a-w c:\windows\system32\MRT.exe
+ 2003-06-19 17:05:04 130,048 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PS5UID.DLL
+ 2003-06-19 17:05:04 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\3\PSCRIPT5D.DLL
+ 2003-06-19 17:05:04 130,048 ----a-w c:\windows\system32\spool\drivers\w32x86\ps5uid.dll
+ 2003-06-19 17:05:04 455,168 ----a-w c:\windows\system32\spool\drivers\w32x86\pscript5d.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2007-03-05 1103480]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-26 67128]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"The Rush Limbaugh Show"="c:\program files\Rush 24-7 Media Center\Rush 24-7 Media Center.exe" [2006-01-23 1028096]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-29 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304]
"CTDVDDET"="c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE" [2003-06-18 45056]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
"AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"AGEIA PhysX SysTray"="c:\program files\AGEIA Technologies\TrayIcon.exe" [2006-03-20 331776]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-10 1932568]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-03-02 c:\windows\system32\CTXFIHLP.EXE]
"nwiz"="nwiz.exe" [2007-10-04 c:\windows\system32\nwiz.exe]
"RTDCPL"="RTDCPL.EXE" [2005-07-08 c:\windows\system32\RTDCPL.EXE]
c:\documents and settings\Dave\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2009-01-20 385024]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CreataCard Plus 3 Forget Me Not Reminders Tray Icon.lnk - c:\program files\CreataCard\Plus\FMRemind.exe [2003-08-30 189952]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-26 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2007-01-12 528384]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-10 00:15 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Games\\Combat Flight Simulator 3\\cfs3.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\America's Army\\System\\ArmyOps.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"c:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Ghost Recon Advanced Warfighter\\GRAW.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-10 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-10 107912]
R1 NEOFLTR_600_12359;Juniper Networks TDI Filter Driver (NEOFLTR_600_12359);c:\windows\system32\drivers\NEOFLTR_600_12359.sys [2007-11-27 64160]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-10 298264]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [2008-10-10 13088]
R2 JuniperAccessService;Juniper Unified Network Service;c:\program files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [2007-07-27 87416]
R2 LicCtrlService;LicCtrl Service;c:\windows\Runservice.exe [2006-12-03 2560]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\TurboTax2008Setup.exe
.
Contents of the 'Scheduled Tasks' folder
2009-03-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []
2009-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
2009-03-20 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 13:58]
2009-03-12 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 13:58]
2009-03-20 c:\windows\Tasks\XoftSpySE 2.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-03-11 10:05]
2009-03-12 c:\windows\Tasks\XoftSpySE.job
- c:\program files\XoftSpySE\XoftSpy.exe [2009-03-11 10:05]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.msn.comuSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page =
hxxp://www.msn.comuInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Trusted Zone: musicmatch.com\online
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} -
hxxps://juniper.net/dana-cached/sc/Juni ... Client.cabFF - ProfilePath - c:\documents and settings\Dave\Application Data\Mozilla\Firefox\Profiles\13lgw5hj.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.yahoo.com/FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-20 21:05:52
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2658005923-1149050623-4265077512-1008\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:de,b0,8c,da,73,6b,ea,c7,83,d3,72,03,cd,dd,15,3a,a4,66,a6,93,2c,47,77,
e8,5e,b7,04,6e,ab,8f,1f,68,00,56,a0,ef,a1,1a,2a,9a,ce,52,80,47,39,41,c7,90,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
[HKEY_USERS\S-1-5-21-2658005923-1149050623-4265077512-1008\Software\SecuROM\License information*]
"datasecu"=hex:37,2e,f4,a6,d8,f6,8c,9e,b9,0c,a6,52,59,ba,67,59,2a,46,8d,00,0a,
32,fe,2c,a9,90,28,4b,ca,c5,3a,1f,74,39,d2,2c,6c,fb,0c,18,97,d8,8e,c3,55,26,\
"rkeysecu"=hex:b4,ca,49,7b,09,60,03,15,1e,b1,a4,bc,cc,ff,ee,77
.
Completion time: 2009-03-20 21:09:21
ComboFix-quarantined-files.txt 2009-03-21 01:08:03
ComboFix2.txt 2009-03-18 22:24:28
Pre-Run: 136,177,754,112 bytes free
Post-Run: 136,331,968,512 bytes free
268 --- E O F --- 2009-03-19 19:22:22