Hi, ran combofix in safe mode. Thanks
ComboFix 10-03-04.04 - Administrator 05/03/2010 12:28:01.1.2 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.266 [GMT 0:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-3000059173-1555948214-1078165881-500
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\system32\Thumbs.db
.
((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 )))))))))))))))))))))))))))))))
.
2010-03-05 01:23 . 2010-03-05 01:23 -------- dc----w- c:\documents and settings\Administrator\Application Data\AVG9
2010-03-04 18:52 . 2010-03-04 18:52 360584 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2010-03-04 18:52 . 2010-03-04 18:52 74760 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\UniversalDD.sys
2010-03-04 18:52 . 2010-03-04 18:52 28424 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys
2010-03-04 18:52 . 2010-03-04 18:52 25608 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSxx.sys
2010-03-04 18:52 . 2010-03-04 18:52 30216 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSFilter.sys
2010-03-04 18:52 . 2010-03-04 18:52 25736 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSShim.sys
2010-03-04 18:52 . 2010-03-04 18:52 122376 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\AVGIDSDriver.sys
2010-03-04 18:52 . 2010-03-04 18:52 333192 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgldx86.sys
2010-03-04 18:52 . 2010-03-04 18:52 161800 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgrkx86.sys
2010-03-04 18:46 . 2010-02-24 21:53 1007896 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2010-03-04 18:46 . 2010-02-24 21:53 1658136 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-03-04 18:46 . 2010-02-24 21:53 613656 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2010-03-04 18:46 . 2010-02-24 21:53 800536 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avginet.dll
2010-03-01 21:31 . 2010-03-01 21:31 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-03-01 21:21 . 2010-03-01 21:21 503808 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-554333c1-n\msvcp71.dll
2010-03-01 21:21 . 2010-03-01 21:21 499712 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-554333c1-n\jmc.dll
2010-03-01 21:21 . 2010-03-01 21:21 348160 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-554333c1-n\msvcr71.dll
2010-03-01 21:21 . 2010-03-01 21:21 61440 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-17482255-n\decora-sse.dll
2010-03-01 21:21 . 2010-03-01 21:21 12800 -c--a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-17482255-n\decora-d3d.dll
2010-03-01 21:20 . 2010-03-01 21:20 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-03-01 20:56 . 2010-03-01 20:57 -------- dc----w- C:\rsit
2010-03-01 19:52 . 2010-03-01 19:52 -------- dc----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-03-01 19:52 . 2010-03-01 19:52 -------- dc----w- c:\program files\MALWAREBYTES ANTI-MALWARE
2010-03-01 19:52 . 2010-01-07 16:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 19:52 . 2010-03-01 19:52 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-01 19:52 . 2010-03-01 20:45 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 19:52 . 2010-01-07 16:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 19:31 . 2010-02-12 10:03 293376 -c----w- c:\windows\system32\browserchoice.exe
2010-02-28 19:49 . 2009-11-25 13:02 1230080 -c--a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-26 20:34 . 2010-02-24 21:53 3499288 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avguires.dll
2010-02-26 20:34 . 2010-02-24 21:53 2422552 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avguiadv.dll
2010-02-26 20:34 . 2010-02-24 21:53 4043544 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-02-26 20:34 . 2010-02-24 21:53 2033432 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-02-26 20:34 . 2010-02-24 21:53 3304216 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgdiagex.exe
2010-02-26 20:34 . 2010-02-24 21:53 1207064 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgabout.dll
2010-02-25 20:07 . 2010-02-25 20:05 1261336 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-25 20:07 . 2010-02-25 19:54 3777816 -c--a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-24 21:59 . 2010-02-24 21:59 -------- dcsh--w- c:\documents and settings\LocalService\IETldCache
2010-02-24 21:54 . 2010-02-24 21:54 -------- dc----w- C:\$AVG
2010-02-24 21:54 . 2010-03-04 18:50 12464 -c--a-w- c:\windows\system32\avgrsstx.dll
2010-02-24 21:54 . 2010-03-04 18:50 25096 -c--a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-02-24 21:54 . 2010-03-04 18:49 52872 -c--a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-24 21:54 . 2010-03-04 18:51 242696 -c--a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-24 21:53 . 2010-03-04 18:50 216200 -c--a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-24 21:53 . 2010-03-04 18:50 29512 -c--a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-24 21:53 . 2010-03-05 10:45 -------- dc----w- c:\windows\system32\drivers\Avg
2010-02-24 21:53 . 2010-02-24 21:58 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-24 21:52 . 2010-02-24 21:52 50968 -c--a-w- c:\windows\system32\avgfwdx.dll
2010-02-24 21:52 . 2010-02-24 21:52 30104 -c--a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-24 21:52 . 2010-02-24 21:52 -------- dc----w- c:\program files\AVG
2010-02-24 21:52 . 2010-02-24 21:52 -------- dc----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-17 11:34 . 2010-02-17 11:34 -------- dc----w- c:\program files\Trend Micro
2010-02-07 20:35 . 2010-02-07 20:35 2550 -c--a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{D5EA1755-1899-4380-A4BA-83840648CBDA}\MainExecutableShortcutIcon.exe
2010-02-07 20:35 . 2010-02-07 20:35 -------- dc----w- c:\documents and settings\Administrator\Local Settings\Application Data\Valued Opinions
2010-02-07 20:35 . 2010-02-07 20:35 -------- dc----w- c:\program files\Valued Opinions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 18:30 . 2008-10-07 12:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-02 19:54 . 2010-03-02 19:54 -------- dc----w- c:\program files\JMF2.1.1e
2010-03-01 21:30 . 2009-08-09 20:57 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-03-01 21:27 . 2009-08-09 20:57 -------- dc----w- c:\program files\NOS
2010-03-01 21:22 . 2005-05-17 16:36 -------- dc----w- c:\program files\Common Files\Java
2010-03-01 21:19 . 2005-05-17 16:36 -------- dc----w- c:\program files\Java
2010-02-26 20:37 . 2005-05-17 16:37 -------- dc-h--w- c:\program files\InstallShield Installation Information
2010-02-26 20:37 . 2005-06-20 09:18 -------- dc----w- c:\program files\Canon
2010-02-25 20:17 . 2005-05-17 16:39 -------- dc----w- c:\program files\Common Files\Symantec Shared
2010-02-24 22:01 . 2005-05-17 16:39 -------- dc----w- c:\program files\Norton AntiVirus
2010-02-24 21:25 . 2005-05-17 16:39 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
2010-02-17 14:29 . 2005-06-21 18:58 27640 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-17 14:26 . 2005-06-21 18:47 -------- dc----w- c:\program files\MapInfo
2010-02-11 19:56 . 2008-09-05 14:36 -------- dc----w- c:\program files\Lx_cats
2010-02-11 16:35 . 2010-02-11 16:35 2601804 -c--a-w- c:\documents and settings\All Users\SPL1C.tmp
2010-02-11 16:35 . 2005-07-06 17:39 -------- dc----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2010-01-28 08:34 . 2005-06-20 20:34 -------- dc----w- c:\program files\Google
2010-01-14 19:35 . 2010-01-14 19:35 -------- dc----w- c:\program files\TomTom International B.V
2010-01-10 13:11 . 2010-01-10 13:11 -------- dc----w- c:\documents and settings\NetworkService\Application Data\Trusteer
2010-01-06 12:41 . 2010-01-06 12:41 -------- dc----w- c:\documents and settings\Administrator\Application Data\Trusteer
2010-01-06 12:41 . 2010-01-06 12:41 -------- dc----w- c:\program files\Trusteer
2010-01-06 12:40 . 2010-01-06 12:40 -------- dc----w- c:\documents and settings\All Users\Application Data\Trusteer
2010-01-05 13:09 . 2010-01-05 13:09 -------- dc----w- c:\program files\3ivx
2010-01-05 13:09 . 2010-01-05 13:09 -------- dc----w- c:\documents and settings\All Users\Application Data\Flip Video
2010-01-05 12:55 . 2010-01-05 12:55 -------- dc----w- c:\program files\Flip Video
2009-12-31 16:50 . 2004-08-04 08:00 353792 -c--a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2004-08-04 08:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2004-08-04 08:00 343040 -c--a-w- c:\windows\system32\mspaint.exe
2009-12-14 19:15 . 2009-12-14 19:15 2146304 -c--a-w- c:\windows\system32\GPhotos.scr
2009-12-14 07:08 . 2004-08-04 08:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:26 . 2004-08-04 08:00 2145280 -c--a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-04 08:00 2023936 -c--a-w- c:\windows\system32\ntkrnlpa.exe
2007-06-01 18:29 . 2007-06-01 18:28 80 -csh--r- c:\windows\system32\30152FC785.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:02 1230080 -c--a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IW_Drop_Icon"="c:\program files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2004-07-30 1123840]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-07 39408]
"PanelApp"="c:\documents and settings\Administrator\Local Settings\Application Data\Valued Opinions\PanelApp\PanelApp.exe" [2009-12-30 31232]
"RealPlayer"="c:\program files\Real\RealPlayer\realplay.exe" [2006-05-31 1003520]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-09-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-09-30 126976]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 143360]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 65536]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-09 30192]
"lxdjamon"="c:\program files\Lexmark 1400 Series\lxdjamon.exe" [2007-04-30 20480]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"RoxioDragToDisc"="c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-06-26 868352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Motive SmartBridge"="c:\progra~1\BTBROA~2\SMARTB~1\BTHelpNotifier.exe" [2006-02-06 462935]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - c:\program files\BT Broadband Desktop Help\bin\matcli.exe [2006-11-6 217088]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-7-31 111376]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-7-31 51984]
Ralink Wireless Utility.lnk - c:\program files\RALINK\Common\RaUI.exe [2006-6-2 589824]
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 74308]
VPN Client.lnk - c:\windows\Installer\{6DC47739-3BB0-4494-A43D-193BF54070AE}\Icon3E5562ED7.ico [2005-7-6 6144]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-04 18:50 12464 -c--a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Pinnacle\\Shared Files\\Programs\\MediaManager\\PMSManager.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\lxdjcoms.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\App4R.exe"=
"c:\\Program Files\\Lexmark 1400 Series\\lxdjamon.exe"=
"c:\\WINDOWS\\system32\\lxdjcfg.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft SQL Server\\MSSQL$MV\\Binn\\sqlservr.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjjswx.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjtime.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjwbgw.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\lxdjpswx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [24/02/2010 21:54 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [24/02/2010 21:54 52872]
R0 Gonzales;Gonzales;c:\windows\system32\drivers\Gonzales.sys [25/10/2006 19:59 7040]
R1 vobiw;vobiw;c:\windows\system32\drivers\vobIW.sys [01/09/2004 13:50 188416]
R3 Bonifay;Bonifay;c:\windows\system32\drivers\Bonifay.sys [25/10/2006 19:59 12160]
R3 cdrdrv;Cdrdrv;c:\windows\system32\drivers\Cdrdrv.sys [03/08/2004 10:10 62976]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [24/02/2010 21:53 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [24/02/2010 21:54 242696]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [17/02/2010 11:44 58984]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [17/02/2010 11:44 108904]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [04/03/2010 18:50 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [04/03/2010 18:50 2325816]
S2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [04/03/2010 18:50 5888008]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [30/12/2009 23:24 135664]
S2 lxdjCATSCustConnectService;lxdjCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdjserv.exe [05/09/2008 14:27 99248]
S2 MSSQL$MV;MSSQL$MV;c:\program files\Microsoft SQL Server\MSSQL$MV\Binn\sqlservr.exe -sMV --> c:\program files\Microsoft SQL Server\MSSQL$MV\Binn\sqlservr.exe -sMV [?]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [17/02/2010 11:44 779496]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [13/11/2009 11:31 92008]
S3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [24/02/2010 21:52 30104]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [24/02/2010 21:52 30104]
S3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [24/02/2010 21:53 122376]
S3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [24/02/2010 21:53 30216]
S3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [24/02/2010 21:53 26120]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [20/06/2005 20:36 30192]
S3 PanelSvc;PanelSvc;c:\program files\Valued Opinions\PanelApp\PanelSvc.exe [30/12/2009 11:20 91136]
S3 SQLAgent$MV;SQLAgent$MV;c:\program files\Microsoft SQL Server\MSSQL$MV\Binn\sqlagent.EXE -i MV --> c:\program files\Microsoft SQL Server\MSSQL$MV\Binn\sqlagent.EXE -i MV [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]
2010-03-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-08-14 08:23]
2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 23:24]
2010-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-30 23:24]
2010-03-05 c:\windows\Tasks\User_Feed_Synchronization-{4CBB5D9D-894A-4EE0-AC6E-70E859F0E134}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.uk/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext =
hxxp://www.bt.com/btbroadbandstartuInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchURL,(Default) =
hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
DPF: {0A43D7AC-D6C1-4622-B309-BF975F427C0E} -
hxxps://internetbankingplus2.firstdirec ... doorFD.cabDPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} -
hxxps://moneymanager.egg.com/Pinsafe/ac ... acking.cab.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-lxdjmon.exe - c:\program files\Lexmark 1400 Series\lxdjmon.exe
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-GSpot - c:\program files\GSpot\Uninstall.exe
AddRemove-{7585478E9D9B42108671C12F8714CEFE} - c:\program files\DivX\ConverterUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files\DivX\DivXPlayerUninstall.exe
AddRemove-{B13A7C41581B411290FBC0395694E2A9} - c:\program files\DivX\ConverterUninstall.exe
AddRemove-{B7050CBDB2504B34BC2A9CA0A692CC29} - c:\program files\DivX\DivXWebPlayerUninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-03-05 12:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-4113112717-2487586359-2322467008-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,fe,86,6c,8e,25,45,42,aa,42,68,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ec,fe,86,6c,8e,25,45,42,aa,42,68,\
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
.
**************************************************************************
.
Completion time: 2010-03-05 12:54:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-05 12:54
Pre-Run: 31,042,977,792 bytes free
Post-Run: 31,789,633,536 bytes free
- - End Of File - - E6C1876A6A942D1297C8B71153827BB5