ComboFix 09-08-10.06 - Admin 12/08/2009 17:55.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2558.2060 [GMT 2:00] Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-07-12 to 2009-08-12 ))))))))))))))))))))))))))))))) . 2009-08-12 12:58 . 2008-04-13 19:09 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys 2009-08-12 12:58 . 2008-04-13 19:16 15232 ----a-w- c:\windows\system32\drivers\MPE.sys 2009-08-12 12:58 . 2008-04-13 19:16 10880 ----a-w- c:\windows\system32\drivers\NdisIP.sys 2009-08-12 12:58 . 2008-04-13 19:16 15232 ----a-w- c:\windows\system32\drivers\StreamIP.sys 2009-08-12 12:57 . 2008-04-13 19:16 11136 ----a-w- c:\windows\system32\drivers\SLIP.sys 2009-08-12 12:57 . 2008-04-13 19:16 19200 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS 2009-08-12 12:57 . 2008-04-13 19:16 85248 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys 2009-08-12 12:57 . 2008-04-13 19:16 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys 2009-08-12 12:57 . 2008-04-13 19:16 11776 ----a-w- c:\windows\system32\drivers\BdaSup.sys 2009-08-12 12:57 . 2008-04-14 00:42 57344 ----a-w- c:\windows\system32\vfwwdm32.dll 2009-08-12 12:57 . 2008-04-14 00:42 363520 ----a-w- c:\windows\system32\PsisDecd.dll 2009-08-12 09:16 . 2009-08-12 09:16 664 ----a-w- c:\windows\system32\d3d9caps.dat 2009-08-12 08:58 . 2009-08-12 08:58 -------- d-----w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F} 2009-08-10 14:59 . 2009-08-10 14:59 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache 2009-08-10 14:57 . 2009-08-10 14:58 -------- d-----w- c:\program files\CCleaner 2009-08-09 14:44 . 2009-08-10 15:13 -------- d-----w- c:\program files\Nidesoft DVD to AVI Converter v3.0 2009-08-09 06:04 . 2009-08-09 06:04 -------- d-----w- c:\documents and settings\Admin\.dvdcss 2009-08-09 06:03 . 2009-08-10 15:14 -------- d-----w- c:\documents and settings\Admin\Application Data\Any DVD Converter Professional 2009-08-09 06:03 . 2009-08-10 15:14 -------- d-----w- c:\program files\Any DVD Converter Professional 2009-08-09 01:11 . 2009-08-09 01:11 -------- d-----w- c:\program files\WizardWorks 2009-08-08 04:19 . 2009-08-08 04:19 -------- d-----w- c:\program files\Euro Truck Simulator 2009-08-06 16:15 . 2009-08-06 16:15 -------- d-----w- c:\program files\directx 2009-08-06 16:02 . 2009-08-06 16:02 616 ----a-w- c:\windows\eReg.dat 2009-08-05 15:09 . 2009-08-05 15:09 -------- d-----w- c:\program files\GT Interactive 2009-08-05 15:09 . 1998-10-29 23:45 306688 ----a-w- c:\windows\IsUninst.exe 2009-08-05 15:07 . 2008-04-14 04:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-08-04 01:29 . 2009-08-10 15:12 -------- d-----w- c:\program files\MagicDVDRipper 2009-08-04 00:53 . 2009-08-04 00:53 -------- d-----w- c:\program files\DVD_to_AVI_Converter 2009-08-04 00:38 . 2009-08-04 00:38 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\WMTools Downloaded Files 2009-08-03 23:56 . 2009-08-03 23:56 -------- d-----w- C:\FLIKKEN_REEKS_1_DVD_1 2009-08-03 23:43 . 1999-09-10 19:06 5600 ----a-w- c:\windows\system\WINASPI.DLL 2009-08-03 23:43 . 1999-09-10 19:06 4672 ----a-w- c:\windows\system\WOWPOST.EXE 2009-08-03 23:43 . 1999-09-10 19:06 45056 ----a-w- c:\windows\system32\WNASPI32.DLL 2009-08-03 23:43 . 1999-09-10 19:06 25244 ----a-w- c:\windows\system32\drivers\ASPI32.SYS 2009-08-03 23:43 . 2009-08-03 23:43 -------- d-----w- c:\program files\Nidesoft Studio 2009-08-03 22:52 . 2009-08-03 22:52 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM 2009-08-03 22:50 . 2009-08-03 22:50 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonBJ 2009-08-03 22:50 . 2007-05-01 05:00 215040 ----a-w- c:\windows\system32\CNMLM92.DLL 2009-08-03 22:50 . 2009-08-03 22:50 -------- d--h--w- c:\windows\system32\CanonIJ Uninstaller Information 2009-08-03 22:50 . 2009-08-03 22:50 -------- d--h--w- c:\program files\CanonBJ 2009-08-03 22:49 . 2009-08-03 22:52 -------- d-----w- c:\program files\Canon 2009-08-03 21:38 . 2009-08-10 15:21 -------- d-----w- c:\program files\AviSynth 2.5 2009-08-03 21:38 . 2009-08-10 15:15 -------- d-----w- c:\program files\Gabest 2009-08-03 18:52 . 2009-08-03 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-08-03 18:52 . 2009-08-03 18:52 -------- d-----w- c:\program files\DVD Shrink 2009-08-03 17:10 . 2009-08-03 17:10 -------- d--h--r- C:\MSOCache 2009-08-03 14:32 . 2009-08-03 14:32 0 ----a-w- c:\windows\system32\cid_store.dat 2009-08-02 19:39 . 2009-08-02 19:39 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes 2009-08-02 19:39 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-08-02 19:39 . 2009-08-02 19:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-08-02 19:39 . 2009-08-02 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-08-02 19:39 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-08-02 19:00 . 2009-08-02 19:00 -------- d-----w- c:\windows\ie8updates 2009-08-02 19:00 . 2009-08-02 19:01 -------- d--h--w- c:\windows\$hf_mig$ 2009-08-02 15:47 . 2009-05-07 15:14 346112 ------w- c:\windows\system32\dllcache\localspl.dll 2009-08-02 15:47 . 2009-06-03 19:09 1291264 ------w- c:\windows\system32\dllcache\quartz.dll 2009-08-02 15:47 . 2009-04-15 14:51 585216 ------w- c:\windows\system32\dllcache\rpcrt4.dll 2009-08-02 15:47 . 2009-04-17 12:26 1847168 ------w- c:\windows\system32\dllcache\win32k.sys 2009-07-31 22:55 . 2009-07-31 22:55 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst 2009-07-31 22:55 . 2009-07-31 22:55 -------- d-----w- c:\documents and settings\Admin\Application Data\PlayFirst 2009-07-31 15:17 . 2009-07-31 15:17 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2009-07-31 15:12 . 2009-07-31 15:12 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Temp 2009-07-31 15:12 . 2009-07-31 15:12 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2009-07-31 14:49 . 2009-08-03 15:17 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Google 2009-07-31 14:47 . 2009-08-03 17:17 -------- d-----w- c:\program files\Google 2009-07-30 16:36 . 2009-07-30 16:36 4096 ----a-w- c:\windows\d3dx.dat 2009-07-30 16:27 . 2009-08-01 02:55 46 ----a-w- c:\windows\popcinfo.dat 2009-07-30 02:53 . 2009-07-30 02:53 -------- d-----w- c:\program files\Adventure Maker 3.4.0 2009-07-30 02:38 . 2009-07-30 02:38 -------- d-----w- c:\program files\uTorrent 2009-07-30 02:37 . 2009-08-03 16:27 -------- d-----w- c:\documents and settings\Admin\Application Data\uTorrent 2009-07-29 18:55 . 2009-08-12 14:51 -------- d-----w- c:\documents and settings\Admin\Tracing 2009-07-29 18:53 . 2009-07-29 18:53 -------- d-----w- c:\program files\Microsoft 2009-07-29 18:53 . 2009-07-29 18:53 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-07-29 18:51 . 2009-07-29 18:51 -------- d-----w- c:\program files\Common Files\Windows Live 2009-07-29 17:54 . 2009-07-29 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles 2009-07-28 14:25 . 2009-07-28 14:25 -------- d-----w- c:\program files\FDRLab 2009-07-28 01:12 . 2009-08-03 16:46 -------- d-----w- c:\program files\Call of Duty 2009-07-27 20:35 . 2009-07-27 20:36 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\Adobe 2009-07-27 20:35 . 2009-07-27 20:35 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-27 04:41 . 2004-08-03 03:03 172032 ----a-w- c:\windows\system32\nvudisp.exe 2009-07-27 04:35 . 2006-08-01 22:02 49152 ----a-w- c:\windows\system32\ChCfg.exe 2009-07-27 04:34 . 2009-07-27 04:34 -------- d-----w- c:\program files\Realtek AC97 2009-07-27 04:34 . 2006-07-31 18:19 315392 ----a-w- c:\windows\alcupd.exe 2009-07-27 04:28 . 2009-08-10 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2009-07-27 04:28 . 2009-08-10 16:15 -------- d-----w- c:\documents and settings\Admin\Application Data\Uniblue 2009-07-27 02:23 . 2009-07-27 02:24 -------- d-----w- c:\documents and settings\Admin\Application Data\GetRightToGo 2009-07-27 02:13 . 2009-07-27 02:13 -------- d-----w- C:\IBMTOOLS 2009-07-26 20:42 . 2009-07-26 20:42 -------- d-----w- c:\program files\Codemasters 2009-07-25 02:49 . 2009-07-25 02:49 -------- d-----w- c:\documents and settings\Admin\Application Data\LEGO Company 2009-07-24 18:05 . 2009-08-10 16:13 -------- d-----w- c:\program files\SpeedFan 2009-07-24 01:58 . 2009-07-24 01:58 -------- d-----w- c:\program files\Trend Micro 2009-07-24 00:41 . 2009-07-24 00:41 -------- d-----w- c:\windows\Sun 2009-07-24 00:33 . 2009-07-24 00:33 -------- d-----w- c:\documents and settings\Admin\Application Data\Auslogics 2009-07-24 00:33 . 2009-07-24 00:33 -------- d-----w- c:\program files\Auslogics 2009-07-23 22:48 . 2000-08-20 03:29 268048 ----a-w- c:\windows\system32\dxtmeta2.dll 2009-07-22 16:28 . 2009-07-22 16:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2009-07-22 16:23 . 2009-07-22 16:23 -------- d-----w- c:\program files\DAEMON Tools Lite 2009-07-22 16:22 . 2009-07-22 16:22 -------- d-----w- c:\documents and settings\Admin\Application Data\DAEMON Tools 2009-07-22 16:16 . 2009-07-22 16:16 -------- d--h--w- c:\windows\PIF 2009-07-22 16:09 . 2009-07-27 04:34 -------- d-----w- c:\program files\Common Files\InstallShield 2009-07-22 14:17 . 2009-07-22 14:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Gogii Games 2009-07-22 14:17 . 2009-07-22 14:17 -------- d-----w- c:\documents and settings\Admin\Application Data\Gogii Games 2009-07-22 14:17 . 2009-07-30 03:01 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-22 04:27 . 2009-07-22 04:27 -------- d-----w- c:\documents and settings\Admin\Application Data\GRETECH 2009-07-22 04:26 . 2009-07-22 04:26 -------- d-----w- c:\program files\GRETECH 2009-07-21 16:21 . 2009-07-21 16:21 335752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgldx86.sys 2009-07-21 16:21 . 2009-07-21 16:21 11952 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsstx.dll 2009-07-21 16:21 . 2009-07-20 15:08 12552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrkx86.sys 2009-07-21 16:21 . 2009-07-20 15:08 107272 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtdix.sys 2009-07-21 16:21 . 2009-07-21 16:21 486680 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgrsx.exe 2009-07-21 16:21 . 2009-07-21 16:21 27784 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgmfx86.sys 2009-07-21 16:20 . 2009-07-21 16:20 755992 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avginet.dll 2009-07-21 16:20 . 2009-07-21 16:20 587032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgiproxy.exe 2009-07-21 16:20 . 2009-07-21 16:20 1471768 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.dll 2009-07-21 16:20 . 2009-07-21 16:20 1086744 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe 2009-07-20 18:59 . 2008-04-15 03:00 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll 2009-07-20 15:17 . 2009-08-03 19:03 -------- d-----w- c:\documents and settings\Admin\Application Data\MxBoost 2009-07-20 15:17 . 2009-08-03 19:03 -------- d-----w- c:\program files\Maxthon2 2009-07-20 15:14 . 2009-08-09 19:04 -------- d--h--w- C:\$AVG8.VAULT$ 2009-07-20 15:08 . 2009-07-29 15:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-07-20 15:08 . 2009-07-21 16:21 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-07-20 15:08 . 2009-07-21 16:21 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-07-20 15:08 . 2009-07-29 15:20 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-07-20 15:08 . 2009-08-12 05:48 -------- d-----w- c:\windows\system32\drivers\Avg 2009-07-20 15:08 . 2009-07-29 15:20 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-09 01:11 . 2009-07-20 03:55 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-03 16:46 . 2009-07-19 18:02 -------- dc----w- c:\program files\Common Files\WindowsLiveInstaller 2009-08-02 19:07 . 2009-07-20 03:09 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-29 18:54 . 2009-07-19 18:02 -------- d-----w- c:\program files\Windows Live 2009-07-27 22:12 . 2009-07-19 19:08 -------- d-----w- c:\program files\PokerStars 2009-07-20 22:43 . 2009-07-20 22:43 -------- d-----w- c:\program files\ING 2009-07-20 03:55 . 2009-07-20 03:55 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys 2009-07-20 03:55 . 2009-07-20 03:55 -------- d-----w- c:\program files\Ralink 2009-07-20 03:55 . 2009-07-20 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Ralink Driver 2009-07-20 03:55 . 2009-07-20 03:55 -------- d-----w- c:\documents and settings\Admin\Application Data\InstallShield 2009-07-20 03:43 . 2009-07-20 03:07 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-07-20 03:18 . 2009-07-20 03:02 -------- d-----w- c:\program files\VistaExperience.org 2009-07-20 03:18 . 2009-07-20 03:18 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition 2009-07-20 03:12 . 2009-07-20 03:12 68200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-07-20 03:12 . 2009-07-20 03:12 -------- d-----w- c:\program files\MSBuild 2009-07-20 03:12 . 2009-07-20 03:12 -------- d-----w- c:\program files\Reference Assemblies 2009-07-20 03:09 . 2009-07-20 03:09 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-20 03:09 . 2009-07-20 03:09 -------- d-----w- c:\program files\Java 2009-07-20 03:09 . 2009-07-20 03:08 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-07-20 03:08 . 2009-07-20 03:08 2156 ----a-w- c:\windows\system32\unins000.dat 2009-07-20 03:08 . 2009-07-20 03:08 635337 ----a-w- c:\windows\system32\unins000.exe 2009-07-20 03:08 . 2009-07-20 03:08 -------- d-----w- c:\program files\Alky for Applications 2009-07-20 03:06 . 2009-07-20 03:06 -------- d-----w- c:\program files\Windows Media Connect 2 2009-07-20 03:05 . 2009-07-20 03:05 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-20 03:04 . 2009-07-20 03:00 -------- d-----w- c:\program files\Windows Sidebar 2009-07-20 03:00 . 2009-07-20 03:00 -------- d-----w- c:\program files\MSXML 4.0 2009-07-19 18:18 . 2009-07-19 18:18 -------- d-----w- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9 2009-07-19 18:18 . 2009-07-19 18:18 -------- d-----w- c:\documents and settings\Admin\Application Data\GameHouse 2009-07-19 18:18 . 2009-07-19 18:18 -------- d-----w- c:\program files\GameHouse 2009-07-19 18:04 . 2009-07-19 18:04 14800 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-19 18:02 . 2009-07-19 18:02 -------- d-----w- c:\documents and settings\All Users\Application Data\WLInstaller 2009-07-03 17:09 . 2009-04-15 02:06 915456 ----a-w- c:\windows\system32\wininet.dll 2009-06-16 14:36 . 2008-04-15 03:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2008-04-15 03:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-03 19:09 . 2009-04-18 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll . ------- Sigcheck ------- [-] 2009-04-15 02:05 575488 99C1ACB1B8F0F2CECC56515E502B5120 c:\windows\system32\user32.dll [-] 2009-04-14 22:35 361600 25A740D70E8007814A48D3FA1B34FA34 c:\windows\system32\drivers\tcpip.sys [-] 2009-04-15 02:06 568832 DB3B9755F265C37319DF9AFF4FDDF717 c:\windows\system32\winlogon.exe [-] 2009-04-15 02:08 2229376 805199FF8935A3D8D5A3BF970D7AAFD3 c:\windows\system32\ntkrnlpa.exe [-] 2009-04-18 12:07 2352384 4DDE9FEC0A87021A924F1A8849B6B4EB c:\windows\system32\ntoskrnl.exe [-] 2009-04-15 02:02 1440768 6DA7EDB6D1289B0B8A6DED512EBCB1AB c:\windows\explorer.exe [-] 2009-04-15 02:01 37376 CBF5945651C96E471B3A004BBDC36864 c:\windows\system32\ctfmon.exe [-] 2009-04-15 02:01 1444864 305A986FA2FF569D333CCA2AE3AE321D c:\windows\system32\comres.dll [-] 2009-04-15 02:01 652800 5E0DE69E7168A9B9510EBA0C1CCC2189 c:\windows\system32\comctl32.dll [7] 2009-04-14 21:39 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [7] 2008-11-05 21:21 1054208 C6BE3E18287F21EE3ED3C84ED14E9D7A c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll c:\windows\system32\drivers\beep.sys ... is missing !! c:\windows\system32\msgsvc.dll ... is missing !! c:\windows\system32\wscntfy.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-02-26 1555456] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-07 3885408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-29 2000152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-03 4493312] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2004-08-03 917504] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-03-08 128512] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Ralink Wireless Utility.lnk - c:\program files\Ralink\Common\RaUI.exe [2009-7-20 1630208] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-07-29 15:20 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [20/07/2009 17:08 12552] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [20/07/2009 17:08 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [20/07/2009 17:08 108552] R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [21/07/2009 18:21 908056] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [21/07/2009 18:21 297752] R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\Ralink\Common\RalinkRegistryWriter.exe [20/07/2009 5:55 75040] R3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;c:\windows\system32\drivers\3xHybrid.sys [22/11/2006 8:53 1121536] R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [20/07/2009 5:55 627072] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [31/07/2009 17:12 133104] S3 RAPIProtocol;Ralink RAPI Protocol Driver;c:\windows\system32\drivers\RAPIProtocol.sys [20/07/2009 5:55 16512] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}] RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register . Contents of the 'Scheduled Tasks' folder 2009-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 15:12] 2009-08-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-31 15:12] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.be/ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-12 17:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1229272821-688789844-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,f4,21,d4,19,c8,d9,45,9d,39,bb,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,11,f4,21,d4,19,c8,d9,45,9d,39,bb,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(500) c:\windows\system32\SETUPAPI.dll c:\windows\system32\NTMARTA.DLL c:\windows\system32\COMRes.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(556) c:\windows\system32\SETUPAPI.dll - - - - - - - > 'explorer.exe'(1004) c:\windows\system32\SHDOCVW.dll c:\windows\system32\WININET.dll c:\windows\system32\msctfime.ime c:\windows\system32\COMRes.dll c:\windows\System32\cscui.dll c:\windows\system32\msi.dll c:\windows\system32\SETUPAPI.dll c:\windows\system32\ieframe.dll c:\windows\system32\NETSHELL.dll c:\windows\system32\credui.dll c:\windows\system32\MSVCP60.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-08-12 17:59 ComboFix-quarantined-files.txt 2009-08-12 15:59 Pre-Run: 72.485.036.032 bytes free Post-Run: 72.517.570.560 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff 301 --- E O F --- 2009-08-06 17:02