ComboFix 10-06-07.03 - Dad 06/07/2010 23:14:49.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1521 [GMT -4:00] Running from: c:\documents and settings\Dad\Desktop\George.exe AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\bszip.dll c:\windows\system32\Data . ((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 ))))))))))))))))))))))))))))))) . 2010-06-07 01:03 . 2010-04-19 14:25 2117704 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll 2010-06-06 13:38 . 2010-06-06 13:38 29512 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgmfx86.sys 2010-06-06 13:38 . 2010-06-06 13:38 242896 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-06-06 13:25 . 2010-06-06 13:25 -------- d-----w- C:\$AVG 2010-06-06 13:24 . 2010-06-07 01:04 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2010-06-06 13:20 . 2010-06-06 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-05-25 19:34 . 2010-05-25 19:34 503808 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7448aecf-n\msvcp71.dll 2010-05-25 19:34 . 2010-05-25 19:34 499712 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7448aecf-n\jmc.dll 2010-05-25 19:34 . 2010-05-25 19:34 61440 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-58d5928a-n\decora-sse.dll 2010-05-25 19:34 . 2010-05-25 19:34 348160 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7448aecf-n\msvcr71.dll 2010-05-25 19:34 . 2010-05-25 19:34 12800 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-58d5928a-n\decora-d3d.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-06 13:38 . 2008-05-27 22:33 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-06-06 13:38 . 2007-05-27 00:09 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2010-06-06 13:25 . 2008-05-27 22:33 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-06-06 13:24 . 2008-05-27 22:33 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2010-06-06 13:20 . 2008-05-27 22:33 -------- d-----w- c:\program files\AVG 2010-06-06 13:08 . 2005-09-18 11:16 -------- d-----w- c:\program files\Java 2010-06-06 13:08 . 2005-09-18 11:16 -------- d-----w- c:\program files\Common Files\Java 2010-05-23 02:43 . 2010-04-28 23:16 -------- d-----w- c:\program files\Avidemux 2.5 2010-04-28 02:18 . 2009-09-17 01:58 -------- d-----w- c:\documents and settings\Dad\Application Data\VideoReDoPlus 2010-04-28 02:16 . 2008-05-10 15:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-04-28 02:04 . 2008-02-05 02:16 -------- d-----w- c:\documents and settings\Dad\Application Data\gtk-2.0 2010-04-25 02:42 . 2010-04-25 02:42 61440 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-62dc1e9a-n\decora-sse.dll 2010-04-25 02:42 . 2010-04-25 02:42 503808 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60bb72fc-n\msvcp71.dll 2010-04-25 02:42 . 2010-04-25 02:42 499712 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60bb72fc-n\jmc.dll 2010-04-25 02:42 . 2010-04-25 02:42 348160 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-60bb72fc-n\msvcr71.dll 2010-04-25 02:42 . 2010-04-25 02:42 12800 ----a-w- c:\documents and settings\Dad\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-62dc1e9a-n\decora-d3d.dll 2010-04-25 02:41 . 2010-04-25 02:41 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-04-18 23:12 . 2010-04-18 23:12 -------- d-----w- c:\documents and settings\Dad\Application Data\Media Player Classic 2010-04-18 23:12 . 2010-04-18 23:08 -------- d-----w- c:\program files\K-Lite Codec Pack 2010-04-10 20:03 . 2010-04-10 20:03 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-03-30 04:46 . 2008-09-01 20:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-03-30 04:45 . 2008-09-01 20:40 20824 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-03-17 22:14 . 2010-03-17 22:14 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe 2010-03-17 22:14 . 2010-03-17 22:14 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 57676 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 84035 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe 2010-03-17 22:13 . 2010-03-17 22:13 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe 2010-03-17 22:12 . 2010-03-17 22:12 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe 2010-03-17 22:12 . 2010-03-17 22:12 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe 2010-03-17 22:12 . 2010-03-17 22:12 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe 2010-03-17 22:12 . 2010-03-17 22:12 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe 2010-03-17 22:12 . 2010-03-17 22:12 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe 2010-03-17 22:11 . 2010-03-17 22:14 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll 2010-03-17 22:10 . 2010-03-17 22:14 986904 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe 2010-03-14 18:00 . 2010-04-18 23:08 85504 ----a-w- c:\windows\system32\ff_vfw.dll 2010-03-11 12:38 . 2004-08-10 17:51 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38 . 2004-08-10 17:51 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38 . 2004-08-10 17:50 17408 ----a-w- c:\windows\system32\corpol.dll 2006-01-26 03:46 . 2006-01-14 18:17 0 ---ha-w- c:\program files\Common Files\MSN . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2010-04-19 14:25 2117704 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2010-04-19 2117704] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480] "TivoTransfer"="c:\program files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" [2005-08-04 1123328] "TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2005-08-04 1860608] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184] "CTSysVol"="c:\program files\Creative\Sound Blaster Live! 24-bit\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "P17Helper"="P17.dll" [2004-06-10 60928] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-09-18 26112] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2007-08-30 205480] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-09-11 86960] "MimBoot"="c:\progra~1\MUSICM~1\MUSICM~3\mimboot.exe" [2006-01-19 11776] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2006-04-06 49152] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-08-22 171448] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048] HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248] InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2006-1-12 167936] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-06 13:24 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlackBerryAutoUpdate] 2008-11-04 17:09 615696 ----a-w- c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray] 2008-09-19 15:37 236016 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\TiVo\\Desktop\\TiVoServer.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\1182181180\\ee\\aolsoftware.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\ATT-HSI\\McciBrowser.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [5/27/2008 6:33 PM 216200] R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [5/27/2008 6:33 PM 242896] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [6/6/2010 9:22 AM 308064] R2 TivoBeacon2;TiVo Beacon;c:\program files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe [8/4/2005 6:11 AM 848896] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/7/2007 2:09 PM 24652] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [6/6/2010 9:24 AM 430152] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: musicmatch.com\online Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll . - - - - ORPHANS REMOVED - - - - HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard AddRemove-HijackThis - c:\documents and settings\Dad\Local Settings\Temp\HijackThis.exe AddRemove-Kaspersky On-line Scanner - c:\windows\system32\KASPER~1\KASPER~1\kavuninstall.exe AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-06-07 23:32 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-06-07 23:36:43 ComboFix-quarantined-files.txt 2010-06-08 03:36 Pre-Run: 28,500,471,808 bytes free Post-Run: 28,831,072,256 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn - - End Of File - - 71432ACA60059357D14C2239D3B92BA6