ComboFix 12-07-16.01 - the man 2012-07-17 15:05:39.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.973 [GMT -7:00] Running from: c:\documents and settings\the man\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: Internet Security Firewall *Disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi c:\documents and settings\All Users\VCREDI~3.EXE c:\documents and settings\Owner\Application Data\Toolbar4 c:\documents and settings\Owner\dat1.000 c:\documents and settings\Owner\dat2.000 c:\documents and settings\Owner\dat3.000 c:\documents and settings\the man\Application Data\MSA c:\documents and settings\the man\Application Data\PriceGong c:\documents and settings\the man\Application Data\PriceGong\Data\1.txt c:\documents and settings\the man\Application Data\PriceGong\Data\a.txt c:\documents and settings\the man\Application Data\PriceGong\Data\b.txt c:\documents and settings\the man\Application Data\PriceGong\Data\c.txt c:\documents and settings\the man\Application Data\PriceGong\Data\d.txt c:\documents and settings\the man\Application Data\PriceGong\Data\e.txt c:\documents and settings\the man\Application Data\PriceGong\Data\f.txt c:\documents and settings\the man\Application Data\PriceGong\Data\g.txt c:\documents and settings\the man\Application Data\PriceGong\Data\h.txt c:\documents and settings\the man\Application Data\PriceGong\Data\i.txt c:\documents and settings\the man\Application Data\PriceGong\Data\j.txt c:\documents and settings\the man\Application Data\PriceGong\Data\k.txt c:\documents and settings\the man\Application Data\PriceGong\Data\l.txt c:\documents and settings\the man\Application Data\PriceGong\Data\m.txt c:\documents and settings\the man\Application Data\PriceGong\Data\n.txt c:\documents and settings\the man\Application Data\PriceGong\Data\o.txt c:\documents and settings\the man\Application Data\PriceGong\Data\p.txt c:\documents and settings\the man\Application Data\PriceGong\Data\q.txt c:\documents and settings\the man\Application Data\PriceGong\Data\r.txt c:\documents and settings\the man\Application Data\PriceGong\Data\s.txt c:\documents and settings\the man\Application Data\PriceGong\Data\t.txt c:\documents and settings\the man\Application Data\PriceGong\Data\u.txt c:\documents and settings\the man\Application Data\PriceGong\Data\v.txt c:\documents and settings\the man\Application Data\PriceGong\Data\w.txt c:\documents and settings\the man\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\the man\Application Data\PriceGong\Data\x.txt c:\documents and settings\the man\Application Data\PriceGong\Data\y.txt c:\documents and settings\the man\Application Data\PriceGong\Data\z.txt c:\documents and settings\the man\WINDOWS c:\program files\avg_avwt_stf_en_8_227a1407.exe c:\program files\avg_iswt_stf_en_8_227a1407.exe c:\program files\DTLite4356-0091.exe c:\program files\pebuilder3110a.exe c:\windows\system32\Cache c:\windows\system32\Cache\272512937d9e61a4.fb c:\windows\system32\Cache\287204568329e189.fb c:\windows\system32\Cache\28bc8f716fd76a47.fb c:\windows\system32\Cache\2c53092c95605355.fb c:\windows\system32\Cache\31a0997e9a5b5eb3.fb c:\windows\system32\Cache\32c84fe32bb74d60.fb c:\windows\system32\Cache\3917078cb68ec657.fb c:\windows\system32\Cache\590ba23ce359fd0c.fb c:\windows\system32\Cache\610289e025a3ee9a.fb c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb c:\windows\system32\Cache\680d5248119ab341.fb c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb c:\windows\system32\Cache\6d03dad1035885d3.fb c:\windows\system32\Cache\a8556537add6dfc5.fb c:\windows\system32\Cache\ad10a52aff5e038d.fb c:\windows\system32\Cache\c1fa887b03019701.fb c:\windows\system32\Cache\c4d28dca2e7648be.fb c:\windows\system32\Cache\d201ef9910cd39de.fb c:\windows\system32\Cache\d2e94710a5708128.fb c:\windows\system32\Cache\d79b9dfe81484ec4.fb c:\windows\system32\Cache\f998975c9cc711ee.fb c:\windows\system32\CF26990.exe c:\windows\system32\CF30979.exe c:\windows\system32\drivers\etc\hosts.ics . . ((((((((((((((((((((((((( Files Created from 2012-06-17 to 2012-07-17 ))))))))))))))))))))))))))))))) . . 2012-07-17 12:14 . 2012-05-09 18:52 26696 ----a-w- c:\windows\system32\drivers\pavboot.sys 2012-07-17 12:09 . 2012-07-17 12:09 -------- d-----w- c:\program files\Panda Security 2012-07-17 12:08 . 2012-07-17 12:08 19014992 ----a-w- c:\documents and settings\PandaCloudCleaner.exe 2012-07-17 11:56 . 2012-07-17 11:56 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-17 11:55 . 2012-07-17 11:55 2136664 ----a-w- c:\documents and settings\tdsskiller.exe 2012-07-17 07:03 . 2012-07-17 07:03 0 ----a-w- c:\documents and settings\khijjc68.reg 2012-07-17 06:39 . 2012-07-17 06:40 302592 ----a-w- c:\documents and settings\khijjc68.exe 2012-07-17 05:51 . 2012-07-17 06:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2012-07-16 13:29 . 2012-07-16 13:31 -------- d-----w- C:\RESCUE USB 2012-07-16 08:47 . 2012-07-16 09:06 -------- d-----w- c:\documents and settings\the man\Application Data\ImgBurn 2012-07-16 07:12 . 2012-07-16 07:12 -------- d-----w- c:\documents and settings\the man\Local Settings\Application Data\Wisdom-soft 2012-07-16 07:11 . 2012-07-16 07:12 -------- d-----w- c:\program files\Wisdom-soft ScreenHunter 6.0 Free 2012-07-16 06:47 . 2012-07-16 06:47 -------- d-----w- c:\documents and settings\the man\Application Data\Curiolab 2012-07-16 06:43 . 2012-07-17 02:46 -------- d-----w- c:\program files\Exterminate It! 2012-07-16 06:38 . 2012-07-16 06:42 133094568 ----a-w- c:\documents and settings\ExterminateItSetup.exe 2012-07-16 06:20 . 2012-07-16 06:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-07-16 05:26 . 2012-07-16 05:26 80456 ----a-w- c:\documents and settings\mbam-clean.exe 2012-07-16 02:57 . 2012-07-16 02:57 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2012-07-15 20:07 . 2012-07-15 20:07 -------- d-----w- c:\documents and settings\the man\Local Settings\Application Data\AVG Secure Search 2012-07-15 00:15 . 2012-07-15 00:17 -------- d-----w- C:\pebuilder3110a 2012-07-15 00:13 . 2012-07-16 09:15 -------- d-----w- C:\RESCUE 2012-07-15 00:10 . 2012-07-15 00:11 -------- d-----w- c:\program files\XPE 2012-07-14 23:34 . 2012-07-14 23:56 -------- d-----w- C:\XPSETUP 2012-07-14 23:20 . 2012-07-14 23:20 -------- d-----w- c:\program files\Runtime Software 2012-07-14 23:19 . 2012-07-14 23:19 2013115 ----a-w- c:\program files\dixmlsetup.exe 2012-07-14 23:01 . 2012-07-15 01:59 -------- d-----w- c:\documents and settings\Owner\Application Data\ImgBurn 2012-07-14 22:53 . 2012-07-14 22:54 -------- d-----w- c:\program files\ImgBurn 2012-07-14 22:51 . 2012-07-14 22:51 6118990 ----a-w- c:\program files\SetupImgBurn_2.5.7.0.exe 2012-07-14 22:40 . 2012-07-14 22:55 -------- d-----w- C:\Driver Back up July 2012 2012-07-14 22:31 . 2012-07-14 22:31 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\AVG Secure Search 2012-07-14 22:30 . 2012-07-14 22:30 -------- d-----w- c:\documents and settings\Owner\Application Data\AVG Secure Search 2012-07-14 22:30 . 2012-07-15 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Secure Search 2012-07-14 22:30 . 2012-07-14 22:30 -------- d-----w- c:\program files\Common Files\AVG Secure Search 2012-07-14 22:30 . 2012-07-15 22:40 -------- d-----w- c:\program files\AVG Secure Search 2012-07-14 21:10 . 2012-07-14 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2012-07-14 21:10 . 2012-07-14 21:10 -------- d-----w- c:\documents and settings\Owner\Application Data\Babylon 2012-07-14 21:06 . 2012-07-14 21:06 -------- d-----w- C:\driver finder 2012-07-14 21:05 . 2012-07-14 21:05 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Wajam 2012-07-14 21:03 . 2012-07-14 22:25 -------- d-----w- c:\program files\Shopping Sidekick 2012-07-14 20:36 . 2012-07-14 20:37 1006088 ----a-w- c:\program files\KeyFinderInstaller.exe 2012-07-14 20:35 . 2012-07-14 20:35 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Google 2012-07-14 18:25 . 2012-07-14 18:25 -------- d-----w- c:\documents and settings\Owner\Application Data\PCToolsFirewallPlus 2012-07-14 18:25 . 2012-07-14 18:25 -------- d-----w- c:\documents and settings\Owner\Application Data\Spam Monitor 2012-07-14 18:21 . 2012-07-14 18:21 302592 ----a-w- c:\documents and settings\gydrw3wk.exe 2012-07-14 18:21 . 2012-07-14 18:21 89088 ----a-w- c:\documents and settings\mbr.exe 2012-07-14 10:37 . 2012-07-14 10:39 24767968 ----a-w- c:\documents and settings\ptinstall.exe 2012-07-14 07:07 . 2012-07-14 07:08 -------- d-----w- c:\documents and settings\the man\Application Data\Dropbox 2012-07-14 06:36 . 2012-07-14 06:36 4183000 ----a-w- c:\documents and settings\avinstall.exe 2012-07-14 06:30 . 2012-07-14 06:31 27354608 ----a-w- c:\documents and settings\gtk2123setup.exe 2012-07-14 06:29 . 2012-07-17 11:31 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2012-07-14 06:27 . 2012-07-14 06:28 29505952 ----a-w- c:\documents and settings\gtk2122-setup.exe 2012-07-13 06:45 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2012-07-13 06:45 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys 2012-07-13 06:45 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2012-07-13 06:45 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2012-07-13 06:45 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2012-07-13 06:45 . 2012-07-13 06:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2012-07-13 06:45 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2012-07-13 06:45 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys 2012-07-13 06:45 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2012-07-13 06:43 . 2012-07-13 07:03 -------- d-----w- c:\program files\CCleaner 2012-07-13 06:43 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr 2012-07-13 06:43 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe 2012-07-13 06:42 . 2012-07-13 06:42 -------- d-----w- c:\program files\AVAST Software 2012-07-13 06:42 . 2012-07-13 06:42 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software 2012-07-13 06:40 . 2012-07-13 06:40 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2012-07-13 06:39 . 2012-07-13 06:40 10652120 ----a-w- c:\documents and settings\mbam-setup-1.62.0.1300.exe 2012-07-13 06:38 . 2012-07-13 06:38 3889704 ----a-w- c:\documents and settings\ccsetup320.exe 2012-07-13 06:38 . 2012-07-13 06:41 89340632 ----a-w- c:\documents and settings\avast_free_antivirus_setup.exe 2012-07-13 06:24 . 2012-07-13 06:24 2002944 ----a-w- c:\documents and settings\HousecallLauncher(1).exe 2012-07-13 06:23 . 2012-07-13 06:23 2002944 ----a-w- c:\documents and settings\HousecallLauncher.exe 2012-07-13 06:19 . 2012-07-13 06:20 -------- d-----w- c:\documents and settings\the man\Application Data\QuickScan 2012-07-13 04:21 . 2012-07-13 04:21 -------- d-----w- c:\documents and settings\the man\Application Data\TestApp 2012-07-13 04:21 . 2012-07-13 04:21 4183000 ----a-w- c:\documents and settings\sdsetup.exe 2012-07-13 04:14 . 2003-01-10 21:13 33588 ----a-r- c:\windows\system32\drivers\wanatw4.sys 2012-07-12 21:15 . 2012-07-12 21:15 476976 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-07-12 21:13 . 2012-07-12 21:13 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2012-07-12 00:15 . 2012-07-12 01:15 9822920 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe 2012-07-09 22:22 . 2012-07-09 22:22 -------- d-----w- C:\M. cunningham v G. cunningham 2012-06-26 22:21 . 2012-06-26 22:24 22259528 ----a-w- c:\documents and settings\vlc-2.0.1-win32.exe 2012-06-20 02:55 . 2012-07-12 01:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-13 05:37 . 2011-03-28 21:46 58696 ----a-w- c:\windows\system32\AOLParconLink.exe 2012-07-12 21:15 . 2010-12-18 01:01 472880 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-12 01:15 . 2011-05-20 02:15 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-13 13:19 . 2008-09-05 06:43 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2008-08-30 04:06 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2004-08-04 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2008-09-05 06:43 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 22:19 . 2007-07-31 02:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 22:19 . 2008-04-24 20:29 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 22:19 . 2008-04-24 20:29 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 22:19 . 2008-04-24 20:29 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 22:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 22:19 . 2008-04-24 20:29 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2008-04-24 20:29 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2007-07-31 02:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2007-07-31 02:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 22:19 . 2004-08-04 12:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 22:19 . 2007-07-31 02:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 22:19 . 2008-04-24 20:29 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2008-04-24 20:29 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:18 . 2008-05-09 21:43 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 22:18 . 2008-05-09 21:43 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 22:18 . 2008-05-09 21:43 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2004-08-04 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-15 15:39 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll 2012-05-07 20:44 . 2012-05-07 20:43 3819480 ----a-w- c:\documents and settings\avg_avc_stb_all_2012_2126.exe 2012-05-04 13:16 . 2008-09-05 06:43 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 2008-09-05 06:43 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2008-09-05 06:43 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-23 14:46 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2012-04-23 14:46 . 2004-08-04 12:00 1830912 ----a-w- c:\windows\system32\inetcpl.cpl 2012-04-23 14:46 . 2004-08-04 12:00 17408 ----a-w- c:\windows\system32\corpol.dll 2012-04-20 22:50 . 2012-04-20 22:50 348160 ----a-w- c:\windows\system32\msvcr71.dll 2012-04-20 22:50 . 2012-04-20 22:50 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-08-16 07:05 . 2010-08-16 07:05 418584 ------w- c:\program files\msgr10us.exe 2010-06-08 23:46 . 2010-06-08 23:46 900944 ------w- c:\program files\dontlinkthefile_3danalyzer-v236.exe 2010-06-08 21:57 . 2010-06-08 21:57 1627352 ------w- c:\program files\PowerISO47.exe 2010-06-08 19:21 . 2010-06-08 19:21 1704744 ------w- c:\program files\SkypeSetup.exe 2010-05-28 22:47 . 2010-05-28 22:47 382520 ------w- c:\program files\ASPRemote(3).exe 2010-05-28 22:42 . 2010-05-28 22:42 382520 ------w- c:\program files\ASPRemote(2).exe 2010-05-28 22:37 . 2010-05-28 22:37 382520 ------w- c:\program files\ASPRemote.exe 2010-01-01 00:03 . 2010-03-29 22:48 44032 ------w- c:\program files\MClick2.dll 2009-12-14 00:15 . 2009-12-14 00:15 1207026 ------w- c:\program files\wrar370(2).exe 2009-12-14 00:15 . 2009-12-14 00:15 1207026 ------w- c:\program files\wrar370.exe 2009-09-24 04:24 . 2008-11-21 00:18 1925024 ------w- c:\program files\install_flash_player.exe 2008-05-10 02:43 . 2008-05-10 02:38 59782440 ------w- c:\program files\iTunesSetup.exe 2012-04-09 07:14 . 2012-03-02 01:22 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe [7] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe . c:\windows\System32\ctfmon.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51a86bb3-6602-4c85-92a5-130ee4864f13}] 2011-05-09 08:49 176936 ----a-w- c:\program files\BrotherSoft_Extreme\prxtbBrot.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-15 22:39 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{51a86bb3-6602-4c85-92a5-130ee4864f13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-05-09 176936] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-15 2074208] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{51A86BB3-6602-4C85-92A5-130EE4864F13}"= "c:\program files\BrotherSoft_Extreme\prxtbBrot.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{51a86bb3-6602-4c85-92a5-130ee4864f13}] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-27 2077536] "HostManager"="c:\program files\Common Files\AOL\1264380757\ee\AOLSoftware.exe" [2010-03-08 41800] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-30 421888] "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-15 1107552] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] . c:\documents and settings\the man\Start Menu\Programs\Startup\ Calendar 2000.lnk - c:\program files\Software by Design\Calendar.exe [2010-1-24 286720] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP LaserJet Director.lnk - c:\program files\Hewlett-Packard\LaserJet 33xx\hppdirector.exe [2008-4-28 204800] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "fscqwrqydkkkpptolnohTaskMgr"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2010-06-23 04:09 12536 ------w- c:\windows\system32\avgrsstx.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:1033 /heur:100 /RA:delete /pup /archives /IA:0 /KBD:2 /dir:C:\Program . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" . [HKLM\~\startupfolder\C:^Documents and Settings^the man^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP AutoIndexer] 2002-01-03 22:05 90112 ------w- c:\program files\Hewlett-Packard\LaserJet 33xx\hppautoindexer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP SchedIndexer] 2002-01-03 22:04 94208 ------w- c:\program files\Hewlett-Packard\LaserJet 33xx\hppschedindexer.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-08 00:51 421160 ----a-w- c:\program files\ITUNES\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe] 2005-07-21 07:16 192512 ------w- c:\program files\Lexmark 3300 Series\lxccmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 09:50 155648 ------w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] 2007-12-05 08:41 8523776 ------w- c:\windows\system32\nvcpl.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] 2010-04-12 08:40 180224 ----a-w- c:\program files\PowerISO\PWRISOVM.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ------w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] 2008-07-08 23:41 2828184 ------w- c:\program files\Registry Mechanic\RegMech.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor] 2006-02-06 22:40 1992928 ------w- e:\program files\Spyware Doctor\swdoctor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "NVSvc"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "JavaQuickStarterService"=2 (0x2) "gusvc"=2 (0x2) "CCALib8"=2 (0x2) "AOL ACS"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "IntelAudioStudio"="c:\program files\Intel Audio Studio\IntelAudioStudio.exe" TRAY "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\AOL 9.5\\waol.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"= "c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"= "c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\aol\\1264380757\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\WINDOWS\\system32\\hppapml0.exe"= "c:\\Program Files\\iPod\\bin\\iPodService.exe"= "c:\\Program Files\\ITUNES\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 . R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-17 52872] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-11-19 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-11-19 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-11-19 656320] R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2011-01-02 51984] R0 TFSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2011-01-02 69392] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-07-12 721000] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-07-12 353688] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-02 216400] R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-02 243152] R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2010-11-19 249616] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-07-12 21256] R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-06-22 921952] R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-22 308136] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-15 935008] R3 pctNdisMP;PC Tools Driver;c:\windows\system32\drivers\pctNdis.sys [2010-11-19 56536] S0 Pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2012-07-17 26696] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-07-12 136176] S2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2010-11-19 160448] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-19 250056] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-07-12 136176] S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter.sys [2010-11-19 89192] S3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\drivers\pctNdis.sys [2010-11-19 56536] S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2010-11-19 124992] S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2010-11-19 70536] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2011-01-02 366840] S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2011-01-02 33552] S3 ThreatFire;ThreatFire;c:\program files\PC Tools Security\TFEngine\TFService.exe service --> c:\program files\PC Tools Security\TFEngine\TFService.exe service [?] S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\system32\drivers\gtkdrv.sys [2012-01-04 16128] S3 WajamUpdater;WajamUpdater;"c:\program files\Wajam\Updater\WajamUpdater.exe" --> c:\program files\Wajam\Updater\WajamUpdater.exe [?] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 35622031 *Deregistered* - 35622031 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder . 2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-20 01:15] . 2012-07-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50] . 2012-07-13 c:\windows\Tasks\avast! Emergency Update.job - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-13 16:21] . 2012-07-13 c:\windows\Tasks\FileCure Default.job - c:\program files\ParetoLogic\FileCure\FileCure.exe [2010-03-28 19:47] . 2012-07-13 c:\windows\Tasks\FileCure Startup.job - c:\program files\ParetoLogic\FileCure\FileCure.exe [2010-03-28 19:47] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-13 06:40] . 2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-07-13 06:40] . 2012-07-13 c:\windows\Tasks\ParetoLogic Registration3.job - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19] . 2012-07-13 c:\windows\Tasks\ParetoLogic Update Version3.job - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19] . . ------- Supplementary Scan ------- . uStart Page = hxxp://isearch.avg.com/?cid={F90F4C49-4842-4E14-BE64-A73F636FCF22}&mid=&lang=en&ds=ga011&pr=sa&d=2012-07-14 15:30&v=11.1.0.7&sap=hp mStart Page = hxxp://www.att.net uInternet Settings,ProxyOverride = *.local LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 192.168.1.254 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\documents and settings\the man\Application Data\Mozilla\Firefox\Profiles\jh2j15lj.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?&q= FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://isearch.avg.com/?cid={F90F4C49-4842-4E14-BE64-A73F636FCF22}&mid=&lang=en&ds=ga011&pr=sa&d=2012-07-14 15:30&v=11.1.0.12&sap=hp FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=2&q= FF - user.js: protocol-handler.warn-external.dnUpdate - false . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-35622031.sys . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-07-17 15:27 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MCSTRM] "ImagePath"="\??\c:\windows\system32" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1417001333-57989841-839522115-1005\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . Completion time: 2012-07-17 15:38:10 ComboFix-quarantined-files.txt 2012-07-17 22:38 ComboFix2.txt 2010-11-19 09:23 ComboFix3.txt 2009-04-01 05:38 . Pre-Run: 27,278,192,640 bytes free Post-Run: 28,720,103,424 bytes free . - - End Of File - - 06D289570134AF33212E4C7A4BF4D2DB