ComboFix 09-04-27.05 - gina 04/28/2009 14:41.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.196 [GMT -5:00]
Running from: c:\documents and settings\gina\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\program files\Common Files\System\Uninstall
----- BITS: Possible infected sites -----
hxxp://dna65.fastaccess.com
.
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-4-28 )))))))))))))))))))))))))))))))
.
2009-04-28 02:12 . 2009-04-28 02:15 -------- d-----w c:\documents and settings\ty zook\Local Settings\Application Data\Adobe
2009-04-15 02:47 . 2009-04-15 02:47 -------- d-----w c:\documents and settings\ty zook\Application Data\MySpace
2009-04-15 01:40 . 2009-03-06 14:44 283648 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 01:40 . 2005-07-26 04:39 60416 -c----w c:\windows\system32\dllcache\colbact.dll
2009-04-15 01:40 . 2009-02-09 10:20 399360 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 01:40 . 2009-02-06 17:14 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 01:40 . 2009-02-09 10:20 473088 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 01:40 . 2009-02-06 16:39 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 01:40 . 2009-02-09 10:20 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 01:40 . 2009-02-09 10:20 616960 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 01:40 . 2009-02-09 10:20 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 01:38 . 2008-04-21 10:02 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-11 19:17 . 2009-04-11 20:38 -------- d-----w c:\program files\EsetOnlineScanner
2009-04-06 13:18 . 2009-04-06 13:18 -------- d-----w c:\documents and settings\ty zook\Local Settings\Application Data\Apple
2009-04-03 20:57 . 2009-04-03 20:57 -------- d-----w c:\program files\Fast Browser SearchP
2009-04-03 20:56 . 2009-04-03 20:56 -------- d-----w c:\program files\Fast Browser Search
2009-04-01 19:07 . 2009-04-01 19:07 -------- d-----w C:\_OTListIt
2009-03-31 22:23 . 2009-04-23 16:49 530083 ----a-w C:\HC4DecommissionScheduler.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 19:35 . 2008-05-28 21:48 -------- d-----w c:\program files\BellSouth
2009-04-16 01:38 . 2009-03-25 20:52 21016 ----a-w c:\documents and settings\ty zook\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-02 20:42 . 2009-01-30 00:07 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-03-26 21:49 . 2009-01-30 00:07 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-26 21:49 . 2009-01-30 00:07 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-03-26 19:14 . 2009-03-23 19:18 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-25 17:27 . 2009-03-25 17:27 -------- d-----w c:\program files\ERUNT
2009-03-23 19:18 . 2009-03-23 19:18 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-23 19:18 . 2009-03-23 19:18 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-23 19:18 . 2009-03-23 19:18 -------- d-----w c:\program files\AVG
2009-03-06 14:44 . 2003-10-15 17:06 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-01-21 21:16 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-12-15 20:35 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2004-04-12 15:02 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2001-08-23 12:00 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2001-08-23 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2001-08-23 12:00 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2001-08-23 12:00 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:24 . 2001-08-23 12:00 2180480 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2001-08-23 12:00 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2001-08-23 12:00 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2001-08-17 13:48 2057728 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-05 00:16 . 2009-02-05 00:16 410984 ----a-w c:\windows\system32\deploytk.dll
2009-02-03 20:08 . 2003-10-15 17:06 55808 ----a-w c:\windows\system32\secur32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-02-10 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-02-10 118784]
"DellTouch"="c:\windows\MMKeybd.exe" [2002-01-16 163840]
"EM_EXEC"="c:\progra~1\Logitech\SYSTEM\EM_EXEC.EXE" [2002-05-24 28672]
"IPHSend"="c:\program files\Common Files\AOL\IPHSend\IPHSend.exe" [2006-02-17 124520]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-05 136600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]
"HelpCenter4.1"="c:\program files\Bellsouth\HelpCenter40b\bin\sprtcmd.exe" [2007-06-29 198184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-23 1932568]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-23 19:18 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156801106\\ee\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1156801106\\ee\\aim6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Guest\\Application Data\\MySpace\\IM\\bin\\MySpaceIM.exe"=
"c:\\Program Files\\att-nap\\McciBrowser.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
R2 Viewpoint Manager Service;Viewpoint Manager Service; [x]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2009-03-23 325640]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2009-03-26 108552]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-03-23 908056]
S2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-23 298264]
S2 Nhksrv;Netropa NHK Server;c:\windows\Nhksrv.exe [2002-01-16 28672]
S3 Msikbd2k;DellTouch;c:\windows\system32\DRIVERS\msikbd2k.sys [2002-01-16 6656]
S3 qic157;qic157;c:\windows\system32\DRIVERS\qic157.sys [2004-08-04 6016]
.
Contents of the 'Scheduled Tasks' folder
2009-04-27 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-Download - c:\program files\Bellsouth\HelpCenter\ssGet.exe 120 http://patttbc.att.m...T_Installer.exe
HKLM-Run-FBSearch - c:\program files\Fast Browser SearchP\FastBrowserSearchProtectionV.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.att.net/
uInternet Settings,ProxyOverride = *.local
IE: &AOL Toolbar Search - c:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
IE: &Search
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-28 14:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
FBSearch = c:\program files\Fast Browser SearchP\FastBrowserSearchProtectionV.exe?e?). For purposes of this EU
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(676)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2009-04-28 14:49
ComboFix-quarantined-files.txt 2009-04-28 19:48
Pre-Run: 65,444,864,000 bytes free
Post-Run: 66,101,014,528 bytes free
155 --- E O F --- 2009-04-15 08:07
Sign In
Create Account
