ComboFix 12-06-28.03 - Administrator 06/29/2012 11:05:35.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2935.1880 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\chrome.manifest c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\chrome\content\background.html c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\chrome\content\browser.xul c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\chrome\content\crossrider.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\chrome\content\crossriderapi.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\chrome\content\dialog.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\chrome\content\options.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\chrome\content\options.xul c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\chrome\content\search_dialog.xul c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\chrome\content\update.html c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\defaults\preferences\prefs.js c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\install.rdf c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\locale\en-US\translations.dtd c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\button1.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\button2.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\button3.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\button4.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\button5.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\crossrider_statusbar.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\icon128.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\icon16.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\icon24.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\icon48.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\panelarrow-up.png c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\popup.css c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\popup.html c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\popup_binding.xml c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\skin.css c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\iq2ecatg.default\extensions\crossriderapp4639@crossrider.com\skin\update.css c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfapx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgmfarx.dll c:\documents and settings\All Users\Application Data\TEMP\AVG\avgntdumpx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avgrunasx.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\compat.ini c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat c:\documents and settings\All Users\Application Data\TEMP\AVG\htmlayout.dll c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_es.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaconf.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfacz.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfada.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaes.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfafr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfage.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfahu.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaid.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfain.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfait.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfajp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfako.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfams.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfanl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapb.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapl.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfapt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaru.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasc.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfask.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfasp.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfatr.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaus.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfavera.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfaverx.txt c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazh.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\mfazt.lns c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi c:\program files\Mozilla Firefox\searchplugins\search.xml c:\windows\system32\autorun.ini . . ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 ))))))))))))))))))))))))))))))) . . 2012-06-28 20:02 . 2008-05-03 07:00 221184 ----a-w- c:\windows\system32\wmpns.dll 2012-06-28 20:00 . 2012-06-28 20:00 -------- d-----w- c:\documents and settings\Swat 2012-06-28 19:31 . 2012-06-29 01:37 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE 2012-06-28 13:28 . 2012-06-28 13:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-06-28 13:28 . 2012-06-28 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-06-28 13:23 . 2012-06-28 13:23 -------- d-----w- c:\program files\CCleaner 2012-06-26 01:13 . 2012-06-26 01:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan 2012-06-25 13:59 . 2012-06-25 13:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro 2012-06-25 13:49 . 2012-06-25 13:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SavingsApp 2012-06-25 13:49 . 2012-06-25 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WeCareReminder 2012-06-19 21:35 . 2012-06-19 21:35 4967624 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll 2012-06-13 19:42 . 2012-06-13 19:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Scooter Software 2012-06-13 19:42 . 2012-06-13 19:42 -------- d-----w- c:\program files\Beyond Compare 3 2012-06-06 19:55 . 2012-06-06 19:55 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-06 19:55 . 2012-06-06 19:55 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-05 02:25 . 2012-06-05 02:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia Suite 2012-06-03 19:07 . 2012-06-03 19:07 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Google 2012-05-30 20:06 . 2012-05-30 20:06 -------- d-----w- c:\program files\Common Files\Nokia 2012-05-30 20:05 . 2012-05-30 20:05 -------- d-----w- c:\program files\PC Connectivity Solution 2012-05-30 20:05 . 2012-01-09 21:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerfltj.sys 2012-05-30 20:05 . 2012-01-09 21:28 8192 ----a-w- c:\windows\system32\drivers\usbser_lowerflt.sys 2012-05-30 20:05 . 2012-01-09 21:28 23168 ----a-w- c:\windows\system32\drivers\ccdcmbo.sys 2012-05-30 20:05 . 2012-01-09 21:28 18176 ----a-w- c:\windows\system32\drivers\ccdcmb.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 22:03 . 2012-05-04 19:39 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 22:03 . 2011-12-08 15:44 70344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-22 17:51 . 2012-04-29 11:47 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2012-04-18 19:56 . 2012-04-18 19:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-18 19:56 . 2012-04-18 19:56 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-06-18 01:34 . 2011-11-20 14:28 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2008-05-03 . 37D8387CBD4437C55F454209BE10EF11 . 361344 . . [5.1.2600.5508] . . c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}] 2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay] @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 2012-06-13 20:30 556056 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2012-04-13 137536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 94208] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-22 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-22 170008] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-22 145432] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-05-03 110592] "THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2010-04-27 389120] "TPSMain"="TPSMain.exe" [2009-12-09 289344] "TPSODDCtl"="TPSODDCtl.exe" [2009-12-09 129600] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-18 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-08-13 123904] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - [N/A] WordWeb.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "MemCheckBoxInRunDlg"= 1 (0x1) "StartMenuFavorites"= 0 (0x0) "Start_ShowMyComputer"= 1 (0x1) "Start_ShowMyDocs"= 1 (0x1) "Start_ShowMyMusic"= 0 (0x0) "Start_ShowRun"= 1 (0x1) "Start_ShowSearch"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoResolveTrack"= 1 (0x1) "NoSMConfigurePrograms"= 1 (0x1) "MemCheckBoxInRunDlg"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Garmin Lifetime Updater] 2012-01-06 15:30 1446760 ----a-w- c:\program files\Garmin\Lifetime Updater\GarminLifetime.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 -c--a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 04:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2010-11-04 21:04 6174008 -c--a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinUpdate] 2008-05-03 07:00 155648 -c--a-w- c:\windows\system32\wscript.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"= "c:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"= "f:\\ATG\\ATG10.0.2\\DAS\\solid\\i486-unknown-win32\\solfe.exe"= "c:\\Program Files\\Java\\jdk1.6.0_31\\bin\\java.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [7/10/2011 8:14 PM 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [7/10/2011 8:13 PM 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7/10/2011 8:13 PM 230608] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [7/10/2011 8:14 PM 295248] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [8/2/2011 1:09 AM 192776] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2011 6:19 PM 136176] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [7/10/2011 8:14 PM 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [7/10/2011 8:14 PM 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [7/10/2011 8:14 PM 16720] R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [1/9/2011 10:20 AM 5888] R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2/8/2012 12:26 PM 73216] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [7/8/2010 6:28 PM 132480] S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\AVGIDSAgent.exe [10/12/2011 2:25 AM 4433248] S2 HWDeviceService.exe;HWDeviceService.exe;c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service --> c:\documents and settings\All Users\Application Data\DatacardService\HWDeviceService.exe -/service [?] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [6/19/2012 5:32 PM 3048136] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/4/2012 3:39 PM 250056] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 6:58 AM 11336] S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2/8/2012 12:26 PM 102784] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys --> c:\windows\system32\DRIVERS\ewusbnet.sys [?] S3 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [7/17/2010 5:51 AM 54008] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/14/2011 6:19 PM 136176] S3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [3/4/2010 12:53 PM 60456] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/6/2012 3:19 AM 113120] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [7/7/2010 5:31 PM 191008] S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys --> c:\windows\system32\DRIVERS\CT_ZTEMT_U_USBSER.sys [?] . Contents of the 'Scheduled Tasks' folder . 2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 22:03] . 2012-05-17 c:\windows\Tasks\AdobeAAMUpdater-1.0-SWATI-COMPUTER-Administrator.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-05-14 05:09] . 2012-06-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-06-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-13 15:15] . 2012-06-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-04-13 15:15] . 2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-14 22:19] . 2012-06-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-14 22:19] . 2012-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 21:05] . 2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1060284298-1972579041-1177238915-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-08-21 21:05] . . ------- Supplementary Scan ------- . uStart Page = https://search.blekko.com/ws/?source=5a76da41&toolbarid=searchcom_001&u=20120522098D477BB15EC9E7528A6485&tbp=homepage uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) MSConfigStartUp-AdobeCS6ServiceManager - c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-29 11:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL] "ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1060284298-1972579041-1177238915-500\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (Administrator) "{9D717F81-9148-4F12-8568-69135F087DB0}"=hex:51,66,7a,6c,4c,1d,3b,1b,91,60,63, 82,7f,c0,75,06,9b,6a,23,53,5e,42,3f,ae . Completion time: 2012-06-29 11:09:31 ComboFix-quarantined-files.txt 2012-06-29 15:09 . Pre-Run: 11,928,829,952 bytes free Post-Run: 12,127,465,472 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - A473152B32BF021A5A17EE71519E6AE8