ComboFix 09-01-15.01 - Owner 2009-01-16 9:29:01.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3326.2550 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Norton 360 *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
FW: BitDefender Firewall *disabled*
FW: Norton 360 *disabled*
* Created a new restore point
.
ADS - WINDOWS: deleted 24 bytes in 1 streams. ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVG
((((((((((((((((((((((((( Files Created from 2008-12-16 to 2009-01-16 )))))))))))))))))))))))))))))))
.
2009-01-16 09:17 . 2009-01-16 09:17 <DIR> d-------- C:\_OTMoveIt
2009-01-15 22:04 . 2009-01-15 22:04 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-15 22:04 . 2009-01-16 09:19 <DIR> d-------- c:\program files\Norton 360
2009-01-15 22:04 . 2009-01-15 22:33 124,464 --a------ c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-15 22:04 . 2009-01-15 22:33 60,808 --a------ c:\windows\system32\S32EVNT1.DLL
2009-01-15 22:04 . 2009-01-15 22:33 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-15 22:04 . 2009-01-15 22:33 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF
2009-01-15 22:03 . 2009-01-15 22:33 <DIR> d-------- c:\program files\Symantec
2009-01-15 21:58 . 2009-01-15 22:34 <DIR> d-------- c:\documents and settings\Owner\Application Data\Symantec
2009-01-15 13:09 . 2009-01-15 13:09 0 --a------ c:\windows\system32\commonpub.log.lock
2009-01-15 13:06 . 2009-01-15 13:06 0 --a------ c:\windows\system32\commonpriv.log.lock
2009-01-14 13:08 . 2009-01-16 09:32 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-01-14 13:08 . 2009-01-14 13:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-01-14 13:08 . 2009-01-15 09:45 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-01-14 13:08 . 2009-01-14 13:27 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-01-14 13:08 . 2009-01-14 13:08 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-01-14 13:08 . 2009-01-14 13:08 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-01-14 13:08 . 2009-01-14 13:27 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-01-14 13:08 . 2009-01-14 13:27 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-01-13 20:01 . 2009-01-13 20:01 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-13 15:35 . 2009-01-13 15:35 <DIR> d-------- C:\Sandbox
2009-01-13 15:11 . 2009-01-13 15:11 127 --a------ c:\windows\system32\MRT.INI
2009-01-13 15:09 . 2009-01-13 22:53 1,917 --a------ c:\windows\imsins.BAK
2009-01-13 14:53 . 2009-01-15 20:43 <DIR> d-------- c:\program files\Sandboxie
2009-01-13 13:42 . 2009-01-13 13:58 121 --a------ c:\windows\bdagent.INI
2009-01-13 13:35 . 2009-01-13 13:35 850 --a------ c:\windows\system32\ProductTweaks.xml
2009-01-13 13:35 . 2009-01-13 13:35 385 --a------ c:\windows\system32\user_gensett.xml
2009-01-13 12:55 . 2009-01-13 12:55 <DIR> d-------- c:\program files\AVG
2009-01-13 12:48 . 2009-01-13 12:48 <DIR> d-------- c:\windows\system32\logs
2009-01-13 12:48 . 2009-01-13 12:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-01-13 12:47 . 2009-01-13 13:59 <DIR> d-------- c:\program files\Common Files\BitDefender
2009-01-13 12:44 . 2009-01-14 12:44 <DIR> d-------- c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com
2009-01-13 12:44 . 2009-01-13 12:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-13 11:11 . 2009-01-15 21:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-01-13 11:04 . 2005-08-25 19:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL
2009-01-13 11:03 . 2009-01-13 18:09 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-13 11:03 . 2009-01-13 11:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-12 20:00 . 2009-01-13 11:20 <DIR> d-------- c:\program files\Spyware Doctor
2009-01-02 22:13 . 2009-01-02 22:13 <DIR> d-------- c:\program files\Google
2008-12-30 14:05 . 2008-12-30 14:05 <DIR> d-------- c:\program files\LG Electronics
2008-12-30 14:05 . 2007-04-09 09:55 22,912 --a------ c:\windows\system32\drivers\lgusbmodem.sys
2008-12-30 14:05 . 2007-04-09 09:56 21,248 --a------ c:\windows\system32\drivers\lgusbdiag.sys
2008-12-30 14:05 . 2007-04-09 09:53 12,672 --a------ c:\windows\system32\drivers\lgusbbus.sys
2008-12-27 13:41 . 2008-12-27 13:41 <DIR> d-------- c:\program files\Bonjour
2008-12-27 13:40 . 2008-12-27 13:41 <DIR> d-------- c:\program files\iTunes
2008-12-27 13:40 . 2008-12-27 13:40 <DIR> d-------- c:\program files\iPod
2008-12-27 13:39 . 2008-12-27 13:40 <DIR> d-------- c:\program files\QuickTime
2008-12-26 20:01 . 2008-12-26 20:01 <DIR> d-------- c:\program files\BitPim
2008-12-26 19:30 . 2009-01-12 15:46 <DIR> d-------- c:\program files\QPST
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-16 14:33 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-16 14:32 --------- d-----w c:\program files\lg_fwupdate
2009-01-16 14:32 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-16 04:03 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-01-16 02:01 --------- d-----w c:\documents and settings\Owner\Application Data\Azureus
2009-01-14 02:23 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2009-01-14 02:21 --------- d-----w c:\documents and settings\Owner\Application Data\skypePM
2009-01-13 21:28 --------- d-----w c:\program files\Opera
2009-01-13 19:31 --------- d-----w c:\program files\GameSpy Arcade
2009-01-12 20:21 --------- d-----w c:\program files\Steam
2009-01-12 19:15 --------- d-----w c:\program files\Azureus
2009-01-11 03:31 --------- d-----w c:\program files\Full Tilt Poker
2008-12-30 19:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-27 18:40 --------- d-----w c:\program files\Common Files\Apple
2008-12-16 06:56 --------- d-----w c:\program files\AllToAVI
2008-12-15 04:25 --------- d-----w c:\program files\EA GAMES
2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 00:44 728,858 ----a-w c:\program files\Common Files\unins000.exe
2008-12-04 00:44 4,552 ----a-w c:\program files\Common Files\unins000.dat
2008-12-03 21:21 --------- d-----w c:\program files\Rockstar Games
2008-12-03 20:53 --------- d-----w c:\program files\World Heroes
2008-12-03 19:07 --------- d-----w c:\program files\Microsoft Games for Windows - LIVE
2008-11-29 01:33 --------- d-----w c:\program files\Speed
2008-11-25 19:55 --------- d-----w c:\documents and settings\Owner\Application Data\Red Alert 3
2008-11-25 19:26 --------- d-----w c:\documents and settings\Owner\Application Data\Command & Conquer 3 Kane's Wrath
2008-11-25 18:08 --------- d-----w c:\program files\Electronic Arts
2008-11-25 16:18 --------- d-----w c:\program files\Ricochet Lost Worlds Recharged
2008-11-25 14:22 --------- d-----w c:\program files\Java
2008-11-24 00:40 --------- d-----w c:\program files\Ricochet Xtreme
2008-11-21 05:07 --------- d-----w c:\program files\Atari
2008-11-21 05:05 --------- d-----w c:\documents and settings\Owner\Application Data\Atari
2008-11-21 05:01 --------- d-----w c:\program files\THQ
2008-11-20 17:52 --------- d-----w c:\program files\Paragon Software
2008-11-20 05:41 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-20 05:35 --------- d-----w c:\program files\ATI Technologies
2008-11-06 00:15 39,424 ----a-w c:\windows\zipinst.exe
2008-10-31 05:58 22,328 -c--a-w c:\documents and settings\Owner\Application Data\PnkBstrK.sys
2008-04-20 02:22 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2008-03-09 12:25 236 ---ha-w c:\program files\Common Files\dx.reg
2008-06-30 18:44 324,976 ----a-w c:\program files\mozilla firefox\components\coFFPlgn.dll
2008-04-19 15:37 8 --sh--r c:\windows\system32\2ACA699CF5.sys
2008-04-22 21:59 5,018 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-08-28 01:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082720080828\index.dat
.
((((((((((((((((((((((((((((( snapshot@2009-01-14_12.56.23.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-05 01:16:46 1,887,080 ----a-w c:\windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
+ 2008-02-21 22:02:38 873,848 ----a-r c:\windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.1\LUALL.EXE
+ 2008-02-21 22:02:44 3,220,856 ----a-r c:\windows\Installer\$PatchCache$\Managed\FF26F08EC3D591A4489079122F292860\3.4.1\LuComServer.EXE
+ 2009-01-16 03:04:00 7,406 ----a-r c:\windows\Installer\{E80F62FF-5D3C-4A19-8409-9721F2928206}\IconE80F62FF.exe
+ 2009-01-14 18:27:12 27,656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2007-08-09 00:39:56 36,056 ----a-w c:\windows\system32\drivers\CO_Mon.sys
+ 2008-07-30 22:42:12 23,888 ----a-w c:\windows\system32\drivers\COH_Mon.sys
+ 2008-02-01 01:51:16 279,088 ----a-w c:\windows\system32\drivers\srtsp.sys
+ 2008-02-01 01:51:16 317,616 ----a-w c:\windows\system32\drivers\srtspl.sys
+ 2008-02-01 01:51:16 43,696 ----a-w c:\windows\system32\drivers\srtspx.sys
+ 2008-06-13 19:13:38 13,616 ----a-w c:\windows\system32\drivers\symdns.sys
+ 2008-06-13 19:13:38 96,432 ----a-w c:\windows\system32\drivers\symfw.sys
+ 2008-06-13 19:13:38 38,576 ----a-w c:\windows\system32\drivers\symids.sys
+ 2008-06-13 19:14:02 31,280 ----a-w c:\windows\system32\drivers\SymIM.sys
+ 2008-06-13 19:13:38 37,424 ----a-w c:\windows\system32\drivers\symndis.sys
+ 2008-06-13 19:13:40 41,008 ----a-w c:\windows\system32\drivers\symndisv.sys
+ 2008-06-13 19:13:38 22,320 ----a-w c:\windows\system32\drivers\symredrv.sys
+ 2008-06-13 19:13:40 184,240 ----a-w c:\windows\system32\drivers\symtdi.sys
- 2009-01-13 20:15:29 96,664 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-16 14:32:16 96,664 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-17 17:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-01-29 17:02:30 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-10-05 03:16:26 235,936 ----a-r c:\windows\system32\Macromed\Flash\FlashUtil10a.exe
+ 2009-01-16 03:25:59 89,102 ----a-w c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2008-06-13 19:45:48 579,464 ----a-w c:\windows\system32\SymNeti.dll
+ 2008-06-13 19:45:44 207,240 ----a-w c:\windows\system32\SymRedir.dll
+ 2009-01-16 14:32:42 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_50c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-10-31 12:24 576352 --a------ c:\program files\Common Files\Symantec Shared\Backup\buShell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-25 136600]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-19 925696]
"SecurDisc"="c:\program files\Nero\Nero 7\InCD\NBHGui.exe" [2007-05-15 1628208]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2008-11-14 548864]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2007-05-15 1057328]
"DT LGE"="c:\program files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-10-11 81920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-14 1601304]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"osCheck"="c:\program files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-17 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-11-01 805392]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-14 13:27 10520 c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=karna.dat,bbczhd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Program Files\\Steam\\SteamApps\\common\\trackmania nations forever\\TmForever.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3\\RetailExe\\1.9\\cnc3game.dat"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\synergy\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\diprip warm up\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\zombie panic! source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\age of chivalry\\hl2.exe"=
"c:\\Program Files\\Bethesda Softworks\\Fallout 3\\Fallout3.exe"=
"c:\\Program Files\\Outlook Express\\msimn.exe"=
"c:\\Program Files\\Steam\\SteamApps\\galvatron10000\\insurgency\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.0\\cnc3ep1.dat"=
"c:\\Program Files\\Electronic Arts\\Command & Conquer 3 Kane's Wrath\\RetailExe\\1.1\\cnc3ep1.dat"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.4.game"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.5.game"=
"c:\\Program Files\\Electronic Arts\\Red Alert 3\\Data\\ra3_1.6.game"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\BitPim\\bitpimw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-01-14 12552]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-11-20 39472]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-14 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-14 107272]
R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2007-07-20 84992]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-01-14 29208]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-01-15 99376]
R4 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-02-18 149352]
S1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS --> c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-01-14 29208]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-01-12 23888]
S3 hid8101;hid8101;c:\windows\system32\drivers\system32.sys [2008-05-22 64880]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS --> c:\program files\SUPERAntiSpyware\SASENUM.SYS [?]
S4 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-14 903960]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-14 298264]
S4 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-01-14 1339600]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
*Deregistered* - InCDrec
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb49b3a5-0f1a-11dd-afad-001d609a96fe}]
\Shell\AutoRun\command - I:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
2009-01-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\coFFPlgn.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-01-16 09:32:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1645522239-448539723-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1645522239-448539723-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:67,35,da,d4,c4,47,5c,a4,fb,44,c7,25,81,34,cd,a3,68,13,43,ae,38,2e,66,
7c,83,6d,cc,a3,15,01,b4,51,11,2b,86,82,33,64,84,ba,a4,cd,16,b2,90,73,4b,97,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49
[HKEY_USERS\S-1-5-21-1645522239-448539723-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:50,d7,e4,23,5c,02,74,ae,c2,7b,52,a3,d0,1b,b1,5a,eb,ff,d8,26,90,
6c,da,a4,71,55,3e,18,80,6c,8a,c8,84,be,64,fa,4c,4e,a9,5e,f4,12,13,e6,af,66,\
"rkeysecu"=hex:d4,da,94,b7,4d,bc,4e,a7,5f,1b,aa,66,e8,77,fa,90
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1356)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\PSIService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Portrait Displays\forteManager\dthtml.exe
c:\program files\Common Files\Portrait Displays\Shared\HookManager.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDCountdown.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
.
**************************************************************************
.
Completion time: 2009-01-16 9:35:37 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2009-01-16 14:35:34
ComboFix2.txt 2009-01-14 17:56:59
Pre-Run: 139,189,944,320 bytes free
Post-Run: 139,178,774,528 bytes free
Current=3 Default=3 Failed=1 LastKnownGood=4 Sets=1,2,3,4
373 --- E O F --- 2009-01-16 02:00:38
***************************
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File/Folder c:\windows\Tasks\hzjrxmhs.job not found.
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86\x86 moved successfully.
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}\x86 moved successfully.
c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} moved successfully.
========== REGISTRY ==========
Unable to set value : HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E!
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_GASaij8zAzAW1FPEPLzw scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF4596.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF027.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\cc7A.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc7B.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc7C.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc7D.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc7E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc7F.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc81.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc82.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\cc83.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\JETCE3E.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_14c.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_28c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Opera cache emptied.
Temp folders emptied.
Explorer started successfully
OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01162009_091753
Files moved on Reboot...
File C:\DOCUME~1\Owner\LOCALS~1\Temp\etilqs_GASaij8zAzAW1FPEPLzw not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DF4596.tmp not found!
File C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF027.tmp not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File C:\WINDOWS\temp\cc7A.tmp not found!
File C:\WINDOWS\temp\cc7B.tmp not found!
File C:\WINDOWS\temp\cc7C.tmp not found!
File C:\WINDOWS\temp\cc7D.tmp not found!
File C:\WINDOWS\temp\cc7E.tmp not found!
File C:\WINDOWS\temp\cc7F.tmp not found!
File C:\WINDOWS\temp\cc81.tmp not found!
File C:\WINDOWS\temp\cc82.tmp not found!
File C:\WINDOWS\temp\cc83.tmp not found!
File C:\WINDOWS\temp\JETCE3E.tmp not found!
File C:\WINDOWS\temp\Perflib_Perfdata_14c.dat not found!
File C:\WINDOWS\temp\Perflib_Perfdata_28c.dat not found!
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Owner\Local Settings\Application Data\Mozilla\Firefox\Profiles\dtcu3dik.default\XUL.mfl moved successfully.
*********************
Scanning Report
Friday, January 16, 2009 10:04:48 - 12:57:55
Computer name: GALVATRON-SAMA
Scanning type: Scan system for malware, rootkits
Target: C:\ E:\
Result: 3 malware found
W32/Packed_FSG.D (virus)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SETUP\IMTOO MPEG\KEYGEN.EXE (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\SETUP\IMTOO MP4\KEYGEN.EXE (Submitted)
* C:\DOCUMENTS AND SETTINGS\OWNER\DESKTOP\PATCH\REGISTRY MECHANIC V8.0.0.900 KEYGEN -ROGUE- ONLY\KEYGEN.EXE (Submitted)
Statistics
Scanned:
* Files: 40634
* System: 3951
* Not scanned: 9
Actions:
* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 3
* Submitted: 3
Files not scanned:
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\ETILQS_UUDAP3LT1PEGIZYH3BRE
* C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\SYMANTEC\NPMDATASTORE\CIMSTORE.XML
Options
Scanning engines:
* F-Secure USS: 2.40.0
* F-Secure Hydra: 2.8.8110, 2009-01-16
* F-Secure AVP: 7.0.171, 2009-01-16
* F-Secure Pegasus: 1.20.0, 1969-11-31
* F-Secure Blacklight: 0.0.0
Scanning options:
* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use Advanced heuristics
Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.