ComboFix 09-06-04.A1 - Drossed 06/07/2009 16:50.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1024.587 [GMT -4:00]
Running from: c:\documents and settings\Drossed\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Drossed\Desktop\CFScript.txt
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
.
((((((((((((((((((((((((( Files Created from 2009-05-07 to 2009-06-07 )))))))))))))))))))))))))))))))
.
2009-06-04 18:55 . 2009-06-04 18:55 -------- d-----w- c:\documents and settings\Drossed\Application Data\BitDefender
2009-06-04 18:54 . 2009-06-04 18:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-06-04 18:54 . 2009-06-04 18:55 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-01 15:49 . 2009-06-01 15:48 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-29 16:55 . 2009-05-29 16:55 -------- d-----w- c:\documents and settings\Drossed\Application Data\Malwarebytes
2009-05-29 16:54 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-29 16:54 . 2009-05-29 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-29 16:54 . 2009-05-29 16:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-29 16:54 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-26 23:11 . 2009-05-26 23:11 -------- d-----w- c:\program files\Trend Micro
2009-05-25 14:38 . 2009-05-25 14:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-05-25 07:05 . 2009-05-25 07:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\TrojanHunter
2009-05-21 03:14 . 2009-05-21 03:15 -------- d-----w- c:\program files\Har-Bal 2.3
2009-05-21 03:14 . 2003-07-06 13:10 17408 ------w- c:\windows\system32\minimp3.exe
2009-05-21 02:23 . 2009-05-21 03:20 -------- d-----w- c:\program files\HarBal 1.5
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-05 21:31 . 2009-04-29 07:58 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-05 17:13 . 2007-08-17 02:41 -------- d-----w- c:\documents and settings\Drossed\Application Data\Azureus
2009-06-04 18:54 . 2009-04-29 07:43 -------- d-----w- c:\program files\BitDefender
2009-06-01 15:48 . 2007-08-16 23:44 -------- d-----w- c:\program files\Java
2009-05-31 07:54 . 2007-08-16 23:44 -------- d-----w- c:\program files\LimeWire
2009-05-30 16:37 . 2009-04-24 16:56 -------- d-----w- c:\program files\3rdVstPlugins
2009-05-26 23:10 . 2009-04-30 16:49 -------- d-----w- c:\program files\TrojanHunter 5.0
2009-05-25 06:56 . 2009-05-31 07:27 142862 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2009-05-24 06:50 . 2007-08-17 00:05 16704 ----a-w- c:\documents and settings\Drossed\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-22 03:43 . 2007-01-04 07:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-13 07:59 . 2007-01-23 00:29 7114736 ----a-w- c:\documents and settings\Drossed\Application Data\Azureus\plugins\azemp\azmplay.exe
2009-05-13 07:58 . 2007-08-16 23:45 -------- d-----w- c:\program files\Azureus
2009-05-01 06:34 . 2007-08-17 00:27 76487 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-04-30 17:09 . 2009-04-30 17:09 -------- d-----w- c:\documents and settings\Drossed\Application Data\TrojanHunter
2009-04-30 17:00 . 2009-04-30 17:00 -------- d-----w- c:\program files\TrojanHunter
2009-04-29 07:47 . 2009-04-29 05:07 -------- d-----w- c:\program files\ESET
2009-04-29 06:53 . 2009-04-29 05:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-04-29 05:03 . 2009-04-29 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-29 04:46 . 2009-04-29 04:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-04-27 07:14 . 2007-08-17 15:13 -------- d-----w- c:\documents and settings\Drossed\Application Data\LimeWire
2009-04-25 21:24 . 2009-04-25 21:24 -------- d-----w- c:\program files\VstPlugins
2009-04-25 21:18 . 2009-04-25 21:18 -------- d-----w- c:\documents and settings\Drossed\Application Data\FabFilter
2009-04-25 00:42 . 2009-04-25 00:42 -------- d-----w- c:\program files\Steinberg
2009-04-25 00:40 . 2009-04-25 00:40 -------- d-----w- c:\program files\GForce
2009-04-25 00:38 . 2009-04-25 00:38 -------- d-----w- c:\program files\FabFilter
2009-04-24 16:56 . 2009-04-24 16:56 -------- d-----w- c:\program files\ASIO4ALL v2
2009-04-24 16:56 . 2009-04-24 16:52 -------- d-----w- c:\program files\Image-Line
2009-04-24 16:55 . 2009-04-24 16:55 -------- d-----w- c:\program files\Outsim
2009-04-20 07:47 . 2009-04-14 18:12 -------- d-----w- c:\program files\Operation Flashpoint
2009-04-18 22:19 . 2009-03-16 12:46 -------- d-----w- c:\program files\EA Games
2009-04-14 18:15 . 2009-04-13 06:21 69632 ----a-r- c:\documents and settings\Drossed\Application Data\Microsoft\Installer\{8FF6FFEC-E59D-40FD-9089-8B71F51CF67F}\NewIcon.exe
2009-04-14 18:15 . 2009-04-13 06:21 40960 ----a-r- c:\documents and settings\Drossed\Application Data\Microsoft\Installer\{8FF6FFEC-E59D-40FD-9089-8B71F51CF67F}\ARPPRODUCTICON.exe
2009-04-14 18:15 . 2009-04-13 06:21 2998 ----a-r- c:\documents and settings\Drossed\Application Data\Microsoft\Installer\{8FF6FFEC-E59D-40FD-9089-8B71F51CF67F}\NewIcon2.exe
2009-04-14 18:15 . 2009-04-13 06:21 2998 ----a-r- c:\documents and settings\Drossed\Application Data\Microsoft\Installer\{8FF6FFEC-E59D-40FD-9089-8B71F51CF67F}\NewIcon1.exe
2009-04-14 18:02 . 2009-04-14 18:02 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-04-14 17:52 . 2009-04-14 17:52 409600 ----a-w- c:\windows\system32\wrap_oal.dll
2009-04-14 17:52 . 2007-08-17 01:03 114688 ----a-w- c:\windows\system32\OpenAL32.dll
2009-03-17 21:19 . 2007-01-25 01:02 1189 ----a-w- c:\windows\eReg.dat
2009-03-05 22:08 . 2009-06-04 19:07 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2007-01-09 22:43 . 2007-01-09 22:06 80 --sh--r- c:\windows\system32\A03F23E67F.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-27_15.34.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-06-05 21:32 . 2009-06-05 21:32 16384 c:\windows\Temp\Perflib_Perfdata_1a4.dat
+ 2009-04-29 07:44 . 2009-06-04 18:56 57344 c:\windows\Installer\{0801DB64-A004-4640-BF13-F05D75409627}\texticon.exe
- 2009-04-29 07:44 . 2009-04-29 07:44 57344 c:\windows\Installer\{0801DB64-A004-4640-BF13-F05D75409627}\texticon.exe
+ 2009-04-29 07:44 . 2009-06-04 18:56 22486 c:\windows\Installer\{0801DB64-A004-4640-BF13-F05D75409627}\register_icon.exe
- 2009-04-29 07:44 . 2009-04-29 07:44 22486 c:\windows\Installer\{0801DB64-A004-4640-BF13-F05D75409627}\register_icon.exe
+ 2009-04-29 07:44 . 2009-06-04 18:56 32768 c:\windows\Installer\{0801DB64-A004-4640-BF13-F05D75409627}\maintenance_icon.exe
- 2009-04-29 07:44 . 2009-04-29 07:44 32768 c:\windows\Installer\{0801DB64-A004-4640-BF13-F05D75409627}\maintenance_icon.exe
- 2009-04-29 07:44 . 2009-04-29 07:44 61440 c:\windows\Installer\{0801DB64-A004-4640-BF13-F05D75409627}\helpicon.exe
+ 2009-04-29 07:44 . 2009-06-04 18:56 61440 c:\windows\Installer\{0801DB64-A004-4640-BF13-F05D75409627}\helpicon.exe
+ 2009-06-01 15:49 . 2009-06-01 15:48 148888 c:\windows\system32\javaws.exe
+ 2009-06-01 15:49 . 2009-06-01 15:48 144792 c:\windows\system32\javaw.exe
+ 2009-06-01 15:49 . 2009-06-01 15:48 144792 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"THGuard"="c:\program files\TrojanHunter 5.0\THGuard.exe" [2009-04-13 1061536]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-01 148888]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-06-04 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-02-23 69632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
[BU]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Drossed^Start Menu^Programs^Startup^Office Startup.lnk]
path=c:\documents and settings\Drossed\Start Menu\Programs\Startup\Office Startup.lnk
backup=c:\windows\pss\Office Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"LexBceS"=2 (0x2)
"ImapiService"=3 (0x3)
"FastUserSwitchingCompatibility"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force Standalone.exe"=
"c:\\Program Files\\SoundSpectrum\\G-Force\\G-Force V-Bar.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Microsoft Games\\Halo\\halo.exe"=
"c:\\Program Files\\Operation Flashpoint\\FLASHPOINTRESISTANCE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
R2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2009\BDVEDISK.sys [10/6/2008 6:16 PM 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [9/18/2008 12:09 PM 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2/12/2009 4:52 PM 104328]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [1/20/2009 7:16 PM 172032]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - C4E87FD1
*NewlyCreated* - C56D1D9C
*Deregistered* - c4e87fd1
*Deregistered* - c56d1d9c
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder
2009-06-07 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-08-17 13:04]
.
.
------- Supplementary Scan -------
.
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Drossed\Application Data\Mozilla\Firefox\Profiles\uwo8eut5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-06-07 16:56
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(960)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2184)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-07 16:59
ComboFix-quarantined-files.txt 2009-06-07 20:59
ComboFix2.txt 2009-06-05 17:40
ComboFix3.txt 2009-05-27 15:37
Pre-Run: 21,810,991,104 bytes free
Post-Run: 21,797,343,232 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
180 --- E O F --- 2009-05-13 18:33
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:05:02 PM, on 6/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {36A91CEC-6C71-4758-B492-397BFC8E96A2} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {7C7EFE99-C71F-48b8-8CC8-BA506CA76A33} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\
O20 - Winlogon Notify: reset5c - C:\WINDOWS\
O23 - Service: BitDefender Arrakis Server (Arrakis3) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
--
End of file - 4797 bytes
Login 
Search 
Facebook
Twitter
TechGuy.tv
TSG Mobile