ComboFix 09-01-21.04 - Milena 2009-01-29 13:58:39.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2046.1662 [GMT -8:00] Running from: c:\documents and settings\Milena\Desktop\ComboFix.exe AV: AVG *On-access scanning disabled* (Outdated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\autorun.inf c:\program files\Mozilla Firefox\components\iamfamous.dll c:\windows\patchw32.dll c:\windows\pw32a.dll D:\Autorun.inf G:\Autorun.inf H:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 ))))))))))))))))))))))))))))))) . 2009-01-28 16:39 . 2009-01-28 16:38 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys 2009-01-28 16:38 . 2009-01-28 16:38 d-------- c:\windows\Sun 2009-01-28 16:38 . 2009-01-28 16:40 d-------- c:\documents and settings\Milena\.housecall6.6 2009-01-28 16:15 . 2009-01-28 16:15 d-------- c:\program files\Trend Micro 2009-01-28 16:15 . 2008-04-14 05:42 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-01-28 16:15 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-01-28 16:15 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-01-28 16:15 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-01-28 16:15 . 2008-04-13 22:04 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys 2009-01-28 16:15 . 2008-04-14 05:42 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-01-28 16:15 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys 2009-01-28 16:15 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-01-28 16:13 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-01-28 16:12 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys 2009-01-28 16:11 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys 2009-01-28 16:10 . 2001-08-17 13:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys 2009-01-28 16:09 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll 2009-01-28 16:08 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys 2009-01-28 16:07 . 2001-08-17 12:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys 2009-01-28 16:06 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2009-01-27 12:53 . 2009-01-27 12:53 d--h----- C:\$AVG8.VAULT$ 2009-01-27 12:25 . 2009-01-28 05:23 d-------- c:\program files\The KMPlayer 2009-01-27 12:14 . 2009-01-27 12:14 d-------- c:\program files\URUSoft 2009-01-23 20:20 . 2009-01-23 20:20 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-23 19:49 . 2009-01-23 19:49 d-------- c:\program files\PC Connectivity Solution 2009-01-23 19:49 . 2009-01-23 19:49 d-------- c:\program files\Common Files\PCSuite 2009-01-23 19:49 . 2009-01-23 19:49 d-------- c:\program files\Common Files\Nokia 2009-01-23 19:46 . 2009-01-23 20:20 d-------- c:\program files\Java 2009-01-23 19:46 . 2009-01-23 20:20 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-01-23 19:45 . 2009-01-23 19:45 d-------- c:\program files\Common Files\Java 2009-01-23 19:44 . 2009-01-23 19:44 d-------- c:\documents and settings\Milena\Application Data\PC Suite 2009-01-23 19:44 . 2009-01-23 19:44 d-------- c:\documents and settings\Milena\Application Data\Nokia 2009-01-23 19:44 . 2009-01-23 19:44 d-------- c:\documents and settings\All Users\Application Data\PC Suite 2009-01-23 19:43 . 2009-01-23 19:49 d-------- c:\program files\Nokia 2009-01-23 19:43 . 2009-01-23 19:43 d-------- c:\program files\DIFX 2009-01-23 19:43 . 2008-09-15 07:56 91,136 --a------ c:\windows\system32\nmwcdcls.dll 2009-01-23 19:43 . 2008-08-26 09:26 18,816 --a------ c:\windows\system32\drivers\pccsmcfd.sys 2009-01-23 19:42 . 2009-01-23 19:47 d-------- c:\documents and settings\All Users\Application Data\Installations 2009-01-23 10:37 . 2009-01-28 05:23 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-23 10:37 . 2009-01-23 10:37 d-------- c:\documents and settings\Milena\Application Data\Malwarebytes 2009-01-23 10:37 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-23 10:37 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-23 10:35 . 2009-01-23 10:36 d-------- c:\program files\Total Video Converter 2009-01-23 10:35 . 2000-05-22 22:58 608,448 --a------ c:\windows\system32\comctl32.ocx 2009-01-23 10:34 . 2009-01-23 10:34 d-------- c:\program files\Ultra Mobile 3GP Video Converter 2009-01-23 10:34 . 2004-01-11 08:02 258,048 --a------ c:\windows\system32\GplMpgDec.ax 2009-01-23 10:34 . 2007-04-12 14:19 129,024 --a------ c:\windows\system32\AVERM.dll 2009-01-23 10:34 . 2006-09-26 13:57 28,672 --a------ c:\windows\system32\AVEQT.dll 2009-01-23 09:53 . 2009-01-23 10:08 4,096 --ahs---- C:\VSNAP.IDX 2009-01-23 09:43 . 2009-01-23 09:43 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-23 09:42 . 2009-01-23 09:42 d-------- c:\documents and settings\Milena\Application Data\Ashampoo 2009-01-23 09:37 . 2009-01-23 09:37 1,128,512 --a------ c:\windows\system32\SYM 2009-01-23 09_07_04.m01 2009-01-23 09:37 . 2009-01-23 09:37 65,474 --a------ c:\windows\system32\SYM 2009-01-23 09_07_04.vol 2009-01-23 09:37 . 2009-01-23 09:37 512 --a------ c:\windows\system32\SYM 2009-01-23 09_07_04.i01 2009-01-23 09:37 . 2009-01-23 09:37 512 --a------ c:\windows\system32\SYM 2009-01-23 09_07_04.f01 2009-01-23 09:07 . 2009-01-23 09:07 d-------- c:\documents and settings\Milena\Application Data\Symantec 2009-01-23 08:30 . 2009-01-23 10:06 d-------- c:\documents and settings\All Users\Application Data\Symantec 2009-01-22 21:22 . 2009-01-22 11:10 28,854 --a------ c:\windows\system32\oemlogo.bmp 2009-01-22 11:31 . 2009-01-22 11:31 d-------- c:\program files\Spybot - Search & Destroy 2009-01-22 11:31 . 2009-01-22 11:57 d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-22 11:29 . 2009-01-28 05:11 d-------- c:\windows\system32\drivers\Avg 2009-01-22 11:29 . 2009-01-22 11:29 d-------- c:\program files\AVG 2009-01-22 11:29 . 2009-01-29 13:52 d-------- c:\documents and settings\All Users\Application Data\avg8 2009-01-22 11:29 . 2009-01-22 11:29 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-01-22 11:29 . 2009-01-22 11:29 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-01-22 11:29 . 2009-01-22 11:29 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-01-22 10:58 . 2009-01-23 20:22 484 --a------ c:\windows\system32\oeminfo.ini 2009-01-22 10:50 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll 2009-01-22 10:50 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll 2009-01-22 10:50 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui 2009-01-21 22:11 . 2009-01-21 22:12 230,424 --a------ C:\img1-001.raw 2009-01-21 20:58 . 2009-01-26 09:48 d--hs---- C:\Boot 2009-01-21 20:58 . 2008-12-12 23:03 377,151 -rahs---- C:\bootmgr 2009-01-21 20:40 . 2009-01-21 20:40 1,905 --a------ c:\windows\diagwrn.xml 2009-01-21 20:40 . 2009-01-21 20:40 1,905 --a------ c:\windows\diagerr.xml 2009-01-21 20:25 . 2009-01-21 20:25 d-------- c:\program files\Yamicsoft 2009-01-21 20:02 . 2009-01-21 20:02 d-------- c:\windows\nview 2009-01-21 20:02 . 2008-09-17 23:55 453,152 --a------ c:\windows\system32\nvuninst.exe 2009-01-21 20:02 . 2008-09-17 23:55 453,152 --a------ c:\windows\system32\nvudisp.exe 2009-01-21 20:02 . 2009-01-29 13:57 200,712 --a------ c:\windows\system32\nvapps.xml 2009-01-21 20:02 . 2008-09-17 23:55 18,394 --a------ c:\windows\system32\nvdisp.nvu 2009-01-21 12:10 . 2009-01-26 09:06 d--hs---- C:\$RECYCLE.BIN 2009-01-21 12:10 . 2007-03-17 03:41 171,136 -rahs---- C:\grldr 2009-01-21 11:42 . 2009-01-21 11:42 d--h----- c:\windows\PIF 2009-01-21 11:42 . 2009-01-21 12:05 16 --a------ c:\windows\system32\coh.cache 2009-01-21 11:28 . 2009-01-21 12:00 10,635 --a------ c:\windows\system32\drivers\SYMEVENT.CAT 2009-01-21 11:28 . 2009-01-21 12:00 806 --a------ c:\windows\system32\drivers\SYMEVENT.INF 2009-01-21 11:25 . 2009-01-21 11:25 d-------- c:\documents and settings\Milena\Application Data\Media Player Classic 2009-01-21 11:23 . 2009-01-21 11:23 d--hs---- c:\windows\ftpcache 2009-01-21 11:23 . 2009-01-21 11:23 d-------- C:\NVIDIA 2009-01-21 11:12 . 2009-01-21 11:12 268 --ah----- C:\sqmdata00.sqm 2009-01-21 11:12 . 2009-01-21 11:12 244 --ah----- C:\sqmnoopt00.sqm 2009-01-21 10:34 . 2009-01-22 10:52 d-------- c:\program files\EA GAMES 2009-01-21 10:34 . 2004-08-17 19:14 442,368 -ra------ c:\windows\system32\vp6vfw.dll 2009-01-21 10:33 . 2009-01-21 10:33 d-------- c:\documents and settings\Milena\Application Data\DAEMON Tools Pro 2009-01-21 10:33 . 2009-01-21 10:33 d-------- c:\documents and settings\Milena\Application Data\DAEMON Tools 2009-01-21 10:32 . 2009-01-21 10:32 d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2009-01-21 10:31 . 2009-01-21 10:31 d-------- c:\program files\DAEMON Tools Toolbar 2009-01-21 10:31 . 2009-01-21 11:22 d-------- c:\program files\DAEMON Tools Lite 2009-01-21 10:29 . 2009-01-21 10:33 d-------- c:\documents and settings\Milena\Application Data\DAEMON Tools Lite 2009-01-21 10:29 . 2009-01-21 10:29 717,296 --a------ c:\windows\system32\drivers\sptd.sys 2009-01-21 10:27 . 2009-01-21 10:28 d-------- c:\documents and settings\Milena\Application Data\IDM 2009-01-21 10:27 . 2009-01-29 13:59 d-------- c:\documents and settings\Milena\Application Data\DMCache 2009-01-21 10:26 . 2009-01-28 17:25 d-------- c:\program files\Internet Download Manager 2009-01-21 10:25 . 2009-01-21 10:25 d-------- c:\documents and settings\Milena\Contacts 2009-01-21 10:22 . 2009-01-21 10:24 d-------- c:\program files\Windows Live 2009-01-21 10:22 . 2009-01-21 10:23 d--hsc--- c:\program files\Common Files\WindowsLiveInstaller 2009-01-21 10:22 . 2009-01-21 10:22 d-------- c:\documents and settings\All Users\Application Data\WLInstaller 2009-01-21 10:15 . 2009-01-21 10:15 d-------- c:\documents and settings\LocalService\Application Data\TeamViewer 2009-01-21 09:58 . 2008-04-14 05:41 829,440 --a--c--- c:\windows\system32\dllcache\inetmgr.dll 2009-01-21 09:57 . 2009-01-21 09:59 d-------- c:\windows\ServicePackFiles 2009-01-21 09:39 . 2007-03-21 20:39 1,060,864 --a------ c:\windows\system32\MFC71.DLL 2009-01-21 09:39 . 2007-03-21 20:33 503,808 --a------ c:\windows\system32\MSVCP71.DLL 2009-01-21 09:39 . 2007-03-21 20:33 348,160 --a------ c:\windows\system32\MSVCR71.DL1 2009-01-21 09:38 . 2009-01-23 19:50 d----c--- c:\windows\system32\DRVSTORE 2009-01-21 09:38 . 2009-01-22 11:25 d-------- c:\program files\Common Files\Symantec Shared 2009-01-21 09:38 . 2008-01-19 20:12 128,104 --a------ c:\windows\system32\drivers\WimFltr.sys 2009-01-21 09:38 . 2008-05-07 16:44 107,368 --a------ c:\windows\system32\GEARAspi.dll 2009-01-21 09:38 . 2008-12-11 14:40 15,464 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2009-01-21 09:35 . 2009-01-21 09:35 d-------- c:\program files\TeamViewer3 2009-01-21 09:35 . 2009-01-21 09:35 d-------- c:\documents and settings\Milena\temp 2009-01-21 09:35 . 2009-01-21 09:35 d-------- c:\documents and settings\Milena\Application Data\TeamViewer 2009-01-21 09:34 . 2009-01-21 09:34 d-------- c:\program files\K-Lite Codec Pack 2009-01-21 09:32 . 2009-01-21 09:32 d-------- c:\windows\Cache 2009-01-21 09:32 . 2009-01-21 09:32 d-------- c:\program files\Microsoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-21 16:49 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-21 16:38 --------- d-----w c:\program files\microsoft frontpage 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-01-21 2606512] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "snpstd"="c:\windows\vsnpstd.exe" [2004-06-10 286720] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-01-22 97928] R4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-01-22 231704] R4 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-01-22 76040] R4 TeamViewer;TeamViewer 3;c:\program files\TeamViewer3\TeamViewer_Host.exe [2008-03-12 181544] S3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2009-01-21 61648] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S4 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-01-22 875288] . . ------- Supplementary Scan ------- . IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm FF - ProfilePath - c:\documents and settings\Milena\Application Data\Mozilla\Firefox\Profiles\22wbieqj.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - component: c:\documents and settings\Milena\Application Data\IDM\idmmzcc2\components\idmmzcc.dll FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-29 13:59:48 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-01-29 14:01:11 ComboFix-quarantined-files.txt 2009-01-29 22:01:09 Pre-Run: 3,595,071,488 bytes free Post-Run: 3,622,436,864 bytes free 214 --- E O F --- 2009-01-24 20:55:09