ComboFix 09-12-09.04 - SIMOADMIN 10.12.2009 18:46:58.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.766.365 [GMT 1:00] Running from: F:\ComboFix.exe AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\RECYCLER\S-1-5-21-0366734607-5899557178-540997018-1253 C:\RECYCLER\S-1-5-21-4878862952-3998656720-592506763-8035 C:\RECYCLER\S-1-5-21-5168704197-5124417698-504777872-6190 C:\RECYCLER\S-1-5-21-5168704197-5124417698-504777872-6190\Desktop.ini C:\RECYCLER\S-1-5-21-5168704197-5124417698-504777872-6190\nissan.exe C:\RECYCLER\S-1-5-21-5980073853-0484437217-281195734-6707 C:\RECYCLER\S-1-5-21-6613570175-1868468261-408924616-3594 C:\RECYCLER\S-1-5-21-6841492966-3141558496-796114422-6981 C:\RECYCLER\S-1-5-21-8257337631-7538835948-388520528-0522 . ((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 ))))))))))))))))))))))))))))))) . 2009-12-10 17:15:14 . 2009-12-10 17:15:14 -------- d-----w- C:\Documents and Settings\SIMOADMIN\Application Data\Corel 2009-12-10 17:06:56 . 2009-12-10 17:06:56 -------- d-----w- C:\WINDOWS\system32\AVG8 2009-12-10 17:06:33 . 2009-12-10 17:06:33 -------- d-----w- C:\Documents and Settings\ured.URED-02\Application Data\AVG8 2009-11-30 07:36:28 . 2001-08-17 12:56:16 7552 -c--a-w- C:\WINDOWS\system32\dllcache\sonypvu1.sys 2009-11-30 07:36:28 . 2001-08-17 12:56:16 7552 ----a-w- C:\WINDOWS\system32\drivers\SONYPVU1.SYS 2009-11-23 09:44:47 . 2009-11-23 09:44:47 -------- d-----w- C:\Documents and Settings\ured.URED-02\Local Settings\Application Data\Identities 2009-11-19 11:01:32 . 2009-11-19 11:01:32 64960 ----a-w- C:\Documents and Settings\ured.URED-02\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-17 20:25:09 . 2009-11-17 20:25:09 -------- d-----w- C:\Documents and Settings\ured.URED-02\Application Data\Corel 2009-11-17 15:46:51 . 2009-11-23 11:24:07 -------- d-----w- C:\Documents and Settings\ured.URED-02\Local Settings\Application Data\Adobe 2009-11-17 13:21:33 . 2009-11-17 13:21:33 -------- d-----w- C:\Documents and Settings\ured.URED-02\Local Settings\Application Data\Mozilla 2009-11-17 12:09:01 . 2009-11-17 12:09:01 152576 ----a-w- C:\Documents and Settings\SIMOADMIN\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 2009-11-17 12:07:31 . 2009-11-17 12:07:31 79488 ----a-w- C:\Documents and Settings\SIMOADMIN\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-10 15:38:12 . 2009-10-07 09:44:02 -------- d-----w- C:\Program Files\Spybot - Search & Destroy 2009-12-09 06:19:38 . 2009-10-07 09:36:18 56816 ----a-w- C:\WINDOWS\system32\drivers\avgntflt.sys 2009-11-17 12:09:32 . 2009-10-07 09:46:05 -------- d-----w- C:\Program Files\Java 2009-10-15 12:40:02 . 2009-10-07 09:01:32 86327 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat 2009-10-15 11:37:13 . 2009-10-15 11:37:13 -------- d-----w- C:\Documents and Settings\All Users\Application Data\McAfee 2009-10-11 03:17:27 . 2009-10-07 09:46:15 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll 2009-10-07 12:35:08 . 2009-10-07 09:09:24 64960 ----a-w- C:\Documents and Settings\SIMOADMIN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-07 10:15:28 . 2009-10-07 10:15:27 86016 ----a-w- C:\Documents and Settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-10-07 10:02:25 . 2009-10-07 10:02:24 152576 ----a-w- C:\Documents and Settings\SIMOADMIN\Application Data\Sun\Java\jre1.6.0_15\lzma.dll 2009-10-07 09:45:54 . 2009-10-07 09:45:54 152576 ----a-w- C:\Documents and Settings\SIMOADMIN\Application Data\Sun\Java\jre1.6.0_14\lzma.dll 2009-10-07 09:44:54 . 2009-10-07 09:44:54 0 ----a-w- C:\WINDOWS\nsreg.dat 2009-10-07 08:59:12 . 2009-10-07 08:59:12 21640 ----a-w- C:\WINDOWS\system32\emptyregdb.dat 2009-10-02 21:15:50 . 2009-10-07 09:38:13 483707 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aescript.dll 2009-10-02 21:15:48 . 2009-10-07 09:38:13 479604 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aerdl.dll 2009-10-02 21:15:48 . 2009-10-07 09:38:12 393587 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeemu.dll 2009-10-02 21:15:48 . 2009-10-07 09:38:12 364916 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aegen.dll 2009-10-02 21:15:48 . 2009-10-07 09:38:12 2003319 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aeheur.dll 2009-09-15 14:58:02 . 2009-10-07 09:38:13 106867 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aevdf.dll 2009-09-15 14:58:00 . 2009-10-07 09:38:12 422261 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aepack.dll 2009-09-15 14:57:58 . 2009-10-07 09:38:12 184693 ----a-w- C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\FAILSAVE\aecore.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 14:44:34 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe boot" [X] "VTTimer"="VTTimer.exe" [2006-08-03 06:53:02 53248] "S3Trayp"="S3trayp.exe" [2006-07-10 18:33:16 176128] "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 01:11:06 925696] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 11:08:47 209153] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 15:10:28 35696] "NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50:42 155648] "SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2009-10-11 03:17:36 149280] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:42:18 15360] C:\Documents and Settings\SIMOADMIN\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\drivers\xfilt.sys [10/7/2009 10:12:52 AM 11264] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files\Avira\AntiVir Desktop\sched.exe [10/7/2009 10:36:18 AM 108289] R3 S3GIGP;S3GIGP;C:\WINDOWS\system32\drivers\S3gIGPm.sys [10/7/2009 10:21:48 AM 659456] . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 TCP: {FE8915B7-1D3D-4B76-A44F-597D08919632} = 195.222.32.10,195.222.32.20 FF - ProfilePath - C:\Documents and Settings\SIMOADMIN\Application Data\Mozilla\Firefox\Profiles\o6x52q4k.default\ .