ComboFix 09-04-04.01 - Owner 2009-04-10 22:26:05.6 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.222 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\remover.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_restore ((((((((((((((((((((((((( Files Created from 2009-03-11 to 2009-04-11 ))))))))))))))))))))))))))))))) . 2009-04-10 20:41 . 2009-04-10 20:41 d-------- c:\windows\nview 2009-04-10 20:41 . 2009-04-10 22:32 215,383 --a------ c:\windows\system32\nvapps.xml 2009-04-10 20:41 . 2009-03-27 10:03 19,054 --a------ c:\windows\system32\nvdisp.nvu 2009-04-10 20:40 . 2009-04-10 20:40 d-------- C:\NVIDIA 2009-04-10 14:02 . 2009-04-10 14:02 d-------- c:\program files\SystemRequirementsLab 2009-04-10 14:02 . 2009-04-10 14:02 d-------- c:\documents and settings\Owner\Application Data\SystemRequirementsLab 2009-04-10 10:58 . 2009-04-10 11:05 d--h----- C:\$AVG8.VAULT$ 2009-04-10 10:52 . 2009-04-10 10:52 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-04-08 12:51 . 2008-04-13 19:12 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-04-08 12:51 . 2001-08-17 22:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-04-08 12:51 . 2001-08-17 22:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-04-08 12:51 . 2001-08-17 22:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-04-08 12:51 . 2004-08-03 22:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys 2009-04-08 12:51 . 2008-04-13 19:12 18,944 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-04-08 12:51 . 2001-08-17 12:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys 2009-04-08 12:51 . 2004-08-03 22:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys 2009-04-08 12:51 . 2008-04-13 19:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-04-08 12:51 . 2001-08-17 22:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-04-08 12:49 . 2001-08-17 13:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys 2009-04-08 12:48 . 2001-08-17 22:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-04-08 12:47 . 2001-08-17 14:01 241,664 --a--c--- c:\windows\system32\dllcache\tosdvd02.sys 2009-04-08 12:46 . 2001-08-17 12:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys 2009-04-08 12:45 . 2001-08-17 14:56 147,200 --a--c--- c:\windows\system32\dllcache\smidispb.dll 2009-04-08 12:44 . 2001-08-17 22:36 386,560 --a--c--- c:\windows\system32\dllcache\sgiul50.dll 2009-04-08 12:43 . 2001-08-17 22:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll 2009-04-08 12:42 . 2001-08-17 14:56 210,496 --a--c--- c:\windows\system32\dllcache\s3mvirge.dll 2009-04-08 12:41 . 2001-08-17 13:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys 2009-04-08 12:40 . 2001-08-17 14:05 351,616 --a--c--- c:\windows\system32\dllcache\ovcodek2.sys 2009-04-08 12:39 . 2001-08-17 12:50 198,144 --a--c--- c:\windows\system32\dllcache\nv3.sys 2009-04-08 12:38 . 2004-08-04 14:00 229,439 --a--c--- c:\windows\system32\dllcache\multibox.dll 2009-04-08 12:37 . 2004-08-04 14:00 1,875,968 --a--c--- c:\windows\system32\dllcache\msir3jp.lex 2009-04-08 12:36 . 2004-08-04 14:00 1,158,818 --a--c--- c:\windows\system32\dllcache\korwbrkr.lex 2009-04-08 12:35 . 2004-08-04 14:00 471,102 --a--c--- c:\windows\system32\dllcache\imskdic.dll 2009-04-08 12:34 . 2004-08-04 14:00 10,129,408 --a--c--- c:\windows\system32\dllcache\hwxkor.dll 2009-04-08 12:33 . 2001-08-17 13:28 907,456 --a--c--- c:\windows\system32\dllcache\hcf_msft.sys 2009-04-08 12:32 . 2001-08-17 14:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll 2009-04-08 12:31 . 2001-08-17 13:28 634,134 --a--c--- c:\windows\system32\dllcache\el656ct5.sys 2009-04-08 12:30 . 2001-08-17 12:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys 2009-04-08 12:29 . 2004-08-04 14:00 1,677,824 --a--c--- c:\windows\system32\dllcache\chsbrkr.dll 2009-04-08 12:28 . 2001-08-17 13:28 871,388 --a--c--- c:\windows\system32\dllcache\bcmdm.sys 2009-04-08 12:27 . 2001-08-17 13:28 762,780 --a--c--- c:\windows\system32\dllcache\3cwmcru.sys 2009-04-07 09:00 . 2009-04-07 09:00 1,420 --a------ c:\windows\Pyihurize.dat 2009-04-07 09:00 . 2009-04-07 09:59 16 --a------ c:\windows\Khotoho.bin 2009-03-31 19:26 . 2009-03-31 19:31 37,248 --a------ c:\windows\system32\driver.sys 2009-03-29 13:10 . 2009-03-29 13:10 213,120 -----c--- c:\windows\system32\dllcache\ndis.sys 2009-03-29 13:07 . 2009-03-29 13:06 0 --a------ c:\windows\system32\drivers\OLD7.tmp 2009-03-29 13:06 . 2004-08-04 14:00 4,224 --a------ c:\windows\system32\drivers\beep.sys 2009-03-29 13:06 . 2004-08-04 14:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-10 23:00 --------- d-----w c:\documents and settings\All Users\Application Data\Google Updater 2009-04-10 17:26 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2009-04-10 15:52 325,640 ----a-w c:\windows\system32\drivers\avgldx86.sys 2009-04-10 15:52 107,912 ----a-w c:\windows\system32\drivers\avgtdix.sys 2009-04-10 15:45 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-04-10 15:44 --------- d-----w c:\program files\BigFix 2009-04-08 16:43 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-04-06 20:32 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys 2009-04-06 20:32 15,504 ----a-w c:\windows\system32\drivers\mbam.sys 2009-03-29 18:10 213,120 ----a-w c:\windows\system32\drivers\ndis.sys 2009-03-27 15:03 6,280,416 ----a-w c:\windows\system32\drivers\nv4_mini.sys 2009-03-26 01:29 --------- d-----w c:\program files\InterCasino $$$ 2008-11-10 05:07 62,920 ----a-w c:\documents and settings\Owner\Application Data\GDIPFONTCACHEV1.DAT 2008-10-22 03:08 19,218 ----a-w c:\program files\Common Files\omykon.vbs 2008-10-22 03:08 18,267 ----a-w c:\documents and settings\Owner\Application Data\iwyn.bin 2008-10-22 03:08 17,500 ----a-w c:\documents and settings\All Users\Application Data\ocisib.dll 2008-10-22 03:08 16,627 ----a-w c:\program files\Common Files\befydyz.scr 2008-10-22 03:08 14,261 ----a-w c:\program files\Common Files\tavosep.sys 2008-10-22 03:08 11,152 ----a-w c:\program files\Common Files\ehexigetiw.exe 2008-10-20 00:38 17,793 ----a-w c:\documents and settings\Owner\Application Data\yhyn.vbs 2008-10-20 00:38 16,003 ----a-w c:\documents and settings\All Users\Application Data\lipaf.bat 2008-10-20 00:38 15,681 ----a-w c:\documents and settings\Owner\Application Data\ziqylalisa.dll 2008-10-20 00:38 14,883 ----a-w c:\documents and settings\Owner\Application Data\jydocatyja.exe 2008-10-20 00:38 13,042 ----a-w c:\program files\Common Files\hozusur.inf 2008-10-20 00:38 11,810 ----a-w c:\documents and settings\Owner\Application Data\yzare.sys 2008-10-20 00:38 11,083 ----a-w c:\program files\Common Files\emakutik.dl 2008-07-09 07:40 1,347,473 ----a-w c:\documents and settings\Owner\ScanReport.dat 2008-06-02 01:19 32,282 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat 2008-04-27 05:48 0 ----a-w c:\program files\temp01 2008-03-28 19:27 32 ----a-r c:\documents and settings\All Users\hash.dat 2006-12-21 15:17 0 ----a-w c:\documents and settings\Guest\Application Data\wklnhst.dat 2008-10-19 23:06 16,384 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 2008-10-19 23:06 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008101920081020\index.dat . ------- Sigcheck ------- 2004-08-04 14:00 182912 558635d3af1c7546d26067d5d9b6959e c:\windows\$NtServicePackUninstall$\ndis.sys 2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d c:\windows\ServicePackFiles\i386\ndis.sys 2008-04-13 14:20 182656 1df7f42665c94b825322fae71721130d c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys md5deep: c:\windows\system32\dllcache\ndis.sys: Permission denied 2009-03-29 13:10 213120 bf1a3e9eb3843712f9d8e2e041d355cd c:\windows\system32\drivers\ndis.sys . ((((((((((((((((((((((((((((( SnapShot@2009-04-10_13.05.59.64 ))))))))))))))))))))))))))))))))))))))))) . - 2005-09-18 16:32:00 3,905,408 -c--a-w c:\windows\system32\dllcache\nv4_disp.dll + 2009-03-27 15:03:00 6,186,880 -c--a-w c:\windows\system32\dllcache\nv4_disp.dll - 2005-09-18 16:32:00 3,493,984 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys + 2009-03-27 15:03:00 6,280,416 -c--a-w c:\windows\system32\dllcache\nv4_mini.sys - 2007-04-19 17:26:00 425,984 ----a-w c:\windows\system32\keystone.exe + 2009-03-27 15:03:00 436,768 ----a-w c:\windows\system32\keystone.exe - 2005-09-18 16:32:00 3,905,408 ----a-w c:\windows\system32\nv4_disp.dll + 2009-03-27 15:03:00 6,186,880 ----a-w c:\windows\system32\nv4_disp.dll - 2007-04-19 17:26:00 212,992 ----a-w c:\windows\system32\nvapi.dll + 2009-03-27 15:03:00 667,648 ----a-w c:\windows\system32\nvapi.dll - 2007-04-19 17:26:00 442,368 ----a-w c:\windows\system32\nvappbar.exe + 2009-03-27 15:03:00 449,056 ----a-w c:\windows\system32\nvappbar.exe - 2007-04-19 17:26:00 35,840 ----a-w c:\windows\system32\nvcod.dll + 2009-03-27 15:03:00 139,264 ----a-w c:\windows\system32\nvcod.dll - 2007-04-19 17:26:00 35,840 ----a-w c:\windows\system32\nvcodins.dll + 2009-03-27 15:03:00 139,264 ----a-w c:\windows\system32\nvcodins.dll - 2007-04-19 17:26:00 147,456 ----a-w c:\windows\system32\nvcolor.exe + 2009-03-27 15:03:00 143,360 ----a-w c:\windows\system32\nvcolor.exe - 2007-04-19 17:26:00 7,700,480 ----a-w c:\windows\system32\nvcpl.dll + 2009-03-27 15:03:00 13,684,736 ----a-w c:\windows\system32\nvcpl.dll + 2009-03-27 15:03:00 801,312 ----a-w c:\windows\system32\nvcplui.exe + 2009-03-27 15:03:00 1,560,576 ----a-w c:\windows\system32\nvcuda.dll + 2009-03-27 15:03:00 401,408 ----a-w c:\windows\system32\nvcuvid.dll + 2009-03-27 15:03:00 4,710,400 ----a-w c:\windows\system32\nvdisps.dll - 2007-04-19 17:26:00 1,339,392 ----a-w c:\windows\system32\nvdspsch.exe + 2009-03-27 15:03:00 1,346,080 ----a-w c:\windows\system32\nvdspsch.exe + 2009-03-27 15:03:00 3,489,792 ----a-w c:\windows\system32\nvgames.dll - 2007-04-19 17:26:00 1,474,560 ----a-w c:\windows\system32\nview.dll + 2009-03-27 15:03:00 1,503,232 ----a-w c:\windows\system32\nview.dll - 2007-04-19 17:26:00 229,376 ----a-w c:\windows\system32\nvmccs.dll + 2009-03-27 15:03:00 229,376 ----a-w c:\windows\system32\nvmccs.dll - 2007-04-19 17:26:00 45,056 ----a-w c:\windows\system32\nvmccsrs.dll + 2009-03-27 15:03:00 45,056 ----a-w c:\windows\system32\nvmccsrs.dll + 2009-03-27 15:03:00 188,416 ----a-w c:\windows\system32\nvmccss.dll - 2007-04-19 17:26:00 86,016 ----a-w c:\windows\system32\nvmctray.dll + 2009-03-27 15:03:00 86,016 ----a-w c:\windows\system32\nvmctray.dll + 2009-03-27 15:03:00 1,273,856 ----a-w c:\windows\system32\nvmobls.dll - 2007-04-24 01:39:14 5,644,288 ----a-w c:\windows\system32\nvoglnt.dll + 2009-03-27 15:03:00 9,596,928 ----a-w c:\windows\system32\nvoglnt.dll - 2007-04-19 17:26:00 466,944 ----a-w c:\windows\system32\nvshell.dll + 2009-03-27 15:03:00 466,944 ----a-w c:\windows\system32\nvshell.dll - 2007-04-19 17:26:00 159,810 ----a-w c:\windows\system32\nvsvc32.exe + 2009-03-27 15:03:00 163,908 ----a-w c:\windows\system32\nvsvc32.exe - 2007-04-19 17:26:00 208,896 ----a-w c:\windows\system32\nvudisp.exe + 2009-03-27 15:03:00 453,152 ----a-w c:\windows\system32\nvudisp.exe - 2007-04-19 17:26:00 208,896 ----a-w c:\windows\system32\NVUNINST.EXE + 2009-03-27 13:14:42 453,152 ----a-w c:\windows\system32\NVUNINST.EXE + 2009-03-27 15:03:00 3,796,992 ----a-w c:\windows\system32\nvvitvs.dll - 2007-04-19 17:26:00 81,920 ----a-w c:\windows\system32\nvwddi.dll + 2009-03-27 15:03:00 81,920 ----a-w c:\windows\system32\nvwddi.dll - 2007-04-19 17:26:00 1,703,936 ----a-w c:\windows\system32\nvwdmcpl.dll + 2009-03-27 15:03:00 1,724,416 ----a-w c:\windows\system32\nvwdmcpl.dll - 2007-04-19 17:26:00 1,019,904 ----a-w c:\windows\system32\nvwimg.dll + 2009-03-27 15:03:00 1,101,824 ----a-w c:\windows\system32\nvwimg.dll + 2009-03-27 15:03:00 2,744,320 ----a-w c:\windows\system32\nvwss.dll - 2007-04-19 17:26:00 1,626,112 ----a-w c:\windows\system32\nwiz.exe + 2009-03-27 15:03:00 1,657,376 ----a-w c:\windows\system32\nwiz.exe . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-10 1932568] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016] "SoundMan"="SOUNDMAN.EXE" [2005-09-26 c:\windows\soundman.exe] "nwiz"="nwiz.exe" [2009-03-27 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10a.exe" [2008-10-04 235936] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-04-10 10:52 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-10-27 15:16 39408 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-08-30 17:43 4670704 c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WANMiniportService"=2 (0x2) "MskService"=2 (0x2) "MpfService"=2 (0x2) "mcupdmgr.exe"=3 (0x3) "McTskshd.exe"=2 (0x2) "McShield"=2 (0x2) "McDetect.exe"=2 (0x2) "EarthLinkMonitor"=2 (0x2) "AOL ACS"=2 (0x2) "psyche"=2 (0x2) "network monitor"=2 (0x2) "cmdservice"=2 (0x2) "AresChatServer"=3 (0x3) "avg8wd"=2 (0x2) "ICF"=2 (0x2) "sdCoreService"=2 (0x2) "sdAuxService"=2 (0x2) "avast! Web Scanner"=3 (0x3) "avast! Mail Scanner"=3 (0x3) "avast! Antivirus"=2 (0x2) "aswUpdSv"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8097:TCP"= 8097:TCP:EarthLink UHP Modem Support R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-10-23 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-10-23 107912] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-10-23 298264] S1 e43edea6;e43edea6;c:\windows\system32\drivers\e43edea6.sys --> c:\windows\system32\drivers\e43edea6.sys [?] S3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys --> c:\windows\system32\Drivers\BW2NDIS5.sys [?] S3 tcpip_patcher;tcpip_patcher;\??\c:\program files\Ares Ultra\tcpip_patcher.sys --> c:\program files\Ares Ultra\tcpip_patcher.sys [?] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9a24b6a1-e2d9-11dd-8226-0040caaca24c}] \Shell\AutoRun\command - J:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd5d32d1-5c90-11d9-926d-806d6172696f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 . Contents of the 'Scheduled Tasks' folder 2009-04-11 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 02:28] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com uDefault_Search_URL = hxxp://www.google.com/ uSearchMigratedDefaultURL = hxxp://www.google.com/ mStart Page = hxxp://www.google.com mSearch Bar = hxxp://www.google.com/ mSearchMigratedDefaultURL = hxxp://www.google.com/ uInternet Connection Wizard,ShellNext = iexplore uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchURL = hxxp://www.google.com/ IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML IE: &Search IE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} - hxxp://www.shockwave.com/content/dairydash/sis/DairyDashWeb.1.0.0.12.cab FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\n5rues1u.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - plugin: c:\progra~1\Yahoo!\Common\npyaxmpb.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\kSolo\npAVX.dll FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll . ************************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-04-10 22:32:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\windows\temp\BN1.tmp c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\windows\system32\rundll32.exe . ************************************************************************** . Completion time: 2009-04-10 22:36:07 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-11 03:36:03 ComboFix2.txt 2009-04-10 18:06:44 ComboFix3.txt 2009-04-07 14:46:30 Pre-Run: 79,656,783,872 bytes free Post-Run: 79,640,813,568 bytes free 302 --- E O F --- 2009-03-16 08:01:52