combofix log rerun
ComboFix 13-05-01.03 - Weeblie Watson 01/05/2013 18:48:53.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.2088 [GMT 1:00]
Running from: c:\documents and settings\Weeblie Watson\My Documents\DOWNLOADS\ComboFix.exe
Command switches used :: c:\combifix logs\CFScript.txt
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Files Created from 2013-04-01 to 2013-05-01 )))))))))))))))))))))))))))))))
.
.
2013-05-01 17:43 . 2013-05-01 17:43 -------- d-----w- c:\documents and settings\Weeblie Watson\Local Settings\Application Data\Sun
2013-04-28 13:48 . 2013-04-28 13:48 2848867 ----a-w- c:\program files\Outlook Express\slide 2.exe
2013-04-28 13:39 . 2013-04-28 13:39 2850339 ----a-w- c:\program files\Outlook Express\slide.exe
2013-04-28 13:07 . 2013-04-28 13:07 -------- d-----w- c:\documents and settings\Weeblie Watson\Application Data\FastStone
2013-04-28 13:06 . 2013-04-28 13:06 -------- d-----w- c:\program files\FastStone Image Viewer
2013-04-28 11:56 . 2013-04-28 19:46 -------- d-----w- c:\documents and settings\Weeblie Watson\Application Data\vlc
2013-04-28 11:55 . 2013-04-28 11:55 -------- d-----w- c:\program files\VideoLAN
2013-04-28 11:54 . 2013-04-28 11:54 -------- d-----w- c:\program files\Common Files\Java
2013-04-28 11:37 . 2013-04-28 11:36 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-04-28 11:37 . 2013-04-28 11:36 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-04-26 14:15 . 2013-04-26 14:15 -------- d-----w- C:\CLEAN
2013-04-23 09:51 . 2013-04-23 09:51 -------- d-----w- c:\program files\Common Files\Skype
2013-04-18 10:41 . 2013-05-01 17:48 -------- d-----w- C:\Combifix logs
2013-04-04 17:37 . 2013-04-17 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2013-04-04 17:37 . 2013-04-04 17:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
2013-04-04 16:12 . 2013-04-04 16:13 -------- d-----w- c:\program files\ERUNT
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-28 11:36 . 2012-09-22 20:51 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-04-28 11:36 . 2010-04-16 11:46 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-04-04 13:50 . 2010-04-16 11:56 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36 . 2003-07-16 20:51 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32 . 2003-07-16 20:39 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50 . 2002-08-29 01:04 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-02 01:25 . 2003-07-16 20:51 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-02-27 07:56 . 2009-10-22 17:29 2067456 ----a-w- c:\windows\system32\mstscax.dll
2013-02-24 19:03 . 2003-07-16 20:51 832512 ----a-w- c:\windows\system32\wininet.dll
2013-02-24 19:03 . 2003-07-16 20:30 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2013-02-24 19:03 . 2012-03-07 21:02 78336 ----a-w- c:\windows\system32\ieencode.dll
2013-02-24 19:03 . 2003-07-16 20:25 17408 ----a-w- c:\windows\system32\corpol.dll
2013-02-12 00:32 . 2009-10-22 18:14 12928 ------w- c:\windows\system32\drivers\usb8023x.sys
2013-02-12 00:32 . 2003-07-16 20:49 12928 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-04-12 11:30 . 2013-04-12 11:30 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2012-08-01 2345592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-03-24 1983816]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-03 13529088]
"nwiz"="nwiz.exe" [2008-05-03 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-03 86016]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Weeblie Watson\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\prwntdrv]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Weeblie Watson^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\Weeblie Watson\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]
2012-03-01 22:59 285072 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCMSMMSG]
2003-08-29 03:59 122880 ------w- c:\windows\BCMSMMSG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ------w- c:\windows\system32\bthprops.cpl
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenu]
2009-03-18 01:40 767312 ------w- c:\program files\Canon\SolutionMenu\CNSLMAIN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2012-11-29 10:32 2086984 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 18:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2003-11-13 12:19 1232946 ------w- c:\program files\Ahead\InCD\InCD.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-02-20 12:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2008-05-03 05:46 13529088 ----a-w- c:\windows\system32\nvcpl.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2008-05-03 05:46 86016 ----a-w- c:\windows\system32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2008-05-03 05:46 1630208 ----a-w- c:\windows\system32\nwiz.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-02-28 17:50 18642024 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"InCDsrv"=2 (0x2)
"SkypeUpdate"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"gupdatem"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"SamsungAllShareV2.0"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareDMS\\AllShareDMS.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShare.exe"=
"c:\\Program Files\\Samsung\\AllShare\\AllShareAgent.exe"=
"c:\\Documents and Settings\\Weeblie Watson\\Local Settings\\Application Data\\JDownloader 2.0\\JDownloader2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 16:27 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 04:48 32592]
R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [28/02/2011 23:25 14776]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 05:12 255968]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 14:19 297168]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [08/02/2011 05:33 269520]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 16:23 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 16:23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 16:23 27216]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24/01/2010 16:37 47360]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [31/01/2012 16:02 7391072]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [28/02/2013 18:45 161384]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [28/01/2013 20:52 13896]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [28/01/2013 20:52 9160]
S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\INQ1usbser.sys [20/08/2010 11:33 103680]
S3 ldiskl;ldiskl;\??\c:\docume~1\WEEBLI~1\LOCALS~1\Temp\ldiskl.sys --> c:\docume~1\WEEBLI~1\LOCALS~1\Temp\ldiskl.sys [?]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3D.tmp --> c:\windows\system32\3D.tmp [?]
S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [02/03/2012 17:00 27584]
S4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [02/03/2012 17:00 25504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-30 15:52 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 15:51]
.
2013-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-04-30 15:51]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.mytalktalk.co.uk
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{903A7D21-B6DF-49AF-A6A5-E8C98A70A224}: NameServer = 62.24.199.13,62.24.199.23
FF - ProfilePath - c:\documents and settings\Weeblie Watson\Application Data\Mozilla\Firefox\Profiles\2hbx2av0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2013-05-01 18:55
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3D.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(1696)
c:\windows\system32\WININET.dll
c:\windows\system32\nview.dll
c:\windows\system32\NVWRSENG.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2013-05-01 18:57:20
ComboFix-quarantined-files.txt 2013-05-01 17:57
ComboFix2.txt 2013-05-01 12:46
ComboFix3.txt 2013-04-30 09:32
ComboFix4.txt 2013-04-18 10:16
.
Pre-Run: 7,089,876,992 bytes free
Post-Run: 7,079,510,016 bytes free
.
- - End Of File - - 2A5CD7FA6E8E58D499E05CEC09DE60BE