ComboFix 10-02-11.04 - NikolaStosic 02/12/2010 13:25:59.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.768.376 [GMT 1:00]
Running from: d:\documents and settings\NikolaStosic\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\NikolaStosic\nigzss.txt
d:\program files\Adparatus\Adparatus.dll
d:\program files\Search Settings
d:\program files\Search Settings\kb127\SearchSettings.dll
d:\program files\Search Settings\kb127\SearchSettingsRes409.dll
d:\program files\Search Settings\SearchSettings.exe
d:\windows\ce7b6a66-1c86-40d5-95eb-9a6e0b1aa4e6.ocx
d:\windows\EventSystem.log
d:\windows\nigzss.txt
d:\windows\system32\8c583bbc-23ea-4085-8a30-703f39438b9a.dll
d:\windows\system32\ADADIX16.DLL
.
((((((((((((((((((((((((( Files Created from 2010-01-12 to 2010-02-12 )))))))))))))))))))))))))))))))
.
2010-02-11 15:35 . 2010-02-11 15:50 -------- d-----w- d:\program files\Full Tilt Poker
2010-02-11 12:45 . 2010-02-11 12:50 -------- d-----w- d:\program files\VPHoldem
2010-02-11 12:44 . 2010-02-11 12:52 -------- d-----w- d:\program files\PokerRoom.com
2010-02-11 12:37 . 2010-02-11 12:37 -------- d-----w- d:\program files\ReflexiveArcade
2010-02-11 12:32 . 2010-02-11 12:32 -------- d-----w- d:\program files\GameTop.com
2010-02-09 22:38 . 2010-02-09 22:38 -------- d-----w- d:\program files\Trend Micro
2010-02-07 21:04 . 2010-02-07 21:04 -------- d-----w- d:\program files\Google
2010-02-05 18:57 . 2009-08-05 21:48 54752 ----a-w- d:\windows\system32\drivers\fssfltr_tdi.sys
2010-02-05 18:56 . 2010-02-05 18:56 -------- d-----w- d:\program files\Microsoft Sync Framework
2010-02-05 18:55 . 2010-02-05 18:55 -------- d-----w- d:\program files\Microsoft SQL Server Compact Edition
2010-02-04 22:30 . 2003-10-30 13:32 163840 ----a-r- d:\windows\system32\intelmoh.dll
2010-02-04 22:30 . 2003-10-30 13:32 51029 ----a-r- d:\windows\system32\IntelCci.dll
2010-02-04 22:30 . 2003-10-30 13:34 51333 ----a-r- d:\windows\system32\drivers\IntelC53.sys
2010-02-04 22:30 . 2003-10-30 13:33 618089 ----a-r- d:\windows\system32\drivers\IntelC52.sys
2010-02-04 22:30 . 2003-10-30 13:32 31440 ----a-r- d:\windows\system32\drivers\mohfilt.sys
2010-02-04 22:30 . 2003-10-30 13:34 1086741 ----a-r- d:\windows\system32\drivers\IntelC51.sys
2010-02-04 22:15 . 2010-02-04 22:18 -------- d-----w- d:\documents and settings\NikolaStosic\Local Settings\Application Data\Temp
2010-02-04 22:15 . 2010-02-07 21:04 -------- d-----w- d:\documents and settings\NikolaStosic\Local Settings\Application Data\Google
2010-02-04 20:05 . 2010-02-04 20:05 -------- d-----w- d:\windows\ServicePackFiles
2010-02-04 19:16 . 2010-02-04 19:16 5115824 ----a-w- d:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-04 19:14 . 2010-01-07 15:07 38224 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2010-02-04 19:13 . 2010-02-04 19:16 -------- d-----w- d:\program files\Malwarebytes' Anti-Malware
2010-02-04 19:13 . 2010-01-07 15:07 19160 ----a-w- d:\windows\system32\drivers\mbam.sys
2010-02-04 13:43 . 2001-05-04 15:24 3033 ----a-w- d:\windows\system32\drivers\VIAPFD.SYS
2010-02-04 12:29 . 2004-03-02 08:24 127065 ----a-w- d:\windows\system32\drivers\adiusbaw.sys
2010-02-04 12:29 . 2002-05-29 10:22 32768 ----a-w- d:\windows\adiras.exe
2010-02-04 12:29 . 2002-05-09 14:12 155648 ----a-w- d:\windows\system32\adadix32.dll
2010-02-04 12:29 . 2001-07-27 11:25 127456 ----a-w- d:\windows\system32\IPDETECT.EXE
2010-02-04 12:29 . 2004-06-28 10:59 114688 ----a-w- d:\windows\system32\unaddrv.exe
2010-02-04 12:29 . 2004-03-02 08:26 50007 ----a-w- d:\windows\system32\drivers\adildr.sys
2010-02-04 12:29 . 2001-02-09 10:43 4981 ----a-w- d:\windows\system32\ADADIX2K.DLL
2010-02-04 12:29 . 2001-05-24 14:24 22395 ----a-w- d:\windows\system32\drivers\fpga.bin
2010-02-04 12:29 . 2004-02-13 12:33 122880 ----a-w- d:\windows\autoclk.exe
2010-02-03 21:14 . 2010-02-04 19:53 -------- d-----w- d:\documents and settings\NikolaStosic\Application Data\DivX
2010-02-03 21:14 . 2009-11-14 00:49 120056 ------w- d:\windows\system32\pxcpyi64.exe
2010-02-03 21:14 . 2009-11-14 00:49 118520 ------w- d:\windows\system32\pxinsi64.exe
2010-02-03 21:13 . 2010-02-03 21:13 -------- d-----w- d:\program files\Common Files\DivX Shared
2010-02-03 16:01 . 2010-02-03 16:01 -------- d-----w- d:\documents and settings\NikolaStosic\Local Settings\Application Data\RadarSync
2010-02-03 12:31 . 2010-02-03 13:06 -------- d-----w- d:\windows\system32\CatRoot_bak
2010-02-03 12:30 . 2010-02-03 12:14 3777280 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-03 12:30 . 2010-02-03 12:13 1260800 ----a-w- d:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-03 12:15 . 2010-02-03 12:35 -------- d-----w- D:\$AVG
2010-02-03 12:14 . 2010-02-03 12:14 12464 ----a-w- d:\windows\system32\avgrsstx.dll
2010-02-03 12:14 . 2010-02-03 12:14 360584 ----a-w- d:\windows\system32\drivers\avgtdix.sys
2010-02-03 12:14 . 2010-02-03 12:14 333192 ----a-w- d:\windows\system32\drivers\avgldx86.sys
2010-02-03 12:14 . 2010-02-03 12:14 28424 ----a-w- d:\windows\system32\drivers\avgmfx86.sys
2010-02-03 12:14 . 2010-02-12 12:19 -------- d-----w- d:\windows\system32\drivers\Avg
2010-02-03 12:13 . 2010-02-12 12:18 -------- d-----w- d:\documents and settings\All Users\Application Data\avg9
2010-01-28 17:25 . 2010-01-28 17:25 -------- d-----w- d:\program files\Eagle USB ADSL Modem
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-12 12:36 . 2009-04-07 12:59 -------- d-----w- d:\documents and settings\NikolaStosic\Application Data\DNA
2010-02-12 12:34 . 2009-03-30 14:27 -------- d-----w- d:\program files\Adparatus
2010-02-12 12:29 . 2009-03-30 12:03 -------- d-----w- d:\program files\AVG
2010-02-12 12:16 . 2009-04-07 12:59 -------- d-----w- d:\program files\DNA
2010-02-12 12:13 . 2009-06-16 13:56 -------- d-----w- d:\documents and settings\NikolaStosic\Application Data\uTorrent
2010-02-11 15:50 . 2007-05-09 12:16 -------- d--h--w- d:\program files\InstallShield Installation Information
2010-02-10 11:22 . 2007-05-04 09:55 -------- d-----w- d:\documents and settings\All Users\Application Data\Microsoft Help
2010-02-09 22:24 . 2007-05-04 10:46 -------- d-----w- d:\program files\Common Files\Adobe
2010-02-05 18:57 . 2009-03-17 12:52 -------- d-----w- d:\program files\Windows Live
2010-02-05 12:39 . 2009-03-17 13:15 -------- d-----w- d:\program files\Microsoft Silverlight
2010-02-04 18:06 . 2008-07-25 13:57 1024 -c--a-w- d:\documents and settings\All Users\Application Data\BVRP Software\Motorola Phone Tools\faxres.cmd
2010-02-04 12:35 . 2010-02-04 12:29 483 ----a-w- d:\windows\system32\drivers\CMVep.txt
2010-02-04 12:35 . 2010-02-04 12:29 29 ----a-w- d:\windows\system32\drivers\adidsl.cfg
2010-02-04 09:23 . 2007-08-18 13:50 -------- d-----w- d:\program files\DivX
2010-02-03 21:36 . 2007-08-18 14:06 -------- d-----w- d:\program files\Mv2Player
2010-02-03 12:06 . 2009-07-20 16:18 -------- d---a-w- d:\documents and settings\All Users\Application Data\TEMP
2010-01-08 19:56 . 2009-07-04 10:14 -------- d-----w- d:\program files\LG PC Suite II
2009-12-31 16:14 . 2004-08-03 21:14 352640 ----a-w- d:\windows\system32\drivers\srv.sys
2009-12-22 05:42 . 2004-08-03 22:56 662016 ----a-w- d:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-03 22:56 81920 ----a-w- d:\windows\system32\ieencode.dll
2009-12-14 07:35 . 2004-08-03 22:56 33280 ----a-w- d:\windows\system32\csrsrv.dll
2009-12-08 18:55 . 2004-08-03 21:20 2180352 ----a-w- d:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2004-08-03 22:59 2057728 ----a-w- d:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-03 21:15 453760 ----a-w- d:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- d:\windows\system32\msyuv.dll
2009-11-27 17:33 . 2004-08-03 22:56 1291264 ----a-w- d:\windows\system32\quartz.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- d:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2004-08-03 22:56 11264 ----a-w- d:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-03 22:56 84992 ----a-w- d:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2003-03-31 12:00 28672 ----a-w- d:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- d:\windows\system32\tsbyuv.dll
2009-11-21 16:36 . 2004-08-03 22:56 470528 ----a-w- d:\windows\AppPatch\aclayers.dll
2009-11-04 10:06 . 2009-11-04 10:06 101888 --sh--r- d:\windows\usbdrv.exe
2007-08-18 13:51 . 2007-08-18 13:50 56 --sh--r- d:\windows\system32\B5502D333A.sys
2007-08-18 13:51 . 2007-08-18 13:50 1682 --sha-w- d:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "d:\program files\Winamp Toolbar\winamptb.dll" [2009-02-19 1262888]
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"Adparatus"="d:\program files\Adparatus\Adparatus.exe" [2009-03-16 451264]
"BitTorrent DNA"="d:\program files\DNA\btdna.exe" [2009-10-04 323392]
"Google Update"="d:\documents and settings\NikolaStosic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-04 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RemoteControl"="d:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"DAEMON Tools"="d:\program files\DAEMON Tools\daemon.exe" [2005-11-08 128920]
"Adobe Photo Downloader"="d:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-06-16 148888]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Universal Bus device"="usbdrv.exe" [2009-11-04 101888]
"googletalk"="d:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
d:\documents and settings\NikolaStosic\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
d:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - d:\program files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe [2010-2-4 929889]
EPSON Status Monitor 3 Environment Check.lnk - d:\windows\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [2000-10-2 121856]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-03 12:14 12464 ----a-w- d:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"d:\\Program Files\\DNA\\btdna.exe"=
"d:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\WINDOWS\\usbdrv.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"d:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57396:TCP"= 57396:TCP:Pando Media Booster
"57396:UDP"= 57396:UDP:Pando Media Booster
R1 AvgLdx86;AVG Free AVI Loader Driver x86;d:\windows\system32\drivers\avgldx86.sys [2/3/2010 1:14 PM 333192]
R1 AvgTdiX;AVG Free Network Redirector;d:\windows\system32\drivers\avgtdix.sys [2/3/2010 1:14 PM 360584]
R2 avg9wd;AVG Free WatchDog;d:\program files\AVG\AVG9\avgwdsvc.exe [2/3/2010 1:13 PM 285392]
R2 fssfltr;FssFltr;d:\windows\system32\drivers\fssfltr_tdi.sys [2/5/2010 7:57 PM 54752]
S0 lccgvc;lccgvc;d:\windows\system32\drivers\iuset.sys --> d:\windows\system32\drivers\iuset.sys [?]
S0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [12/15/2007 11:06 PM 721904]
S3 fsssvc;Usluga Windows Live Porodicna bezbednost;d:\program files\Windows Live\Family Safety\fsssvc.exe [8/5/2009 10:48 PM 704864]
S3 USBModem000;LGE Mobile USB Modem TC;d:\windows\system32\drivers\usbser.sys [5/9/2007 1:18 PM 25600]
.
Contents of the 'Scheduled Tasks' folder
2010-02-09 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
2010-02-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1972579041-1417001333-1003Core.job
- d:\documents and settings\NikolaStosic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-04 22:15]
2010-02-11 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1606980848-1972579041-1417001333-1003UA.job
- d:\documents and settings\NikolaStosic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-04 22:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZU&fl=0&ptb=YTSmRYFDK78tFkOz6sZAow&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = *.local
IE: &Search
IE: &Winamp Search - d:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Compare Prices with &Dealio - d:\documents and settings\NikolaStosic\Application Data\Dealio\kb127\res\DealioSearch.html
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: ketsujin.com\fighterace
Trusted Zone: ketsujin.com\primary
Trusted Zone: ketsujin.com\update
Trusted Zone: ketsujin.com\www
Trusted Zone: stormofaces.com\www
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - d:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
URLSearchHooks-E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - d:\program files\Search Settings\kb127\SearchSettings.dll
BHO-{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - (no file)
BHO-{8B2C7C9D-716D-4e9e-9358-B9C80A81B7ED} - d:\program files\Adparatus\Adparatus.dll
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - d:\program files\Search Settings\kb127\SearchSettings.dll
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-DriverUpdaterPro - d:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
HKLM-Run-Sys32 - c:\windows\Sys32.exe
HKLM-Run-HService - c:\windows\msservice.exe
HKLM-Run-Blubster - d:\program files\Blubster\Blubster.exe
HKLM-Run-SearchSettings - d:\program files\Search Settings\SearchSettings.exe
SafeBoot-oacfjezw.sys
AddRemove-Sierra Utilities - d:\program files\Sierra On-Line\sutil32.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-02-12 13:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1606980848-1972579041-1417001333-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-02-12 13:39:56
ComboFix-quarantined-files.txt 2010-02-12 12:39
Pre-Run: 3,427,069,952 bytes free
Post-Run: 4,782,690,304 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 339A467E25277DF35E8BF48888A0C737