I was able to run combofix.exe after the rename. I had to run it twice because it got stuck and wasnt moving forward after about two hours. The second run went through all the way. My first post will include the combofix log and then second will have my Hijackthis log.
The first run had me write down these files because they had rootkit activity (didnt include these in the second run). The second run had other but they were all deleted which shows in log im sure.
First run rootkit files-
C:\windows\ststem32\drivers\uacorgmvogptkqpakt.sys
C:\windows\ststem32\uacytdydgmulgmckws.dll
C:\windows\ststem32\uacupqfswwdpbnefmu.dat
C:\windows\ststem32\uacuceynytvkasstiw.dll
C:\windows\ststem32\uacwinogspscbkdlgk.dll
C:\windows\ststem32\uacmfsrbjlkxoqjsqh.dll
C:\windows\ststem32\uachryhcikilhsfuqu.dll
C:\windows\ststem32\uacuswefamjiqpcfmd.log
C:\windows\ststem32\uacbtuefkffhymnkfi.log
C:\windows\ststem32\uacuxejuocpyeqpdxt.log
Thought I should include those. Anyways here is the combofix log.
ComboFix 09-07-13.01 - Keith Peters 07/16/2009 16:40.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1535.1054 [GMT -7:00]
Running from: c:\documents and settings\Keith Peters\Desktop\fiveseventhree.exe.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\-2141608929
c:\docume~1\ALLUSE~1\APPLIC~1\93821246.ini
c:\program files\Microsoft Common
c:\windows\ro122458.dat
c:\windows\system32\a99k.bin
c:\windows\system32\drivers\hjgruiljumasvp.sys
c:\windows\system32\drivers\kkjztnyuu.sys
c:\windows\system32\drivers\mrxdavv.sys
c:\windows\system32\drivers\str.sys
c:\windows\system32\hjgruijuvjpxlk.dat
c:\windows\system32\hjgruikjakiywq.dat
c:\windows\system32\hjgruiulqgwsyo.dll
c:\windows\system32\hjgruiytnurfir.dll
c:\windows\system32\kwave.sys
c:\windows\system32\lowsec
c:\windows\system32\rbadzm.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\wxbadfii.ini
c:\windows\system32\wxbadfii.ini2
C:\xcrashdump.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_hjgruiojqwxlap
-------\Legacy_ABMYZSJVHFP
((((((((((((((((((((((((( Files Created from 2009-06-16 to 2009-07-16 )))))))))))))))))))))))))))))))
.
2009-07-16 19:22 . 2009-07-16 19:22 8368 ----a-w- c:\windows\system32\drivers\c2364285.sys
2009-07-16 19:22 . 2009-07-16 19:22 8368 ----a-w- c:\windows\system32\rbadza.sys
2009-07-12 10:59 . 2009-07-12 19:46 -------- d-----w- c:\program files\World of Warcraft Public Test
2009-07-10 23:40 . 2009-07-10 23:44 -------- d-----w- c:\program files\3.0.1.8874 US PTR Installer
2009-07-10 22:02 . 2009-07-10 22:02 -------- d-----w- C:\spoolerlogs
2009-07-10 22:01 . 2008-12-11 15:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-07-10 22:01 . 2009-04-03 18:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-07-10 22:01 . 2008-12-18 19:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-07-10 22:01 . 2009-07-10 22:01 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-10 22:01 . 2008-12-10 18:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-07-10 22:01 . 2009-07-10 22:01 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\PC Tools
2009-07-09 20:25 . 2008-02-26 11:59 294912 -c----w- c:\windows\system32\dllcache\msctf.dll
2009-07-09 20:17 . 2009-06-17 18:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-09 20:17 . 2009-07-09 20:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-09 20:17 . 2009-07-09 20:17 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Malwarebytes
2009-07-09 20:17 . 2009-06-17 18:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-09 03:30 . 2009-07-09 03:30 -------- d-----w- c:\documents and settings\Keith Peters\Tracing
2009-07-09 03:28 . 2009-07-09 03:28 -------- d-----w- C:\3f1b052d2bc76f07545f084d2e464801
2009-07-09 03:28 . 2009-07-09 03:28 -------- d-----w- c:\program files\Microsoft
2009-07-09 03:27 . 2009-07-09 03:27 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-09 03:27 . 2009-07-09 03:28 -------- d-----w- c:\program files\Windows Live
2009-07-09 03:25 . 2009-07-09 03:25 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-09 01:50 . 2009-07-09 01:50 -------- d-----w- c:\program files\Trend Micro
2009-07-09 01:20 . 2009-06-10 13:03 457248 ----a-w- c:\windows\system32\nvudisp.exe
2009-07-09 01:19 . 2009-07-09 01:19 -------- d-----w- C:\NVIDIA
2009-07-09 01:15 . 2009-07-09 01:15 -------- d-----w- c:\program files\SystemRequirementsLab
2009-07-09 01:15 . 2009-07-09 01:15 -------- d-----w- c:\documents and settings\Keith Peters\Application Data\SystemRequirementsLab
2009-07-08 23:13 . 2009-07-08 23:13 -------- d-----w- c:\documents and settings\Keith Peters\Application Data\Uniblue
2009-07-08 23:05 . 2009-07-08 23:05 -------- d-----w- c:\program files\Uniblue
2009-07-08 22:54 . 2009-07-08 22:55 42376 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
2009-07-08 22:54 . 2007-12-10 21:53 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
2009-07-08 22:54 . 2007-12-10 21:53 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
2009-07-08 22:54 . 2007-12-10 21:53 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
2009-07-08 22:53 . 2009-07-16 21:06 -------- d-----w- c:\program files\Spyware Doctor
2009-07-08 22:53 . 2009-07-08 22:53 -------- d-----w- c:\documents and settings\Keith Peters\Application Data\PC Tools
2009-07-08 22:49 . 2009-07-09 07:33 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\SecTaskMan
2009-07-08 22:49 . 2009-07-08 22:49 -------- d-----w- c:\program files\Security Task Manager
2009-07-08 22:34 . 2009-07-08 22:43 -------- d-----w- c:\windows\BDOSCAN8
2009-07-08 22:31 . 2009-07-08 22:31 -------- d-----w- c:\documents and settings\Keith Peters\Local Settings\Application Data\AIM Toolbar
2009-07-04 07:02 . 2009-07-10 11:09 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-04 07:00 . 2009-07-04 07:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-04 06:59 . 2009-07-04 06:59 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-04 06:59 . 2009-07-04 06:59 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 06:59 . 2009-07-04 06:59 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-04 06:59 . 2009-07-16 19:14 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-04 06:59 . 2009-07-04 06:59 -------- d-----w- c:\program files\AVG
2009-07-04 06:59 . 2009-07-04 09:05 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\avg8
2009-07-04 06:52 . 2009-07-04 06:52 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-16 23:52 . 2007-07-27 17:08 -------- d---a-w- c:\docume~1\ALLUSE~1\APPLIC~1\TEMP
2009-07-16 23:52 . 2006-07-02 06:34 -------- d-----w- c:\documents and settings\Keith Peters\Application Data\Xfire
2009-07-16 23:52 . 2006-07-02 06:34 -------- d-s---w- c:\program files\Xfire
2009-07-16 23:51 . 2006-07-26 18:40 -------- d-----w- c:\program files\Steam
2009-07-14 18:29 . 2006-06-04 02:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-14 08:58 . 2006-06-04 02:20 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-14 08:48 . 2007-07-27 17:03 -------- d-----w- c:\program files\Azureus
2009-07-12 11:31 . 2006-01-19 23:57 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-07-11 05:30 . 2009-07-11 05:30 56832 ---ha-w- c:\windows\system32\drivers\smss.exe_
2009-07-11 01:36 . 2006-01-19 23:57 -------- d-----w- c:\program files\World of Warcraft
2009-07-10 21:56 . 2006-01-23 04:03 26344 ----a-w- c:\documents and settings\Keith Peters\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-09 20:11 . 2007-11-30 23:31 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-09 03:40 . 2008-08-07 06:55 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-09 03:19 . 2007-04-21 00:18 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\McAfee
2009-07-09 01:15 . 2008-05-22 05:05 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-21 15:46 . 2008-05-22 05:10 485920 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-06-10 15:28 . 2009-06-10 15:28 3510272 ----a-w- c:\windows\system32\nvgames.dll
2009-06-10 15:28 . 2009-06-10 15:28 4022272 ----a-w- c:\windows\system32\nvdisps.dll
2009-06-10 15:28 . 2009-06-10 15:28 86016 ----a-w- c:\windows\system32\nvmctray.dll
2009-06-10 15:28 . 2009-06-10 15:28 168004 ----a-w- c:\windows\system32\nvsvc32.exe
2009-06-10 15:28 . 2009-06-10 15:28 143360 ----a-w- c:\windows\system32\nvcolor.exe
2009-06-10 15:28 . 2009-06-10 15:28 13758464 ----a-w- c:\windows\system32\nvcpl.dll
2009-06-10 15:28 . 2009-06-10 15:28 229376 ----a-w- c:\windows\system32\nvmccs.dll
2009-06-10 13:03 . 2009-06-10 13:03 9998336 ----a-w- c:\windows\system32\nvoglnt.dll
2009-06-10 13:03 . 2009-06-10 13:03 815104 ----a-w- c:\windows\system32\nvapi.dll
2009-06-10 13:03 . 2009-06-10 13:03 8087712 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-06-10 13:03 . 2009-06-10 13:03 671744 ----a-w- c:\windows\system32\nvcuvid.dll
2009-06-10 13:03 . 2009-06-10 13:03 5908608 ----a-w- c:\windows\system32\nv4_disp.dll
2009-06-10 13:03 . 2009-06-10 13:03 1580550 ----a-w- c:\windows\system32\nvdata.bin
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcodins.dll
2009-06-10 13:03 . 2009-06-10 13:03 151552 ----a-w- c:\windows\system32\nvcod.dll
2009-06-10 13:03 . 2009-06-10 13:03 1310720 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-06-10 13:03 . 2008-05-03 05:46 1720320 ----a-w- c:\windows\system32\nvcuda.dll
2009-06-10 08:04 . 2009-06-10 04:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\93821246
2009-06-10 08:04 . 2009-06-10 04:37 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\13811254
2009-05-21 21:21 . 2006-06-08 01:46 -------- d---a-w- c:\program files\Diablo II
2009-05-20 21:35 . 2009-05-20 21:35 50 ----a-w- c:\windows\system32\bridf06a.dat
2009-05-20 21:34 . 2009-05-20 21:33 -------- d-----w- c:\program files\Brother
2009-05-20 21:33 . 2006-01-19 23:07 -------- d-----w- c:\program files\Common Files\InstallShield
2009-05-20 21:32 . 2006-01-19 23:16 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-20 21:30 . 2009-05-20 21:30 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\InstallShield
2009-05-20 21:29 . 2009-05-20 21:29 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2009-05-20 21:29 . 2009-05-20 21:28 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\ScanSoft
2009-05-20 21:28 . 2009-05-20 21:28 -------- d-----w- c:\program files\ScanSoft
2009-05-20 21:26 . 2009-05-20 21:26 -------- d-----w- c:\docume~1\ALLUSE~1\APPLIC~1\Brother
2009-07-10 20:42 . 2008-07-09 19:00 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\MSMSGS.EXE" [2004-10-13 1694208]
"Steam"="c:\program files\Steam\Steam.exe" [2009-07-10 1217784]
"igndlm.exe"="c:\program files\IGN\Download Manager\DLM.exe" [2008-08-01 1103216]
"Aim6"="c:\program files\AIM6\aim6.exe" [2008-10-21 50472]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2008-10-10 4789760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2005-06-21 1851392]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-09-14 50688]
"XFP: Multi-IM"="c:\program files\Xfire Plus\Multi-IM\MultiIM.exe" [2006-03-26 610816]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-09-14 267064]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-10-15 185632]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-03-28 622592]
"SetDefPrt"="c:\program files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-27 49152]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-04-10 61440]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-04 1948440]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-06-10 1657376]
c:\documents and settings\Keith Peters\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2007-2-6 2399824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-04 07:00 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\c2364285.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\1337killa\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\1337killa\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\1337killa\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Curse\\CurseClient.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.0-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\Launcher.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.0.10048-to-0.2.0.10072-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft Public Test\\WoW-0.2.0.10072-to-0.2.0.10083-enUS-downloader.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard downloader
"6112:TCP"= 6112:TCP:Blizzard Downloader
"2500:TCP"= 2500:TCP:patch
"8115:TCP"= 8115:TCP:patch1
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [7/10/2009 3:01 PM 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/3/2009 11:59 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [7/3/2009 11:59 PM 108552]
R1 c2364285;c2364285;c:\windows\system32\drivers\c2364285.sys [7/16/2009 12:22 PM 8368]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/3/2009 11:59 PM 298776]
R2 NinjaVideo Helper.exe;NinjaVideo Helper;c:\program files\NinjaVideo\NinjaVideo Helper\NinjaVideo Helper.exe [4/10/2008 9:01 PM 110592]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [7/8/2009 3:53 PM 348752]
S2 abmyzsjvhfp;abmyzsjvhfp;\??\c:\windows\system32\drivers\kkjztnyuu.sys --> c:\windows\system32\drivers\kkjztnyuu.sys [?]
S2 obkmozv;obkmozv;\??\c:\windows\system32\drivers\kijgdwrlnejrf.sys --> c:\windows\system32\drivers\kijgdwrlnejrf.sys [?]
S3 cqothcc;cqothcc;\??\c:\documents and settings\Keith Peters\My Documents\wow trial\cqothcc.sys --> c:\documents and settings\Keith Peters\My Documents\wow trial\cqothcc.sys [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/13/2009 10:46 PM 24652]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-HookURL - (no file)
URLSearchHooks-Rank - (no file)
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/mStart Page =
hxxp://www.gatewaybiz.comuInternet Connection Wizard,ShellNext =
hxxp://www.gatewaybiz.com/uSearchURL,(Default) =
hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
DPF: DirectAnimation Java Classes -
file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\docume~1\KEITHP~1\APPLIC~1\Mozilla\Firefox\Profiles\ahsy113l.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://slirsredirect.search.aol.com/sli ... ie7&query=FF - prefs.js: browser.search.selectedEngine - AIM Search
FF - prefs.js: browser.startup.homepage -
hxxp://arizona.edu/FF - prefs.js: keyword.URL -
hxxp://slirsredirect.search.aol.com/sli ... rab&query=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\IGN\Download Manager\npfpdlm.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-16 16:53
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(836)
c:\program files\Xfire\xfire_toucan_24715.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\Common Files\Lanovation\PrismXL\PRISMXL.SYS
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Brother\ControlCenter3\BrccMCtl.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AIM6\aolsoftware.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-07-16 16:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-16 23:58
Pre-Run: 128,631,222,272 bytes free
Post-Run: 128,504,520,704 bytes free
275 --- E O F --- 2009-04-16 10:02