Tech Support Forum - View Single Post

jooools · 08-07-2007, 12:16 PM

I'm getting a "cant read raw system...." error after running it but the log is as follows

ComboFix 07-08-07.6 - "Julian" 2007-08-07 19:09:33.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.150 [GMT 1:00]

((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 )))))))))))))))))))))))))))))))

2007-08-07 16:58 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-04 12:35 24,128 --a------ C:\WINDOWS\system32\W40Ld5e6.exe
2007-07-18 20:31 <DIR> d-------- C:\Program Files\Vstplugins
2007-07-18 20:13 <DIR> d--hs---- C:\found.000
2007-07-18 20:06 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-07-18 18:08 <DIR> d-------- C:\Program Files\Garden Planner
2007-07-17 21:14 <DIR> d-------- C:\Program Files\Xvid

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 18:48 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\uTorrent
2007-08-07 17:52 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000002-80401102}.dat
2007-08-07 17:52 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000C-00001102-00000002-80401102}.dat
2007-08-06 17:19 --------- d-------- C:\Program Files\Trend Micro
2007-07-31 20:40 --------- d-------- C:\Program Files\eMule
2007-07-22 13:22 --------- d-------- C:\Program Files\IrfanView
2007-07-22 09:32 1852 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-07-18 20:34 --------- d-------- C:\Program Files\Sony
2007-07-18 18:18 248 --a------ C:\Program Files\Garden Plannerini.xml
2007-07-04 17:50 --------- d-------- C:\Program Files\iZotope
2007-07-04 17:50 --------- d-------- C:\Program Files\Common Files\iZotope
2007-07-04 17:50 --------- d-------- C:\Program Files\Common Files\Digidesign
2007-07-04 16:57 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\Publish Providers
2007-07-04 16:54 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\Sony
2007-07-04 16:48 --------- d-------- C:\Program Files\Sony Setup
2007-06-30 21:59 5 --a------ C:\WINDOWS\system32\system1.dat
2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-26 20:42 --------- d-------- C:\Program Files\easetech
2007-04-24 20:12 36248 --a------ C:\DOCUME~1\Julian\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-02-22 22:26 177152 --a------ C:\Program Files\utorrent.exe
2006-10-08 19:02 892928 --a------ C:\Program Files\GSpot.exe
2006-10-02 23:59 137 --a------ C:\Program Files\exportformat.txt
2006-10-01 22:47 95008 -ra------ C:\Program Files\GSpot26.dat
2006-09-29 08:29 3615 -ra------ C:\Program Files\license.txt
2006-09-28 17:22 91265 --a------ C:\Program Files\OCT2006_xinput_x64.cab
2006-09-28 17:22 49149 --a------ C:\Program Files\OCT2006_xinput_x86.cab
2006-09-28 17:21 41996 --a------ C:\Program Files\dxdllreg_x86.cab
2006-09-28 17:21 183321 --a------ C:\Program Files\OCT2006_XACT_x64.cab
2006-09-28 17:21 1413862 --a------ C:\Program Files\OCT2006_d3dx9_31_x64.cab
2006-09-28 17:21 138977 --a------ C:\Program Files\OCT2006_XACT_x86.cab
2006-09-28 17:21 1128177 --a------ C:\Program Files\OCT2006_d3dx9_31_x86.cab
2006-09-28 16:55 976020 --------- C:\Program Files\BDAXP.cab
2006-09-28 16:55 917318 --------- C:\Program Files\Apr2006_MDX1_x86.cab
2006-09-28 16:55 88102 --------- C:\Program Files\AUG2006_xinput_x64.cab
2006-09-28 16:55 87989 --------- C:\Program Files\Apr2006_xinput_x64.cab
2006-09-28 16:55 86925 --------- C:\Program Files\Oct2005_xinput_x64.cab
2006-09-28 16:55 82374 --a------ C:\Program Files\dxupdate.cab
2006-09-28 16:55 74520 --a------ C:\Program Files\DSETUP.dll
2006-09-28 16:55 703080 --------- C:\Program Files\BDA.cab
2006-09-28 16:55 484632 --a------ C:\Program Files\DXSETUP.exe
2006-09-28 16:55 47018 --------- C:\Program Files\AUG2006_xinput_x86.cab
2006-09-28 16:55 46898 --------- C:\Program Files\Apr2006_xinput_x86.cab
2006-09-28 16:55 46247 --------- C:\Program Files\Oct2005_xinput_x86.cab
2006-09-28 16:55 4163518 --------- C:\Program Files\Apr2006_MDX1_x86_Archive.cab
2006-09-28 16:55 2248984 --a------ C:\Program Files\dsetup32.dll
2006-09-28 16:55 183863 --------- C:\Program Files\AUG2006_XACT_x64.cab
2006-09-28 16:55 181745 --------- C:\Program Files\JUN2006_XACT_x64.cab
2006-09-28 16:55 180021 --------- C:\Program Files\Apr2006_xact_x64.cab
2006-09-28 16:55 179247 --------- C:\Program Files\Feb2006_xact_x64.cab
2006-09-28 16:55 15493481 --------- C:\Program Files\DirectX.cab
2006-09-28 16:55 1398718 --------- C:\Program Files\Apr2006_d3dx9_30_x64.cab
2006-09-28 16:55 138195 --------- C:\Program Files\AUG2006_XACT_x86.cab
2006-09-28 16:55 1363684 --------- C:\Program Files\Feb2006_d3dx9_29_x64.cab
2006-09-28 16:55 1358864 --------- C:\Program Files\Dec2005_d3dx9_28_x64.cab
2006-09-28 16:55 1351430 --------- C:\Program Files\Aug2005_d3dx9_27_x64.cab
2006-09-28 16:55 1348242 --------- C:\Program Files\Apr2005_d3dx9_25_x64.cab
2006-09-28 16:55 134631 --------- C:\Program Files\JUN2006_XACT_x86.cab
2006-09-28 16:55 133991 --------- C:\Program Files\Apr2006_xact_x86.cab
2006-09-28 16:55 1336890 --------- C:\Program Files\Jun2005_d3dx9_26_x64.cab
2006-09-28 16:55 133297 --------- C:\Program Files\Feb2006_xact_x86.cab
2006-09-28 16:55 13265040 --------- C:\Program Files\dxnt.cab
2006-09-28 16:55 1248387 --------- C:\Program Files\Feb2005_d3dx9_24_x64.cab
2006-09-28 16:55 1156363 --------- C:\Program Files\BDANT.cab
2006-09-28 16:55 1116109 --------- C:\Program Files\Apr2006_d3dx9_30_x86.cab
2006-09-28 16:55 1085608 --------- C:\Program Files\Feb2006_d3dx9_29_x86.cab
2006-09-28 16:55 1080344 --------- C:\Program Files\Dec2005_d3dx9_28_x86.cab
2006-09-28 16:55 1079850 --------- C:\Program Files\Apr2005_d3dx9_25_x86.cab
2006-09-28 16:55 1078532 --------- C:\Program Files\Aug2005_d3dx9_27_x86.cab
2006-09-28 16:55 1065813 --------- C:\Program Files\Jun2005_d3dx9_26_x86.cab
2006-09-28 16:55 1014113 --------- C:\Program Files\Feb2005_d3dx9_24_x86.cab
2006-08-12 15:51 757760 --a------ C:\Program Files\VirtualDub.exe
2006-08-12 15:51 120235 --a------ C:\Program Files\VirtualDub.vdi
2006-08-12 15:50 7738 --a------ C:\Program Files\vdub.exe
2006-08-12 15:50 16384 --a------ C:\Program Files\auxsetup.exe
2006-08-12 15:49 7168 --a------ C:\Program Files\vdremote.dll
2006-08-12 15:49 7168 --a------ C:\Program Files\vdicmdrv.dll
2006-08-12 15:49 5120 --a------ C:\Program Files\vdsvrlnk.dll
2006-08-12 15:49 210421 --a------ C:\Program Files\VirtualDub.chm
2006-04-14 12:21 5632 --ahs---- C:\Program Files\Thumbs.db
2005-12-19 23:52 18321 --a------ C:\Program Files\copying
2005-12-05 19:28 916806 --------- C:\Program Files\Dec2005_MDX1_x86.cab
2005-12-05 19:28 3673932 --------- C:\Program Files\Dec2005_MDX1_x86_Archive.cab
2005-10-12 16:30 55296 --a------ C:\Program Files\sis-usbdetect.exe
2005-10-11 17:33 559776 --a------ C:\Program Files\GoogleToolbarInstaller.exe
2005-10-07 08:25 2855080 --a------ C:\Program Files\aawsepersonal.exe
2005-09-15 21:23 9346664 --a------ C:\Program Files\zlsSetup_60_667_000.exe
2005-07-23 10:36 2995547 --a------ C:\Program Files\everesthome200.exe
2005-07-22 18:07 1440768 --a------ C:\Program Files\Windows System Information.exe
2005-07-08 18:54 315624 --a------ C:\Program Files\dxwebsetup.exe
2005-03-23 21:17 899414 --a------ C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe
2005-03-23 11:34 31607334 --a------ C:\Program Files\Nero-6.6.0.8a.exe
2005-03-23 11:27 133764 --a------ C:\Program Files\15.03.Nero.v6.6.0.8a.zip
2005-03-08 14:54 2152448 --a------ C:\Program Files\loader8400x.iso
2005-02-23 20:33 2593456 --a------ C:\Program Files\DVD-Author.exe
2005-02-17 22:49 1628816 --a------ C:\Program Files\xscsetup.exe
2005-02-11 23:47 6670952 --a------ C:\Program Files\zlsSetup_55_062_011.exe
2005-02-10 03:30 5065321 --a--c--- C:\Program Files\Ashampoo Burning Studio v5.0.2.rar
2005-02-05 17:38 2062665 --a------ C:\Program Files\spywareguardsetup.exe
2005-02-05 14:26 1425786 --a------ C:\Program Files\(APP) Cool Mp3 Splitter 1.2 + crack (splits full albums int.zip
2006-01-26 05:49:40 104 --sh--r C:\WINDOWS\system32\B724F8875B.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}]
C:\WINDOWS\WebAssist.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-05 13:33]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IE New Window Maximizer"="C:\Program Files\IE New Window Maximizer\iemaximizer.exe" [2005-02-09 00:06]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 15:18 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=c:\windows\system32\awvwwxy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk]
backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Julian^Start Menu^Programs^Startup^SpywareGuard.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
"C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\963d27xm]
C:\DOCUME~1\Julian\LOCALS~1\Temp\crasos.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ]
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
"C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43]
"C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection]
"C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair]
C:\Program Files\Logitech\ImageStudio\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray]
C:\Program Files\Logitech\ImageStudio\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
"C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STManager]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer]
rundll32.exe "C:\WINDOWS\ljiggf.dll",forkonce

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
C:\Program Files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster]
C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
%systemroot%\system32\dumprep 0 -u

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch]
CTHELPER.EXE

R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys
R3 3dfxvs;3dfxvs;C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys
R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys
R3 USR1806V;U.S. Robotics Voice Modem Driver 1806;C:\WINDOWS\system32\DRIVERS\USR1806V.SYS
S2 .NETSecurity;.NETSecurity;C:\WINDOWS\system32\netsecurity.exe
S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys
S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys
S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys
S3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys
S3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys

*Newly Created Service* - CATCHME

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{17C40175-E1AB-87AE-0503-030805060600}]
C:\WINDOWS\system32\scvhost.exe

Contents of the 'Scheduled Tasks' folder
2007-08-06 23:00:00 C:\WINDOWS\Tasks\At1.job
2007-08-05 08:00:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\GM27iR63.exe
2007-08-05 09:00:01 C:\WINDOWS\Tasks\At11.job
2007-08-05 10:00:00 C:\WINDOWS\Tasks\At12.job
2007-08-05 11:00:00 C:\WINDOWS\Tasks\At13.job
2007-08-05 12:00:00 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\GM27iR63.exe
2007-08-05 13:00:01 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\GM27iR63.exe
2007-08-05 14:00:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\GM27iR63.exe
2007-08-05 15:00:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\GM27iR63.exe
2007-08-07 16:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\GM27iR63.exe
2007-08-07 17:00:00 C:\WINDOWS\Tasks\At19.job
2007-08-07 00:00:00 C:\WINDOWS\Tasks\At2.job
2007-08-07 18:00:01 C:\WINDOWS\Tasks\At20.job
2007-08-06 19:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\GM27iR63.exe
2007-08-06 20:00:00 C:\WINDOWS\Tasks\At22.job
2007-08-06 21:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\GM27iR63.exe
2007-08-06 22:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\GM27iR63.exe
2007-08-06 23:00:00 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-07 00:00:00 C:\WINDOWS\Tasks\At26.job
2007-08-07 01:00:00 C:\WINDOWS\Tasks\At27.job
2007-08-07 02:00:00 C:\WINDOWS\Tasks\At28.job
2007-08-07 03:00:00 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-07 01:00:00 C:\WINDOWS\Tasks\At3.job
2007-08-07 04:00:00 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-07 05:00:00 C:\WINDOWS\Tasks\At31.job
2007-08-07 06:00:00 C:\WINDOWS\Tasks\At32.job
2007-08-05 07:00:00 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-05 08:00:00 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-05 09:00:01 C:\WINDOWS\Tasks\At35.job
2007-08-05 10:00:00 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-05 11:00:00 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-05 12:00:00 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-05 13:00:02 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-07 02:00:00 C:\WINDOWS\Tasks\At4.job
2007-08-05 14:00:01 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-05 15:00:00 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-07 16:00:01 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-07 17:00:00 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-07 18:00:01 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-06 19:00:00 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-06 20:00:00 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-06 21:00:01 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-06 22:00:00 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\3M7Ust0p.exe
2007-08-06 23:00:31 C:\WINDOWS\Tasks\At49.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-07 03:00:00 C:\WINDOWS\Tasks\At5.job
2007-08-07 00:00:31 C:\WINDOWS\Tasks\At50.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-07 01:00:34 C:\WINDOWS\Tasks\At51.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-07 02:00:31 C:\WINDOWS\Tasks\At52.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-07 03:00:32 C:\WINDOWS\Tasks\At53.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-07 04:00:34 C:\WINDOWS\Tasks\At54.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-07 05:00:31 C:\WINDOWS\Tasks\At55.job
2007-08-07 06:00:34 C:\WINDOWS\Tasks\At56.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-05 07:00:31 C:\WINDOWS\Tasks\At57.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-05 08:01:18 C:\WINDOWS\Tasks\At58.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-05 09:00:35 C:\WINDOWS\Tasks\At59.job
2007-08-07 04:00:00 C:\WINDOWS\Tasks\At6.job
2007-08-05 10:00:31 C:\WINDOWS\Tasks\At60.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-05 11:00:35 C:\WINDOWS\Tasks\At61.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-05 12:00:31 C:\WINDOWS\Tasks\At62.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-05 13:01:39 C:\WINDOWS\Tasks\At63.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-05 14:00:35 C:\WINDOWS\Tasks\At64.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-05 15:00:31 C:\WINDOWS\Tasks\At65.job
2007-08-07 16:01:29 C:\WINDOWS\Tasks\At66.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-07 17:01:18 C:\WINDOWS\Tasks\At67.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-07 18:00:36 C:\WINDOWS\Tasks\At68.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-06 19:00:32 C:\WINDOWS\Tasks\At69.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-07 05:00:00 C:\WINDOWS\Tasks\At7.job
2007-08-06 20:00:35 C:\WINDOWS\Tasks\At70.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-06 21:00:33 C:\WINDOWS\Tasks\At71.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-06 22:00:31 C:\WINDOWS\Tasks\At72.job - C:\WINDOWS\system32\W40Ld5e6.exe
2007-08-07 06:00:00 C:\WINDOWS\Tasks\At8.job
2007-08-05 07:00:01 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\GM27iR63.exe
2007-08-02 02:00:04 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe
2007-08-07 16:54:39 C:\WINDOWS\Tasks\SpeedTouch Dial-up.job - C:\PROGRA~1\Alcatel\SPEEDT~1\stdialup.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 19:12:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

source file error: C:\WINDOWS\system32\config\software
scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 19:14:38
C:\ComboFix-quarantined-files.txt ... 2007-08-07 19:14
C:\ComboFix2.txt ... 2007-08-07 17:58

--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:18, on 07/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\IE New Window Maximizer\iemaximizer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Pictures - {C7486E80-B111-4768-995E-23CF307346FC} - C:\Program Files\UnH Solutions\Flash and Pics Control\FPCButton.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3AC8F5-5AD6-45CE-B1C0-2B755F730150}: NameServer = 192.168.0.1,87.86.189.16
O20 - AppInit_DLLs: c:\windows\system32\awvwwxy.dll
O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 4690 bytes

08-07-2007, 12:16 PM	#7 (permalink)
jooools Registered User Join Date: Feb 2005 Posts: 69 OS: Vista Home Premium	Re: Browser Hijacked I'm getting a "cant read raw system...." error after running it but the log is as follows ComboFix 07-08-07.6 - "Julian" 2007-08-07 19:09:33.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.150 [GMT 1:00] ((((((((((((((((((((((((( Files Created from 2007-07-07 to 2007-08-07 ))))))))))))))))))))))))))))))) 2007-08-07 16:58 51,200 --a------ C:\WINDOWS\nircmd.exe 2007-08-04 12:35 24,128 --a------ C:\WINDOWS\system32\W40Ld5e6.exe 2007-07-18 20:31 <DIR> d-------- C:\Program Files\Vstplugins 2007-07-18 20:13 <DIR> d--hs---- C:\found.000 2007-07-18 20:06 <DIR> d-------- C:\Program Files\Common Files\SWF Studio 2007-07-18 18:08 <DIR> d-------- C:\Program Files\Garden Planner 2007-07-17 21:14 <DIR> d-------- C:\Program Files\Xvid (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-08-07 18:48 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\uTorrent 2007-08-07 17:52 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000000-00000000-0000000C-00001102-00000002-80401102}.dat 2007-08-07 17:52 24 --a------ C:\WINDOWS\system32\DVCState-{00000000-00000000-0000000C-00001102-00000002-80401102}.dat 2007-08-06 17:19 --------- d-------- C:\Program Files\Trend Micro 2007-07-31 20:40 --------- d-------- C:\Program Files\eMule 2007-07-22 13:22 --------- d-------- C:\Program Files\IrfanView 2007-07-22 09:32 1852 --a------ C:\WINDOWS\system32\d3d9caps.dat 2007-07-18 20:34 --------- d-------- C:\Program Files\Sony 2007-07-18 18:18 248 --a------ C:\Program Files\Garden Plannerini.xml 2007-07-04 17:50 --------- d-------- C:\Program Files\iZotope 2007-07-04 17:50 --------- d-------- C:\Program Files\Common Files\iZotope 2007-07-04 17:50 --------- d-------- C:\Program Files\Common Files\Digidesign 2007-07-04 16:57 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\Publish Providers 2007-07-04 16:54 --------- d-------- C:\DOCUME~1\Julian\APPLIC~1\Sony 2007-07-04 16:48 --------- d-------- C:\Program Files\Sony Setup 2007-06-30 21:59 5 --a------ C:\WINDOWS\system32\system1.dat 2007-06-28 18:54 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll 2007-06-28 18:52 765952 --a------ C:\WINDOWS\system32\xvidcore.dll 2007-06-26 20:42 --------- d-------- C:\Program Files\easetech 2007-04-24 20:12 36248 --a------ C:\DOCUME~1\Julian\APPLIC~1\GDIPFONTCACHEV1.DAT 2007-02-22 22:26 177152 --a------ C:\Program Files\utorrent.exe 2006-10-08 19:02 892928 --a------ C:\Program Files\GSpot.exe 2006-10-02 23:59 137 --a------ C:\Program Files\exportformat.txt 2006-10-01 22:47 95008 -ra------ C:\Program Files\GSpot26.dat 2006-09-29 08:29 3615 -ra------ C:\Program Files\license.txt 2006-09-28 17:22 91265 --a------ C:\Program Files\OCT2006_xinput_x64.cab 2006-09-28 17:22 49149 --a------ C:\Program Files\OCT2006_xinput_x86.cab 2006-09-28 17:21 41996 --a------ C:\Program Files\dxdllreg_x86.cab 2006-09-28 17:21 183321 --a------ C:\Program Files\OCT2006_XACT_x64.cab 2006-09-28 17:21 1413862 --a------ C:\Program Files\OCT2006_d3dx9_31_x64.cab 2006-09-28 17:21 138977 --a------ C:\Program Files\OCT2006_XACT_x86.cab 2006-09-28 17:21 1128177 --a------ C:\Program Files\OCT2006_d3dx9_31_x86.cab 2006-09-28 16:55 976020 --------- C:\Program Files\BDAXP.cab 2006-09-28 16:55 917318 --------- C:\Program Files\Apr2006_MDX1_x86.cab 2006-09-28 16:55 88102 --------- C:\Program Files\AUG2006_xinput_x64.cab 2006-09-28 16:55 87989 --------- C:\Program Files\Apr2006_xinput_x64.cab 2006-09-28 16:55 86925 --------- C:\Program Files\Oct2005_xinput_x64.cab 2006-09-28 16:55 82374 --a------ C:\Program Files\dxupdate.cab 2006-09-28 16:55 74520 --a------ C:\Program Files\DSETUP.dll 2006-09-28 16:55 703080 --------- C:\Program Files\BDA.cab 2006-09-28 16:55 484632 --a------ C:\Program Files\DXSETUP.exe 2006-09-28 16:55 47018 --------- C:\Program Files\AUG2006_xinput_x86.cab 2006-09-28 16:55 46898 --------- C:\Program Files\Apr2006_xinput_x86.cab 2006-09-28 16:55 46247 --------- C:\Program Files\Oct2005_xinput_x86.cab 2006-09-28 16:55 4163518 --------- C:\Program Files\Apr2006_MDX1_x86_Archive.cab 2006-09-28 16:55 2248984 --a------ C:\Program Files\dsetup32.dll 2006-09-28 16:55 183863 --------- C:\Program Files\AUG2006_XACT_x64.cab 2006-09-28 16:55 181745 --------- C:\Program Files\JUN2006_XACT_x64.cab 2006-09-28 16:55 180021 --------- C:\Program Files\Apr2006_xact_x64.cab 2006-09-28 16:55 179247 --------- C:\Program Files\Feb2006_xact_x64.cab 2006-09-28 16:55 15493481 --------- C:\Program Files\DirectX.cab 2006-09-28 16:55 1398718 --------- C:\Program Files\Apr2006_d3dx9_30_x64.cab 2006-09-28 16:55 138195 --------- C:\Program Files\AUG2006_XACT_x86.cab 2006-09-28 16:55 1363684 --------- C:\Program Files\Feb2006_d3dx9_29_x64.cab 2006-09-28 16:55 1358864 --------- C:\Program Files\Dec2005_d3dx9_28_x64.cab 2006-09-28 16:55 1351430 --------- C:\Program Files\Aug2005_d3dx9_27_x64.cab 2006-09-28 16:55 1348242 --------- C:\Program Files\Apr2005_d3dx9_25_x64.cab 2006-09-28 16:55 134631 --------- C:\Program Files\JUN2006_XACT_x86.cab 2006-09-28 16:55 133991 --------- C:\Program Files\Apr2006_xact_x86.cab 2006-09-28 16:55 1336890 --------- C:\Program Files\Jun2005_d3dx9_26_x64.cab 2006-09-28 16:55 133297 --------- C:\Program Files\Feb2006_xact_x86.cab 2006-09-28 16:55 13265040 --------- C:\Program Files\dxnt.cab 2006-09-28 16:55 1248387 --------- C:\Program Files\Feb2005_d3dx9_24_x64.cab 2006-09-28 16:55 1156363 --------- C:\Program Files\BDANT.cab 2006-09-28 16:55 1116109 --------- C:\Program Files\Apr2006_d3dx9_30_x86.cab 2006-09-28 16:55 1085608 --------- C:\Program Files\Feb2006_d3dx9_29_x86.cab 2006-09-28 16:55 1080344 --------- C:\Program Files\Dec2005_d3dx9_28_x86.cab 2006-09-28 16:55 1079850 --------- C:\Program Files\Apr2005_d3dx9_25_x86.cab 2006-09-28 16:55 1078532 --------- C:\Program Files\Aug2005_d3dx9_27_x86.cab 2006-09-28 16:55 1065813 --------- C:\Program Files\Jun2005_d3dx9_26_x86.cab 2006-09-28 16:55 1014113 --------- C:\Program Files\Feb2005_d3dx9_24_x86.cab 2006-08-12 15:51 757760 --a------ C:\Program Files\VirtualDub.exe 2006-08-12 15:51 120235 --a------ C:\Program Files\VirtualDub.vdi 2006-08-12 15:50 7738 --a------ C:\Program Files\vdub.exe 2006-08-12 15:50 16384 --a------ C:\Program Files\auxsetup.exe 2006-08-12 15:49 7168 --a------ C:\Program Files\vdremote.dll 2006-08-12 15:49 7168 --a------ C:\Program Files\vdicmdrv.dll 2006-08-12 15:49 5120 --a------ C:\Program Files\vdsvrlnk.dll 2006-08-12 15:49 210421 --a------ C:\Program Files\VirtualDub.chm 2006-04-14 12:21 5632 --ahs---- C:\Program Files\Thumbs.db 2005-12-19 23:52 18321 --a------ C:\Program Files\copying 2005-12-05 19:28 916806 --------- C:\Program Files\Dec2005_MDX1_x86.cab 2005-12-05 19:28 3673932 --------- C:\Program Files\Dec2005_MDX1_x86_Archive.cab 2005-10-12 16:30 55296 --a------ C:\Program Files\sis-usbdetect.exe 2005-10-11 17:33 559776 --a------ C:\Program Files\GoogleToolbarInstaller.exe 2005-10-07 08:25 2855080 --a------ C:\Program Files\aawsepersonal.exe 2005-09-15 21:23 9346664 --a------ C:\Program Files\zlsSetup_60_667_000.exe 2005-07-23 10:36 2995547 --a------ C:\Program Files\everesthome200.exe 2005-07-22 18:07 1440768 --a------ C:\Program Files\Windows System Information.exe 2005-07-08 18:54 315624 --a------ C:\Program Files\dxwebsetup.exe 2005-03-23 21:17 899414 --a------ C:\Program Files\SetupDVDDecrypter_3.5.4.0.exe 2005-03-23 11:34 31607334 --a------ C:\Program Files\Nero-6.6.0.8a.exe 2005-03-23 11:27 133764 --a------ C:\Program Files\15.03.Nero.v6.6.0.8a.zip 2005-03-08 14:54 2152448 --a------ C:\Program Files\loader8400x.iso 2005-02-23 20:33 2593456 --a------ C:\Program Files\DVD-Author.exe 2005-02-17 22:49 1628816 --a------ C:\Program Files\xscsetup.exe 2005-02-11 23:47 6670952 --a------ C:\Program Files\zlsSetup_55_062_011.exe 2005-02-10 03:30 5065321 --a--c--- C:\Program Files\Ashampoo Burning Studio v5.0.2.rar 2005-02-05 17:38 2062665 --a------ C:\Program Files\spywareguardsetup.exe 2005-02-05 14:26 1425786 --a------ C:\Program Files\(APP) Cool Mp3 Splitter 1.2 + crack (splits full albums int.zip 2006-01-26 05:49:40 104 --sh--r C:\WINDOWS\system32\B724F8875B.sys ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) Note empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{85589B5D-D53D-4237-A677-46B82EA275F3}] C:\WINDOWS\WebAssist.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-05 13:33] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IE New Window Maximizer"="C:\Program Files\IE New Window Maximizer\iemaximizer.exe" [2005-02-09 00:06] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{93994DE8-8239-4655-B1D1-5F4E91300429}"= C:\Program Files\DVD Region+CSS Free\DVDShell.dll [2004-10-09 15:18 49152] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "appinit_dlls"=c:\windows\system32\awvwwxy.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^EPSON Status Monitor 3 Environment Check 2.lnk] backup=C:\WINDOWS\pss\EPSON Status Monitor 3 Environment Check 2.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk] backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Julian^Start Menu^Programs^Startup^SpywareGuard.lnk] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\963d27xm] C:\DOCUME~1\Julian\LOCALS~1\Temp\crasos.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneDVDElbyDelay] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STManager] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemOptimizer] rundll32.exe "C:\WINDOWS\ljiggf.dll",forkonce [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue Registry Booster] C:\Program Files\Uniblue\Registry Booster\RegistryBooster.exe /S [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck] %systemroot%\system32\dumprep 0 -u [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDVDPatch] CTHELPER.EXE R0 PrecSim;PrecSim;C:\WINDOWS\system32\DRIVERS\precsim.sys R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.sys R3 3dfxvs;3dfxvs;C:\WINDOWS\system32\DRIVERS\3dfxvsm.sys R3 ElbyDelay;ElbyDelay;C:\WINDOWS\system32\Drivers\ElbyDelay.sys R3 USR1806V;U.S. Robotics Voice Modem Driver 1806;C:\WINDOWS\system32\DRIVERS\USR1806V.SYS S2 .NETSecurity;.NETSecurity;C:\WINDOWS\system32\netsecurity.exe S3 alcan5wn;SpeedTouch USB ADSL PPP Networking Driver (NDISWAN);C:\WINDOWS\system32\DRIVERS\alcan5wn.sys S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys S3 NtApm;NT Apm/Legacy Interface Driver;C:\WINDOWS\system32\DRIVERS\NtApm.sys S3 pgfilter;pgfilter;\??\C:\Program Files\PeerGuardian2\pgfilter.sys S3 QCPro;Logitech QuickCam Pro USB(PID_D001);C:\WINDOWS\system32\DRIVERS\p35u.sys S3 USB_RNDIS;Belkin High-Speed Mode Wireless G USB Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\usb8023.sys Newly Created Service - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{17C40175-E1AB-87AE-0503-030805060600}] C:\WINDOWS\system32\scvhost.exe Contents of the 'Scheduled Tasks' folder 2007-08-06 23:00:00 C:\WINDOWS\Tasks\At1.job 2007-08-05 08:00:00 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\GM27iR63.exe 2007-08-05 09:00:01 C:\WINDOWS\Tasks\At11.job 2007-08-05 10:00:00 C:\WINDOWS\Tasks\At12.job 2007-08-05 11:00:00 C:\WINDOWS\Tasks\At13.job 2007-08-05 12:00:00 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\GM27iR63.exe 2007-08-05 13:00:01 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\GM27iR63.exe 2007-08-05 14:00:00 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\GM27iR63.exe 2007-08-05 15:00:00 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\GM27iR63.exe 2007-08-07 16:00:00 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\GM27iR63.exe 2007-08-07 17:00:00 C:\WINDOWS\Tasks\At19.job 2007-08-07 00:00:00 C:\WINDOWS\Tasks\At2.job 2007-08-07 18:00:01 C:\WINDOWS\Tasks\At20.job 2007-08-06 19:00:00 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\GM27iR63.exe 2007-08-06 20:00:00 C:\WINDOWS\Tasks\At22.job 2007-08-06 21:00:00 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\GM27iR63.exe 2007-08-06 22:00:00 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\GM27iR63.exe 2007-08-06 23:00:00 C:\WINDOWS\Tasks\At25.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-07 00:00:00 C:\WINDOWS\Tasks\At26.job 2007-08-07 01:00:00 C:\WINDOWS\Tasks\At27.job 2007-08-07 02:00:00 C:\WINDOWS\Tasks\At28.job 2007-08-07 03:00:00 C:\WINDOWS\Tasks\At29.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-07 01:00:00 C:\WINDOWS\Tasks\At3.job 2007-08-07 04:00:00 C:\WINDOWS\Tasks\At30.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-07 05:00:00 C:\WINDOWS\Tasks\At31.job 2007-08-07 06:00:00 C:\WINDOWS\Tasks\At32.job 2007-08-05 07:00:00 C:\WINDOWS\Tasks\At33.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-05 08:00:00 C:\WINDOWS\Tasks\At34.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-05 09:00:01 C:\WINDOWS\Tasks\At35.job 2007-08-05 10:00:00 C:\WINDOWS\Tasks\At36.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-05 11:00:00 C:\WINDOWS\Tasks\At37.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-05 12:00:00 C:\WINDOWS\Tasks\At38.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-05 13:00:02 C:\WINDOWS\Tasks\At39.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-07 02:00:00 C:\WINDOWS\Tasks\At4.job 2007-08-05 14:00:01 C:\WINDOWS\Tasks\At40.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-05 15:00:00 C:\WINDOWS\Tasks\At41.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-07 16:00:01 C:\WINDOWS\Tasks\At42.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-07 17:00:00 C:\WINDOWS\Tasks\At43.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-07 18:00:01 C:\WINDOWS\Tasks\At44.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-06 19:00:00 C:\WINDOWS\Tasks\At45.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-06 20:00:00 C:\WINDOWS\Tasks\At46.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-06 21:00:01 C:\WINDOWS\Tasks\At47.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-06 22:00:00 C:\WINDOWS\Tasks\At48.job - C:\WINDOWS\system32\3M7Ust0p.exe 2007-08-06 23:00:31 C:\WINDOWS\Tasks\At49.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-07 03:00:00 C:\WINDOWS\Tasks\At5.job 2007-08-07 00:00:31 C:\WINDOWS\Tasks\At50.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-07 01:00:34 C:\WINDOWS\Tasks\At51.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-07 02:00:31 C:\WINDOWS\Tasks\At52.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-07 03:00:32 C:\WINDOWS\Tasks\At53.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-07 04:00:34 C:\WINDOWS\Tasks\At54.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-07 05:00:31 C:\WINDOWS\Tasks\At55.job 2007-08-07 06:00:34 C:\WINDOWS\Tasks\At56.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-05 07:00:31 C:\WINDOWS\Tasks\At57.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-05 08:01:18 C:\WINDOWS\Tasks\At58.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-05 09:00:35 C:\WINDOWS\Tasks\At59.job 2007-08-07 04:00:00 C:\WINDOWS\Tasks\At6.job 2007-08-05 10:00:31 C:\WINDOWS\Tasks\At60.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-05 11:00:35 C:\WINDOWS\Tasks\At61.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-05 12:00:31 C:\WINDOWS\Tasks\At62.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-05 13:01:39 C:\WINDOWS\Tasks\At63.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-05 14:00:35 C:\WINDOWS\Tasks\At64.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-05 15:00:31 C:\WINDOWS\Tasks\At65.job 2007-08-07 16:01:29 C:\WINDOWS\Tasks\At66.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-07 17:01:18 C:\WINDOWS\Tasks\At67.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-07 18:00:36 C:\WINDOWS\Tasks\At68.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-06 19:00:32 C:\WINDOWS\Tasks\At69.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-07 05:00:00 C:\WINDOWS\Tasks\At7.job 2007-08-06 20:00:35 C:\WINDOWS\Tasks\At70.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-06 21:00:33 C:\WINDOWS\Tasks\At71.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-06 22:00:31 C:\WINDOWS\Tasks\At72.job - C:\WINDOWS\system32\W40Ld5e6.exe 2007-08-07 06:00:00 C:\WINDOWS\Tasks\At8.job 2007-08-05 07:00:01 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\GM27iR63.exe 2007-08-02 02:00:04 C:\WINDOWS\Tasks\RegCure.job - C:\Program Files\RegCure\RegCure.exe 2007-08-07 16:54:39 C:\WINDOWS\Tasks\SpeedTouch Dial-up.job - C:\PROGRA~1\Alcatel\SPEEDT~1\stdialup.exe ************************************************************************ catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-08-07 19:12:36 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden registry entries ... source file error: C:\WINDOWS\system32\config\software scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ Completion time: 2007-08-07 19:14:38 C:\ComboFix-quarantined-files.txt ... 2007-08-07 19:14 C:\ComboFix2.txt ... 2007-08-07 17:58 --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:16:18, on 07/08/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\IE New Window Maximizer\iemaximizer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll (file missing) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKCU\..\Run: [IE New Window Maximizer] C:\Program Files\IE New Window Maximizer\iemaximizer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Save with Download Manager... - file://C:\Program Files\J River\Media Center 11\DMDownload.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll O9 - Extra button: eBay - Homepage - {EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:\Program Files\IrfanView\Ebay\Ebay.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Pictures - {C7486E80-B111-4768-995E-23CF307346FC} - C:\Program Files\UnH Solutions\Flash and Pics Control\FPCButton.dll (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3AC8F5-5AD6-45CE-B1C0-2B755F730150}: NameServer = 192.168.0.1,87.86.189.16 O20 - AppInit_DLLs: c:\windows\system32\awvwwxy.dll O23 - Service: .NETSecurity - Unknown owner - C:\WINDOWS\system32\netsecurity.exe (file missing) O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing) O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 4690 bytes