Tech Support Forum - View Single Post

dini · 04-27-2008, 11:58 PM

OK, Combofix log:

ComboFix 08-04-26.5 - Diana 2008-04-28 6:42:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.972 [GMT 1:00]
Running from: C:\Users\Diana\Desktop\ComboFix.exe
Command switches used :: C:\Users\Diana\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\Diana\AppData\Roaming\inst.exe
C:\Windows\System32\eKnoUxbc.ini
C:\Windows\system32\eKnoUxbc.ini2

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-28 05:50 --------- d-----w C:\ProgramData\Kontiki
2008-04-28 05:49 --------- d---a-w C:\ProgramData\TEMP
2008-04-26 17:09 --------- d-----w C:\Program Files\7digital Locker
2008-04-26 17:02 --------- d-----w C:\Users\Diana\AppData\Roaming\Creative
2008-04-26 16:55 --------- d-----w C:\ProgramData\Creative
2008-04-26 14:27 --------- d-----w C:\Program Files\WMA-MP3.com
2008-04-26 14:25 --------- d-----w C:\Program Files\Apple Software Update
2008-04-26 14:19 --------- d-----w C:\Program Files\Creative
2008-04-26 13:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-26 11:17 --------- d-----w C:\Users\Diana\AppData\Roaming\Malwarebytes
2008-04-26 11:16 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-26 11:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-26 09:52 --------- d-----w C:\Program Files\SpywareBlaster
2008-04-25 07:19 --------- d-----w C:\ProgramData\Spyware Terminator
2008-04-25 07:12 116,580 ----a-w C:\cc_20080425_0811.reg
2008-04-24 23:00 --------- d-----w C:\Users\Diana\AppData\Roaming\Spyware Terminator
2008-04-24 20:25 --------- d-----w C:\Program Files\Java
2008-04-24 20:24 --------- d-----w C:\Program Files\Common Files\Java
2008-04-24 18:12 --------- d-----w C:\Program Files\Spyware Terminator
2008-04-24 08:44 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-23 22:00 --------- d-----w C:\Users\Diana\AppData\Roaming\BitTorrent
2008-04-23 06:55 --------- d-----w C:\ProgramData\Microsoft Help
2008-04-23 05:25 --------- d-----w C:\Program Files\Trend Micro
2008-04-22 23:18 --------- d-----w C:\Program Files\Say the Time
2008-04-22 22:27 --------- d-----w C:\Users\Diana\AppData\Roaming\SUPERAntiSpyware.com
2008-04-22 22:27 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com
2008-04-22 22:27 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-04-22 22:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-22 21:34 --------- d-----w C:\ProgramData\Lavasoft
2008-04-22 21:32 --------- d-----w C:\Program Files\Lavasoft
2008-04-22 17:26 --------- d-----w C:\Users\Diana\AppData\Roaming\PC Tools
2008-04-22 06:06 --------- d-----w C:\Program Files\Panda Security
2008-04-21 21:56 141,312 ----a-w C:\Windows\system32\drivers\sp_rsdrv2.sys
2008-04-18 06:50 --------- d-----w C:\Users\Diana\AppData\Roaming\DVD Flick
2008-04-18 04:46 --------- d-----w C:\ProgramData\DVD Shrink
2008-04-16 22:33 17,920 ----a-w C:\Windows\system32\drivers\lmvac.sys
2008-04-10 02:14 --------- d-----w C:\Program Files\Windows Mail
2008-04-07 12:56 --------- d-----w C:\Program Files\MSBuild
2008-04-07 12:49 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-05 14:33 --------- d-----w C:\Program Files\QuickTime
2008-04-05 14:31 --------- d-----w C:\ProgramData\Apple Computer
2008-04-03 17:55 --------- d-----w C:\Program Files\Windows Resource Kits
2008-04-01 16:41 --------- d-----w C:\Program Files\Kontiki
2008-03-30 23:06 --------- d-----w C:\Users\Diana\AppData\Roaming\dvdcss
2008-03-21 14:40 --------- d-----w C:\Program Files\Common Files\xing shared
2008-03-21 14:39 --------- d-----w C:\Program Files\Common Files\Real
2008-03-21 14:30 --------- d-----w C:\Program Files\Real
2008-03-13 01:54 --------- d-----w C:\Program Files\Microsoft Works
2008-03-08 15:32 --------- d-----w C:\Program Files\DVD Shrink
2008-03-08 02:14 148,992 ----a-w C:\Windows\system32\drivers\ks.sys
2008-03-07 19:46 47,360 ----a-w C:\Users\Diana\AppData\Roaming\pcouffin.sys
2008-03-07 19:46 --------- d-----w C:\Users\Diana\AppData\Roaming\Vso
2008-03-07 18:51 --------- d-----w C:\Program Files\DVD Flick
2008-03-07 18:28 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-03-02 09:38 --------- d-----w C:\Users\Diana\AppData\Roaming\vlc
2008-03-02 09:36 --------- d-----w C:\Program Files\VideoLAN
2008-03-01 18:26 737,280 ----a-w C:\Windows\iun6002.exe
2008-03-01 17:14 --------- d-----w C:\Program Files\IrfanView
2008-03-01 13:41 --------- d-----w C:\Program Files\DNA
2008-02-29 23:08 --------- d-----w C:\ProgramData\Hagel Technologies
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 03:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 03:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 03:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 03:04 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 03:04 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 03:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-13 03:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 03:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 03:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 03:03 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-13 03:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 03:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 03:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-01-15 12:16 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-15 12:54 1232896]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-27 12:58 1032376]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968]
"ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-01-17 10:40 816368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-10 14:58 1006264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-03 08:37 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-03 08:37 133912]
"KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 21:42 438272]
"topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 06:11 4489216 C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416]
"SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496]
"00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744]
"Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 10:51 1507328]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112]
"Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 17:40 413696]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 03:53 894512]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37 174872]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072]
"diagnostics"="C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" [2008-01-16 21:23 557149]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240]
"1A:Stardock TrayMonitor"="" []
"Say the Time"="" []
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-21 22:56 1809408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"1A:Stardock TrayMonitor"="" []

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4794B3FF-EB04-4E2C-B837-2986EEF4DA25}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{84C16516-F1C0-48F2-A3F0-A5E80BFD948D}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{50BBAB99-0B2B-47F0-A6D7-29C6F7088C1B}"= UDP:F:\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{68AB7341-28B8-4E17-9804-3E99DFAEB47A}"= TCP:F:\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard
"{60817583-092B-4045-8873-071B70279E58}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{2259269E-73BF-4147-B151-649F95F4AD91}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service
"{18B3E851-232F-4480-94C3-8F7E02CAA427}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{83687A1A-3EF2-4013-A094-4F37AD8841B1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{2ECA5B43-2626-4DF3-BF0E-413477752A0E}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{C9A410F8-EC3F-46A4-8C08-103C13D86752}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service
"{D98E48FF-A1B1-4EBD-8F1E-2ADFB1116018}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{187C1BB2-2E1B-4699-8304-E64379C0CA20}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{839E9BB6-8EBC-4C79-9089-EA9775B5B25A}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{81960DAB-BD27-4556-9383-B5E08E98EDA7}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{08522ACE-59D3-4F72-B5CF-34E5E565486B}C:\\users\\diana\\program files\\dna\\btdna.exe"= UDP:C:\users\diana\program files\dna\btdna.exe:btdna.exe
"UDP Query User{AA22E0E1-1D25-4E93-A823-2DBE6B2DA179}C:\\users\\diana\\program files\\dna\\btdna.exe"= TCP:C:\users\diana\program files\dna\btdna.exe:btdna.exe
"{BFCBF242-99E9-4E08-823E-69B325EEC1DF}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{0DE72326-39C0-408A-9B7F-034399E46CCB}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{E8BD29DA-9B38-47D1-9B40-8696A286F124}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{C17EAA6F-96DB-41CF-9E1D-C30AF1550580}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{31BD454F-E64A-4E31-BDFD-D9033FD10432}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{B77913C5-FE44-4C51-A0FE-DACADD3427FC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{963A96F8-FCDA-4526-BAA4-648248260E25}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C6BEBF02-C40D-46E3-8458-07966B90A2D3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{89757332-4019-4F13-821D-CB52F9911102}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 15:01]
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 16:25]
R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 21:13]
R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-04-21 22:56]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-05-17 21:12]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 10:36]
R3 LTXMD_VAC;Litex Media Virtual Audio Cabel (WDM);C:\Windows\system32\drivers\lmvac.sys [2008-04-16 23:33]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50]
R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-04-16 11:19]
S2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe []
S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe []
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30]
S3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2008-01-15 12:15]
S3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2008-01-15 12:15]
S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2008-01-15 12:15]
S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40]
S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47]
S4 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 06:49:17
Windows 6.0.6000 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\Windows\Explorer.exe
-> C:\Program Files\IDM\Desktop SMS\oehook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\Ati2evxx.exe
C:\Windows\System32\audiodg.exe
C:\Program Files\Thomson\ST330\service\st330service.exe
C:\Windows\System32\cmd.exe
C:\Windows\System32\msinfo32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Windows\System32\agrsmsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Windows\System32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-04-28 6:55:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-28 05:54:52

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

265 --- E O F --- 2008-04-23 06:55:25

04-27-2008, 11:58 PM	#6 (permalink)
dini Registered User Join Date: Apr 2008 Posts: 11 OS: Vista	Re: Virtumonde.FP virus and possibly others OK, Combofix log: ComboFix 08-04-26.5 - Diana 2008-04-28 6:42:15.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.972 [GMT 1:00] Running from: C:\Users\Diana\Desktop\ComboFix.exe Command switches used :: C:\Users\Diana\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\Diana\AppData\Roaming\inst.exe C:\Windows\System32\eKnoUxbc.ini C:\Windows\system32\eKnoUxbc.ini2 . ((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-28 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-28 05:50 --------- d-----w C:\ProgramData\Kontiki 2008-04-28 05:49 --------- d---a-w C:\ProgramData\TEMP 2008-04-26 17:09 --------- d-----w C:\Program Files\7digital Locker 2008-04-26 17:02 --------- d-----w C:\Users\Diana\AppData\Roaming\Creative 2008-04-26 16:55 --------- d-----w C:\ProgramData\Creative 2008-04-26 14:27 --------- d-----w C:\Program Files\WMA-MP3.com 2008-04-26 14:25 --------- d-----w C:\Program Files\Apple Software Update 2008-04-26 14:19 --------- d-----w C:\Program Files\Creative 2008-04-26 13:03 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-26 11:17 --------- d-----w C:\Users\Diana\AppData\Roaming\Malwarebytes 2008-04-26 11:16 --------- d-----w C:\ProgramData\Malwarebytes 2008-04-26 11:16 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-04-26 09:52 --------- d-----w C:\Program Files\SpywareBlaster 2008-04-25 07:19 --------- d-----w C:\ProgramData\Spyware Terminator 2008-04-25 07:12 116,580 ----a-w C:\cc_20080425_0811.reg 2008-04-24 23:00 --------- d-----w C:\Users\Diana\AppData\Roaming\Spyware Terminator 2008-04-24 20:25 --------- d-----w C:\Program Files\Java 2008-04-24 20:24 --------- d-----w C:\Program Files\Common Files\Java 2008-04-24 18:12 --------- d-----w C:\Program Files\Spyware Terminator 2008-04-24 08:44 --------- d-----w C:\Program Files\Spyware Doctor 2008-04-23 22:00 --------- d-----w C:\Users\Diana\AppData\Roaming\BitTorrent 2008-04-23 06:55 --------- d-----w C:\ProgramData\Microsoft Help 2008-04-23 05:25 --------- d-----w C:\Program Files\Trend Micro 2008-04-22 23:18 --------- d-----w C:\Program Files\Say the Time 2008-04-22 22:27 --------- d-----w C:\Users\Diana\AppData\Roaming\SUPERAntiSpyware.com 2008-04-22 22:27 --------- d-----w C:\ProgramData\SUPERAntiSpyware.com 2008-04-22 22:27 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-22 22:26 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-22 21:34 --------- d-----w C:\ProgramData\Lavasoft 2008-04-22 21:32 --------- d-----w C:\Program Files\Lavasoft 2008-04-22 17:26 --------- d-----w C:\Users\Diana\AppData\Roaming\PC Tools 2008-04-22 06:06 --------- d-----w C:\Program Files\Panda Security 2008-04-21 21:56 141,312 ----a-w C:\Windows\system32\drivers\sp_rsdrv2.sys 2008-04-18 06:50 --------- d-----w C:\Users\Diana\AppData\Roaming\DVD Flick 2008-04-18 04:46 --------- d-----w C:\ProgramData\DVD Shrink 2008-04-16 22:33 17,920 ----a-w C:\Windows\system32\drivers\lmvac.sys 2008-04-10 02:14 --------- d-----w C:\Program Files\Windows Mail 2008-04-07 12:56 --------- d-----w C:\Program Files\MSBuild 2008-04-07 12:49 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-04-05 14:33 --------- d-----w C:\Program Files\QuickTime 2008-04-05 14:31 --------- d-----w C:\ProgramData\Apple Computer 2008-04-03 17:55 --------- d-----w C:\Program Files\Windows Resource Kits 2008-04-01 16:41 --------- d-----w C:\Program Files\Kontiki 2008-03-30 23:06 --------- d-----w C:\Users\Diana\AppData\Roaming\dvdcss 2008-03-21 14:40 --------- d-----w C:\Program Files\Common Files\xing shared 2008-03-21 14:39 --------- d-----w C:\Program Files\Common Files\Real 2008-03-21 14:30 --------- d-----w C:\Program Files\Real 2008-03-13 01:54 --------- d-----w C:\Program Files\Microsoft Works 2008-03-08 15:32 --------- d-----w C:\Program Files\DVD Shrink 2008-03-08 02:14 148,992 ----a-w C:\Windows\system32\drivers\ks.sys 2008-03-07 19:46 47,360 ----a-w C:\Users\Diana\AppData\Roaming\pcouffin.sys 2008-03-07 19:46 --------- d-----w C:\Users\Diana\AppData\Roaming\Vso 2008-03-07 18:51 --------- d-----w C:\Program Files\DVD Flick 2008-03-07 18:28 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys 2008-03-02 09:38 --------- d-----w C:\Users\Diana\AppData\Roaming\vlc 2008-03-02 09:36 --------- d-----w C:\Program Files\VideoLAN 2008-03-01 18:26 737,280 ----a-w C:\Windows\iun6002.exe 2008-03-01 17:14 --------- d-----w C:\Program Files\IrfanView 2008-03-01 13:41 --------- d-----w C:\Program Files\DNA 2008-02-29 23:08 --------- d-----w C:\ProgramData\Hagel Technologies 2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll 2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll 2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll 2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe 2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe 2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll 2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll 2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll 2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe 2008-02-13 03:08 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 03:04 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-13 03:04 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 03:04 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 03:04 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 03:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 03:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 03:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 03:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 03:03 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll 2008-02-13 03:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-02-13 03:03 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-02-13 03:03 1,686,528 ----a-w C:\Windows\System32\gameux.dll 2008-01-15 12:16 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-15 12:54 1232896] "kdx"="C:\Program Files\Kontiki\KHost.exe" [2007-11-27 12:58 1032376] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 13:36 201728] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 12:43 2097488] "SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-02-29 16:03 1481968] "ccleaner"="C:\Program Files\CCleaner\CCleaner.exe" [2008-01-17 10:40 816368] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-07-10 14:58 1006264] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-04-03 08:37 154392] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-04-03 08:37 133912] "KeNotify"="C:\Program Files\TOSHIBA\Utilities\KeNotify.exe" [2006-11-06 17:14 34352] "SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [2006-03-22 21:42 438272] "topi"="C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-04-02 12:48 577536] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 06:11 4489216 C:\Windows\RtHDVCpl.exe] "TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [2007-03-29 10:39 411192] "HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [2006-12-07 16:49 55416] "SmoothView"="C:\Program Files\Toshiba\SmoothView\SmoothView.exe" [2007-05-23 15:57 509496] "00TCrdMain"="C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe" [2007-05-22 16:32 538744] "Desktop SMS"="C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe" [2007-06-18 10:51 1507328] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 13:35 90112] "Camera Assistant Software"="C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" [2007-04-10 17:40 413696] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 03:53 894512] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 13:37 174872] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 09:21 1443072] "diagnostics"="C:\Program Files\Thomson\ST330\diagnostics\diagnostics.exe" [2008-01-16 21:23 557149] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648] "ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-02-01 11:55 1103240] "1A:Stardock TrayMonitor"="" [] "Say the Time"="" [] "SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2008-04-21 22:56 1809408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices] "1A:Stardock TrayMonitor"="" [] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{4794B3FF-EB04-4E2C-B837-2986EEF4DA25}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{84C16516-F1C0-48F2-A3F0-A5E80BFD948D}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{50BBAB99-0B2B-47F0-A6D7-29C6F7088C1B}"= UDP:F:\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard "{68AB7341-28B8-4E17-9804-3E99DFAEB47A}"= TCP:F:\STHIWv\stInstall.exe:SpeedTouch Home Install Wizard "{60817583-092B-4045-8873-071B70279E58}"= UDP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service "{2259269E-73BF-4147-B151-649F95F4AD91}"= TCP:C:\Program Files\Thomson\ST330\service\st330service.exe:ST330 service "{18B3E851-232F-4480-94C3-8F7E02CAA427}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{83687A1A-3EF2-4013-A094-4F37AD8841B1}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{2ECA5B43-2626-4DF3-BF0E-413477752A0E}"= UDP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{C9A410F8-EC3F-46A4-8C08-103C13D86752}"= TCP:C:\Program Files\Kontiki\KService.exe:Delivery Manager Service "{D98E48FF-A1B1-4EBD-8F1E-2ADFB1116018}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{187C1BB2-2E1B-4699-8304-E64379C0CA20}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{839E9BB6-8EBC-4C79-9089-EA9775B5B25A}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{81960DAB-BD27-4556-9383-B5E08E98EDA7}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "TCP Query User{08522ACE-59D3-4F72-B5CF-34E5E565486B}C:\\users\\diana\\program files\\dna\\btdna.exe"= UDP:C:\users\diana\program files\dna\btdna.exe:btdna.exe "UDP Query User{AA22E0E1-1D25-4E93-A823-2DBE6B2DA179}C:\\users\\diana\\program files\\dna\\btdna.exe"= TCP:C:\users\diana\program files\dna\btdna.exe:btdna.exe "{BFCBF242-99E9-4E08-823E-69B325EEC1DF}"= UDP:C:\Program Files\DNA\btdna.exe:DNA "{0DE72326-39C0-408A-9B7F-034399E46CCB}"= TCP:C:\Program Files\DNA\btdna.exe:DNA "{E8BD29DA-9B38-47D1-9B40-8696A286F124}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{C17EAA6F-96DB-41CF-9E1D-C30AF1550580}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent "{31BD454F-E64A-4E31-BDFD-D9033FD10432}"= TCP:6004\|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{B77913C5-FE44-4C51-A0FE-DACADD3427FC}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{963A96F8-FCDA-4526-BAA4-648248260E25}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{C6BEBF02-C40D-46E3-8458-07966B90A2D3}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{89757332-4019-4F13-821D-CB52F9911102}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|Svc=DFSR:Allow inbound TCP traffic\| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe::Enabled:BitTorrent R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 15:01] R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [2006-07-28 16:25] R0 tos_sps32;TOSHIBA tos_sps32 Service;C:\Windows\system32\DRIVERS\tos_sps32.sys [2007-04-27 21:13] R1 epfwtdir;epfwtdir;C:\Windows\system32\DRIVERS\epfwtdir.sys [2007-12-21 09:21] R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Windows\system32\drivers\sp_rsdrv2.sys [2008-04-21 22:56] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43] R2 TNaviSrv;TOSHIBA Navi Support Service;C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe [2007-05-17 21:12] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 10:36] R3 LTXMD_VAC;Litex Media Virtual Audio Cabel (WDM);C:\Windows\system32\drivers\lmvac.sys [2008-04-16 23:33] R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver;C:\Windows\system32\DRIVERS\tdcmdpst.sys [2006-10-18 12:50] R3 UVCFTR;UVCFTR;C:\Windows\system32\Drivers\UVCFTR_S.SYS [2007-04-16 11:19] S2 DUMeterSvc;DU Meter Service;C:\Program Files\DU Meter\DUMeterSvc.exe [] S2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service;c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [] S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-02 08:30] S3 ST330;ST330;C:\Windows\system32\drivers\st330.sys [2008-01-15 12:15] S3 STBUS;STBUS;C:\Windows\system32\drivers\stbus.sys [2008-01-15 12:15] S3 stppp;Speedtouch PPP Adapter Adapter;C:\Windows\system32\DRIVERS\stppp.sys [2008-01-15 12:15] S4 KR10I;KR10I;C:\Windows\system32\drivers\kr10i.sys [2007-01-18 15:40] S4 KR10N;KR10N;C:\Windows\system32\drivers\kr10n.sys [2007-01-18 15:47] S4 tosrfec;Bluetooth ACPI;C:\Windows\system32\DRIVERS\tosrfec.sys [2006-10-23 16:32] . *********************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-28 06:49:17 Windows 6.0.6000 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\IDM\Desktop SMS\oehook.dll . ------------------------ Other Running Processes ------------------------ . C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\System32\Ati2evxx.exe C:\Windows\System32\audiodg.exe C:\Program Files\Thomson\ST330\service\st330service.exe C:\Windows\System32\cmd.exe C:\Windows\System32\msinfo32.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\System32\Ati2evxx.exe C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe C:\Windows\System32\agrsmsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Creative\Shared Files\CTDevSrv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe C:\Program Files\Kontiki\KService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Windows\System32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Synaptics\SynTP\SynToshiba.exe C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Windows Mail\WinMail.exe C:\Windows\System32\wbem\WMIADAP.exe . ************************************************************************ . Completion time: 2008-04-28 6:55:20 - machine was rebooted ComboFix-quarantined-files.txt 2008-04-28 05:54:52 The system cannot find message text for message number 0x2379 in the message file for Application. The system cannot find message text for message number 0x2379 in the message file for Application. 265 --- E O F --- 2008-04-23 06:55:25