Tech Support Forum - View Single Post

claudio579 · 06-25-2009, 10:03 AM

Hi there :) I have followed your instructions and here is the report:

ComboFix 09-06-24.05 - Woody 25/06/2009 16:30.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1718 [GMT 1:00]
Running from: c:\users\Woody\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\MSIVXnwiruhtnthrmbnwipiarqtpcwvenxqrg.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXdwxmlxpsmnschoicqbvelcnupofjaafr.dll
c:\windows\system32\MSIVXirpepxfuqphyqacuqvewbkdxpeceuime.dll
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys

((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 )))))))))))))))))))))))))))))))
.

2009-06-20 19:09 . 2009-06-20 19:09 -------- d-----w- c:\program files\Trend Micro
2009-06-20 18:16 . 2009-06-20 19:14 -------- d-----w- c:\users\Woody\.housecall6.6
2009-06-20 18:15 . 2009-06-20 18:15 -------- d-----w- c:\program files\MeadCo Neptune
2009-06-20 17:34 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-20 17:34 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-20 17:34 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-20 17:33 . 2009-06-20 17:34 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-20 17:33 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-20 17:33 . 2009-06-20 17:35 -------- d-----w- c:\program files\Spyware Doctor
2009-06-20 17:33 . 2009-06-20 17:33 -------- d-----w- c:\users\Woody\AppData\Roaming\PC Tools
2009-06-20 17:33 . 2009-06-20 17:33 -------- d-----w- c:\programdata\PC Tools
2009-06-20 17:21 . 2009-06-20 17:23 -------- d-----w- c:\windows\Repair
2009-06-20 17:20 . 2009-06-20 17:20 -------- d-----w- c:\users\Woody\AppData\Roaming\Systweak
2009-06-20 17:19 . 2009-06-20 17:19 -------- d-----w- c:\program files\Advanced System Optimizer
2009-06-20 15:37 . 2009-06-20 15:37 -------- d-----w- c:\programdata\Telestream
2009-06-20 15:37 . 2009-06-20 15:37 -------- d-----w- c:\users\Woody\AppData\Roaming\Vara Software
2009-06-20 15:21 . 2009-06-20 15:21 -------- d-----w- c:\users\Woody\AppData\Local\MPEG
2009-06-19 21:40 . 2009-06-20 15:37 -------- d-----w- c:\users\Woody\AppData\Local\procaster
2009-06-19 18:11 . 2009-06-19 18:11 -------- d-----w- c:\program files\TweetDeck
2009-06-17 09:43 . 2009-06-12 10:52 1261344 ----a-w- c:\programdata\avg8\update\backup\avgwd.dll
2009-06-17 09:43 . 2009-06-12 10:52 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-06-16 14:39 . 2009-06-16 14:39 -------- d-----w- c:\programdata\GARMIN
2009-06-16 07:09 . 2009-06-16 20:45 -------- d-----w- C:\Garmin
2009-06-15 07:02 . 2008-12-04 00:25 120832 ----a-w- c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-14 14:49 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 14:49 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-12 12:51 . 2009-06-12 12:51 -------- d-----w- c:\users\Woody\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-06-12 10:53 . 2009-06-12 10:52 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-06-12 10:52 . 2009-06-12 10:49 1452312 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-06-11 06:34 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-01 14:23 . 2009-06-01 14:23 -------- d-----w- c:\program files\Infogrames
2009-05-31 12:04 . 2009-05-31 12:04 -------- d-----w- c:\users\Woody\AppData\Local\Apple Computer
2009-05-31 12:04 . 2009-05-31 12:04 -------- d-----w- c:\users\Woody\AppData\Roaming\Apple Computer
2009-05-31 12:03 . 2009-05-31 12:03 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-05-31 12:02 . 2009-05-31 12:02 -------- d-----w- c:\program files\Bonjour
2009-05-31 12:01 . 2009-06-20 16:34 -------- d-----w- c:\programdata\Apple Computer
2009-05-31 12:01 . 2009-05-31 12:01 -------- d-----w- c:\users\Woody\AppData\Local\Apple
2009-05-31 12:01 . 2009-05-31 12:01 -------- d-----w- c:\program files\Apple Software Update
2009-05-31 11:59 . 2009-06-20 16:17 -------- d-----w- c:\program files\Common Files\Apple
2009-05-31 11:59 . 2009-05-31 11:59 -------- d-----w- c:\programdata\Apple

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-25 11:37 . 2008-12-31 18:53 -------- d-----w- c:\programdata\avg8
2009-06-24 22:25 . 2009-04-07 20:28 -------- d-----w- c:\users\Woody\AppData\Roaming\Spotify
2009-06-20 15:10 . 2009-01-01 22:50 -------- d-----w- c:\users\Woody\AppData\Roaming\uTorrent
2009-06-19 22:14 . 2008-06-12 09:57 -------- d-----w- c:\program files\Google
2009-06-17 09:42 . 2008-12-31 18:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 07:09 . 2009-04-17 18:29 -------- d-----w- c:\users\Woody\AppData\Roaming\GARMIN
2009-06-15 22:46 . 2009-01-28 22:45 -------- d-----w- c:\users\Woody\AppData\Roaming\Download Manager
2009-06-12 10:52 . 2008-12-31 18:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-11 21:52 . 2008-06-12 10:00 -------- d-----w- c:\program files\Microsoft Works
2009-06-05 15:28 . 2008-12-31 17:55 104848 ----a-w- c:\users\Woody\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-01 14:23 . 2008-06-12 09:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-26 23:18 . 2009-01-08 21:04 -------- d-----w- c:\users\Woody\AppData\Roaming\FileZilla
2009-05-23 21:52 . 2009-04-12 15:16 -------- d-----w- c:\program files\EA GAMES
2009-05-23 21:44 . 2009-05-05 16:36 -------- d-----w- c:\program files\Opera
2009-05-23 21:41 . 2009-01-27 22:11 -------- d-----w- c:\program files\Audible
2009-05-19 12:05 . 2009-02-26 21:07 -------- d-----w- c:\programdata\TrackMania
2009-05-15 20:53 . 2009-05-14 19:41 -------- d-----w- c:\program files\Microsoft SQL Server
2009-05-14 19:50 . 2009-05-14 19:48 -------- d-----w- c:\program files\Microsoft Small Business
2009-05-14 19:43 . 2008-12-31 23:37 -------- d-----w- c:\program files\Microsoft.NET
2009-05-14 02:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-08 14:17 . 2008-12-31 18:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-08 14:17 . 2009-01-27 17:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-02 18:28 . 2009-05-02 18:28 -------- d-----w- c:\users\Woody\AppData\Roaming\TSO
2009-05-02 18:12 . 2009-05-02 18:11 -------- d-----w- c:\program files\DSA Theory Test
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-27 17:51 . 2009-04-27 17:44 -------- d-----w- c:\users\Woody\AppData\Roaming\Audacity
2009-04-27 17:50 . 2009-04-27 17:50 -------- d-----w- c:\program files\Lame for Audacity
2009-04-27 17:44 . 2009-04-27 17:44 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-04-24 16:05 . 2009-06-11 06:33 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-06-11 06:33 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-06-11 06:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-06-11 06:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-11 06:33 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-22 18:13 . 2009-04-27 14:37 98304 ----a-w- c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
2009-04-22 18:13 . 2009-04-27 14:37 77824 ----a-w- c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
2009-04-18 12:32 . 2009-04-18 12:34 38208 ----a-w- c:\users\Woody\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-04-12 20:38 . 2009-04-12 20:38 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-02 39408]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"MPEGVideo"="c:\users\Woody\AppData\Local\MPEG\MPEGVideo.dll" [2009-06-20 110592]
"Google Update"="c:\users\Woody\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-20 133104]
"Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-12 1836544]
"Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-11-06 103824]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-03-25 417792]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800]
"HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-02 716800]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-06-12 1181576]
"NDSTray.exe"="NDSTray.exe" [BU]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-8 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D8A0FBA4-6634-4EF4-AD1A-EDAF1E479EF8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{CD12D63D-0CA4-4CC0-9580-7790FD75CE70}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{222C1ABA-FA8D-433E-85A0-9222D8516F10}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E7F25D3D-F435-41BE-8EAE-414AA092ACEB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{3CA6D47D-B826-44B2-BAA0-0412358CAFD3}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{A9F6857F-C7DB-4299-87FE-E2ABA7B6562F}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{01AC52A1-D089-45A1-9008-11C31BC39D54}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{D5499B53-EAEC-4443-BC2E-A65C76CC2CEC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{9E42E09C-C751-4DA9-9C07-BBA9D5478792}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{70E02054-C4D8-41C4-A5CC-AB98B0876F5D}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{D27D7672-2177-481B-87C8-613C296620C2}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{7BDB398B-0CC3-4516-A825-57C74B400F4C}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{25FA1F52-590A-443F-9CDE-02D30C18389C}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{F83C13E7-693A-4AEC-BA9E-0CCE23EADDC2}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"{36064164-A778-4518-9AD6-26D184669B04}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{75CB9EA3-C0E8-445A-82C3-95C4A992FC2D}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"UDP Query User{6F1FF3EA-D378-49EA-A0D2-E4D4FF1DFB96}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever
"TCP Query User{2D4C7940-8377-4EDA-985A-291A7892A480}c:\\xampp\\apache\\bin\\apache.exe"= UDP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"UDP Query User{556F403E-3879-472D-B20A-AF521F6B52AA}c:\\xampp\\apache\\bin\\apache.exe"= TCP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server
"TCP Query User{55061F6F-EE6A-4675-B9E7-2691C07C23A1}c:\\xampp\\mysql\\bin\\mysqld.exe"= UDP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"UDP Query User{8EBADCF6-B61D-4B69-8808-F69144FFE413}c:\\xampp\\mysql\\bin\\mysqld.exe"= TCP:c:\xampp\mysql\bin\mysqld.exe:mysqld
"TCP Query User{AEF287A9-61FC-4862-B8A5-2F4CD092EDCB}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{8EBFDE14-F64C-4F9A-8006-A336E9402BDC}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify
"{5C08C395-4B6F-4B26-BABB-8E95B7629E16}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B20B8783-3077-40FF-A3E4-0C573EE35131}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour

R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [20/06/2009 18:34 130936]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [31/12/2008 19:53 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [27/01/2009 18:00 108552]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [31/12/2008 18:59 20352]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [31/12/2008 19:53 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31/12/2008 19:53 298776]
R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [17/04/2008 00:19 40960]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [20/06/2009 18:33 348752]
R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [06/11/2008 02:57 99720]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 18:03 126976]
R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/04/2008 09:13 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [09/04/2007 16:13 8192]
R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [25/08/2008 10:58 77824]
S2 gupdate1c96ccaa65802b1;Google Update Service (gupdate1c96ccaa65802b1);c:\program files\Google\Update\GoogleUpdate.exe [02/01/2009 12:09 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [28/01/2009 23:17 84832]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [31/12/2008 18:59 937984]

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder

2009-06-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-01-02 11:09]

2009-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2436731861-3120910842-1155494356-1000.job
- c:\users\Woody\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-20 17:14]

2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{4F68153C-0B91-40E1-9D61-7CFC2924C8D1}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official
FF - prefs.js: keyword.URL - about:neterror?e=query&u=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\geode@labs.mozilla.com\platform\WINNT_x86-msvc\components\loki.dll
FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\nploki.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Woody\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-25 16:46
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3612)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\users\Woody\AppData\Local\MPEG\MPEGVideo.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\System32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\System32\regsvr32.exe
c:\program files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe
c:\program files\Toshiba\ConfigFree\CFSwMgr.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Apoint2K\ApMsgFwd.exe
c:\program files\Apoint2K\hidfind.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-25 16:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-25 15:53

Pre-Run: 63,059,927,040 bytes free
Post-Run: 65,981,464,576 bytes free

308 --- E O F --- 2009-06-18 15:51

06-25-2009, 10:03 AM	#4 (permalink)
claudio579 Registered User Join Date: Jun 2009 Posts: 4 OS: vista home premium sp1	Re: Nasty malware Hi there :) I have followed your instructions and here is the report: ComboFix 09-06-24.05 - Woody 25/06/2009 16:30.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2814.1718 [GMT 1:00] Running from: c:\users\Woody\Desktop\Combo-Fix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\MSIVXnwiruhtnthrmbnwipiarqtpcwvenxqrg.sys c:\windows\system32\MSIVXcount c:\windows\system32\MSIVXdwxmlxpsmnschoicqbvelcnupofjaafr.dll c:\windows\system32\MSIVXirpepxfuqphyqacuqvewbkdxpeceuime.dll c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSIVXserv.sys ((((((((((((((((((((((((( Files Created from 2009-05-25 to 2009-06-25 ))))))))))))))))))))))))))))))) . 2009-06-20 19:09 . 2009-06-20 19:09 -------- d-----w- c:\program files\Trend Micro 2009-06-20 18:16 . 2009-06-20 19:14 -------- d-----w- c:\users\Woody\.housecall6.6 2009-06-20 18:15 . 2009-06-20 18:15 -------- d-----w- c:\program files\MeadCo Neptune 2009-06-20 17:34 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2009-06-20 17:34 . 2009-04-03 10:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2009-06-20 17:34 . 2008-12-18 11:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2009-06-20 17:33 . 2009-06-20 17:34 -------- d-----w- c:\program files\Common Files\PC Tools 2009-06-20 17:33 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2009-06-20 17:33 . 2009-06-20 17:35 -------- d-----w- c:\program files\Spyware Doctor 2009-06-20 17:33 . 2009-06-20 17:33 -------- d-----w- c:\users\Woody\AppData\Roaming\PC Tools 2009-06-20 17:33 . 2009-06-20 17:33 -------- d-----w- c:\programdata\PC Tools 2009-06-20 17:21 . 2009-06-20 17:23 -------- d-----w- c:\windows\Repair 2009-06-20 17:20 . 2009-06-20 17:20 -------- d-----w- c:\users\Woody\AppData\Roaming\Systweak 2009-06-20 17:19 . 2009-06-20 17:19 -------- d-----w- c:\program files\Advanced System Optimizer 2009-06-20 15:37 . 2009-06-20 15:37 -------- d-----w- c:\programdata\Telestream 2009-06-20 15:37 . 2009-06-20 15:37 -------- d-----w- c:\users\Woody\AppData\Roaming\Vara Software 2009-06-20 15:21 . 2009-06-20 15:21 -------- d-----w- c:\users\Woody\AppData\Local\MPEG 2009-06-19 21:40 . 2009-06-20 15:37 -------- d-----w- c:\users\Woody\AppData\Local\procaster 2009-06-19 18:11 . 2009-06-19 18:11 -------- d-----w- c:\program files\TweetDeck 2009-06-17 09:43 . 2009-06-12 10:52 1261344 ----a-w- c:\programdata\avg8\update\backup\avgwd.dll 2009-06-17 09:43 . 2009-06-12 10:52 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll 2009-06-16 14:39 . 2009-06-16 14:39 -------- d-----w- c:\programdata\GARMIN 2009-06-16 07:09 . 2009-06-16 20:45 -------- d-----w- C:\Garmin 2009-06-15 07:02 . 2008-12-04 00:25 120832 ----a-w- c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll 2009-06-14 14:49 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll 2009-06-14 14:49 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll 2009-06-12 12:51 . 2009-06-12 12:51 -------- d-----w- c:\users\Woody\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1 2009-06-12 10:53 . 2009-06-12 10:52 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe 2009-06-12 10:52 . 2009-06-12 10:49 1452312 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll 2009-06-11 06:34 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys 2009-06-01 14:23 . 2009-06-01 14:23 -------- d-----w- c:\program files\Infogrames 2009-05-31 12:04 . 2009-05-31 12:04 -------- d-----w- c:\users\Woody\AppData\Local\Apple Computer 2009-05-31 12:04 . 2009-05-31 12:04 -------- d-----w- c:\users\Woody\AppData\Roaming\Apple Computer 2009-05-31 12:03 . 2009-05-31 12:03 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} 2009-05-31 12:02 . 2009-05-31 12:02 -------- d-----w- c:\program files\Bonjour 2009-05-31 12:01 . 2009-06-20 16:34 -------- d-----w- c:\programdata\Apple Computer 2009-05-31 12:01 . 2009-05-31 12:01 -------- d-----w- c:\users\Woody\AppData\Local\Apple 2009-05-31 12:01 . 2009-05-31 12:01 -------- d-----w- c:\program files\Apple Software Update 2009-05-31 11:59 . 2009-06-20 16:17 -------- d-----w- c:\program files\Common Files\Apple 2009-05-31 11:59 . 2009-05-31 11:59 -------- d-----w- c:\programdata\Apple . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-25 11:37 . 2008-12-31 18:53 -------- d-----w- c:\programdata\avg8 2009-06-24 22:25 . 2009-04-07 20:28 -------- d-----w- c:\users\Woody\AppData\Roaming\Spotify 2009-06-20 15:10 . 2009-01-01 22:50 -------- d-----w- c:\users\Woody\AppData\Roaming\uTorrent 2009-06-19 22:14 . 2008-06-12 09:57 -------- d-----w- c:\program files\Google 2009-06-17 09:42 . 2008-12-31 18:53 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-06-16 07:09 . 2009-04-17 18:29 -------- d-----w- c:\users\Woody\AppData\Roaming\GARMIN 2009-06-15 22:46 . 2009-01-28 22:45 -------- d-----w- c:\users\Woody\AppData\Roaming\Download Manager 2009-06-12 10:52 . 2008-12-31 18:53 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-06-11 21:52 . 2008-06-12 10:00 -------- d-----w- c:\program files\Microsoft Works 2009-06-05 15:28 . 2008-12-31 17:55 104848 ----a-w- c:\users\Woody\AppData\Local\GDIPFONTCACHEV1.DAT 2009-06-01 14:23 . 2008-06-12 09:12 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-05-26 23:18 . 2009-01-08 21:04 -------- d-----w- c:\users\Woody\AppData\Roaming\FileZilla 2009-05-23 21:52 . 2009-04-12 15:16 -------- d-----w- c:\program files\EA GAMES 2009-05-23 21:44 . 2009-05-05 16:36 -------- d-----w- c:\program files\Opera 2009-05-23 21:41 . 2009-01-27 22:11 -------- d-----w- c:\program files\Audible 2009-05-19 12:05 . 2009-02-26 21:07 -------- d-----w- c:\programdata\TrackMania 2009-05-15 20:53 . 2009-05-14 19:41 -------- d-----w- c:\program files\Microsoft SQL Server 2009-05-14 19:50 . 2009-05-14 19:48 -------- d-----w- c:\program files\Microsoft Small Business 2009-05-14 19:43 . 2008-12-31 23:37 -------- d-----w- c:\program files\Microsoft.NET 2009-05-14 02:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2009-05-08 14:17 . 2008-12-31 18:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-05-08 14:17 . 2009-01-27 17:00 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-05-02 18:28 . 2009-05-02 18:28 -------- d-----w- c:\users\Woody\AppData\Roaming\TSO 2009-05-02 18:12 . 2009-05-02 18:11 -------- d-----w- c:\program files\DSA Theory Test 2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr 2009-04-27 17:51 . 2009-04-27 17:44 -------- d-----w- c:\users\Woody\AppData\Roaming\Audacity 2009-04-27 17:50 . 2009-04-27 17:50 -------- d-----w- c:\program files\Lame for Audacity 2009-04-27 17:44 . 2009-04-27 17:44 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2009-04-24 16:05 . 2009-06-11 06:33 827904 ----a-w- c:\windows\system32\wininet.dll 2009-04-24 16:02 . 2009-06-11 06:33 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-04-24 13:44 . 2009-06-11 06:33 26624 ----a-w- c:\windows\system32\ieUnatt.exe 2009-04-23 12:43 . 2009-06-11 06:33 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-04-23 12:42 . 2009-06-11 06:33 636928 ----a-w- c:\windows\system32\localspl.dll 2009-04-22 18:13 . 2009-04-27 14:37 98304 ----a-w- c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll 2009-04-22 18:13 . 2009-04-27 14:37 77824 ----a-w- c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll 2009-04-18 12:32 . 2009-04-18 12:34 38208 ----a-w- c:\users\Woody\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe 2009-04-12 20:38 . 2009-04-12 20:38 717296 ----a-w- c:\windows\system32\drivers\sptd.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408] "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-02 39408] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560] "MPEGVideo"="c:\users\Woody\AppData\Local\MPEG\MPEGVideo.dll" [2009-06-20 110592] "Google Update"="c:\users\Woody\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-06-20 133104] "Startup Manager"="c:\program files\Advanced System Optimizer\startUp manager.exe" [2007-06-22 919280] "WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-12 1836544] "Toshiba TEMPO"="c:\program files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe" [2008-11-06 103824] "topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-12-15 184320] "Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-03-25 417792] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-01-17 431456] "HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2007-10-31 54608] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-01-25 509816] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-03-19 716800] "HDMICtrlMan"="c:\program files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe" [2008-04-02 716800] "Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaRegistration.exe" [2008-01-11 574864] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888] "ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2009-06-12 1181576] "NDSTray.exe"="NDSTray.exe" [BU] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-3-8 113664] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{D8A0FBA4-6634-4EF4-AD1A-EDAF1E479EF8}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe "{CD12D63D-0CA4-4CC0-9580-7790FD75CE70}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe "{222C1ABA-FA8D-433E-85A0-9222D8516F10}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In) "{E7F25D3D-F435-41BE-8EAE-414AA092ACEB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In) "{3CA6D47D-B826-44B2-BAA0-0412358CAFD3}"= UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "{A9F6857F-C7DB-4299-87FE-E2ABA7B6562F}"= TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008 "TCP Query User{01AC52A1-D089-45A1-9008-11C31BC39D54}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox "UDP Query User{D5499B53-EAEC-4443-BC2E-A65C76CC2CEC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox "TCP Query User{9E42E09C-C751-4DA9-9C07-BBA9D5478792}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary "UDP Query User{70E02054-C4D8-41C4-A5CC-AB98B0876F5D}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary "TCP Query User{D27D7672-2177-481B-87C8-613C296620C2}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "UDP Query User{7BDB398B-0CC3-4516-A825-57C74B400F4C}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver "TCP Query User{25FA1F52-590A-443F-9CDE-02D30C18389C}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "UDP Query User{F83C13E7-693A-4AEC-BA9E-0CCE23EADDC2}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application "{36064164-A778-4518-9AD6-26D184669B04}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync "TCP Query User{75CB9EA3-C0E8-445A-82C3-95C4A992FC2D}c:\\program files\\tmnationsforever\\tmforever.exe"= UDP:c:\program files\tmnationsforever\tmforever.exe:TmForever "UDP Query User{6F1FF3EA-D378-49EA-A0D2-E4D4FF1DFB96}c:\\program files\\tmnationsforever\\tmforever.exe"= TCP:c:\program files\tmnationsforever\tmforever.exe:TmForever "TCP Query User{2D4C7940-8377-4EDA-985A-291A7892A480}c:\\xampp\\apache\\bin\\apache.exe"= UDP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{556F403E-3879-472D-B20A-AF521F6B52AA}c:\\xampp\\apache\\bin\\apache.exe"= TCP:c:\xampp\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{55061F6F-EE6A-4675-B9E7-2691C07C23A1}c:\\xampp\\mysql\\bin\\mysqld.exe"= UDP:c:\xampp\mysql\bin\mysqld.exe:mysqld "UDP Query User{8EBADCF6-B61D-4B69-8808-F69144FFE413}c:\\xampp\\mysql\\bin\\mysqld.exe"= TCP:c:\xampp\mysql\bin\mysqld.exe:mysqld "TCP Query User{AEF287A9-61FC-4862-B8A5-2F4CD092EDCB}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify "UDP Query User{8EBFDE14-F64C-4F9A-8006-A336E9402BDC}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify "{5C08C395-4B6F-4B26-BABB-8E95B7629E16}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour "{B20B8783-3077-40FF-A3E4-0C573EE35131}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [20/06/2009 18:34 130936] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [31/12/2008 19:53 327688] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [27/01/2009 18:00 108552] R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\System32\drivers\jswpslwf.sys [31/12/2008 18:59 20352] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [31/12/2008 19:53 906520] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [31/12/2008 19:53 298776] R2 ConfigFree Service;ConfigFree Service;c:\program files\Toshiba\ConfigFree\CFSvcs.exe [17/04/2008 00:19 40960] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 22:31 29263712] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [20/06/2009 18:33 348752] R2 TempoMonitoringService;Notebook Performance Tuning Service ;c:\program files\Toshiba TEMPRO\TempoSVC.exe [06/11/2008 02:57 99720] R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\Toshiba\SMARTLogService\TosIPCSrv.exe [03/12/2007 18:03 126976] R3 O2MDRDR;O2MDRDR;c:\windows\System32\drivers\o2media.sys [15/04/2008 09:13 51160] R3 QIOMem;Generic IO & Memory Access;c:\windows\System32\drivers\QIOMem.sys [09/04/2007 16:13 8192] R3 SmartFaceVWatchSrv;SmartFaceVWatchSrv;c:\program files\Toshiba\SmartFaceV\SmartFaceVWatchSrv.exe [25/08/2008 10:58 77824] S2 gupdate1c96ccaa65802b1;Google Update Service (gupdate1c96ccaa65802b1);c:\program files\Google\Update\GoogleUpdate.exe [02/01/2009 12:09 133104] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\drivers\ASPI32.SYS [28/01/2009 23:17 84832] S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\Jumpstart\jswpsapi.exe [31/12/2008 18:59 937984] --- Other Services/Drivers In Memory --- Deregistered - mchInjDrv . Contents of the 'Scheduled Tasks' folder 2009-06-25 c:\windows\Tasks\GoogleUpdateTaskMachine.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-01-02 11:09] 2009-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2436731861-3120910842-1155494356-1000.job - c:\users\Woody\AppData\Local\Google\Update\GoogleUpdate.exe [2009-06-20 17:14] 2009-06-24 c:\windows\Tasks\User_Feed_Synchronization-{4F68153C-0B91-40E1-9D61-7CFC2924C8D1}.job - c:\windows\system32\msfeedssync.exe [2008-01-21 02:24] . - - - - ORPHANS REMOVED - - - - HKCU-Run-TOSCDSPD - TOSCDSPD.EXE HKLM-Run-jswtrayutil - c:\program files\Jumpstart\jswtrayutil.exe . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local FF - ProfilePath - c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-GB.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-GB:official FF - prefs.js: keyword.URL - about:neterror?e=query&u= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll FF - component: c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll FF - component: c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll FF - component: c:\users\Woody\AppData\Roaming\Mozilla\Firefox\Profiles\krupknjf.default\extensions\geode@labs.mozilla.com\platform\WINNT_x86-msvc\components\loki.dll FF - plugin: c:\progra~1\MEADCO~1\npmeadax.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Skyhook Wireless\Loki Browser Plugin\nploki.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\Woody\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13. *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-25 16:46 Windows 6.0.6001 Service Pack 1 NTFS detected NTDLL code modification: ZwClose scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(3612) c:\program files\Spyware Doctor\pctgmhk.dll c:\users\Woody\AppData\Local\MPEG\MPEGVideo.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\windows\System32\Ati2evxx.exe c:\windows\System32\audiodg.exe c:\windows\System32\Ati2evxx.exe c:\windows\System32\wlanext.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe c:\program files\Spyware Doctor\pctsSvc.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe c:\windows\System32\TODDSrv.exe c:\program files\Toshiba\Power Saver\TosCoSrv.exe c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\windows\System32\drivers\XAudio.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\AVG\AVG8\avgtray.exe c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\program files\Toshiba\ConfigFree\NDSTray.exe c:\program files\Toshiba\TOSCDSPD\TOSCDSPD.exe c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe c:\windows\System32\regsvr32.exe c:\program files\Toshiba\HDMICtrlMan\HCMSoundChanger.exe c:\program files\Toshiba\ConfigFree\CFSwMgr.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\program files\Apoint2K\hidfind.exe c:\program files\Apoint2K\ApntEx.exe c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe . ************************************************************************ . Completion time: 2009-06-25 16:54 - machine was rebooted ComboFix-quarantined-files.txt 2009-06-25 15:53 Pre-Run: 63,059,927,040 bytes free Post-Run: 65,981,464,576 bytes free 308 --- E O F --- 2009-06-18 15:51