ComboFix Log;
ComboFix 08-12-26.03 - Sami 2008-12-28 13:34:31.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.502.140 [GMT 0:00]
Running from: c:\documents and settings\Sami.BWD-94BD83BA8FB\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Sami.BWD-94BD83BA8FB\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point
FILE ::
c:\windows\Tasks\bxwkvnby.job
c:\windows\Tasks\xkntcnvr.job
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Sami.BWD-94BD83BA8FB\Application Data\gadcom
c:\documents and settings\Sami.BWD-94BD83BA8FB\Application Data\gadcom\gadcom.exe
c:\documents and settings\Sami.BWD-94BD83BA8FB\Local Settings\Temporary Internet Files\fbk.sts
c:\windows\system32\~.exe
c:\windows\system32\asrenoqb.dll
c:\windows\system32\febobafi.dll
c:\windows\system32\FgggfMoq.ini
c:\windows\system32\FgggfMoq.ini2
c:\windows\system32\fnidfejc.dll
c:\windows\system32\ftpeutqk.ini
c:\windows\system32\openebir.ini
c:\windows\system32\prunnet.exe
c:\windows\system32\qoMfgggF.dll
c:\windows\system32\ribenepo.dll
c:\windows\system32\umpyez.dll
c:\windows\Tasks\bxwkvnby.job
c:\windows\Tasks\xkntcnvr.job
.
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.
2008-12-28 02:00 . 2008-12-28 10:37 <DIR> d--h----- C:\$AVG8.VAULT$
2008-12-28 01:55 . 2008-12-28 01:57 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-12-28 01:55 . 2008-12-28 01:55 <DIR> d-------- c:\documents and settings\Sami.BWD-94BD83BA8FB\Application Data\AVGTOOLBAR
2008-12-28 01:55 . 2008-12-28 01:55 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-12-28 01:55 . 2008-12-28 01:55 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys
2008-12-28 01:55 . 2008-12-28 01:55 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-12-28 01:54 . 2008-12-28 01:54 <DIR> d-------- c:\program files\AVG
2008-12-28 01:54 . 2008-12-28 13:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-12-24 19:28 . 2008-12-24 19:28 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2008-12-24 14:27 . 2008-10-16 14:06 268,648 --a------ c:\windows\system32\mucltui.dll
2008-12-24 14:27 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-24 14:27 . 2008-10-16 14:06 27,496 --a------ c:\windows\system32\mucltui.dll.mui
2008-12-24 14:11 . 2008-12-24 14:11 <DIR> d-------- c:\program files\Trend Micro
2008-12-24 03:34 . 2008-12-24 03:34 <DIR> d-------- C:\VundoFix Backups
2008-12-24 01:36 . 2008-12-24 01:36 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-24 01:36 . 2008-12-24 01:36 <DIR> d-------- c:\documents and settings\Sami.BWD-94BD83BA8FB\Application Data\SUPERAntiSpyware.com
2008-12-24 01:36 . 2008-12-24 01:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-24 01:35 . 2008-12-24 01:35 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-24 00:47 . 2008-12-24 00:47 <DIR> d-------- c:\windows\system32\izp
2008-12-24 00:47 . 2008-12-24 00:47 <DIR> d-------- c:\temp\REX81
2008-12-24 00:47 . 2008-12-27 23:21 <DIR> d-------- C:\Temp
2008-12-23 21:24 . 2008-12-23 21:24 <DIR> d-------- c:\documents and settings\Sami.BWD-94BD83BA8FB\Contacts
2008-12-23 21:19 . 2008-12-23 21:20 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-12-23 21:18 . 2008-12-23 21:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-12-23 20:29 . 2008-12-23 20:29 <DIR> d-------- c:\documents and settings\Sami.BWD-94BD83BA8FB\Application Data\Malwarebytes
2008-12-23 20:22 . 2008-12-23 20:22 <DIR> d-------- c:\program files\Turbo Tube
2008-12-23 20:17 . 2008-12-23 20:17 <DIR> d-------- c:\documents and settings\Sami.BWD-94BD83BA8FB\Application Data\CyberPatrol Client
2008-12-23 20:16 . 2006-07-30 03:06 <DIR> d-------- c:\documents and settings\Sami.BWD-94BD83BA8FB\WINDOWS
2008-12-23 20:16 . 2006-07-30 03:06 <DIR> d-------- c:\documents and settings\Sami.BWD-94BD83BA8FB\Application Data\toshiba
2008-12-23 20:16 . 2006-07-30 03:06 <DIR> d-------- c:\documents and settings\Sami.BWD-94BD83BA8FB\Application Data\InstallShield
2008-12-23 20:16 . 2008-12-24 15:58 <DIR> d-------- c:\documents and settings\Sami.BWD-94BD83BA8FB
2008-12-23 19:30 . 2008-12-23 19:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-22 17:52 . 2008-12-22 17:52 <DIR> d-------- c:\documents and settings\Guest\Application Data\CyberPatrol Client
2008-12-22 17:49 . 2006-07-30 03:06 <DIR> d-------- c:\documents and settings\Guest\WINDOWS
2008-12-22 17:49 . 2006-07-30 03:06 <DIR> d-------- c:\documents and settings\Guest\Application Data\toshiba
2008-12-22 17:49 . 2006-07-30 03:06 <DIR> d-------- c:\documents and settings\Guest\Application Data\InstallShield
2008-12-22 17:49 . 2008-12-28 01:55 <DIR> d-------- c:\documents and settings\Guest
2008-12-22 14:41 . 2008-12-22 15:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-22 12:48 . 2008-12-22 12:48 <DIR> d-------- c:\documents and settings\you2uf\Application Data\CyberPatrol Client
2008-12-22 12:47 . 2006-07-30 03:06 <DIR> d-------- c:\documents and settings\you2uf\WINDOWS
2008-12-22 12:47 . 2006-07-30 03:06 <DIR> d-------- c:\documents and settings\you2uf\Application Data\toshiba
2008-12-22 12:47 . 2006-07-30 03:06 <DIR> d-------- c:\documents and settings\you2uf\Application Data\InstallShield
2008-12-22 12:47 . 2008-12-28 01:55 <DIR> d-------- c:\documents and settings\you2uf
2008-12-22 09:57 . 2008-12-28 09:56 <DIR> d-------- c:\program files\Angels Online
2008-12-20 15:17 . 2008-12-20 15:17 <DIR> d-------- c:\program files\Rockstar Games
2008-12-20 00:16 . 2008-12-20 00:16 <DIR> d-------- c:\windows\system32\LogFiles
2008-12-19 21:55 . 2008-09-15 11:57 1,846,016 --a--c--- c:\windows\system32\dllcache\win32k.sys
2008-12-19 21:55 . 2008-10-24 11:10 453,632 --a--c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-19 21:55 . 2008-10-15 16:57 332,800 --a--c--- c:\windows\system32\dllcache\netapi32.dll
2008-12-19 21:31 . 2008-12-24 14:42 <DIR> d-------- c:\windows\system32\CatRoot_bak
2008-12-19 21:25 . 2008-12-19 21:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Messenger Plus!
2008-12-19 21:25 . 2008-12-19 21:25 244 --ah----- C:\sqmnoopt19.sqm
2008-12-19 21:25 . 2008-12-19 21:25 232 --ah----- C:\sqmdata19.sqm
2008-12-19 20:47 . 2008-12-19 20:47 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-12-19 19:46 . 2008-12-23 21:18 <DIR> d-------- c:\program files\Windows Live
2008-12-19 19:46 . 2008-12-19 19:46 <DIR> d-------- c:\program files\Messenger Plus! Live
2008-12-19 19:46 . 2008-12-19 19:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Iso Web Bags Else
2008-12-19 19:12 . 2008-12-28 02:06 268 --ah----- C:\sqmdata18.sqm
2008-12-19 19:12 . 2008-12-28 02:06 244 --ah----- C:\sqmnoopt18.sqm
2008-12-19 14:35 . 2008-12-28 01:02 268 --ah----- C:\sqmdata17.sqm
2008-12-19 14:35 . 2008-12-28 01:02 244 --ah----- C:\sqmnoopt17.sqm
2008-12-19 14:02 . 2008-12-24 21:19 268 --ah----- C:\sqmdata16.sqm
2008-12-19 14:02 . 2008-12-24 21:19 244 --ah----- C:\sqmnoopt16.sqm
2008-12-19 13:56 . 2008-12-24 21:15 268 --ah----- C:\sqmdata15.sqm
2008-12-19 13:56 . 2008-12-24 21:15 244 --ah----- C:\sqmnoopt15.sqm
2008-12-19 13:34 . 2008-12-24 20:56 268 --ah----- C:\sqmdata14.sqm
2008-12-19 13:34 . 2008-12-24 20:56 244 --ah----- C:\sqmnoopt14.sqm
2008-12-19 13:20 . 2008-12-24 15:58 268 --ah----- C:\sqmdata13.sqm
2008-12-19 13:20 . 2008-12-24 15:58 244 --ah----- C:\sqmnoopt13.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 10:54 --------- d-----w c:\program files\Norton PC Checkup
2008-12-28 01:46 --------- d-----w c:\program files\Sophos
2008-12-24 04:07 --------- d-----w c:\program files\GrandBilliards
2008-12-23 21:21 --------- d-----w c:\program files\MSN Messenger
2008-12-22 15:06 --------- d-----w c:\program files\Common Files\Symantec Shared
2006-12-12 10:13 32,768 ----a-w c:\documents and settings\All Users\Application Data\EBLib.dll
2006-07-28 15:25 19,456 ----a-w c:\documents and settings\All Users\Application Data\LPCFilter.sys
2008-09-27 11:03 60,928 --sha-w c:\windows\system32\kiligefu.dll
2008-09-27 11:03 60,928 --sha-w c:\windows\system32\rafomife.dll
.
((((((((((((((((((((((((((((( snapshot@2008-12-27_23.26.57.71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-28 01:55:20 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys
+ 2008-09-28 10:48:46 64,000 --sha-w c:\windows\system32\nayazika.dll
+ 2008-09-28 10:48:46 64,000 --sha-w c:\windows\system32\pasugusa.dll
+ 2006-12-01 22:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-02 00:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-02 00:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-02 00:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-02 00:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-02 00:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-02 00:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-02 00:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-02 00:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-02 00:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-02 00:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-02 00:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-02 00:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c1f82430-a97c-4d69-bcc4-0661e8679c9d}]
c:\windows\system32\sonudodu.dll [BU]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-07 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-07 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-07 118784]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2006-04-12 638976]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"SVPWUTIL"="c:\program files\Toshiba\Windows Utilities\SVPWUTIL.exe" [2006-05-25 65536]
"TPNF"="c:\program files\TOSHIBA\TouchPad\TPTray.exe" [2007-06-01 53248]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-26 495616]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-24 196608]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"CyberPatrolNew"="c:\program files\SurfControl\CyberPatrol\cphq.exe" [2007-01-31 1451536]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-28 1261336]
"ditupigeha"="c:\windows\system32\pasugusa.dll" [2008-09-28 64000]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 c:\windows\RTHDCPL.exe]
"NDSTray.exe"="NDSTray.exe" [BU]
"TPSMain"="TPSMain.exe" [2005-08-11 c:\windows\system32\TPSMain.exe]
"TCtryIOHook"="TCtrlIOHook.exe" [2007-06-30 c:\windows\system32\TCtrlIOHook.exe]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" [2005-12-27 c:\windows\system32\TDispVol.exe]
"Zooming"="ZoomingHook.exe" [2005-06-06 c:\windows\system32\ZoomingHook.exe]
"CFSServ.exe"="CFSServ.exe" [BU]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-22 734872]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\windows\system32\wagonire.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\ComboFix\\fdsv.cfexe"=
"c:\\WINDOWS\\system32\\cscript.exe"=
"c:\\Program Files\\Toshiba\\TOSHIBA Zooming Utility\\SmoothView.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Toshiba\\TOSHIBA Controls\\TFncKy.exe"=
"c:\\WINDOWS\\RTHDCPL.exe"=
"c:\\WINDOWS\\explorer.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-12-28 97928]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-22 55024]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-12-28 875288]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-12-28 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-12-28 76040]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2007-07-23 14336]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\DRIVERS\tdudf.sys [2007-03-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\DRIVERS\trudf.sys [2007-02-19 134016]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
S3 TpChoice;Touch Pad Detection Filter driver;c:\windows\system32\DRIVERS\TpChoice.sys []
.
Contents of the 'Scheduled Tasks' folder
2008-08-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]
2008-12-28 c:\windows\Tasks\Norton PC Checkup WeekDay Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-28 10:54]
2008-12-28 c:\windows\Tasks\Norton PC Checkup Weekend Scanner.job
- c:\program files\norton pc checkup\PC_Checkup.exe [2008-12-28 10:54]
2007-09-19 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00]
2007-09-19 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00]
2007-09-19 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 12:00]
2008-12-28 c:\windows\Tasks\rsebfegx.job
- c:\windows\system32\rundll32.exe [2004-08-04 12:00]
.
- - - - ORPHANS REMOVED - - - -
BHO-{37705fa1-abef-42a8-8097-6943ca5b812e} - c:\windows\system32\umpyez.dll
BHO-{6AE6A31D-DA85-4387-9684-DDAA8BFB5566} - c:\windows\system32\qoMfgggF.dll
Notify-nnnmnKcA - nnnmnKcA.dll
.
------- Supplementary Scan -------
.
LSP: c:\windows\system32\cplsp.dll
c:\windows\Downloaded Program Files\sysreqlab_srl.dll - O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E}
hxxp://www.srtest.com/srl_bin/sysreqlab_srl.cabc:\windows\Downloaded Program Files\sysreqlab.osd
FF - ProfilePath - c:\documents and settings\Sami.BWD-94BD83BA8FB\Application Data\Mozilla\Firefox\Profiles\7f5yjilx.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=FF - prefs.js: browser.search.selectedEngine - Google
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-12-28 13:40:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
- - - - - - - > 'lsass.exe'(760)
c:\windows\system32\cplsp.dll
c:\program files\SurfControl\CyberPatrol\cpadvutils.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
c:\program files\Toshiba\TOSHIBA Direct Disc Writer\DDWMon.exe
c:\program files\Toshiba\ConfigFree\CFSServ.exe
c:\windows\system32\TPSBattM.exe
c:\program files\SurfControl\CyberPatrol\cpserver.exe
c:\program files\Apoint2K\ApntEx.exe
c:\program files\SurfControl\CyberPatrol\cpACtrl.exe
c:\program files\SurfControl\CyberPatrol\cpCCtrl.exe
c:\program files\SurfControl\CyberPatrol\cpkbinst.exe
c:\docume~1\SAMI~1.BWD\LOCALS~1\temp\SSUPDATE.EXE
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2008-12-28 13:43:00 - machine was rebooted [Sami]
ComboFix-quarantined-files.txt 2008-12-28 13:42:55
ComboFix2.txt 2008-12-27 23:27:47
Pre-Run: 61,803,139,072 bytes free
Post-Run: 61,743,226,880 bytes free
296 --- E O F --- 2008-12-27 23:29:11
HijackThis Log;
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:43:57, on 28/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\WINDOWS\system32\TDispVol.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SurfControl\CyberPatrol\cpserver.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\SurfControl\CyberPatrol\cpACtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpCCtrl.exe
C:\Program Files\SurfControl\CyberPatrol\cpkbinst.exe
C:\DOCUME~1\SAMI~1.BWD\LOCALS~1\Temp\SSUPDATE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=74005O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: (no name) - {c1f82430-a97c-4d69-bcc4-0661e8679c9d} - C:\WINDOWS\system32\sonudodu.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CyberPatrolNew] "C:\Program Files\SurfControl\CyberPatrol\cphq.exe" /m
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [ditupigeha] Rundll32.exe "C:\WINDOWS\system32\pasugusa.dll",s
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://www.srtest.com/srl_bin/sysreqlab_srl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 0203118046O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\wagonire.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\WINDOWS\system32\TODDSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
--
End of file - 8083 bytes