ComboFix 09-03-06.02 - Sumayyas 2009-03-09 22:33:52.1 - NTFSx86 Running from: E:\ComboFix.exe . [i] ADS - svchost.exe: deleted 88 bytes in 2 streams. [/i] ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-9-1-34-100004916-100002351-100019669-3487.com c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\drivers\gaopdxbftpuyapuymsrnabsibitawsbfqjwxdk.sys c:\windows\system32\drivers\gaopdxbgixbwqbrpxujdulepgxfasekvttjgaj.sys c:\windows\system32\drivers\gaopdxeclwpvauhnyyhsdpyeqkjeqwkulkhktm.sys c:\windows\system32\drivers\gaopdxlsfkaiyutfeoaqpygjxdgnxobhosunkd.sys c:\windows\system32\dumphive.exe c:\windows\system32\gaopdxbotvxjowqbyptrelxetnopilmyqvnjns.dll c:\windows\system32\gaopdxcounter c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_gaopdxserv.sys ((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 ))))))))))))))))))))))))))))))) . 2050-03-01 01:02 . 2009-03-01 01:42 d-------- c:\documents and settings\Sumayyas\Application Data\Fidelity Investments 2009-03-09 21:25 . 2009-03-09 21:25 d-------- c:\program files\Alwil Software 2009-03-09 21:25 . 2003-03-18 20:20 1,060,864 --a------ c:\windows\system32\MFC71.dll 2009-03-09 19:16 . 2001-08-17 22:36 12,800 --a------ c:\windows\system32\svchost.ex_ 2009-03-09 18:28 . 2009-03-09 18:28 d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-03-09 17:41 . 2009-03-09 17:41 d-------- c:\documents and settings\Sumayyas\Application Data\Malwarebytes 2009-03-09 16:34 . 2009-03-09 16:34 d-------- c:\documents and settings\Sumayyas\DoctorWeb 2009-03-09 16:08 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-03-09 16:07 . 2009-03-09 16:08 d-------- c:\program files\Malwarebytes' Anti-Malware 2009-03-09 16:07 . 2009-03-09 16:07 d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-03-09 16:07 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-03-09 15:17 . 2009-03-09 15:19 d-------- c:\documents and settings\Sumayyas\Application Data\GetRightToGo 2009-03-09 12:20 . 2009-03-09 12:20 d-------- c:\documents and settings\Administrator\Application Data\TuneUp Software 2009-03-09 10:08 . 2008-04-19 15:23 d-------- c:\documents and settings\Administrator\WINDOWS 2009-03-09 10:08 . 2009-03-09 10:08 d-------- c:\documents and settings\Administrator 2009-03-09 05:05 . 2009-03-09 21:50 d-a------ c:\documents and settings\All Users\Application Data\TEMP 2009-03-09 03:44 . 2009-03-09 03:57 d-------- c:\documents and settings\Sumayyas\Application Data\Lavasoft 2009-03-09 02:16 . 2009-03-09 02:16 30,714,880 --a------ c:\windows\EAV_NT32_ENU.MSI 2009-03-09 00:26 . 2009-03-09 01:33 d-------- c:\program files\MLDownloader 2009-03-08 17:24 . 2009-03-09 02:14 d-------- c:\documents and settings\All Users\Application Data\Nirvana Systems 2009-03-08 17:23 . 2009-03-08 17:23 d-------- c:\program files\Common Files\Business Objects 2009-03-08 17:21 . 2005-06-22 13:24 1,667,072 --a------ c:\windows\system32\DXdbGrid.dll 2009-03-08 17:21 . 2005-06-22 13:24 266,240 --a------ c:\windows\system32\dXPSystm.dll 2009-03-08 17:20 . 2009-03-08 22:33 d-------- c:\program files\Nirvana 2009-03-08 15:20 . 2009-03-08 15:40 d-------- c:\program files\AmiBroker 2009-03-03 21:18 . 2009-03-03 21:19 d-------- c:\program files\Internet Download Manager 2009-03-03 21:18 . 2009-03-09 15:53 d-------- c:\documents and settings\Sumayyas\Application Data\IDM 2009-03-03 21:18 . 2009-03-09 16:34 d-------- c:\documents and settings\Sumayyas\Application Data\DMCache 2009-03-01 02:13 . 2009-03-01 21:25 d-------- c:\program files\Yahoo & Google Historical Quotes Downloader 2009-03-01 02:13 . 2009-03-01 02:13 d-------- c:\program files\Common Files\Thraex Software 2009-03-01 02:13 . 2009-03-01 02:14 88,017 --a------ c:\windows\Yahoo & Google Historical Quotes Downloader Uninstaller.exe 2009-03-01 02:13 . 2009-03-08 23:21 1,312 --a------ c:\windows\ydownloaderlibpr.ini 2009-03-01 02:04 . 1998-03-03 02:04 399 --a------ c:\windows\mxdb.ocx 2009-03-01 01:25 . 2009-03-03 01:03 36 --a------ c:\windows\EWA3.INI 2009-03-01 01:23 . 2003-11-28 18:04 913,680 --a------ c:\windows\ELLIOTTENGINE3045.DLL 2009-03-01 01:23 . 1998-11-24 06:51 170,496 --a------ c:\windows\system32\msfl651.dll 2009-03-01 01:22 . 2009-03-03 00:57 d-------- c:\program files\Elliott Wave Analyzer 3 2009-03-01 01:22 . 2004-08-09 22:57 7,131,136 --a------ c:\windows\Elliott Research Project.scr 2009-03-01 01:22 . 1999-10-30 01:00 167,936 --a------ c:\windows\system32\ccrpftv6.ocx 2009-03-01 01:22 . 2002-03-13 16:46 53,248 --a------ c:\windows\ZLIB.DLL 2009-02-26 11:54 . 2009-02-26 12:12 36 --a------ c:\windows\EWA4.INI 2009-02-26 00:50 . 2009-02-26 00:50 d-------- c:\documents and settings\Sumayyas\advfn 2009-02-15 00:05 . 2009-02-15 00:05 d-------- C:\5f042568839a3d23ba583c0e38b54e24 2009-02-10 14:00 . 2009-02-10 14:02 d-------- c:\program files\Common Files\Activ Software 2009-02-10 14:00 . 2009-02-10 14:02 d-------- c:\program files\Activ Software 2009-02-10 14:00 . 2009-02-10 14:02 d-------- c:\documents and settings\All Users\Application Data\Activ Software 2009-02-10 14:00 . 2007-11-09 10:23 4,480 --a------ c:\windows\system32\drivers\activmouse.sys 2009-02-10 13:56 . 2001-08-17 13:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-09 12:13 --------- d-----w c:\documents and settings\All Users\Application Data\SecTaskMan 2009-03-09 10:27 --------- d-----w c:\program files\Spybot - Search & Destroy 2009-03-09 10:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-08 17:20 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-04 23:50 --------- d-----w c:\documents and settings\Sumayyas\Application Data\dvdcss 2009-02-22 18:42 --------- d-----w c:\documents and settings\Sumayyas\Application Data\OpenOffice.org2 2009-02-04 01:37 --------- d-----w c:\documents and settings\Sumayyas\Application Data\uTorrent 2009-02-04 01:33 --------- d-----w c:\program files\Security Task Manager 2009-01-23 22:59 --------- d-----w c:\program files\OpenOffice.org 2.4 2008-12-14 02:42 119,120 ----a-w c:\windows\dxsdkuninst.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}] 2008-11-25 22:37 204248 --a------ c:\program files\Hotspot Shield\hssie\HssIE.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496] "SiS Windows KeyHook"="c:\windows\System32\keyhook.exe" [2004-02-27 241664] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-02-27 135168] "ActivFilter"="c:\program files\Activ Software\Activdriver\ActivFilter.exe" [2002-11-07 23552] "ActivControl"="c:\program files\Activ Software\Activdriver\ActivControl2.exe" [2007-11-09 1003520] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "SiSPower"="SiSPower.dll" [2006-03-09 c:\windows\system32\SiSPower.dll] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264] c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T\wlan111t.exe [2008-05-11 884840] SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2008-07-31 9618728] Utility Tray.lnk - c:\windows\system32\sistray.exe [2008-04-19 262144] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"="0x00000000" "UpdatesDisableNotify"="0x00000000" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "enablefirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"= "c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"= "c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCGui.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\iPhone Tunnel Suite 2.7 BETA\\iTunnel\\iTunnel.exe"= "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-09 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-09 20560] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-03-09 170640] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592] R3 ActivHidSerMini;Promethean Serial Board Driver;c:\windows\system32\drivers\activhidsermini.sys [2007-11-09 54656] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-03-09 15504] R3 prmvmouse;Promethean HID Mouse Service;c:\windows\system32\drivers\activmouse.sys [2009-02-10 4480] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2008-05-11 17149] S4 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Board Drivers\UCService.exe [2008-07-31 492840] S4 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [2008-07-31 1037608] S4 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [2008-07-31 1205544] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-03-06 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 14:17] 2009-03-09 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20] 2008-04-19 c:\windows\Tasks\Registration reminder 1.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-14 00:12] 2008-04-19 c:\windows\Tasks\Registration reminder 2.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-14 00:12] 2008-04-19 c:\windows\Tasks\Registration reminder 3.job - c:\windows\System32\OOBE\oobebaln.exe [2008-04-14 00:12] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Sumayyas\Application Data\Mozilla\Firefox\Profiles\[u]0[/u]k56y212.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - component: c:\documents and settings\Sumayyas\Application Data\IDM\idmmzcc2\components\idmmzcc.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.notify.interval - 600000 FF - user.js: content.switch.threshold - 1000000 FF - user.js: nglayout.initialpaint.delay - 600 . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-03-09 22:38:42 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-03-09 22:42:23 ComboFix-quarantined-files.txt 2009-03-09 22:41:39 Pre-Run: 63,963,987,968 bytes free Post-Run: 64,136,372,224 bytes free 197 --- E O F --- 2009-03-05 19:16:32