ComboFix 11-07-07.02 - Allaho akbar 07/07/2011 15:34:47.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1256.20.1033.18.2046.943 [GMT 2:00] Running from: c:\documents and settings\Allaho akbar\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {11638345-E4FC-4BEE-BB73-EC754659C5F6} FW: Avira FireWall *Disabled* {11638345-E4FC-4BEE-BB73-EC754659C5F6} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Allaho akbar\Application Data\Adobe\plugs c:\documents and settings\Allaho akbar\Application Data\Adobe\plugs\KB11360046.exe c:\documents and settings\Allaho akbar\Application Data\Adobe\plugs\KB11360078.exe c:\documents and settings\Allaho akbar\Application Data\Adobe\shed c:\documents and settings\Allaho akbar\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk c:\documents and settings\Allaho akbar\Local Settings\Application Data\{A8A69470-7647-490C-898A-6A108C0B4B0E} c:\documents and settings\Allaho akbar\Local Settings\Application Data\{A8A69470-7647-490C-898A-6A108C0B4B0E}\chrome.manifest c:\documents and settings\Allaho akbar\Local Settings\Application Data\{A8A69470-7647-490C-898A-6A108C0B4B0E}\chrome\content\_cfg.js c:\documents and settings\Allaho akbar\Local Settings\Application Data\{A8A69470-7647-490C-898A-6A108C0B4B0E}\chrome\content\overlay.xul c:\documents and settings\Allaho akbar\Local Settings\Application Data\{A8A69470-7647-490C-898A-6A108C0B4B0E}\install.rdf c:\documents and settings\Allaho akbar\Start Menu\Programs\Antimalware Doctor c:\windows\oxagoloputuye.dll c:\windows\wskocp.dll E:\install.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-07 to 2011-07-07 ))))))))))))))))))))))))))))))) . . 2011-07-07 13:29 . 2011-07-07 13:30 -------- d-----w- C:\samy 2011-07-07 11:01 . 2011-07-07 11:01 0 ----a-w- c:\windows\Wtebapuhidonok.bin 2011-07-07 11:00 . 2011-07-07 11:03 -------- d-----w- c:\documents and settings\Allaho akbar\Application Data\60190952C188D60FA2F4E3874805AFD5 2011-07-07 10:57 . 2006-06-16 09:16 205312 ----a-w- c:\program files\Mozilla Firefox\plugins\NPMXENG.DLL 2011-07-07 10:57 . 2006-06-16 09:16 205312 ----a-w- c:\program files\Internet Explorer\PLUGINS\NPMXENG.DLL 2011-07-06 17:53 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll 2011-07-06 17:53 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll 2011-07-03 19:57 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2011-06-19 13:36 . 2011-06-19 13:36 -------- d-----w- c:\documents and settings\Allaho akbar\Local Settings\Application Data\Opera 2011-06-19 13:36 . 2011-06-19 13:36 -------- d-----w- c:\program files\Opera 2011-06-16 20:58 . 2011-06-16 20:58 -------- d-----w- c:\windows\SxsCaPendDel 2011-06-16 20:22 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-15 17:32 . 2011-06-15 17:32 -------- d-----w- c:\documents and settings\Allaho akbar\Local Settings\Application Data\SKIDROW 2011-06-12 13:52 . 2011-06-12 13:52 -------- d-----w- c:\documents and settings\Allaho akbar\Local Settings\Application Data\3DMGAME . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-07 13:45 . 2011-04-17 19:12 17488 ----a-w- c:\windows\gdrv.sys 2011-05-25 06:09 . 2011-04-07 19:15 54272 ----a-w- c:\windows\system32\nvwddi.dll 2011-05-25 06:09 . 2011-04-07 19:15 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-05-25 06:09 . 2011-04-07 19:15 154728 ----a-w- c:\windows\system32\nvsvc32.exe 2011-05-25 06:09 . 2011-04-07 19:15 13895272 ----a-w- c:\windows\system32\nvcpl.dll 2011-05-25 06:09 . 2011-04-30 19:10 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-05-25 06:09 . 2011-04-30 19:10 2808936 ----a-w- c:\windows\system32\nvcuvid.dll 2011-05-25 06:09 . 2011-04-30 19:10 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-05-25 06:09 . 2011-04-07 19:15 543336 ----a-w- c:\windows\system32\easyupdatusapiu.dll 2011-05-25 06:09 . 2011-04-07 19:15 145000 ----a-w- c:\windows\system32\nvcolor.exe 2011-05-25 06:09 . 2008-07-31 11:29 16068608 ----a-w- c:\windows\system32\nvoglnt.dll 2011-05-25 06:09 . 2011-04-30 19:10 13004800 ----a-w- c:\windows\system32\nvcompiler.dll 2011-05-25 06:09 . 2008-07-26 04:48 5332992 ----a-w- c:\windows\system32\nvcuda.dll 2011-05-25 06:09 . 2008-07-26 04:48 4198272 ----a-w- c:\windows\system32\nv4_disp.dll 2011-05-25 06:09 . 2008-07-26 04:48 2328576 ----a-w- c:\windows\system32\nvapi.dll 2011-05-25 06:09 . 2008-07-26 04:48 12753664 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2011-05-04 22:43 . 2011-05-04 21:52 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-05-04 22:43 . 2011-05-04 21:52 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-05-04 22:43 . 2011-05-04 21:52 79432 ----a-w- c:\windows\system32\drivers\avfwim.sys 2011-05-04 22:43 . 2011-05-04 21:52 102856 ----a-w- c:\windows\system32\drivers\avfwot.sys 2011-05-02 15:31 . 2011-04-17 18:53 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2006-02-28 12:00 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2006-02-28 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-26 15:33 . 2011-04-26 15:33 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-04-26 15:33 . 2011-04-26 15:33 411368 ----a-w- c:\windows\system32\deploytk.dll 2011-04-25 16:11 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2006-02-28 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2006-02-28 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2006-02-28 12:00 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2006-02-28 12:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-18 20:25 . 2011-04-18 20:25 717296 ----a-w- c:\windows\system32\drivers\sptd.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2011-03-02 15:23 68216 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-01 2424192] "RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2009-10-14 3217368] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-19 399736] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-04-25 3298712] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320] "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2010-08-15 824224] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504] "RTHDCPL"="RTHDCPL.EXE" [2009-06-25 17887232] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "InCD"="c:\program files\Nero\Nero 7\InCD\InCD.exe" [2006-11-10 1051648] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-05-04 282792] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272] "NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Opera\\opera.exe"= "f:\\Program Files\\Capcom\\Super Street Fighter IV\\SSFIV.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"= . R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/04/2011 10:25 ã 717296] R1 avfwot;avfwot;c:\windows\system32\drivers\avfwot.sys [04/05/2011 11:52 ã 102856] R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [25/04/2011 05:41 ã 98160] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17/02/2010 08:25 ã 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/05/2010 08:41 ã 67656] R2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [04/05/2011 11:52 ã 536232] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [04/05/2011 11:52 ã 337064] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [04/05/2011 11:52 ã 135336] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [04/05/2011 11:52 ã 405672] R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [17/04/2011 09:05 ã 219360] R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [17/04/2011 09:05 ã 68136] R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [30/04/2011 09:11 ã 2214504] R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [18/04/2011 10:58 Õ 632792] R3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\drivers\avfwim.sys [04/05/2011 11:52 ã 79432] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [17/04/2011 09:08 ã 1684736] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = local IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{A70BFEC6-C7D1-4E8C-B667-976A138D6902}: NameServer = 8.8.8.8,88.88.44.44 FF - ProfilePath - c:\documents and settings\Allaho akbar\Application Data\Mozilla\Firefox\Profiles\3fgw25lv.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: SkipScreen: SkipScreen@SkipScreen - %profile%\extensions\SkipScreen@SkipScreen FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\Allaho akbar\Application Data\IDM\idmmzcc3 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Exisifucipisozoq - c:\windows\wskocp.dll HKLM-Run-Clilenupehukuh - c:\windows\oxagoloputuye.dll AddRemove-MatrixEngine 1.0 - f:\program files\MatrixEngine 1.0\UNINST\UNINST.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-07 15:46 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{0307aeda-8f59-43a7-862a-8e7da3135965}] @Denied: (Full) (Everyone) "Model"=dword:000000a5 "Therad"=dword:0000000f "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):50,bb,67,22,09,84,68,cf,f3,af,67,71,7f,15,32,bf,23,f4,47,0f,8d, 91,3a,df,1b,b6,2b,fb,81,59,24,49,2e,4e,80,3d,88,10,92,3b,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1724) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(1780) c:\program files\Avira\AntiVir Desktop\avsda.dll . - - - - - - - > 'explorer.exe'(2732) c:\windows\system32\WININET.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\Internet Download Manager\IDMShellExt.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Nero\Nero 7\InCD\InCDsrv.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\windows\system32\nvsvc32.exe c:\windows\RTHDCPL.EXE c:\windows\system32\RunDLL32.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe c:\program files\Internet Download Manager\IEMonitor.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Avira\AntiVir Desktop\usrreq.exe . ************************************************************************** . Completion time: 2011-07-07 15:49:40 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-07 13:49 . Pre-Run: 9,185,894,400 bytes free Post-Run: 9,838,346,240 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 4B936F42FD7A14B37B03116D4338DC0D