ComboFix 12-06-20.02 - Mosley Family 21/06/2012 17:51:36.6.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.3327.2505 [GMT 1:00] Running from: c:\documents and settings\Mosley Family\Desktop\Gotcha.exe Command switches used :: c:\documents and settings\Mosley Family\Desktop\CFScript.txt AV: Kaspersky Internet Security *Enabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security *Enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} . FILE :: "c:\documents and settings\Mosley Family\Start Menu\Programs\Startup\xgttiuor.exe" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Mosley Family\Local Settings\Application Data\axbcctbn.log c:\documents and settings\Mosley Family\Local Settings\Application Data\buqrabeh.log c:\documents and settings\Mosley Family\Local Settings\Application Data\eqrjlpnl.log c:\documents and settings\Mosley Family\Local Settings\Application Data\lwupdjfe.log c:\documents and settings\Mosley Family\Local Settings\Application Data\nplmpljh.log c:\documents and settings\Mosley Family\Local Settings\Application Data\pachxufb c:\documents and settings\Mosley Family\Local Settings\Application Data\reecrujf.log c:\documents and settings\Mosley Family\Local Settings\Application Data\yhwojtwq.log c:\documents and settings\Mosley Family\Start Menu\Programs\Startup\xgttiuor.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-21 to 2012-06-21 ))))))))))))))))))))))))))))))) . . 2012-06-21 10:46 . 2012-06-21 10:48 309320 ----a-w- c:\windows\system32\drivers\TrufosAlt.sys 2012-06-20 18:41 . 2012-06-20 18:41 -------- d-----w- C:\_OTL 2012-06-19 21:09 . 2012-06-19 21:09 -------- d-----w- c:\documents and settings\Mosley Family\Application Data\SUPERAntiSpyware.com 2012-06-19 21:09 . 2012-06-19 21:09 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-06-19 21:09 . 2012-06-19 21:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2012-06-19 20:48 . 2012-06-19 20:48 -------- d-----w- c:\program files\Hewlett-Packard 2012-05-27 15:56 . 2012-05-27 15:56 -------- d-----w- c:\documents and settings\Mosley Family\Application Data\Malwarebytes 2012-05-25 20:43 . 2012-05-25 20:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-05-25 20:43 . 2012-05-27 17:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-05-25 20:43 . 2012-04-04 14:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-25 18:16 . 2012-05-25 18:16 -------- d-----w- C:\sh4ldr 2012-05-25 18:16 . 2012-05-25 18:16 -------- d-----w- c:\program files\Enigma Software Group 2012-05-25 18:15 . 2012-05-25 18:15 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-05-24 19:25 . 2012-05-24 21:01 -------- d-----w- c:\documents and settings\Mosley Family\Application Data\AVG 2012-05-24 19:11 . 2012-05-25 08:54 -------- d-----w- c:\documents and settings\Mosley Family\Local Settings\Application Data\LogMeIn Rescue Applet 2012-05-24 18:04 . 2012-05-24 19:41 115369 ----a-w- c:\windows\system32\drivers\klin.dat 2012-05-24 18:04 . 2012-05-24 19:41 97961 ----a-w- c:\windows\system32\drivers\klick.dat 2012-05-24 18:02 . 2012-06-21 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2012-05-24 18:02 . 2012-05-24 18:02 -------- d-----w- c:\program files\Kaspersky Lab . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-21 10:15 . 2008-04-15 09:24 409600 ----a-w- c:\windows\system32\wrap_oal.dll 2012-06-21 10:15 . 2008-04-15 09:24 114688 ----a-w- c:\windows\system32\OpenAL32.dll 2012-06-19 21:32 . 2012-04-05 10:50 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-19 21:32 . 2011-06-17 08:23 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-04-14 15:26 . 2012-04-14 15:26 657822 ----a-w- c:\windows\P5KC-1203.zip 2012-04-04 12:13 . 2012-04-04 12:13 23376 ----a-r- c:\windows\system32\SZIO5.dll 2012-04-04 12:13 . 2012-04-04 12:13 546640 ----a-r- c:\windows\system32\SZComp5.dll 2012-04-04 12:13 . 2012-04-04 12:13 481104 ----a-r- c:\windows\system32\SZBase5.dll 2012-03-29 15:36 . 2012-03-29 15:36 72080 ----a-r- c:\windows\system32\drivers\SZKGFS.sys 2012-03-27 16:03 . 2008-04-13 11:04 6100072 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys 2012-01-09 17:56 . 2011-04-02 19:20 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728] "Akamai NetSession Interface"="c:\documents and settings\Mosley Family\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-17 3906944] "SetDefaultMIDI"="MIDIDef.exe" [2005-04-22 73728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UMonit"="c:\windows\system32\umonit.exe" [2005-05-23 53248] "BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440] "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-12-13 296056] "Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2008-01-28 1413120] "CPU Power Monitor"="c:\program files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200] "Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152] "ASUS Energy Saving"="c:\program files\ASUS\AI Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "RTHDCPL"="RTHDCPL.EXE" [2012-03-14 20065896] "Norton Ghost 9.0"="c:\program files\Symantec\Norton Ghost\Agent\GhostTray.exe" [2004-07-29 1122304] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "P17Helper"="SPIRun.dll" [2006-07-03 10752] "avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296] . c:\documents and settings\Mosley Family\Start Menu\Programs\Startup\ OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000] Scheduler.lnk - c:\progra~1\WinTV\SCHEDU~1\scheduler.exe [2009-2-15 4700712] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-2-15 110647] DataViz Inc Messenger.lnk - c:\program files\Common Files\DataViz\DvzIncMsgr.exe [2008-10-5 28672] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TPSvc] TPSvc.dll [BU] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DataViz Inc Messenger.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\DataViz Inc Messenger.lnk backup=c:\windows\pss\DataViz Inc Messenger.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk backup=c:\windows\pss\HotSync Manager.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk] backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Mosley Family^Start Menu^Programs^Startup^MagicDisc.lnk] backup=c:\windows\pss\MagicDisc.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Mosley Family^Start Menu^Programs^Startup^palmOne Registration.lnk] path=c:\documents and settings\Mosley Family\Start Menu\Programs\Startup\palmOne Registration.lnk backup=c:\windows\pss\palmOne Registration.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] 2007-05-25 11:13 1957888 ----a-r- c:\windows\system32\xRaidSetup.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2006-09-14 06:55 61440 ----a-w- c:\program files\Adobe\Photoshop Elements 5.0\apdproxy.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2010-11-03 17:13 64104 ----a-w- c:\windows\ALCMTR.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305] 2005-08-05 14:15 61440 ----a-w- c:\windows\VM305_STI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go] 2005-12-12 08:36 143360 ------w- c:\program files\Creative\MediaSource5\Go\CTCMSGoU.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager] 2003-12-22 07:38 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2011-05-10 01:41 49208 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] 2007-03-20 13:36 36864 ----a-r- c:\windows\RaidTool\xInsIDE.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx] 2008-02-27 16:56 1032376 ----a-w- c:\program files\Kontiki\KHost.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] 2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Alarm Clock] 2006-02-02 13:36 1254400 ----a-w- c:\program files\PC Alarm Clock\pcalarmclock.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2006-11-23 14:10 56928 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2012-03-14 12:40 20065896 ----a-w- c:\windows\RTHDCPL.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-07-29 11:31 17361032 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2005-10-26 17:17 159744 ----a-r- c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2008-01-21 11:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\MSN BackUp\\MSNBackup.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Program Files\\TVAnts\\Tvants.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Microsoft Games\\Flight Simulator 9\\fs9.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"= "c:\\Documents and Settings\\Mosley Family\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1044:TCP"= 1044:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [24/02/2012 15:28 99728] R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [29/03/2012 16:36 72080] R1 HCW88AUD;Hauppauge WinTV 88x Audio Capture;c:\windows\system32\drivers\hcw88aud.sys [15/02/2009 17:41 12928] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352] R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [29/07/2004 04:13 46779] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [18/04/2012 10:20 101112] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608] R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [02/08/2011 06:09 192776] R2 EPGService;EPGService;c:\progra~1\WinTV\EPG Services\System\EPGService.exe [15/02/2009 18:11 437248] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [25/05/2012 21:43 654408] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [04/05/2012 18:21 737184] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [09/03/2011 13:30 92592] R2 ubsbm;Unibrain 1394 SBM Driver;c:\windows\system32\drivers\UBSBM.sys [27/07/2005 17:25 14080] R2 ubumapi;Unibrain 1394 FireAPI Driver;c:\windows\system32\drivers\UBUMAPI.sys [27/07/2005 17:25 36352] R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [13/04/2008 12:05 38656] R3 fixustor;fixustor;c:\windows\system32\drivers\fixustor.sys [05/02/2009 18:14 6016] R3 HCW88BDA;Hauppauge WinTV 88x DVB Tuner/Demod;c:\windows\system32\drivers\hcw88bda.sys [15/02/2009 17:41 182400] R3 hcw88rc5;Hauppauge WinTV 88x IR Decoder;c:\windows\system32\drivers\hcw88rc5.sys [15/02/2009 17:41 12288] R3 HCW88TSE;Hauppauge WinTV 88x MPEG/TS Capture;c:\windows\system32\drivers\hcw88tse.sys [15/02/2009 17:41 320256] R3 HCW88TUNE;Hauppauge WinTV 88x Tuner;c:\windows\system32\drivers\hcw88tun.sys [15/02/2009 17:41 74624] R3 hcw88vid;Hauppauge WinTV 88x Video;c:\windows\system32\drivers\hcw88vid.sys [15/02/2009 17:41 394880] R3 HCW88XBAR;Hauppauge WinTV 88x Crossbar;c:\windows\system32\drivers\hcw88bar.sys [15/02/2009 17:41 17280] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [25/05/2012 21:43 22344] R3 ubohci;Unibrain 1394 OHCI Driver;c:\windows\system32\drivers\ubohci.sys [27/07/2005 17:25 77056] S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [24/02/2012 15:28 99728] S0 MxEFUF;Matrox Extio Upper Function Filter;c:\windows\system32\drivers\MxEFUF32.sys [18/04/2012 22:09 102728] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [18/09/2009 16:22 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [05/04/2012 11:50 257224] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [20/04/2012 16:10 1691480] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdXP3.sys [16/04/2012 12:23 99856] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [02/06/2011 11:08 11336] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [18/09/2009 16:22 133104] S3 imhidusb;Immersion's HID USB Driver;c:\windows\system32\drivers\imhidusb.sys [27/10/2009 16:43 30920] S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [02/02/2009 17:30 89256] S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [02/02/2009 17:30 15016] S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [02/02/2009 17:30 120744] S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [02/02/2009 17:30 114216] S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [02/02/2009 17:30 25512] S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [02/02/2009 17:30 110632] S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [02/02/2009 17:30 115752] S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [02/02/2009 17:30 90536] S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [02/02/2009 17:30 15016] S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [02/02/2009 17:30 122152] S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [02/02/2009 17:30 115496] S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [02/02/2009 17:30 25768] S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [02/02/2009 17:30 111912] S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [02/02/2009 17:30 117672] S3 s816bus;Sony Ericsson Device 816 driver (WDM);c:\windows\system32\drivers\s816bus.sys [20/05/2008 17:16 81832] S3 s816mdfl;Sony Ericsson Device 816 USB WMC Modem Filter;c:\windows\system32\drivers\s816mdfl.sys [20/05/2008 17:16 13864] S3 s816mdm;Sony Ericsson Device 816 USB WMC Modem Driver;c:\windows\system32\drivers\s816mdm.sys [20/05/2008 17:16 107304] S3 s816mgmt;Sony Ericsson Device 816 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s816mgmt.sys [20/05/2008 18:24 99112] S3 s816nd5;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (NDIS);c:\windows\system32\drivers\s816nd5.sys [20/05/2008 18:24 21928] S3 s816obex;Sony Ericsson Device 816 USB WMC OBEX Interface;c:\windows\system32\drivers\s816obex.sys [20/05/2008 18:23 97320] S3 s816unic;Sony Ericsson Device 816 USB Ethernet Emulation SEMCMR7 (WDM);c:\windows\system32\drivers\s816unic.sys [20/05/2008 18:24 97704] S3 usbaucmd;usbaucmd;c:\windows\system32\drivers\usbaucmd.sys --> c:\windows\system32\drivers\usbaucmd.sys [?] S3 vvftav;vvftav;c:\windows\system32\drivers\vvftav.sys [19/04/2009 19:54 474368] S3 ZSMC0305;USB PC Camera VC305;c:\windows\system32\drivers\usbVM305.sys [16/09/2010 18:55 391688] . Contents of the 'Scheduled Tasks' folder . 2012-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:32] . 2012-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 16:57] . 2012-06-21 c:\windows\Tasks\AVG PC Tuneup Integrator Start On Mosley Family Logon.job - c:\program files\AVG\AVG PC Tuneup\BoostSpeed.exe [2012-05-24 16:20] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 15:22] . 2012-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-18 15:22] . 2012-06-21 c:\windows\Tasks\ParetoLogic Registration.job - c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2008-02-22 12:25] . 2012-01-16 c:\windows\Tasks\ParetoLogic Update Version2.job - c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 12:25] . 2012-06-21 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-507921405-448539723-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14] . 2012-05-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-507921405-448539723-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-08 16:14] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} uInternet Settings,ProxyOverride = uSearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{E725B942-BB4D-4B55-9CFE-78F2C62F7423}: NameServer = 212.74.112.66,212.74.112.67 DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab FF - ProfilePath - c:\documents and settings\Mosley Family\Application Data\Mozilla\Firefox\Profiles\5ojqtqh8.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Linkury Smartbar Search FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ FF - prefs.js: keyword.URL - hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q= FF - user.js: yahoo.homepage.dontask - true . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-21 17:59 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run UMonit = c:\windows\system32\umonit.exe?1??$?\???8?????????$?8?????$?C?US????8???UB????????????????????????????A~????????????tq??l??????|p??|????m??|??D~??????????$?B$?|??B~??B~*?,???$???????????????????????????????B~????????????tq??????T???????????tq??????L?????? BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@?Y???????????? P17Helper = Rundll32 SPIRun.dll,RunDLLEntry? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-507921405-448539723-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:22,62,e5,92,41,cb,fb,3d,21,4a,d6,7b,48,99,35,fe,14,1e,e4,e1,29,bc,69, cd,1e,39,51,4b,9a,7c,ea,d7,3d,58,5d,4c,6f,f9,d0,24,76,17,b4,51,e8,9a,22,a1,\ "??"=hex:16,10,91,32,90,a8,f8,b3,2f,a3,c0,66,2e,9e,28,65 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1220) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\atiadlxx.dll . - - - - - - - > 'explorer.exe'(5716) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\iS3\Anti-Spyware\SZServer.exe c:\windows\system32\Ati2evxx.exe c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe c:\windows\system32\CTsvcCDA.exe c:\windows\System32\GEARSec.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Kontiki\KService.exe c:\windows\system32\Rundll32.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\program files\ASUS\AASP\1.00.59\aaCenter.exe c:\program files\OpenOffice.org 3\program\soffice.exe c:\program files\OpenOffice.org 3\program\soffice.bin c:\windows\system32\HPZipm12.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe . ************************************************************************** . Completion time: 2012-06-21 18:07:01 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-21 17:06 ComboFix2.txt 2012-06-21 15:53 ComboFix3.txt 2012-06-21 14:52 ComboFix4.txt 2012-06-20 22:00 ComboFix5.txt 2012-06-21 16:50 . Pre-Run: 251,268,399,104 bytes free Post-Run: 251,224,412,160 bytes free . - - End Of File - - BC391719B406513CF2678909CFC11FA7