ComboFix 13-01-24.02 - teo 24.01.2013 23:00:54.1.1 - x86 Microsoft® Windows 7 Eternity™ 2009 6.1.7600.0.1252.1.1033.18.3002.1798 [GMT 0:00] Running from: c:\users\teo\Desktop\etc.exe SP: Spyware Doctor *Enabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\teo\865126897.exe c:\users\teo\AppData\Local\fogdgwdk.log c:\users\teo\AppData\Local\hhwasvhn.log c:\users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe c:\users\teo\AppData\Local\lvppufel.log c:\users\teo\AppData\Local\svfcmhrw.log c:\users\teo\AppData\Local\tmmpfeyt.log c:\users\teo\AppData\Local\umcfdocn.log c:\users\teo\AppData\Local\xfawoaio.log c:\users\teo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rssgqiad.exe c:\users\teo\AppData\Roaming\SQLite3.dll c:\windows\system32\rockers.reg c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe c:\windows\system32\weber c:\windows\system32\weber\key.exe c:\windows\wininit.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MICORSOFT_WINDOWS_SERVICE -------\Service_Micorsoft Windows Service . . ((((((((((((((((((((((((( Files Created from 2012-12-24 to 2013-01-24 ))))))))))))))))))))))))))))))) . . 2013-01-24 23:30 . 2013-01-24 23:33 -------- d-----w- c:\users\teo\AppData\Local\temp 2013-01-24 22:12 . 2013-01-24 22:12 -------- d-----w- C:\_OTL 2013-01-24 22:09 . 2013-01-24 22:09 -------- d-----w- C:\TDSSKiller_Quarantine 2013-01-23 23:43 . 2013-01-24 00:20 -------- d-----w- c:\program files\GridinSoft Trojan Killer 2013-01-23 21:50 . 2013-01-24 00:28 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2013-01-23 21:46 . 2013-01-24 22:15 -------- d-----w- c:\program files\Spybot - Search & Destroy 2 2013-01-23 19:27 . 2013-01-23 19:27 -------- d-----w- c:\program files\Alwil Software 2013-01-23 19:03 . 2013-01-23 19:03 -------- d-----w- c:\users\teo\AppData\Local\Avg2013 2013-01-23 19:03 . 2013-01-23 19:03 -------- d-----w- c:\users\teo\AppData\Local\MFAData 2013-01-23 18:41 . 2013-01-23 19:04 -------- d-----w- c:\programdata\MFAData 2013-01-23 17:34 . 2013-01-24 23:29 -------- d-----w- c:\users\teo\AppData\Local\jmbtgiqm . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-13 20:12 . 2012-12-03 04:02 8107 ----a-w- c:\windows\w7dsd.reg 2012-12-13 20:12 . 2012-12-03 04:02 8089 ----a-w- c:\windows\w7dse.reg 2012-12-03 13:02 . 2012-12-03 13:02 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys 2012-12-03 04:02 . 2012-12-03 04:02 233888 ----a-w- c:\windows\system32\DreamScene.dll 2012-11-06 12:47 . 2012-10-03 20:08 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-09-11 859648] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2009-11-10 5244216] "DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2007-09-06 136136] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-04-17 196608] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-01-08 18705664] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "UIExec"="c:\program files\ZTE Join Air\UIExec.exe" [2010-11-01 139088] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-04 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-04 174104] "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-04 151064] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-04 98304] "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "BTCentre"="c:\genius\BTCentre\gBTMouseTask.exe" [2007-01-12 483328] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888] "CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2010-12-17 332288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Welcome Center"="c:\windows\system32\OobeFldr.dll" [2009-09-11 859648] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] . c:\users\teo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-1-8 576000] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ RocketDock.lnk - c:\program files\RocketDock\RocketDock.exe [2009-9-16 495616] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoSMBalloonTip"= 1 (0x1) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 "AntiVirusOverride"=dword:00000001 . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 GarenaPEngine;GarenaPEngine;c:\users\teo\AppData\Local\Temp\TMK72A4.tmp [x] R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [x] R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x] S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x] S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [x] S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x] S2 UI Assistant Service;UI Assistant Service;c:\program files\ZTE Join Air\AssistantServices.exe [x] S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x86.sys [x] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Contents of the 'Scheduled Tasks' folder . 2013-01-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549153393-2252973610-2979537789-1000Core.job - c:\users\teo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 23:11] . 2013-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2549153393-2252973610-2979537789-1000UA.job - c:\users\teo\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-06 23:11] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.privitize.com/?aff=7 mStart Page = hxxp://search.privitize.com/?aff=7 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - c:\users\teo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{97EF9BAF-8912-42D7-AC59-C7F0361C7B07}: NameServer = 208.67.222.222,208.67.220.220 FF - ProfilePath - c:\users\teo\AppData\Roaming\Mozilla\Firefox\Profiles\ybdj3nci.default\ FF - prefs.js: browser.search.selectedEngine - Privitize VPN FF - prefs.js: browser.startup.homepage - hxxp://search.privitize.com/?aff=7 FF - prefs.js: keyword.URL - hxxp://search.privitize.com/?aff=7&q= FF - prefs.js: network.proxy.type - 4 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-AdobeBridge - (no file) HKCU-Run-RssGqiad - c:\users\teo\AppData\Local\jmbtgiqm\rssgqiad.exe HKLM-Run-jsafesurf - c:\windows\Help32\safesurf.exe HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe SafeBoot-12704551.sys SafeBoot-mbamchameleon AddRemove-AVS Screen Capture_is1 - c:\program files\AVS4YOU\AVSScreenCapture\unins000.exe AddRemove-AVS Update Manager_is1 - c:\program files\AVS4YOU\AVSUpdateManager\unins000.exe AddRemove-AVS Video Editor_is1 - c:\program files\AVS4YOU\AVSVideoEditor\unins000.exe AddRemove-AVS Video Recorder_is1 - c:\program files\AVS4YOU\AVSVideoRecorder\unins000.exe AddRemove-AVS4YOU Software Navigator_is1 - c:\program files\AVS4YOU\AVSSoftwareNavigator\unins000.exe AddRemove-CCleaner - d:\ccleaner\uninst.exe AddRemove-IndustryPlayer 6 - c:\progra~1\INDUST~1\UNWISE.EXE AddRemove-Kengeki Gaiden - d:\m&b\Modules\Kengeki Gaiden\uninst.exe AddRemove-Mount&Blade - d:\mb2\uninstall.exe AddRemove-PokerStars - c:\program files\PokerStars\PokerStarsUninstall.exe AddRemove-Tzar - d:\tzar\Uninst.isu AddRemove-Vue 6 xStream 32bit - d:\vue 6\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GarenaPEngine] "ImagePath"="\??\c:\users\teo\AppData\Local\Temp\TMK72A4.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2549153393-2252973610-2979537789-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) . [HKEY_USERS\S-1-5-21-2549153393-2252973610-2979537789-1000\Software\SecuROM\License information*] "datasecu"=hex:c0,f6,4a,5e,d1,2c,c9,01,0e,de,af,66,fe,90,4c,5b,3d,d6,03,59,1a, f9,d7,ed,d8,4e,38,59,4c,be,c6,1f,d6,b1,41,32,5b,e7,a6,52,7c,ba,35,58,b9,22,\ "rkeysecu"=hex:55,8e,17,91,d1,34,12,19,11,2f,37,a6,b4,ac,d1,ec . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(1884) c:\program files\RocketDock\RocketDock.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\crypserv.exe c:\windows\system32\taskhost.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Synaptics\SynTP\SynTPHelper.exe c:\program files\Yahoo!\Messenger\YahooMessenger.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Completion time: 2013-01-24 23:39:06 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-24 23:39 . Pre-Run: 7.759.839.232 bytes free Post-Run: 7.463.559.168 bytes free . - - End Of File - - D55D1149BB3EAF3585C1A0A71EA1CB12