COMBOFIX LOG:
ComboFix 08-05-15.3 - Administrator 2008-05-16 21:05:14.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1292 [GMT 9.5:30]
Running from: C:\Users\Administrator\Downloads\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\ltdkstjr.ini
C:\Windows\system32\pqshqyfo.ini
C:\Windows\system32\qoMfdbyx.dll
C:\Windows\System32\qvhvitui.ini
C:\Windows\system32\ryrxkbay.ini
C:\Windows\System32\xybdfMoq.ini
C:\Windows\System32\xybdfMoq.ini2
C:\Windows\system32\yepovbof.ini
.
((((((((((((((((((((((((( Files Created from 2008-04-16 to 2008-05-16 )))))))))))))))))))))))))))))))
.
2008-05-16 14:07 . 2008-05-16 14:07 1,410,612 ---hs---- C:\Windows\System32\ltdkstjr.tmp
2008-05-16 14:06 . 2008-05-16 14:06 91,264 --------- C:\Windows\System32\rjtskdtl.dll
2008-05-16 13:00 . 2008-05-16 13:00 <DIR> d-------- C:\VundoFix Backups
2008-05-16 10:46 . 2008-05-16 10:46 91,264 --a------ C:\Windows\System32\iutivhvq.dll
2008-05-16 10:28 . 2008-05-16 09:32 253,952 --a------ C:\Windows\vbksrofa.dll
2008-05-16 10:28 . 2008-05-16 09:31 237,568 --a------ C:\Windows\mpfanvqg.dll
2008-05-16 10:28 . 2008-05-16 09:32 159,744 --a------ C:\Windows\exnk.exe
2008-05-15 21:53 . 2008-05-15 21:53 <DIR> d-------- C:\Users\All Users\Trymedia
2008-05-15 21:53 . 2008-05-15 21:53 <DIR> d-------- C:\PROGRA~2\Trymedia
2008-05-15 21:41 . 2008-05-15 22:56 <DIR> d-------- C:\Program Files\rFactor
2008-05-09 11:03 . 2008-05-09 11:03 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_ggsemc_01005.Wdf
2008-05-09 09:59 . 2008-05-09 09:59 1,419,232 --a------ C:\Windows\System32\wdfcoinstaller01005.dll
2008-05-09 09:59 . 2008-05-09 09:59 20,520 --a------ C:\Windows\System32\drivers\ggsemc.sys
2008-05-09 09:59 . 2008-05-09 09:59 13,352 --a------ C:\Windows\System32\drivers\ggflt.sys
2008-05-07 21:20 . 2008-05-08 23:25 54,156 --ah----- C:\Windows\QTFont.qfn
2008-05-07 21:20 . 2008-05-07 21:20 1,409 --a------ C:\Windows\QTFont.for
2008-05-07 19:22 . 2008-05-07 19:22 <DIR> d-------- C:\Users\All Users\Sony
2008-05-07 19:22 . 2008-05-07 19:22 <DIR> d-------- C:\Users\Administrator\AppData\Roaming\Sony
2008-05-07 19:22 . 2008-05-07 19:22 <DIR> d-------- C:\PROGRA~2\Sony
2008-05-07 17:35 . 2008-05-07 17:35 <DIR> d-------- C:\Users\All Users\BVRP Software
2008-05-07 17:35 . 2008-05-07 17:40 <DIR> d-------- C:\Program Files\Avanquest update
2008-05-07 17:35 . 2008-05-07 17:35 <DIR> d-------- C:\PROGRA~2\BVRP Software
2008-05-07 17:14 . 2008-05-09 09:59 <DIR> d-------- C:\Users\All Users\Sony Ericsson
2008-05-07 17:14 . 2008-05-09 09:58 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-05-07 17:14 . 2008-05-09 09:59 <DIR> d-------- C:\PROGRA~2\Sony Ericsson
2008-04-17 14:11 . 2008-04-17 14:11 <DIR> d-------- C:\Users\All Users\OrbNetworks
2008-04-17 14:11 . 2008-04-17 14:11 <DIR> d-------- C:\Program Files\Winamp Remote
2008-04-17 14:11 . 2008-04-17 14:11 <DIR> d-------- C:\PROGRA~2\OrbNetworks
2008-04-17 11:11 . 2008-04-17 11:11 1,160 --a------ C:\Windows\mozver.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 11:41 73,362,720 --sha-w C:\Windows\system32\drivers\fidbox.dat
2008-05-16 11:41 --------- d-----w C:\PROGRA~2\Kaspersky Lab
2008-05-16 11:39 985,628 --sha-w C:\Windows\system32\drivers\fidbox.idx
2008-05-16 10:35 --------- d---a-w C:\PROGRA~2\TEMP
2008-05-16 02:18 --------- d-----w C:\Program Files\Spyware Doctor
2008-05-16 01:16 --------- d-----w C:\Program Files\WebSite-Watcher
2008-05-16 00:16 --------- d-----w C:\Users\Administrator\AppData\Roaming\LimeWire
2008-05-15 04:38 19,460 ----a-w C:\Users\Administrator\AppData\Roaming\CTPErrorLog.dat
2008-05-14 11:32 --------- d-----w C:\Program Files\Windows Mail
2008-05-14 11:32 --------- d-----w C:\PROGRA~2\Microsoft Help
2008-05-14 11:24 --------- d-----w C:\Users\Administrator\AppData\Roaming\Azureus
2008-05-08 04:36 --------- d-----w C:\Users\Administrator\AppData\Roaming\dvdcss
2008-05-07 08:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-05 23:52 --------- d-----w C:\Users\Administrator\AppData\Roaming\CTP
2008-04-29 06:12 --------- d-----w C:\Program Files\LimeWire
2008-04-17 12:43 96,645 ----a-w C:\Windows\system32\drivers\klin.dat
2008-04-17 12:43 87,941 ----a-w C:\Windows\system32\drivers\klick.dat
2008-04-17 06:31 --------- d-----w C:\Program Files\Azureus
2008-04-17 05:44 --------- d-----w C:\Program Files\AoA DVD Ripper
2008-04-17 05:43 --------- d-----w C:\Program Files\Right Web Monitor Pro
2008-04-17 05:43 --------- d-----w C:\Program Files\PokerRoom.com
2008-04-17 04:41 --------- d-----w C:\Program Files\Winamp
2008-04-17 04:39 --------- d-----w C:\Users\Administrator\AppData\Roaming\Winamp
2008-04-15 03:48 --------- d-----w C:\Users\Administrator\AppData\Roaming\Talkback
2008-04-11 03:38 --------- d-----w C:\PROGRA~2\Office Genuine Advantage
2008-04-01 01:47 --------- d-----w C:\Program Files\Java
2008-03-24 22:36 --------- d-----w C:\Program Files\Equis
2008-02-22 02:56 44,661 ----a-w C:\Users\Administrator\TVC2603_CRK.zip
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-08-31 23:20 174 --sha-w C:\Program Files\desktop.ini
2006-04-04 17:06 45,728 ----a-w C:\Users\Administrator\TVC2603_CRK.exe
2005-08-30 16:48 5,257,216 ----a-w C:\Users\Administrator\W40k.exe
2008-01-23 00:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-23 00:24 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-23 00:24 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-04-25 00:59 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
2007-04-25 00:59 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012007042520070426\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 11:02 81920]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 12:24 1232896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-21 23:29 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:37 4390912 C:\Windows\RtHDVCpl.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 03:25 144784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2007-03-09 19:20 200768]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:10 155648]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-28 00:29 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-28 00:29 8473120]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-28 00:29 81920]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 06:00 33648]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-04-22 12:44 171448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"mpfanvqg"= {90489911-67EC-46BF-85D8-6FB394A8E046} - C:\Windows\mpfanvqg.dll [2008-05-16 09:31 237568]
"vbksrofa"= {469AFC7C-3CEF-496D-A5A3-AFDB89E4D25B} - C:\Windows\vbksrofa.dll [2008-05-16 09:32 253952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\Windows\system32\qoMfdbyx
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 05:54 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"NvMediaCenter"=RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"MSServer"=rundll32.exe C:\Windows\system32\wvUkKecb.dll,#1
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{865BC150-CFC0-463D-BB64-E45575B3E1AC}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BD88C5A0-F817-4DA6-96B4-61A9CFF3DF0D}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{2C71052F-C944-42C8-BF05-7999AB92D2A7}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{475D5563-87E7-4A18-9D8C-1EE536E868BB}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{87EE03D1-6EE5-45BB-804A-39D3E4A8E096}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{1F1BC96C-01CD-490A-9A42-0C8142AFE140}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{42B3DDB8-3DD4-48DE-9026-46DB85D5BC8D}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{D7DE9625-3D68-4355-96A0-303073628835}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{57CC95C1-E2B6-4480-AB51-45F8065EC256}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{1448DE47-E468-4D78-91E1-453DFF265643}"= UDP:C:\Program Files\Marketmaker\CFD-FX Asia Pacific Client Live\MM5\iiDownloader.exe:Marketmaker Asia Pacific Client Live
"{4EA2F443-2C97-448F-9C15-2B0F810665A8}"= TCP:C:\Program Files\Marketmaker\CFD-FX Asia Pacific Client Live\MM5\iiDownloader.exe:Marketmaker Asia Pacific Client Live
"{8F4D10AE-7E0C-4ECD-ABBD-27DF21F04E07}"= UDP:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0
"{C8F14D73-3942-4D99-9242-809EB3D38C50}"= TCP:C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe:Kaspersky Anti-Virus 6.0
"TCP Query User{58B3AF50-0326-4599-8B8C-1CB224DB7642}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{581911EE-9FC3-4CB0-A982-052919326447}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"{09C2975D-E659-4140-82DA-A05508DECECA}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{FD319690-F5D5-4E92-A793-0D691A6C830D}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{E08DAE36-011D-40F9-8C2A-2869B652C11E}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{224E2F8F-D195-4547-AB80-75AEBAF675E3}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3F47098A-4AFB-4E63-B677-E1EB130CB391}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2691D0EB-995A-421E-A6A9-76DF75C1C81D}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{D5283A37-A06D-449E-9E23-69244C8594E8}C:\\program files\\market data ltd\\l2 dealer\\l2dealerapp.exe"= UDP:C:\program files\market data ltd\l2 dealer\l2dealerapp.exe:L2DealerApp
"UDP Query User{831E9DEF-34AB-4882-BC8C-0062FBD7C436}C:\\program files\\market data ltd\\l2 dealer\\l2dealerapp.exe"= TCP:C:\program files\market data ltd\l2 dealer\l2dealerapp.exe:L2DealerApp
"TCP Query User{95E82028-7E6E-4CE2-98BA-A0904A8DCF9C}C:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary
"UDP Query User{A2F26A06-5C0E-4406-BB7E-D3ADB84F2C0B}C:\\program files\\java\\jre1.6.0_02\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_02\bin\javaw.exe:Java Platform SE binary
"{04A07F6C-6170-454E-81C5-6CF347C1B5DD}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{B6BDCD89-B1C3-44B6-806B-630285058EB8}C:\\program files\\azureus\\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus
"UDP Query User{17413E74-1099-45FF-867D-F4E811B52890}C:\\program files\\azureus\\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus
"{2188F3FD-DF5B-4B64-902E-006B80DEDDE3}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{A0CD430A-52A3-4284-8805-6B8321D2D1C2}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{12476F13-6D5E-44B4-8FF2-129CAFA0D533}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{98ADCC6C-8ECF-4AB7-8FBA-A8E245E6C506}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{6ABFB695-4402-48B1-B33A-5B91D39016B5}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{1DB55908-648E-4B32-AD50-2D42F33FE480}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{04AEB95C-3EEA-4521-935D-4B489915533E}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{42C5A013-A5C1-4941-840D-FFB0437075B5}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{EC37E9C5-2B12-4684-87B2-BFA9A7F636B0}"= UDP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"{A97908F4-0768-4A69-9B14-C033D2B97458}"= TCP:C:\Program Files\Sony Ericsson\Sony Ericsson Media Manager 1.0\MediaManager.exe:Sony Ericsson Media Manager 1.0
"TCP Query User{63B6C68F-A21D-4B7F-B08D-89B93F0A2606}C:\\program files\\sony ericsson\\update service\\update service.exe"= UDP:C:\program files\sony ericsson\update service\update service.exe:Update Service
"UDP Query User{35BB4508-AED3-4D0C-9A84-3B8CE4431C65}C:\\program files\\sony ericsson\\update service\\update service.exe"= TCP:C:\program files\sony ericsson\update service\update service.exe:Update Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2007-01-25 19:03]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2006-11-02 19:15]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [2008-05-09 09:59]
S3 s217bus;Sony Ericsson Device 217 driver (WDM);C:\Windows\system32\DRIVERS\s217bus.sys [2007-11-02 22:52]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s217mdfl.sys [2007-11-02 22:52]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s217mdm.sys [2007-11-02 22:52]
S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s217mgmt.sys [2007-11-02 22:52]
S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS);C:\Windows\system32\DRIVERS\s217nd5.sys [2007-11-02 22:52]
S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s217obex.sys [2007-11-02 22:52]
S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM);C:\Windows\system32\DRIVERS\s217unic.sys [2007-11-02 22:52]
S3 Z;Z;C:\Users\ADMINI~1\AppData\Local\Temp\Z.exe []
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{056bbe85-949a-11dc-b190-806e6f6e6963}]
\shell\AutoRun\command - D:\AUTORUN.EXE
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-16 21:11:43
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2008-05-16 21:20:26 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-05-16 11:50:08
Pre-Run: 127,162,253,312 bytes free
Post-Run: 128,283,111,424 bytes free
222 --- E O F --- 2008-05-14 11:33:01
HIJACK THIS LOG........
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:46 PM, on 16/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {91549F7B-90F9-4BBA-8599-7515EB4D87C1} - (no file)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O8 - Extra context menu item: Add to WebSite-Watcher - C:\Program Files\WebSite-Watcher\wswie.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://www.msi.com.twO16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -
http://liveupdate.ms...ine/install.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ent/swflash.cabO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\r3hook.dll
O21 - SSODL: mpfanvqg - {90489911-67EC-46BF-85D8-6FB394A8E046} - C:\Windows\mpfanvqg.dll
O21 - SSODL: vbksrofa - {469AFC7C-3CEF-496D-A5A3-AFDB89E4D25B} - C:\Windows\vbksrofa.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: Z - Unknown owner - C:\Users\ADMINI~1\AppData\Local\Temp\Z.exe (file missing)
--
End of file - 7236 bytes