ComboFix 10-01-31.05 - BERNIE 01/02/2010 16:06:37.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.44.1033.18.1918.1387 [GMT 0:00] Running from: c:\documents and settings\BERNIE\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\EventSystem.log c:\windows\system32\drivers\1bd2bb5b.sys c:\windows\system32\drivers\a49bfc7e.sys c:\windows\system32\drivers\kbiwkmlhhlxjkd.sys c:\windows\system32\drivers\UACdjbimpiflm.sys c:\windows\system32\kbiwkmairkptxu.dll c:\windows\system32\kbiwkmmhyowvjf.dat c:\windows\system32\kbiwkmobwwktli.dat c:\windows\system32\kbiwkmtnnqakms.dll c:\windows\system32\kbiwkmuppyblrp.dat c:\windows\system32\spool\prtprocs\w32x86\00005872.tmp c:\windows\system32\Thumbs.db c:\windows\system32\UACkoibpxuiqy.dat c:\windows\system32\UAClqlsxrhchx.dll c:\windows\system32\UACxtobcvbuwq.dll c:\windows\Temp\01572F57.exe c:\windows\Temp\0184A23C.exe c:\windows\Temp\018D20A3.exe c:\windows\Temp\0221E2B2.exe c:\windows\Temp\02DE5820.exe c:\windows\Temp\03BC6DEF.exe c:\windows\Temp\03F65867.exe c:\windows\Temp\04CE55CE.exe c:\windows\Temp\05A0C8EC.exe c:\windows\Temp\05B35ABD.exe c:\windows\Temp\05EA2B15.exe c:\windows\Temp\06980C3F.exe c:\windows\Temp\07510413.exe c:\windows\Temp\086B00D3.exe c:\windows\Temp\0B09E411.exe c:\windows\Temp\0C83894B.exe c:\windows\Temp\0DF7528F.exe c:\windows\Temp\0E534036.exe c:\windows\Temp\0FC1724F.exe c:\windows\Temp\1111F55C.exe c:\windows\Temp\11749317.exe c:\windows\Temp\12CF571F.exe c:\windows\Temp\133A8FA3.exe c:\windows\Temp\166F77BD.exe c:\windows\Temp\1671D4B1.exe c:\windows\Temp\16B1FDE2.exe c:\windows\Temp\16F185FC.exe c:\windows\Temp\17226EB2.exe c:\windows\Temp\178F672C.exe c:\windows\Temp\19913CB8.exe c:\windows\Temp\1AB68BC3.exe c:\windows\Temp\1AD394CC.exe c:\windows\Temp\1B613FFA.exe c:\windows\Temp\1C293302.exe c:\windows\Temp\1C3946AB.exe c:\windows\Temp\1C3E08E9.exe c:\windows\Temp\1D16C374.exe c:\windows\Temp\1E2F5360.exe c:\windows\Temp\1EAFF0E3.exe c:\windows\Temp\1EEAC5A4.exe c:\windows\Temp\1FAAFA65.exe c:\windows\Temp\20F036DC.exe c:\windows\Temp\214C1965.exe c:\windows\Temp\238EDD26.exe c:\windows\Temp\254AC3E9.exe c:\windows\Temp\26B61295.exe c:\windows\Temp\276A8DB9.exe c:\windows\Temp\281B586A.exe c:\windows\Temp\29E864FB.exe c:\windows\Temp\2CB4DCFC.exe c:\windows\Temp\2CBB29C9.exe c:\windows\Temp\2EADC998.exe c:\windows\Temp\2ECB956B.exe c:\windows\Temp\2EDD74C2.exe c:\windows\Temp\301749D3.exe c:\windows\Temp\30F17F4E.exe c:\windows\Temp\311AC9B2.exe c:\windows\Temp\315F2134.exe c:\windows\Temp\33C7EFBF.exe c:\windows\Temp\34206371.exe c:\windows\Temp\36225E56.exe c:\windows\Temp\378AF482.exe c:\windows\Temp\3A1F30B8.exe c:\windows\Temp\3A9BB44D.exe c:\windows\Temp\3B54F9B3.exe c:\windows\Temp\3C98DE6A.exe c:\windows\Temp\3D35ED60.exe c:\windows\Temp\3D4D9700.exe c:\windows\Temp\3D5F207C.exe c:\windows\Temp\3E4368E6.exe c:\windows\Temp\4039B67C.exe c:\windows\Temp\422FEECA.exe c:\windows\Temp\4233AAD4.exe c:\windows\Temp\42AEA62A.exe c:\windows\Temp\431B7845.exe c:\windows\Temp\4399BAF8.exe c:\windows\Temp\43DCD72C.exe c:\windows\Temp\4428541A.exe c:\windows\Temp\4472D8FD.exe c:\windows\Temp\4477D48A.exe c:\windows\Temp\44EF02A8.exe c:\windows\Temp\46D60C5A.exe c:\windows\Temp\4713F330.exe c:\windows\Temp\48EC40DA.exe c:\windows\Temp\48FB828C.exe c:\windows\Temp\498C065C.exe c:\windows\Temp\49D6C4D3.exe c:\windows\Temp\4A2CB3A4.exe c:\windows\Temp\4A45F66E.exe c:\windows\Temp\4B18635D.exe c:\windows\Temp\4B9B3AF7.exe c:\windows\Temp\4BF782A5.exe c:\windows\Temp\4C837304.exe c:\windows\Temp\4CE8832A.exe c:\windows\Temp\4E4BA61E.exe c:\windows\Temp\4F65D299.exe c:\windows\Temp\4F77897B.exe c:\windows\Temp\4FABBF4F.exe c:\windows\Temp\4FE68598.exe c:\windows\Temp\5053E5DB.exe c:\windows\Temp\51061A95.exe c:\windows\Temp\52C45CD3.exe c:\windows\Temp\52E2BAD1.exe c:\windows\Temp\52F34020.exe c:\windows\Temp\54D6688E.exe c:\windows\Temp\55B720EC.exe c:\windows\Temp\56A1AFE7.exe c:\windows\Temp\56C4082B.exe c:\windows\Temp\56D22352.exe c:\windows\Temp\5844B9E8.exe c:\windows\Temp\584AC69F.exe c:\windows\Temp\58B4E178.exe c:\windows\Temp\58F07C25.exe c:\windows\Temp\5CD44D6B.exe c:\windows\Temp\5DA3E781.exe c:\windows\Temp\5DB1D21B.exe c:\windows\Temp\5E16B380.exe c:\windows\Temp\5E3E7950.exe c:\windows\Temp\5EFA1D0B.exe c:\windows\Temp\5F0D94D0.exe c:\windows\Temp\61D32FF1.exe c:\windows\Temp\61FF0C32.exe c:\windows\Temp\622CD6A3.exe c:\windows\Temp\63421009.exe c:\windows\Temp\63573499.exe c:\windows\Temp\6413DA6B.exe c:\windows\Temp\647D2D3A.exe c:\windows\Temp\64E54E50.exe c:\windows\Temp\679405BD.exe c:\windows\Temp\68A88E19.exe c:\windows\Temp\68EA4F25.exe c:\windows\Temp\6927BA86.exe c:\windows\Temp\6AC2C10F.exe c:\windows\Temp\6B06642F.exe c:\windows\Temp\6B924973.exe c:\windows\Temp\6D4CFDE5.exe c:\windows\Temp\6DACA8EB.exe c:\windows\Temp\70305914.exe c:\windows\Temp\703CA891.exe c:\windows\Temp\70D98922.exe c:\windows\Temp\7230BB57.exe c:\windows\Temp\7268F0F5.exe c:\windows\Temp\726C6A24.exe c:\windows\Temp\7298A6E1.exe c:\windows\Temp\7461F5A3.exe c:\windows\Temp\746A0D5F.exe c:\windows\Temp\74A0462C.exe c:\windows\Temp\74BA203F.exe c:\windows\Temp\74CDB011.exe c:\windows\Temp\74FDD27E.exe c:\windows\Temp\754872C3.exe c:\windows\Temp\75D53F14.exe c:\windows\Temp\76BE57EE.exe c:\windows\Temp\773BC1BE.exe c:\windows\Temp\78925518.exe c:\windows\Temp\7912A152.exe c:\windows\Temp\79625D59.exe c:\windows\Temp\7A47B789.exe c:\windows\Temp\7ACF985C.exe c:\windows\Temp\7C1CB790.exe c:\windows\Temp\7C869495.exe c:\windows\Temp\7CD9622E.exe c:\windows\Temp\7D452E79.exe c:\windows\Temp\7D609C2B.exe c:\windows\Temp\7DD07A5A.exe c:\windows\Temp\7E23B833.exe c:\windows\Temp\7E2B8FD3.exe c:\windows\Temp\7F46BF7C.exe c:\windows\Temp\7F711A31.exe c:\windows\Temp\7F748320.exe c:\windows\Temp\7FA47B83.exe c:\windows\Temp\804D703D.exe c:\windows\Temp\81F17923.exe c:\windows\Temp\828AD873.exe c:\windows\Temp\82BF34D0.exe c:\windows\Temp\82C71D6F.exe c:\windows\Temp\847C7B38.exe c:\windows\Temp\84A1F684.exe c:\windows\Temp\858C1E5A.exe c:\windows\Temp\868C4032.exe c:\windows\Temp\86D0DF7F.exe c:\windows\Temp\88C29347.exe c:\windows\Temp\8981062F.exe c:\windows\Temp\8A950B1C.exe c:\windows\Temp\8AC76245.exe c:\windows\Temp\8C06152B.exe c:\windows\Temp\8C370F33.exe c:\windows\Temp\8CB63702.exe c:\windows\Temp\8F87CF43.exe c:\windows\Temp\8FC258CD.exe c:\windows\Temp\9063BF39.exe c:\windows\Temp\90C69052.exe c:\windows\Temp\92A40FE8.exe c:\windows\Temp\9413448E.exe c:\windows\Temp\944BC08B.exe c:\windows\Temp\95E633FA.exe c:\windows\Temp\9614910D.exe c:\windows\Temp\961B1089.exe c:\windows\Temp\964E09BB.exe c:\windows\Temp\9A09ED90.exe c:\windows\Temp\9ACB1864.exe c:\windows\Temp\9C78ACED.exe c:\windows\Temp\9E58F660.exe c:\windows\Temp\9F5B88FA.exe c:\windows\Temp\9FEEBA0A.exe c:\windows\system32\DRIVERS\atapi.sys . . . is infected!! . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_kbiwkmqjvrtqob -------\Legacy_kbiwkmqjvrtqob -------\Service_UACd.sys -------\Legacy_UACd.sys -------\Service_1bd2bb5b -------\Service_a49bfc7e ((((((((((((((((((((((((( Files Created from 2010-01-01 to 2010-02-01 ))))))))))))))))))))))))))))))) . 2010-02-01 14:29 . 2010-02-01 14:29 214512 ----a-w- c:\windows\system32\drivers\dwshd.sys 2010-02-01 14:26 . 2010-02-01 14:26 -------- d-----w- c:\documents and settings\BERNIE\DoctorWeb 2010-01-14 15:11 . 2010-01-14 15:11 46684 ---ha-w- c:\windows\system32\mlfcache.dat 2010-01-13 13:41 . 2010-01-13 13:42 -------- d-----w- c:\program files\iTunes 2010-01-13 13:41 . 2010-01-13 13:42 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-01-13 13:39 . 2010-01-13 13:39 -------- d-----w- c:\program files\Bonjour 2010-01-13 13:36 . 2009-08-28 19:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2010-01-13 13:36 . 2009-08-28 19:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-02-01 16:25 . 2007-07-17 14:00 -------- d-----w- c:\documents and settings\BERNIE\Application Data\uTorrent 2010-02-01 14:41 . 2009-11-16 11:48 0 ----a-w- c:\documents and settings\BERNIE\Local Settings\Application Data\prvlcl.dat 2010-02-01 13:34 . 2009-11-03 11:39 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2010-02-01 13:32 . 2009-08-24 11:19 0 ----a-w- c:\windows\system32\drivers\25a3b05b.sys 2010-01-29 19:10 . 2009-11-19 18:23 -------- d-----w- c:\documents and settings\BERNIE\Application Data\Nitro PDF 2010-01-29 15:46 . 2009-12-07 11:25 8224 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2010-01-18 09:37 . 2010-01-27 09:13 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe 2010-01-18 09:37 . 2010-01-27 09:13 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe 2010-01-14 11:49 . 2006-06-05 11:14 -------- d--h--w- c:\documents and settings\BERNIE\Application Data\Apple Computer 2010-01-14 11:24 . 2007-08-22 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-01-14 11:07 . 2008-02-29 11:44 -------- d-----w- c:\documents and settings\BERNIE\Application Data\PC Suite 2010-01-14 11:07 . 2008-02-29 12:03 -------- d-----w- c:\documents and settings\BERNIE\Application Data\NSeries 2010-01-13 13:41 . 2006-06-05 11:13 -------- d-----w- c:\program files\iPod 2010-01-13 13:41 . 2007-08-22 09:32 -------- d-----w- c:\program files\Common Files\Apple 2010-01-13 13:39 . 2007-08-22 09:32 -------- d-----w- c:\program files\QuickTime 2010-01-13 13:31 . 2010-01-13 13:31 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe 2009-12-07 10:48 . 2009-12-07 10:48 -------- d-----w- c:\documents and settings\BERNIE\Application Data\VidaOne 2009-12-07 10:47 . 2009-12-07 10:47 370070 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_934312A2105DE40686D86A.exe 2009-12-07 10:47 . 2009-12-07 10:47 370070 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_84E6935F3B1AD16B2BF56A.exe 2009-12-07 10:47 . 2009-12-07 10:47 370070 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_11D44228873CFE17224077.exe 2009-12-07 10:47 . 2009-12-07 10:47 22382 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_6FEFF9B68218417F98F549.exe 2009-12-07 10:47 . 2009-12-07 10:47 22382 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_21F3885A18D238E15AAE81.exe 2009-12-07 10:47 . 2009-12-07 10:47 1406 ----a-r- c:\documents and settings\BERNIE\Application Data\Microsoft\Installer\{7CC4EFDB-14AE-47F1-831E-D979FA6FB137}\_D707CE1C009F1381803C2C.exe 2009-12-07 10:47 . 2009-12-07 10:47 -------- d-----w- c:\program files\VidaOne 2009-12-03 21:42 . 2009-12-03 21:42 443904 ----a-w- c:\documents and settings\BERNIE\Application Data\vpss.exe 2009-12-03 21:42 . 2009-12-03 21:42 443904 ----a-w- c:\documents and settings\BERNIE\Application Data\vpss.exe 2009-11-10 09:35 . 2009-11-03 11:39 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-10 08:27 . 2007-11-01 09:13 177024 ----a-w- c:\documents and settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\FlashGot.exe 2009-11-06 10:05 . 2006-06-05 10:22 55736 ----a-w- c:\documents and settings\BERNIE\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ------- Sigcheck ------- [-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys [-] 2004-08-03 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\drivers\atapi.sys [-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\asyncmac.sys [-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\drivers\asyncmac.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys [-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys [-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\kbdclass.sys [-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\system32\drivers\kbdclass.sys [-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ndis.sys [-] 2004-08-04 . 558635D3AF1C7546D26067D5D9B6959E . 182912 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ndis.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys [-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys [-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\browser.dll [-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\browser.dll [-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\browser.dll [-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lsass.exe [-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\lsass.exe [-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lsass.exe [-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\qmgr.dll [-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\qmgr.dll [-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\system32\dllcache\qmgr.dll [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe [-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\winlogon.exe [-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\cryptsvc.dll [-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\cryptsvc.dll [-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\cryptsvc.dll [-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\imm32.dll [-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\imm32.dll [-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\imm32.dll [-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\lpk.dll [-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\lpk.dll [-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\lpk.dll [-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\asms\70\msft\windows\mswincrt\msvcrt.dll [-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msvcrt.dll [-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\msvcrt.dll [-] 2004-08-04 . B0FEFA816D61EC66AA765DDF534EAB5E . 343040 . . [7.0.2600.2180] . . c:\windows\system32\dllcache\msvcrt.dll [-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll [-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\netlogon.dll [-] 2004-08-04 . 96353FCECBA774BB8DA74A1C6507015A . 407040 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\netlogon.dll [-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\powrprof.dll [-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\powrprof.dll [-] 2004-08-04 . 1B5F6923ABB450692E9FE0672C897AED . 17408 . . [6.00.2900.2180] . . c:\windows\system32\dllcache\powrprof.dll [-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll [-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\scecli.dll [-] 2004-08-04 . 0F78E27F563F2AAF74B91A49E2ABF19A . 180224 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\scecli.dll [-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfc.dll [-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\sfc.dll [-] 2004-08-04 . E8A12A12EA9088B4327D49EDCA3ADD3E . 5120 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfc.dll [-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\svchost.exe [-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\svchost.exe [-] 2004-08-04 . 8F078AE4ED187AAABC0A305146DE6716 . 14336 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\svchost.exe [-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe [-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\userinit.exe [-] 2004-08-04 . 39B1FFB03C2296323832ACBAE50D2AFF . 24576 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\userinit.exe [-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ws2_32.dll [-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\ws2_32.dll [-] 2004-08-04 . 2ED0B7F12A60F90092081C50FA0EC2B2 . 82944 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ws2_32.dll [-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\srsvc.dll [-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\srsvc.dll [-] 2004-08-04 . 92BDF74F12D6CBEC43C94D4B7F804838 . 170496 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\srsvc.dll [-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe [-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\wscntfy.exe [-] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\wscntfy.exe [-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll [-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\xmlprov.dll [-] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\xmlprov.dll [-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll [-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\eventlog.dll [-] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\eventlog.dll [-] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\sfcfiles.dll [-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll [-] 2004-08-04 . 30A609E00BD1D4FFC49D6B5A432BE7F2 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\sfcfiles.dll [-] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ctfmon.exe [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\ctfmon.exe [-] 2004-08-04 . 24232996A38C0B0CF151C2140AE29FC8 . 15360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ctfmon.exe [-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\regsvc.dll [-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\regsvc.dll [-] 2004-08-04 . 3151427DB7D87107D1C5BE58FAC53960 . 59904 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\regsvc.dll [-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\schedsvc.dll [-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\schedsvc.dll [-] 2004-08-04 . 92360854316611F6CC471612213C3D92 . 190976 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\schedsvc.dll [-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ssdpsrv.dll [-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\ssdpsrv.dll [-] 2004-08-04 . 4B8D61792F7175BED48859CC18CE4E38 . 71680 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ssdpsrv.dll [-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\termsrv.dll [-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\termsrv.dll [-] 2004-08-04 . B60C877D16D9C880B952FDA04ADF16E6 . 295424 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\termsrv.dll [-] 2004-08-04 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys [-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\ip6fw.sys [-] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\system32\drivers\ip6fw.sys [-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\msgsvc.dll [-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\msgsvc.dll [-] 2004-08-04 . 95FD808E4AC22ABA025A7B3EAC0375D2 . 33792 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\msgsvc.dll [-] 2008-04-14 00:12 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ntmssvc.dll [-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\ntmssvc.dll [-] 2004-08-04 12:00 . B62F29C00AC55A761B2E45877D85EA0F . 435200 . . [5.1.2400.2180] . . c:\windows\system32\dllcache\ntmssvc.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2009-11-19 289584] "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "FFTI"="c:\documents and settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe" [2007-03-30 2526784] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-03-02 185784] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784] "SoundMan"="SOUNDMAN.EXE" [2006-05-04 577536] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432] "Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-6-28 25214] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-11-03 11:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2004-12-14 01:12 483328 ----a-w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nerofiltercheck] 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nslauncher] 2007-09-07 14:44 3100672 ----a-w- c:\program files\Nokia\Nokia Software Launcher\NSLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-11-10 23:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2007-03-30 12:34 25263144 ----a-w- c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh] 2008-02-22 21:42 3537968 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2006-10-18 20:05 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] 2007-03-14 16:03 24104 ----a-w- c:\program files\Zune\ZuneLauncher.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\ftp.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"= "c:\\Documents and Settings\\BERNIE\\Application Data\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Hewlett-Packard\\hp designjet system maintenance\\hp_dj_sme.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\BitComet\\BitComet.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "11632:TCP"= 11632:TCP:BitComet 11632 TCP "11632:UDP"= 11632:UDP:BitComet 11632 UDP "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [11/05/2006 16:05 102528] R0 si3112r;ATI-4379 Serial ATA Controller;c:\windows\system32\drivers\si3112r.sys [11/05/2006 10:58 97920] R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [11/05/2006 10:58 10240] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [16/01/2009 10:46 333192] R1 avgtdix;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/11/2009 11:39 360584] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [03/11/2009 11:39 285392] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [06/11/2009 10:02 54752] R2 nitrodriverreadspool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [15/09/2009 10:20 188736] S1 25a3b05b;25a3b05b;c:\windows\system32\drivers\25a3b05b.sys [24/08/2009 11:19 0] S2 ijst;ijst;c:\windows\system32\drivers\oqmsd.sys --> c:\windows\system32\drivers\oqmsd.sys [?] S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 22:48 704864] . Contents of the 'Scheduled Tasks' folder 2010-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://publicaccess.testvalley.gov.uk/publicaccess/tdc/DcApplication/application_searchform.aspx uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 TCP: {8A1BEAEF-2246-418E-8E91-3A476365F5D0} = 93.188.165.108,93.188.166.30 DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} - hxxps://www.promapserver.co.uk/controls/latest/promap.cab FF - ProfilePath - c:\documents and settings\BERNIE\Application Data\Mozilla\Firefox\Profiles\a8bb4h51.default\ FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.zurich.co.uk/buildingguarantee/index.html FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKLM-Run-AVG7_CC - c:\progra~1\Grisoft\AVG7\avgcc.exe SafeBoot-AVG Anti-Spyware Driver SafeBoot-AVG Anti-Spyware Guard MSConfigStartUp-11701094 - c:\documents and settings\All Users\Application Data\11701094\11701094.exe MSConfigStartUp-ares - c:\program files\Ares\Ares.exe MSConfigStartUp-Monopod - c:\docume~1\BERNIE\LOCALS~1\Temp\b.exe MSConfigStartUp-promoreg - c:\windows\Temp\_ex-08.exe MSConfigStartUp-SWF Live Preview - c:\program files\Eltima Software\SWF Live Preview\swf_lp.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-02-01 16:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net device: opened successfully user: MBR read successfully called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll si3112r.sys >>UNKNOWN [0x89AF78C8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf764bfc3 \Driver\ACPI -> ACPI.sys @ 0xf75aecb8 \Driver\atapi -> atapi.sys @ 0xf74c67b4 \Driver\iaStor -> iaStor.sys @ 0xf7b1dade IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2 ParseProcedure -> ntoskrnl.exe @ 0x8057c745 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x8059e1a2 ParseProcedure -> ntoskrnl.exe @ 0x8057c745 NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xbaf32bc3 PacketIndicateHandler -> NDIS.sys @ 0xbaf3eb21 SendHandler -> NDIS.sys @ 0xbaf32d33 user & kernel MBR OK ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(432) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3580) c:\program files\Windows Media Player\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\windows\system32\ASTSRV.EXE c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\SOUNDMAN.EXE c:\program files\Microsoft ActiveSync\wcescomm.exe c:\progra~1\MICROS~4\rapimgr.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************** . Completion time: 2010-02-01 16:30:24 - machine was rebooted ComboFix-quarantined-files.txt 2010-02-01 16:30 Pre-Run: 5,981,757,440 bytes free Post-Run: 8,110,989,312 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - F01F1208E4D09C4122AF2657D738BD63