ComboFix 09-09-18.02 - User 22/09/2009 23:20.2.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.1013.283 [GMT 1:00]
Running from: c:\users\User\Desktop\ComboFix.exe
Command switches used :: c:\users\User\Desktop\CFScript.txt
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Spyware *disabled* (Outdated) {48F2E28D-ED66-4646-9C11-B3055B0AF604}
SP: AVG Anti-Virus *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2009-08-22 to 2009-09-22 )))))))))))))))))))))))))))))))
.
2009-09-22 22:28 . 2009-09-22 22:28 -------- d-----w- c:\users\User\AppData\Local\temp
2009-09-22 22:28 . 2009-09-22 22:28 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2009-09-22 22:28 . 2009-09-22 22:28 -------- d-----w- c:\users\Public\AppData\Local\temp
2009-09-22 22:28 . 2009-09-22 22:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-09-19 11:52 . 2009-09-19 11:52 -------- d-----w- c:\programdata\23D1
2009-09-18 18:08 . 2009-09-18 18:09 -------- d-----w- C:\rsit
2009-09-18 14:01 . 2009-09-18 14:01 -------- d-----w- c:\users\User\AppData\Roaming\Malwarebytes
2009-09-18 14:01 . 2009-09-22 21:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-18 14:01 . 2009-09-18 14:01 -------- d-----w- c:\programdata\Malwarebytes
2009-09-18 12:35 . 2009-09-18 12:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-12 14:21 . 2009-09-12 14:21 -------- d-----w- c:\users\User\AppData\Roaming\Sony Corporation
2009-09-12 13:48 . 2006-10-30 12:46 6097 ----a-w- c:\windows\system32\drivers\sonyhcb.sys
2009-09-12 13:48 . 2006-10-30 12:46 53248 ----a-w- c:\windows\system32\SONYHCY.DLL
2009-09-12 13:48 . 2006-10-30 12:46 38739 ----a-w- c:\windows\system32\drivers\sonyhcc.sys
2009-09-12 13:48 . 2006-10-30 12:46 299923 ----a-w- c:\windows\system32\drivers\sonyhcs.sys
2009-09-12 13:48 . 2006-10-30 12:46 102220 ----a-w- c:\windows\system32\drivers\sonypvs1.sys
2009-09-12 13:48 . 2009-09-12 13:48 -------- d-----w- C:\Drivers
2009-09-12 13:47 . 2006-11-02 15:57 36624 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2009-09-12 13:47 . 2006-11-02 15:57 118520 ----a-w- c:\windows\system32\PxInsI64.exe
2009-09-12 13:47 . 2006-08-28 20:48 2560 ----a-w- c:\windows\system32\drivers\cdralw2k.sys
2009-09-12 13:47 . 2006-08-28 20:48 2432 ----a-w- c:\windows\system32\drivers\cdr4_xp.sys
2009-09-12 13:47 . 2006-08-28 20:48 2432 ----a-w- c:\windows\system32\drivers\cdr4_2k.sys
2009-09-12 13:47 . 2006-10-18 18:43 115960 ----a-w- c:\windows\system32\PxCpyI64.exe
2009-09-12 13:42 . 2009-09-12 13:42 -------- d-----w- c:\program files\Sony
2009-09-10 23:27 . 2009-09-11 00:09 -------- d-----w- c:\users\User\.SunDownloadManager
2009-09-09 23:03 . 2009-09-09 23:03 -------- d-----w- c:\program files\Trend Micro
2009-09-09 16:23 . 2009-08-14 17:07 897608 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-09-09 16:23 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2009-09-09 16:23 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-09-09 16:23 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-09-09 16:23 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-09-09 16:23 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-09-09 16:23 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-09-09 16:23 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-09-09 16:23 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2009-09-09 16:23 . 2009-08-14 16:29 17920 ----a-w- c:\windows\system32\netevent.dll
2009-09-09 16:20 . 2009-07-11 19:32 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2009-09-09 16:20 . 2009-07-11 19:29 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2009-09-09 16:20 . 2009-07-11 19:32 302592 ----a-w- c:\windows\system32\wlansec.dll
2009-09-09 16:20 . 2009-07-11 19:32 513024 ----a-w- c:\windows\system32\wlansvc.dll
2009-09-09 16:19 . 2009-06-10 12:11 2868224 ----a-w- c:\windows\system32\mf.dll
2009-09-02 21:42 . 2009-08-28 12:39 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-09-02 21:42 . 2009-08-28 10:15 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 14:12 . 2009-08-29 14:12 -------- d-----w- c:\users\User\AppData\Local\TVU Networks
2009-08-29 14:12 . 2009-08-29 14:12 -------- d-----w- c:\programdata\TVU Networks
2009-08-29 14:12 . 2009-08-29 14:12 -------- d-----w- c:\program files\TVUPlayer
2009-08-28 16:10 . 2009-08-28 16:10 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-26 13:14 . 2009-06-22 10:22 2048 ----a-w- c:\windows\system32\tzres.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-22 21:59 . 2009-06-10 17:55 -------- d-----w- c:\programdata\avg8
2009-09-22 21:51 . 2007-09-24 12:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-09-22 12:18 . 2009-06-02 23:29 3308 ----a-w- c:\windows\bthservsdp.dat
2009-09-22 12:06 . 2009-03-25 22:07 -------- d-----w- c:\programdata\Google Updater
2009-09-20 01:24 . 2008-02-15 22:05 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-09-18 19:25 . 2007-11-04 12:17 -------- d-----w- c:\users\User\AppData\Roaming\uTorrent
2009-09-12 13:51 . 2008-01-15 14:36 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-10 12:32 . 2008-02-15 22:06 -------- d-----w- c:\programdata\Yahoo! Companion
2009-09-10 11:15 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-09-08 16:37 . 2009-05-25 10:40 -------- d-----w- c:\programdata\DVD Shrink
2009-09-08 16:35 . 2007-12-16 11:37 -------- d-----w- c:\users\User\AppData\Roaming\Vso
2009-08-19 19:05 . 2009-08-19 19:04 -------- d-----w- c:\program files\TVAnts
2009-08-19 15:23 . 2009-08-19 15:23 -------- d-----w- c:\program files\KLC
2009-08-18 17:05 . 2009-08-18 16:59 -------- d-----w- c:\users\User\AppData\Roaming\ImgBurn
2009-08-18 16:54 . 2009-08-18 16:54 -------- d-----w- c:\program files\ImgBurn
2009-08-14 12:37 . 2009-06-10 17:55 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-14 12:37 . 2009-06-10 17:55 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-14 12:37 . 2009-06-10 17:55 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-28 12:43 . 2009-07-27 19:05 -------- d-----w- c:\programdata\Driving Test Success
2009-07-27 19:05 . 2009-07-27 19:05 -------- d-----w- c:\program files\Driving Test Success 2006-2007
2009-07-25 16:33 . 2009-07-25 16:33 -------- d-----w- c:\program files\DVD Decrypter
2009-07-18 16:06 . 2009-07-29 21:26 827904 ----a-w- c:\windows\system32\wininet.dll
2009-07-18 16:01 . 2009-07-29 21:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-07-18 09:46 . 2009-07-29 21:26 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-17 14:35 . 2009-08-14 12:58 71680 ----a-w- c:\windows\system32\atl.dll
2009-07-14 13:00 . 2009-08-14 12:57 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-14 12:59 . 2009-08-14 12:57 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-14 12:58 . 2009-08-14 12:57 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-14 10:59 . 2009-08-14 12:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\23D1 ----
2009-09-19 11:52 . 2009-07-07 14:19 2329 ----a-w- c:\programdata\23D1\{B08BDCB2-5017-4C09-905C-C5ECECF75103}.swf
---- Directory of c:\programdata\532F ----
((((((((((((((((((((((((((((( SnapShot@2009-09-19_12.37.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-09-24 15:29 . 2009-09-22 21:43 56924 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2009-09-22 21:43 78216 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-09-24 12:49 . 2009-09-22 21:43 15422 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2556230271-85685182-2986242697-1000_UserData.bin
- 2006-11-02 13:02 . 2009-09-19 12:13 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2009-09-22 21:45 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2009-09-19 12:13 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-09-22 21:45 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2009-09-22 21:45 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2009-09-19 12:13 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-09-19 12:35 . 2009-09-19 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-09-22 21:41 . 2009-09-22 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-09-19 12:35 . 2009-09-19 12:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-09-22 21:41 . 2009-09-22 21:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2009-09-19 19:48 608706 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-09-14 22:51 608706 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-09-19 19:48 109542 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-09-14 22:51 109542 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-02 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-20 148888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-10-29 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-10-29 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-10-29 133656]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-17 2022680]
c:\users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-9-12 344064]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{012EF020-255B-44F2-8E33-F7C236857C4A}c:\\users\\user\\appdata\\local\\temp\\cry800.tmp\\install.exe"= UDP:c:\users\user\appdata\local\temp\cry800.tmp\install.exe:install.exe
"UDP Query User{D7CE9476-2296-43C1-8206-9D9CCAA882FF}c:\\users\\user\\appdata\\local\\temp\\cry800.tmp\\install.exe"= TCP:c:\users\user\appdata\local\temp\cry800.tmp\install.exe:install.exe
"TCP Query User{83DA906D-59CF-43FB-8ED1-D84476250BFD}c:\\program files\\william hill poker\\ua.exe"= UDP:c:\program files\william hill poker\ua.exe:UA Application
"UDP Query User{7FD13365-BB45-43F9-81CB-013B981E9C98}c:\\program files\\william hill poker\\ua.exe"= TCP:c:\program files\william hill poker\ua.exe:UA Application
"TCP Query User{EC39B7C4-597E-41A5-BA17-C7A94678EEA0}c:\\program files\\tvants\\tvants.exe"= UDP:c:\program files\tvants\tvants.exe:TVAnts
"UDP Query User{CDEF6486-0AEA-4CD2-B3D3-B7FE03050800}c:\\program files\\tvants\\tvants.exe"= TCP:c:\program files\tvants\tvants.exe:TVAnts
"TCP Query User{34AAE61B-0CEB-4E8B-A313-121A96210DC4}c:\\program files\\william hill poker\\ua.exe"= UDP:c:\program files\william hill poker\ua.exe:UA Application
"UDP Query User{1E811BF8-3786-4141-81EC-075886A82B9B}c:\\program files\\william hill poker\\ua.exe"= TCP:c:\program files\william hill poker\ua.exe:UA Application
"{E89967B3-5ED3-45CB-802C-B1C77E417BC1}"= Disabled:UDP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"{0B859C1B-88FE-45DE-B80F-415D2128176A}"= Disabled:TCP:c:\program files\Sports Interactive\Football Manager 2008\fm.exe:Football Manager 2008
"TCP Query User{7041346C-5461-4D14-B6D6-FC7947D2F31A}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{20580FE6-6571-431B-94BA-1D8DF1D808CA}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{7C6FE02A-D346-4A97-A601-96501B65573A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E6DEF23E-BA42-4334-9003-B5C87EB82F20}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{7FBE0A73-CC67-49DA-9829-A64C5A229F40}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{00E5DFDA-1D3E-4E1B-9C3C-72246BD6FE19}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{FBE54612-A155-4ED5-8753-7184E5EB45E2}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{94341170-8A0B-47E6-8A9F-5DE623E288BB}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{59F91452-3DED-4D86-A2A9-9C34084D5426}c:\\windows\\system32\\rsezmk.exe"= UDP:c:\windows\system32\rsezmk.exe:rsezmk
"UDP Query User{432C9CC9-CBA4-4FB8-B20C-047A7415E3C3}c:\\windows\\system32\\rsezmk.exe"= TCP:c:\windows\system32\rsezmk.exe:rsezmk
"{E471893F-2CD1-4F9E-8691-0276744EA04B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{AA1A4689-684E-40FA-A0F4-6B55CD6E3B9E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{06C73D32-9DE8-497C-ADB2-786292A7CD0C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{06EA8901-9D67-49E4-B20D-5205E2638FB3}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{95068D88-C2E6-421C-9855-506D4389EA62}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{742B496E-65E1-48C9-8142-94D9528052CA}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{E007E5C1-8FB2-4379-8AFB-6D2ABA613CA9}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{91515220-D4A3-4984-93D3-35FC7D95CF58}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{F6E0A41F-42A0-4EF7-8BD9-1C090BF81945}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{B99D60D0-D6BC-42A2-8C64-055CF3B6FFF1}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{D3F6570E-E718-409D-AE30-D32AB803319E}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{862FD8CA-9431-48B2-BC43-01DE6890011F}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{197BF7A8-E8FB-4797-875C-4AFD07F7D3EB}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{1645673B-1CE4-4557-9380-669252860C5D}c:\\program files\\spotify\\spotify.exe"= UDP:c:\program files\spotify\spotify.exe:Spotify
"UDP Query User{9F8F7FA4-C473-4BBD-9459-C413B2F21CE6}c:\\program files\\spotify\\spotify.exe"= TCP:c:\program files\spotify\spotify.exe:Spotify
"TCP Query User{7E662504-E605-45C4-A235-4CA3C1282A7E}c:\\program files\\sopcast\\adv\\sopadver.exe"= UDP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"UDP Query User{0FE02598-F776-4BC6-95D1-F96BEEA28A2F}c:\\program files\\sopcast\\adv\\sopadver.exe"= TCP:c:\program files\sopcast\adv\sopadver.exe:SopCast Adver
"TCP Query User{C4951CB8-902E-4928-BDE2-1C942C51BFB7}c:\\program files\\sopcast\\sopcast.exe"= UDP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{7360A712-0467-451B-8997-49059E776F0D}c:\\program files\\sopcast\\sopcast.exe"= TCP:c:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{1539EED6-B2F5-4E38-97EF-7E030041A9BA}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{398D87C3-9BEB-4CE1-8F47-4CB46922A9BC}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"{21D81B62-1FA0-4B53-A48A-F22D66A4CA74}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{00644132-EB98-405E-A653-E1267508DCF0}"= Disabled:UDP:c:\users\User\Desktop\fm.exe:Football Manager 2008
"{4EC35746-1028-4FF8-83D1-A5E05E6BE7AD}"= Disabled:TCP:c:\users\User\Desktop\fm.exe:Football Manager 2008
"{0828C2C2-7F10-4319-9C08-D4A2BE5E46B3}"= Disabled:UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{FE658A9D-7A31-40BB-9B87-09046AD0CABD}"= Disabled:TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{BB125485-24C3-46FC-AA38-E2D0A97896A2}"= Disabled:c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{6F414882-F2FC-4C70-B0B7-EF53E2B25C46}"= Disabled:c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{5E829439-5FA3-48EE-B0E5-52B6D6E4BB2F}"= Disabled:c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{CD903931-2A4B-4A99-B232-8550589EF3D0}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{258A4B77-A6B8-4224-B0EB-4C54A8D6C7FF}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"TCP Query User{5245D0F1-FC93-4824-A59B-261B485618E2}c:\\program files\\tvuplayer\\tvuplayer.exe"= UDP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"UDP Query User{663CED64-0635-4691-9114-7F7F83F5987D}c:\\program files\\tvuplayer\\tvuplayer.exe"= TCP:c:\program files\tvuplayer\tvuplayer.exe:TVUPlayer Component
"TCP Query User{185F2579-F7F3-44B1-BCDB-E8E5D129908B}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= Disabled:UDP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{B104C8A3-075D-41F9-A497-3120C45F26EF}c:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= Disabled:TCP:c:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [10/06/2009 18:55 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [10/06/2009 18:55 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [10/06/2009 18:55 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [10/06/2009 20:37 297752]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [18/09/2009 13:35 1153368]
S3 bthav;Bluetooth AV Profile;c:\windows\System32\drivers\bthav.sys [10/07/2008 15:43 34816]
S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\System32\drivers\BthAvrcp.sys [10/07/2008 15:43 15872]
S3 Flash1;Flash1;c:\program files\SP39371\winphlash\FLASH1.sys [01/03/2006 17:54 3456]
S3 s3017bus;Sony Ericsson Device 3017 driver (WDM);c:\windows\System32\drivers\s3017bus.sys [28/06/2008 11:12 83880]
S3 s3017mdfl;Sony Ericsson Device 3017 USB WMC Modem Filter;c:\windows\System32\drivers\s3017mdfl.sys [28/06/2008 11:12 15016]
S3 s3017mdm;Sony Ericsson Device 3017 USB WMC Modem Driver;c:\windows\System32\drivers\s3017mdm.sys [28/06/2008 11:12 110632]
S3 s3017mgmt;Sony Ericsson Device 3017 USB WMC Device Management Drivers (WDM);c:\windows\System32\drivers\s3017mgmt.sys [28/06/2008 11:12 104616]
S3 s3017nd5;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (NDIS);c:\windows\System32\drivers\s3017nd5.sys [28/06/2008 11:12 25512]
S3 s3017obex;Sony Ericsson Device 3017 USB WMC OBEX Interface;c:\windows\System32\drivers\s3017obex.sys [28/06/2008 11:12 100648]
S3 s3017unic;Sony Ericsson Device 3017 USB Ethernet Emulation SEMC3017 (WDM);c:\windows\System32\drivers\s3017unic.sys [28/06/2008 11:12 110120]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
rsmsvcs REG_MULTI_SZ ntmssvc
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
2009-09-22 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-09-28 22:06]
2009-09-22 c:\windows\Tasks\User_Feed_Synchronization-{8349D560-D684-456B-B276-DD56D090348D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-02 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/mStart Page =
hxxp://uk.yahoo.comuInternet Settings,ProxyOverride = local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} -
hxxp://activex.camfrogweb.com/advanced/ ... module.exeDPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} -
hxxp://tools.ebayimg.com/eps/wl/activex ... 0-27-0.cabFF - ProfilePath - c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g55tcjn2.default\
FF - prefs.js: browser.search.selectedEngine - BearShare Web Search
FF - prefs.js: browser.startup.homepage -
www.google.comFF - prefs.js: keyword.URL -
hxxp://search.bearshare.com/webResults.html?src=ffb&q=FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\g55tcjn2.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-22 23:28
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2556230271-85685182-2986242697-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C115AF44-6E90-1295-68F7-04E621200DE6}*]
"bbpakpmpckmggkpnjclblchnbpempejppoeh"=hex:61,62,63,6e,6b,6f,6a,62,64,6c,66,6e,
63,67,62,6e,6a,6e,6f,69,67,63,66,63,65,64,70,63,6e,6b,65,65,6a,69,00,6a
"abpakpmpckmggkpnjceaocimokbagphdpa"=hex:65,62,70,61,64,6b,65,64,70,64,70,67,
70,6b,6e,61,66,61,67,64,61,70,63,6e,6d,66,6d,67,62,65,6f,6d,62,63,69,6a,6b,\
[HKEY_USERS\S-1-5-21-2556230271-85685182-2986242697-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:7e,a2,e9,25,84,93,b2,38,02,ab,76,df,58,e8,8b,e9,cd,be,65,c2,46,0e,9d,
dc,2f,28,71,5e,ab,5f,cf,0c,84,28,7d,ff,c9,39,0b,f3,fb,63,b1,c6,e4,fd,f9,6a,\
"??"=hex:78,09,28,45,b1,92,33,70,86,4e,8b,08,23,8d,cd,82
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:00000000
.
Completion time: 2009-09-22 23:31
ComboFix-quarantined-files.txt 2009-09-22 22:31
ComboFix2.txt 2009-09-19 12:45
Pre-Run: 78,679,015,424 bytes free
Post-Run: 78,663,655,424 bytes free
317 --- E O F --- 2009-09-22 10:04
by deemon » September 19th, 2009, 9:52 am 
