Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

COMBO LOG FILE


  • This topic is locked This topic is locked
1 reply to this topic

#1 pauljoshbrennan

pauljoshbrennan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:56 PM

Posted 09 June 2009 - 09:13 AM

ComboFix 09-06-08.03 - Paul Josh Brennan 09/06/2009 14:50.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2038.1080 [GMT 1:00]
Running from: c:\users\Paul Josh Brennan\Documents\Downloads\ComboFix.exe
SP: Antispyware *enabled* (Updated) {36FC0D17-5F40-430B-9157-5E361AD9998B}
SP: Windows Defender *disabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Antispyware
c:\program files\Antispyware\Antispyware.exe
c:\program files\Antispyware\Antispyware.url
c:\program files\Antispyware\DataBase.ref
c:\program files\Antispyware\vistaCPtasks.xml
c:\users\Paul Josh Brennan\AppData\Roaming\inst.exe
c:\windows\system32\drivers\gaopdxxitubctjkxxeiymbnmxmitvscfqdrsed.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxvvfbvdrwpyiqvqqtnxeudipeevxpwvwe.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-09 to 2009-06-09 )))))))))))))))))))))))))))))))
.

2009-06-09 13:57 . 2009-06-09 13:58 -------- d-----w- c:\users\Paul Josh Brennan\AppData\Local\temp
2009-06-09 13:57 . 2009-06-09 13:57 -------- d-----w- C:\temp
2009-06-09 13:57 . 2009-06-09 13:57 -------- d-----w- \temp
2009-06-08 22:51 . 2009-06-08 22:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-08 22:51 . 2009-06-08 22:51 -------- d-----w- c:\programdata\Malwarebytes
2009-06-03 21:17 . 2009-06-03 21:17 -------- d-----w- c:\program files\iPod
2009-06-03 21:17 . 2009-06-03 21:17 -------- d-----w- c:\program files\iTunes
2009-06-03 21:14 . 2009-06-03 21:15 -------- d-----w- c:\program files\QuickTime
2009-06-03 21:09 . 2009-06-03 21:21 -------- d-sh--w- \Config.Msi
2009-06-03 21:06 . 2009-06-03 21:06 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-02 19:03 . 2009-06-02 19:03 390664 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Real\RealPlayer\Update\RealPlayer11.exe
2009-06-02 19:03 . 2009-06-02 19:03 390664 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Real\Update\temp\~Upg3\RealPlayer11.exe
2009-05-29 12:36 . 2009-05-29 12:36 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-05-29 12:36 . 2009-05-29 12:36 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-05-23 17:20 . 2009-06-08 23:08 -------- d-----w- c:\users\Paul Josh Brennan\AppData\Roaming\Antispyware
2009-05-22 18:32 . 2009-05-22 18:32 390664 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Real\Update\temp\~Upg2\RealPlayer11.exe
2009-05-13 14:02 . 2009-05-13 14:02 390664 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Real\Update\temp\~Upg1\RealPlayer11.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-09 13:48 . 2007-09-20 16:38 2451238912 --sha-w- \pagefile.sys
2009-06-09 13:46 . 2008-08-31 20:51 -------- d-----w- c:\users\Paul Josh Brennan\AppData\Roaming\DNA
2009-06-08 22:44 . 2008-12-26 21:28 -------- d-----w- c:\users\Paul Josh Brennan\AppData\Roaming\Azureus
2009-06-08 19:11 . 2009-03-25 20:27 -------- d-----w- c:\programdata\McAfee
2009-06-08 18:44 . 2008-08-28 10:46 -------- d-----w- c:\programdata\Google Updater
2009-06-06 10:52 . 2008-11-20 14:03 5648 ----a-w- c:\users\Paul Josh Brennan\AppData\Local\d3d9caps.dat
2009-06-03 21:21 . 2009-04-02 13:50 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-03 21:17 . 2008-08-28 15:33 -------- d-----w- c:\program files\Common Files\Apple
2009-06-03 21:10 . 2008-08-28 15:33 -------- d-----w- c:\programdata\Apple
2009-06-03 21:03 . 2008-08-28 10:51 -------- d-----w- c:\program files\DivX
2009-05-29 16:46 . 2008-09-07 17:01 2662 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\wklnhst.dat
2009-05-25 09:23 . 2009-04-12 19:24 -------- d-----w- c:\programdata\Birdstep Technology
2009-05-25 09:23 . 2007-07-07 20:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-24 13:34 . 2009-05-09 10:53 -------- d-----w- c:\users\Paul Josh Brennan\AppData\Roaming\Spotify
2009-05-24 10:07 . 2009-05-09 10:27 -------- d-----w- c:\program files\Palringo
2009-05-21 13:42 . 2008-09-02 02:59 -------- d-----w- c:\program files\Safari
2009-05-09 10:53 . 2009-05-09 10:53 -------- d-----w- c:\program files\Spotify
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-05-01 11:19 . 2009-05-01 11:18 390664 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Real\Update\temp\~Upg0\RealPlayer11.exe
2009-04-26 11:29 . 2009-03-29 11:50 -------- d-----w- c:\users\Paul Josh Brennan\AppData\Roaming\NCH Software
2009-04-19 17:23 . 2009-04-19 17:23 -------- d-----w- c:\program files\Common Files\xing shared
2009-04-19 17:22 . 2009-04-19 15:49 -------- d-----w- c:\program files\Common Files\Real
2009-04-19 15:49 . 2009-04-19 15:49 -------- d-----w- c:\program files\Real
2009-04-15 21:48 . 2009-04-15 21:48 -------- d-----w- c:\users\Paul Josh Brennan\AppData\Roaming\TweetDeckFast.F9107117265DB7542C1A806C8DB837742CE14C21.1
2009-04-15 21:47 . 2009-04-15 21:47 -------- d-----w- c:\program files\TweetDeck
2009-04-15 21:47 . 2009-04-15 21:47 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-04-15 21:47 . 2009-04-15 21:47 38208 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-04-14 18:03 . 2009-04-14 18:03 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-13 19:44 . 2009-04-13 19:44 4141117 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Azureus\plugins\vuzexcode\mediainfo.exe
2009-04-13 19:44 . 2009-04-13 19:44 6516755 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Azureus\plugins\vuzexcode\ffmpeg.exe
2009-04-13 19:42 . 2009-04-13 19:42 15884 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Azureus\plugins\azitunes\libProcessAccess.dll
2009-04-13 19:42 . 2009-04-13 19:42 102400 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Azureus\plugins\azitunes\jacob-1.14.3-x86.dll
2009-04-12 23:44 . 2009-02-20 14:49 -------- d-----w- c:\program files\AC3Filter
2009-04-12 20:20 . 2008-12-27 20:32 187 ----a-w- c:\users\Paul Josh Brennan\AppData\Roaming\Azureus\restart.bat
2009-04-12 20:15 . 2008-12-26 21:26 -------- d-----w- c:\program files\Vuze
2009-04-12 19:19 . 2009-04-12 19:19 -------- d-----w- c:\program files\Huawei Modems
2009-04-12 19:19 . 2009-04-12 19:19 76118 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2009-04-04 10:25 . 2009-04-04 10:25 10520 ----a-w- c:\windows\system32\avgrsstx.dll
2009-04-04 10:25 . 2009-04-04 10:25 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-04-04 10:25 . 2009-04-04 10:25 325640 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-04-04 10:25 . 2009-04-04 10:25 27656 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-03-29 13:53 . 2007-08-30 10:10 101784 ----a-w- c:\users\Paul Josh Brennan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-03-19 15:32 . 2009-04-14 18:03 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 15:32 . 2009-03-19 15:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-01-19 07:33 . 2008-09-02 00:26 397312 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6001.18000_none_f1582d884fb532fb\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-08-28 39408]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"BitTorrent DNA"="c:\users\Paul Josh Brennan\Program Files\DNA\btdna.exe" [2008-12-16 342848]
"Google Update"="c:\users\Paul Josh Brennan\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-11-17 133104]
"Palringo"="c:\program files\Palringo\palringo.exe" [2009-05-23 884736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-06-26 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-26 8433664]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-06-26 81920]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-06-11 1286144]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-28 142104]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-28 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-28 138008]
"PLFSet"="c:\windows\PLFSet.dll" [2007-04-24 45056]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2007-07-31 707080]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-05-09 865840]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-06 57344]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-13 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-04 1932568]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-04-19 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-05-30 292136]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-05-10 4468736]
"Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-05-07 1826816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

c:\users\Paul Josh Brennan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-8 101440]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-8-28 1208320]
Belkin Wireless USB Utility.lnk - c:\program files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 1404928]
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-7 535336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\eNetHook.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{97C21B83-64C8-4FC5-AE21-61B86009BC43}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{693BE6B0-ADDA-4A17-9468-2D61574DD887}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{7F383782-4D44-4ACF-A874-50AB20822B32}"= c:\program files\Acer\Acer VCM\VC.exe:Acer VCM
"{E11896AA-616A-48A6-BA9A-B0A0F570F20E}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{8CD9B646-08A6-498E-A06A-437381AFCBD8}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"{8BC52955-56B4-4A8F-8CBE-2193688DDF79}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2E0B7D55-22F6-4B70-97B5-2B3CB653F5D2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{17DADBEC-2597-49CC-871E-6A709974D9B2}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{965CDC26-C2C8-43C6-A13D-1AA97A8456CC}"= c:\program files\CyberLink\PowerCinema\PowerCinema.exe:CyberLink PowerCinema
"{8473557D-C80A-46FF-956A-86EAEAFE0148}"= c:\program files\CyberLink\PowerCinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{42B47F25-70B1-4B28-BD1B-759076C18AB7}"= c:\program files\CyberLink\PowerCinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{EA5C82CC-B4D0-4841-A27E-035447F01D08}"= c:\program files\CyberLink\PowerCinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{4C6CFDB1-5F64-47CD-9E25-957BD41B1866}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{8B7D4D2C-D3D5-467A-9A53-3A3A591888FF}c:\\users\\paul josh brennan\\program files\\dna\\btdna.exe"= UDP:c:\users\paul josh brennan\program files\dna\btdna.exe:btdna.exe
"UDP Query User{1EEDC56A-2A44-4BF5-A346-33771F06A4C5}c:\\users\\paul josh brennan\\program files\\dna\\btdna.exe"= TCP:c:\users\paul josh brennan\program files\dna\btdna.exe:btdna.exe
"TCP Query User{D0F4FFAC-D762-45B1-AEF6-E20E7E5FBA94}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{57DE743E-EAE0-4DC7-8F79-9C63CA8382B3}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{E4538536-DEED-47BA-A633-F51570C26EF8}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{58886552-AA4B-4ED9-B62F-7A9186200B9C}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{698CA19C-6366-4F7C-8D62-60A5A9B07907}c:\\users\\paul josh brennan\\appdata\\local\\google\\chrome\\application\\chrome.exe"= UDP:c:\users\paul josh brennan\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"UDP Query User{55FC5BCC-202F-41C3-8CC0-E61B94EAABBF}c:\\users\\paul josh brennan\\appdata\\local\\google\\chrome\\application\\chrome.exe"= TCP:c:\users\paul josh brennan\appdata\local\google\chrome\application\chrome.exe:chrome.exe
"{ADB6B7FD-ED16-4F6E-8904-09AD667D3A15}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{C2C0DC91-B55E-4385-AE62-239CDE91F408}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{57AEE06A-661D-4C4D-80E3-39B4FE0279DC}c:\\program files\\quicktime\\quicktimeplayer.exe"= UDP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"UDP Query User{0D668486-B553-4783-AED2-77173D58927C}c:\\program files\\quicktime\\quicktimeplayer.exe"= TCP:c:\program files\quicktime\quicktimeplayer.exe:QuickTime Player
"{1CE0E472-BB1E-4457-8558-A90676A64C7A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{4AFC8EE5-825E-48C7-AF4B-072DBED7411E}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [04/04/2009 11:25 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [04/04/2009 11:25 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/04/2009 11:24 298264]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [11/01/2008 18:50 30312]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24/11/2008 23:31 29263712]
R3 winbondcir;Winbond IR Transceiver;c:\windows\System32\drivers\winbondcir.sys [07/07/2007 20:45 43008]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [07/07/2007 20:45 179712]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [03/09/2008 05:51 99376]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [19/02/2009 16:22 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19:08 533360]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [30/10/2008 18:07 33752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-06-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-28 20:35]

2009-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2237961011-1558373639-1737546342-1000.job
- c:\users\Paul Josh Brennan\AppData\Local\Google\Update\GoogleUpdate.exe [2008-11-17 20:49]

2009-06-08 c:\windows\Tasks\User_Feed_Synchronization-{9B9338E3-8C3F-471F-983D-69728601F8EC}.job
- c:\windows\system32\msfeedssync.exe [2009-02-08 10:01]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd
HKLM-Run-youtubeconverter - c:\program files\Naevius YouTube Converter\ytconv.exe
HKLM-Run-SmartAccess AutoStart - e:\smartaccess\bcont_nm.exe
HKLM-Run-Acer Tour - (no file)
HKLM-Run-eRecoveryService - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-09 14:58
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2237961011-1558373639-1737546342-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{09BBC9E5-361A-653D-C644-960E8DBE95FC}*]
"jadahkeogpofhnbfekef"=hex:62,61,64,67,00,00
"iadbdomhpdalnihaal"=hex:6b,61,69,67,64,65,62,61,6c,61,64,64,62,6b,6d,6b,70,6b,
69,69,63,6d,00,00
"jadahkeogpofhnbfekag"=hex:62,61,68,67,00,00
"hanafakpbcepabbh"=hex:6b,61,69,67,64,65,62,61,6c,61,64,64,62,6b,6d,6b,6d,6b,
6b,6f,6e,66,00,00

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(872)
c:\windows\System32\eNetHook.dll

- - - - - - - > 'lsass.exe'(752)
c:\windows\System32\eNetHook.dll
.
Completion time: 2009-06-09 15:00
ComboFix-quarantined-files.txt 2009-06-09 14:00

Pre-Run: 4,292,710,400 bytes free
Post-Run: 4,482,617,344 bytes free

287 --- E O F --- 2009-04-14 17:54

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:07:56 AM

Posted 09 June 2009 - 09:36 AM

ComboFix logs should not to be posted or discussed outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic in the Am I Infected forum.
http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/
Explain the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

This topic is now closed.
The BC Staff
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users