combofix report

EDIT Moved to apprpriate forum. Virus, Trojan, Spyware, and Malware Removal Logs


it suggested i posted here

what happened???

ComboFix 10-09-07.01 - Owner 07/09/2010 20:49:53.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1022.748 [GMT -5:00]
Running from: c:\documents and settings\Owner\My Documents\Firefox\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\asdkasdakl.exe
c:\asdkasdakl.exe\asdkasdakl.exe
c:\asdkasdakl.exe\config.bin
c:\windows\system32\LGUICOM.DLL

Infected copy of c:\windows\system32\drivers\kbdhid.sys was found and disinfected
Restored copy from - Kitty had a snack
.
((((((((((((((((((((((((( Files Created from 2010-08-08 to 2010-09-08 )))))))))))))))))))))))))))))))
.

2010-09-08 01:54 . 2010-09-08 01:54 -------- d-----w- c:\windows\system32\xircom
2010-09-08 01:54 . 2010-09-08 01:54 -------- d-----w- c:\windows\system32\wbem\snmp
2010-09-08 01:54 . 2010-09-08 01:54 -------- d-----w- c:\windows\system32\oobe
2010-09-08 01:54 . 2010-09-08 01:54 -------- d-----w- c:\program files\microsoft frontpage
2010-09-07 23:54 . 2010-09-07 23:54 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-09-07 23:54 . 2010-09-07 23:54 -------- d-----w- c:\program files\Microsoft.NET
2010-09-07 23:54 . 2010-09-07 23:54 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-09-07 23:54 . 2010-09-07 23:54 -------- d-----w- c:\documents and settings\All Users\Microsoft
2010-09-07 23:53 . 2010-09-07 23:53 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-09-07 23:52 . 2010-09-07 23:52 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-09-07 23:52 . 2010-09-07 23:54 -------- d-----w- c:\windows\SHELLNEW
2010-09-07 23:51 . 2010-09-07 23:51 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Microsoft Help
2010-09-07 23:51 . 2010-09-07 23:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-07 23:50 . 2010-09-07 23:50 -------- d-----r- C:\MSOCache
2010-09-07 06:17 . 2010-09-07 06:17 -------- d-----w- c:\documents and settings\Istria\Local Settings\Application Data\Mozilla
2010-09-07 03:26 . 2010-09-07 03:26 -------- d-----w- c:\program files\Drug Wars
2010-09-07 03:25 . 2010-09-07 03:26 -------- d-----w- C:\wamp
2010-09-07 03:22 . 2010-09-07 03:22 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DX_Coders
2010-09-07 03:20 . 2010-09-07 03:24 -------- d-----w- c:\program files\DX Coders
2010-09-07 02:45 . 2010-09-07 02:45 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Opera
2010-09-07 02:45 . 2010-09-07 02:45 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-09-07 02:45 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-07 02:45 . 2010-09-07 02:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-07 02:45 . 2010-09-07 02:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-07 02:45 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-07 02:35 . 2003-06-25 21:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-09-07 02:28 . 2010-08-12 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-09-07 02:28 . 2010-06-08 16:10 790528 ----a-w- c:\windows\system32\xvidcore.dll
2010-09-07 02:28 . 2010-06-08 16:10 134144 ----a-w- c:\windows\system32\xvidvfw.dll
2010-09-07 02:28 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-09-07 02:25 . 2010-09-07 02:25 -------- d-----w- c:\program files\Opera
2010-09-07 02:24 . 2010-09-07 23:37 -------- d-----w- c:\documents and settings\Owner\Tracing
2010-09-07 02:21 . 2010-09-07 23:54 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-09-07 02:21 . 2010-09-07 02:21 -------- d-----w- c:\program files\Microsoft
2010-09-07 02:21 . 2010-09-07 02:21 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-09-07 02:20 . 2010-09-07 02:22 -------- d-----w- c:\program files\Windows Live
2010-09-07 02:10 . 2010-09-07 02:10 -------- d-----w- c:\program files\Common Files\Windows Live
2010-09-07 02:09 . 2010-09-07 02:34 -------- d-----w- c:\program files\The KMPlayer
2010-09-07 02:02 . 2009-12-09 22:31 20992 ----a-w- c:\documents and settings\Owner\Application Data\Thunderbird\Profiles\l8e71g01.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
2010-09-07 01:44 . 2010-09-07 01:44 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Thunderbird
2010-09-07 01:44 . 2010-09-07 01:44 -------- d-----w- c:\documents and settings\Owner\Application Data\Thunderbird
2010-09-07 01:44 . 2010-09-07 01:44 -------- d-----w- c:\program files\ERUNT
2010-09-07 01:44 . 2010-09-07 01:44 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-07 01:31 . 2010-09-07 01:39 -------- d-----w- c:\documents and settings\Owner\Application Data\Notepad++
2010-09-07 01:31 . 2010-09-07 01:31 -------- d-----w- c:\program files\Notepad++
2010-09-07 01:19 . 2010-09-07 01:19 -------- d-----w- c:\program files\MRU-Blaster
2010-09-07 00:58 . 2010-09-07 00:58 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\VS Revo Group
2010-09-07 00:58 . 2009-12-30 17:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-09-07 00:58 . 2010-09-07 00:58 -------- d-----w- c:\program files\VS Revo Group
2010-09-07 00:48 . 2010-09-07 00:48 -------- d-----w- c:\program files\PowerISO
2010-09-06 17:55 . 2010-03-17 16:35 309248 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\znonpcx7.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
2010-09-06 17:44 . 2010-09-07 01:18 -------- d-----w- c:\program files\CCleaner
2010-09-06 17:41 . 2010-09-06 17:41 -------- d-----w- c:\windows\Sun
2010-09-06 17:36 . 2010-06-28 20:37 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-06 17:36 . 2010-06-28 20:32 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-06 17:36 . 2010-06-28 20:33 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-06 17:36 . 2010-06-28 20:32 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-06 17:36 . 2010-06-28 20:32 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-06 17:36 . 2010-06-28 20:32 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-09-06 17:36 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-09-06 17:36 . 2010-06-28 20:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-06 17:36 . 2010-09-06 17:36 -------- d-----w- c:\program files\Alwil Software
2010-09-06 17:36 . 2010-09-06 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-06 17:23 . 2010-09-06 17:23 -------- d-----w- c:\windows\Options
2010-09-06 17:23 . 2010-09-06 17:23 -------- d-----w- C:\SWSetup
2010-09-06 17:23 . 2006-06-21 10:42 577536 ------w- c:\windows\soundman.exe
2010-09-06 17:23 . 2006-06-21 10:35 10527744 ------w- c:\windows\system32\RTLCPL.exe
2010-09-06 17:23 . 2006-06-08 13:00 143360 ------w- c:\windows\system32\RtlCPAPI.dll
2010-09-06 17:23 . 2005-07-15 21:48 40960 ------w- c:\windows\system32\ChCfg.exe
2010-09-06 17:23 . 2008-04-14 04:15 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-09-06 17:17 . 2010-09-06 17:17 -------- d-----w- c:\program files\Realtek
2010-09-06 17:15 . 2010-09-06 17:15 7097120 ----a-w- c:\documents and settings\Owner\Application Data\DeviceDoctorSoftware\DeviceDoctor\updates\1.0.0.1\DeviceDoctor_Setup.exe
2010-09-06 17:15 . 2010-09-06 17:15 -------- d-----w- c:\documents and settings\Owner\Application Data\DeviceDoctorSoftware
2010-09-06 17:15 . 2010-09-06 17:15 -------- d-----w- c:\program files\Device Doctor
2010-09-06 17:06 . 2010-09-07 01:04 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\eSupport.com
2010-09-06 17:00 . 2009-11-11 22:23 27744 ----a-w- c:\windows\system32\drivers\point32.sys
2010-09-06 16:56 . 2010-09-06 17:28 -------- dc----w- c:\windows\system32\DRVSTORE
2010-09-06 16:47 . 2010-09-06 16:47 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Innovative Solutions
2010-09-06 16:47 . 2010-09-06 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-09-06 16:34 . 2010-09-07 02:24 35200 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-06 16:34 . 2010-09-07 01:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-06 16:33 . 2010-09-06 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-09-06 16:33 . 2010-09-06 16:33 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Downloaded Installations
2010-09-06 16:25 . 2010-09-06 16:25 -------- d-----w- c:\program files\uTorrent
2010-09-06 16:25 . 2010-09-08 01:22 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2010-09-06 05:36 . 2010-09-06 05:36 -------- d-----w- c:\program files\Recuva

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-08 00:22 . 2010-09-05 22:11 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-09-08 00:21 . 2010-09-05 16:31 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-07 23:55 . 2010-09-05 16:20 -------- d-----w- c:\program files\MSBuild
2010-09-07 02:31 . 2010-09-05 16:23 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-09-07 01:13 . 2010-09-06 17:24 -------- d-----w- c:\program files\MouseWare
2010-09-06 17:28 . 2010-09-06 17:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_Apfiltr_01005.Wdf
2010-09-06 17:24 . 2010-09-06 17:24 -------- d-----w- c:\program files\Common Files\Logitech
2010-09-06 17:24 . 2010-09-06 17:22 -------- d-----w- c:\program files\Common Files\InstallShield
2010-09-06 17:24 . 2010-09-06 17:24 -------- d-----w- c:\program files\LSI SoftModem
2010-09-06 17:22 . 2010-09-06 17:22 -------- d-----w- c:\program files\Realtek AC97
2010-09-06 05:24 . 2010-09-05 22:07 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-05 22:12 . 2010-09-05 22:12 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-09-05 22:11 . 2010-09-05 22:11 -------- d-----w- c:\program files\Windows Media Connect 2
2010-09-05 22:09 . 2010-09-05 22:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-09-05 22:08 . 2010-09-05 22:08 -------- d-----w- c:\program files\MSXML 4.0
2010-09-05 20:12 . 2010-09-05 20:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-09-05 20:12 . 2010-09-05 20:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-09-05 17:53 . 2010-09-05 17:52 -------- d-----w- c:\program files\ATI
2010-09-05 17:52 . 2010-09-05 17:52 -------- d-----w- c:\program files\ATI Technologies
2010-09-05 17:23 . 2010-09-05 17:23 0 ----a-w- c:\windows\nsreg.dat
2010-09-05 17:20 . 2010-09-05 17:19 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-05 17:19 . 2010-09-05 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-09-05 17:19 . 2010-09-05 17:19 232968 ----a-w- c:\windows\system32\nvdrsdb0.bin
2010-09-05 17:19 . 2010-09-05 17:19 1 ----a-w- c:\windows\system32\nvdrssel.bin
2010-09-05 17:19 . 2010-09-05 17:19 232968 ----a-w- c:\windows\system32\nvdrsdb1.bin
2010-09-05 16:31 . 2010-09-05 16:31 61440 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-628d7181-n\decora-sse.dll
2010-09-05 16:31 . 2010-09-05 16:31 503808 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-53be31b1-n\msvcp71.dll
2010-09-05 16:31 . 2010-09-05 16:31 499712 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-53be31b1-n\jmc.dll
2010-09-05 16:31 . 2010-09-05 16:31 348160 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-53be31b1-n\msvcr71.dll
2010-09-05 16:31 . 2010-09-05 16:31 12800 ----a-w- c:\documents and settings\Owner\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-628d7181-n\decora-d3d.dll
2010-09-05 16:22 . 2010-09-05 16:22 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit
2010-09-05 16:22 . 2010-09-05 16:22 -------- d-----w- c:\program files\Unlocker
2010-09-05 16:22 . 2010-09-05 16:22 25214 ----a-r- c:\documents and settings\Owner\Application Data\Microsoft\Installer\{8D166051-2C3B-4BF3-A68D-B11D45F3E1B6}\_6FEFF9B68218417F98F549.exe
2010-09-05 16:22 . 2010-09-05 16:22 -------- d-----w- c:\program files\UPHClean
2010-09-05 16:22 . 2010-09-05 16:22 -------- d-----w- c:\program files\Common Files\Java
2010-09-05 16:22 . 2010-09-05 16:22 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-09-05 16:22 . 2010-09-05 16:22 -------- d-----w- c:\program files\Java
2010-09-05 16:19 . 2010-09-05 16:19 -------- d-----w- c:\program files\Reference Assemblies
2010-07-09 22:38 . 2010-09-05 17:19 61440 ----a-w- c:\windows\system32\OpenCL.dll
2010-07-09 22:38 . 2010-09-05 17:19 2914408 ----a-w- c:\windows\system32\nvcuvid.dll
2010-07-09 22:38 . 2010-09-05 17:19 2506344 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-07-09 22:38 . 2010-09-05 17:19 13549568 ----a-w- c:\windows\system32\nvoglnt.dll
2010-07-09 22:38 . 2010-09-05 17:19 10604128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2010-07-09 22:38 . 2010-09-05 17:19 6343040 ----a-w- c:\windows\system32\nv4_disp.dll
2010-07-09 22:38 . 2010-09-05 17:19 4595712 ----a-w- c:\windows\system32\nvcuda.dll
2010-07-09 22:38 . 2010-09-05 17:19 236136 ----a-w- c:\windows\system32\nvcodins.dll
2010-07-09 22:38 . 2010-09-05 17:19 236136 ----a-w- c:\windows\system32\nvcod.dll
2010-07-09 22:38 . 2010-09-05 17:19 2195030 ----a-w- c:\windows\system32\nvdata.bin
2010-07-09 22:38 . 2010-09-05 17:19 1388544 ----a-w- c:\windows\system32\nvapi.dll
2010-07-09 22:38 . 2010-09-05 17:19 10260480 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-30 12:23 . 2010-02-11 03:57 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:24 . 2010-02-11 03:58 919040 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 02:14 . 2010-02-11 03:58 1861120 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 14:18 . 2010-02-11 03:58 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-04-14 11:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-09-05 22:10 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:39 . 2010-02-11 03:57 1172480 ----a-w- c:\windows\system32\msxml3.dll
.

------- Sigcheck -------

[-] 2010-02-11 . BA8C046D98345129723E6BCAA1E8AB99 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys


c:\windows\System32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" [2010-02-11 128512]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
StartUp.lnk - c:\documents and settings\Owner\My Documents\Programming\VBScripts\StartUp.vbs [2010-9-6 2054]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 18 (0x12)
"NoSMConfigurePrograms"= 1 (0x1)
"NoRecentDocsNetHood"= 1 (0x1)
"MemCheckBoxInRunDlg"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 01000000
"NoRecentDocsNetHood"= 01000000
"NoSMMyDocs"= 01000000
"NoSMMyPictures"= 01000000
"NoNetworkConnections"= 01000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [06/09/2010 12:36 165456]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [06/09/2010 12:36 17744]
S0 amdide1;amdide1;c:\windows\system32\drivers\amdide1.sys [10/02/2010 23:21 9096]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [10/02/2010 23:01 9472]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [21/01/2010 17:51 30963576]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 20:37 4640000]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [06/09/2010 19:58 27064]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
UPHClean REG_MULTI_SZ UPHClean
.
.
------- Supplementary Scan -------
.
uStart Page = https://ssl.scroogle.org/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\znonpcx7.default\
FF - prefs.js: browser.startup.homepage - www.btjunkie.org | www.vbforums.com | www.facebook.com | hxxp://forum.piriform.com/
FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\znonpcx7.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-asdkasdakl.exe - c:\asdkasdakl.exe\asdkasdakl.exe
Notify-RailNotification - (no file)
MSConfigStartUp-nwiz - nwiz.exe
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-07 20:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1264)
c:\windows\system32\WININET.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~4\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\System32\WScript.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2010-09-07 20:57:26 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-08 01:57

Pre-Run: 143,114,432,512 bytes free
Post-Run: 143,118,020,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5BBDBD7C66221A1E5C0D5AEB3F35F3EA

Edited by boopme, 07 September 2010 - 08:15 PM.

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report

1. Please download OTL from one of the following mirrors:
   • This is THE Mirror
2. Save it to your desktop.
3. Double click on the icon on your desktop.
4. Click the "Scan All Users" checkbox.
5. In the custom scan box paste the following:
   
   CODE
   msconfig
   safebootminimal
   activex
   drivers32
   netsvcs
   %SYSTEMDRIVE%\*.exe
   /md5start
   eventlog.dll
   scecli.dll
   netlogon.dll
   cngaudit.dll
   sceclt.dll
   ntelogon.dll
   logevent.dll
   iaStor.sys
   nvstor.sys
   atapi.sys
   IdeChnDr.sys
   viasraid.sys
   AGP440.sys
   vaxscsi.sys
   nvatabus.sys
   viamraid.sys
   nvata.sys
   nvgts.sys
   iastorv.sys
   ViPrt.sys
   eNetHook.dll
   ahcix86.sys
   KR10N.sys
   nvstor32.sys
   ahcix86s.sys
   nvrd32.sys
   symmpi.sys
   adp3132.sys
   mv61xx.sys
   nvraid.sys
   /md5stop
   %systemroot%\*. /mp /s
   %systemroot%\system32\*.dll /lockedfiles
   %systemroot%\Tasks\*.job /lockedfiles
   %systemroot%\system32\drivers\*.sys /lockedfiles
   %systemroot%\System32\config\*.sav
   %systemroot%\system32\drivers\*.sys /90
6. Push the button.
7. Two reports will open, copy and paste them in a reply here:
   • OTL.txt <-- Will be opened
   • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti