ComboFix 09-07-25.08 - cpu 1 07/26/2009 18:10.1.2 - NTFSx86
Microsoft
Windows Vista
Home Premium 6.0.6001.1.1252.1.1033.18.1978.1221 [GMT -4:00]
Running from: c:\users\cpu 1\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\$recycle.bin\S-1-5-21-1798170937-116836392-2064234790-500
c:\$recycle.bin\S-1-5-21-2395403662-305266162-357448060-500
c:\windows\Installer\4fcbf.msi
c:\windows\system32\drivers\MSIVXesenjepvnibdtlopipuxvkxcwpiftnxr.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXeriwakrujkmplarybkcrgfuqqxiwcixg.dll
c:\windows\System32\MSIVXvlxbpgdscsiosqnqsbysfobwebpqtqnt.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MSIVXserv.sys
((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.
2009-07-26 22:17 . 2009-07-26 22:17 -------- d-----w- c:\users\cpu 1\AppData\Local\temp
2009-07-24 02:31 . 2009-07-13 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-24 02:31 . 2009-07-24 07:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-24 02:31 . 2009-07-24 02:31 -------- d-----w- c:\programdata\Malwarebytes
2009-07-24 02:31 . 2009-07-13 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 05:30 . 2009-07-13 05:30 -------- d-----w- c:\users\cpu 1\AppData\Roaming\AVG8
2009-07-06 07:11 . 2009-07-09 06:48 -------- d-----w- c:\users\cpu 1\AppData\Roaming\dvdcss
2009-06-29 20:21 . 2009-06-29 20:21 -------- d-----w- c:\program files\Combined Community Codec Pack
2009-06-29 20:14 . 2009-06-29 20:14 -------- d-----w- c:\users\cpu 1\AppData\Roaming\vlc
2009-06-29 20:12 . 2009-06-29 20:12 -------- d-----w- c:\program files\VideoLAN
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 07:00 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-21 07:01 . 2008-06-27 18:28 -------- d-----w- c:\programdata\Microsoft Help
2009-07-13 05:44 . 2008-12-25 23:27 -------- d-----w- c:\programdata\avg8
2009-07-13 05:29 . 2008-12-25 23:27 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-13 05:29 . 2008-12-25 23:27 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-13 05:29 . 2008-12-25 23:27 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-05 23:45 . 2008-06-27 18:51 -------- d-----w- c:\program files\Java
2009-06-28 22:37 . 2009-02-08 18:42 -------- d-----w- c:\program files\BitLord
2009-06-24 07:09 . 2008-06-27 18:04 -------- d-----w- c:\program files\Microsoft Works
2009-06-24 06:32 . 2009-01-17 19:06 -------- d-----w- c:\programdata\Yahoo! Companion
2009-06-12 22:57 . 2009-06-12 22:57 -------- d-----w- c:\program files\Common Files\xing shared
2009-06-12 22:57 . 2009-06-12 22:56 -------- d-----w- c:\program files\Common Files\Real
2009-06-12 22:56 . 2009-06-12 22:56 -------- d-----w- c:\program files\Real
2009-06-08 17:17 . 2009-02-02 04:33 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-21 15:33 . 2009-01-24 23:25 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-30 12:37 . 2009-06-24 03:04 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-04-30 12:37 . 2009-06-24 03:04 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-04-25 18:08 . 2008-12-28 23:01 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-06-27 16:02 . 2008-06-27 16:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-17 145944]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-13 1948440]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-12 180269]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C0EA8201-8DF2-460B-8FA0-CA6DF34E6153}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{8454C891-500E-4F2E-B082-21ED4AB360D5}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{3DC16CC6-9BDE-4302-86DA-1E4F07C01C5F}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{89B63FB3-5E34-47EE-9445-D7398D932F05}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5D500A14-07EB-4251-995C-A11A6DB4967B}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{9D22A853-5F38-475F-96B3-E8CB5702BFA3}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7BCAA59C-2144-491C-B787-C7596D40A0B6}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{19688973-C3E3-44F2-9800-37437A7833C7}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{3F702F90-4BF9-4894-B690-26BCD46617CA}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"TCP Query User{160FD739-D720-4084-8049-DA9EA4E28CCE}f:\\bitlord\\bitlord.exe"= UDP:f:\bitlord\bitlord.exe:BitLord
"UDP Query User{39ABD85E-288C-4946-B615-D5EDACF6EA43}f:\\bitlord\\bitlord.exe"= TCP:f:\bitlord\bitlord.exe:BitLord
"{96F9C76E-12F2-4DC2-AC61-9EB845E57A81}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{10B2541B-B8E3-47BC-BD39-19EBA3C5D512}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{B0888ABE-A0DC-4257-BFEF-A294542E573F}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"TCP Query User{1BF21E8B-D73B-4D45-B792-FAD21E1D9F3D}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{8D7BB4FF-DCDD-423B-A3DA-2EECD2062F9B}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{A8A0EE2F-AAAB-4D06-AD7D-7B7B8601412D}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{DFD6FA98-331A-44DE-851D-1F4635DE456A}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{5239603F-11B5-40B3-BCB4-128A2B306B29}f:\\bitlord\\bitlord.exe"= UDP:f:\bitlord\bitlord.exe:BitLord
"UDP Query User{13106062-E5AB-4A63-8E51-FD7CE9751881}f:\\bitlord\\bitlord.exe"= TCP:f:\bitlord\bitlord.exe:BitLord
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [12/25/2008 7:27 PM 327688]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2/2/2009 12:33 AM 108552]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/25/2008 7:27 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/25/2008 7:27 PM 298776]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [6/27/2008 2:46 PM 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/25/2008 6:14 PM 24652]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\System32\drivers\IntcHdmi.sys [6/4/2008 1:54 PM 113664]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [6/27/2008 1:46 PM 193840]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/mStart Page =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnbIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\cpu 1\AppData\Roaming\Mozilla\Firefox\Profiles\wqq0vcpc.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-26 18:17
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-07-26 18:20
ComboFix-quarantined-files.txt 2009-07-26 22:20
Pre-Run: 65,428,803,584 bytes free
Post-Run: 68,055,711,744 bytes free
163 --- E O F --- 2009-07-23 07:00