finally here comes the karpeski log I think Its clean, I join a HJT log as well just in case
thanks
ComboFix 08-11-14.01 - olivier 2008-11-16 16:07:55.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.970 [GMT 0:00]
Running from: c:\users\olivier\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-10-16 to 2008-11-16 )))))))))))))))))))))))))))))))
.
2008-11-16 14:15 . 2008-11-16 14:15 <DIR> d-------- c:\program files\Foxit Software
2008-11-16 12:40 . 2008-11-16 12:40 <DIR> d-------- c:\users\olivier\AppData\Roaming\Malwarebytes
2008-11-16 12:40 . 2008-11-16 12:40 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-11-16 12:40 . 2008-11-16 12:40 <DIR> d-------- c:\programdata\Malwarebytes
2008-11-16 12:40 . 2008-11-16 12:40 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-11-16 12:40 . 2008-10-22 16:10 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-11-16 12:40 . 2008-10-22 16:10 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-15 22:26 . 2008-11-15 22:35 <DIR> d-------- C:\rsit
2008-11-15 12:12 . 2008-11-15 12:12 <DIR> d-------- c:\windows\System32\glvLog
2008-11-14 23:17 . 2008-11-14 23:17 0 --a------ c:\windows\Control.ini
2008-11-14 23:16 . 2008-11-16 14:09 <DIR> d-------- c:\windows\System32\ZeroSpyware
2008-11-14 23:16 . 2008-11-16 14:09 <DIR> d-------- c:\program files\FBM Software
2008-11-14 23:16 . 2008-11-16 12:15 131,072 --a------ c:\windows\System32\datestamp.dll
2008-11-13 19:27 . 2008-11-15 22:02 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-13 19:06 . 2008-11-13 19:06 <DIR> d-------- c:\program files\Trend Micro
2008-11-13 17:51 . 2008-11-13 19:47 <DIR> d-------- c:\users\All Users\VadeRetro
2008-11-13 17:51 . 2008-11-13 19:47 <DIR> d-------- c:\programdata\VadeRetro
2008-11-13 05:29 . 2008-11-13 05:29 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-13 04:05 . 2008-09-10 03:40 1,334,272 --a------ c:\windows\System32\msxml6.dll
2008-11-13 04:05 . 2008-09-05 05:14 1,191,936 --a------ c:\windows\System32\msxml3.dll
2008-11-13 04:05 . 2008-08-27 01:05 212,480 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 18:41 . 2008-11-12 18:41 <DIR> d-------- c:\program files\Alwil Software
2008-11-11 21:09 . 2008-11-16 16:13 <DIR> d-------- c:\program files\a-squared Anti-Malware
2008-11-11 20:47 . 2008-11-13 19:46 <DIR> d-------- c:\users\All Users\Spybot - Search & Destroy
2008-11-11 20:47 . 2008-11-13 19:46 <DIR> d-------- c:\programdata\Spybot - Search & Destroy
2008-11-11 20:32 . 2008-11-11 20:32 <DIR> d-------- c:\users\olivier\AppData\Roaming\aAvgApi
2008-11-11 17:10 . 2008-11-13 19:45 <DIR> d-------- c:\users\All Users\Lavasoft
2008-11-11 17:10 . 2008-11-13 19:45 <DIR> d-------- c:\programdata\Lavasoft
2008-11-11 16:58 . 2008-11-11 17:08 <DIR> d-a------ c:\users\All Users\TEMP
2008-11-11 16:58 . 2008-11-11 17:08 <DIR> d-a------ c:\programdata\TEMP
2008-11-10 18:18 . 2008-11-16 12:16 <DIR> d-------- c:\windows\System32\drivers\Avg
2008-11-10 18:18 . 2008-11-10 18:18 98,440 --a------ c:\windows\System32\drivers\avgldx86.sys
2008-11-10 18:18 . 2008-11-10 18:18 90,632 --a------ c:\windows\System32\drivers\avgtdix.sys
2008-11-10 18:18 . 2008-11-10 18:18 12,936 --a------ c:\windows\System32\drivers\avgrkx86.sys
2008-11-10 18:18 . 2008-11-10 18:18 10,520 --a------ c:\windows\System32\avgrsstx.dll
2008-11-10 18:17 . 2008-11-10 18:17 <DIR> d-------- c:\users\All Users\avg8
2008-11-10 18:17 . 2008-11-10 18:17 <DIR> d-------- c:\programdata\avg8
2008-11-10 18:17 . 2008-11-10 18:17 <DIR> d-------- c:\program files\AVG
2008-11-10 18:17 . 2008-11-10 18:17 23,832 --a------ c:\windows\System32\drivers\avgfwd6x.sys
2008-11-09 13:43 . 2008-11-09 13:43 <DIR> d-------- c:\windows\System32\QuickTime
2008-11-09 13:43 . 2008-11-09 13:43 <DIR> d-------- c:\windows\System32\custom matrices
2008-11-09 13:43 . 2008-11-09 13:43 <DIR> d-------- c:\windows\System32\C2MP
2008-11-07 12:45 . 2008-08-12 03:39 443,392 --a------ c:\windows\System32\win32spl.dll
2008-11-07 12:45 . 2008-09-18 04:56 147,456 --a------ c:\windows\System32\Faultrep.dll
2008-11-07 12:45 . 2008-09-18 04:56 125,952 --a------ c:\windows\System32\wersvc.dll
2008-10-22 17:34 . 2008-08-05 09:49 428,544 --a------ c:\windows\System32\EncDec.dll
2008-10-22 17:34 . 2008-08-05 09:49 293,376 --a------ c:\windows\System32\psisdecd.dll
2008-10-22 17:34 . 2008-08-05 09:48 217,088 --a------ c:\windows\System32\psisrndr.ax
2008-10-22 17:34 . 2008-08-05 09:48 177,664 --a------ c:\windows\System32\mpg2splt.ax
2008-10-22 17:34 . 2008-08-05 09:48 80,896 --a------ c:\windows\System32\MSNP.ax
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 16:18 --------- d-----w c:\users\olivier\AppData\Roaming\Skype
2008-11-16 16:18 --------- d-----w c:\programdata\Kontiki
2008-11-16 16:01 --------- d-----w c:\users\olivier\AppData\Roaming\skypePM
2008-11-16 14:09 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-16 14:06 --------- d-----w c:\program files\Common Files\Adobe
2008-11-13 21:44 --------- d-----w c:\programdata\Microsoft Help
2008-11-13 19:45 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-13 19:10 2,686 ----a-w c:\windows\System32\ealregsnapshot1.reg
2008-10-23 16:09 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 17:27 --------- d-----w c:\program files\Windows Mail
2008-10-12 14:22 --------- d-----w c:\program files\Bonjour
2008-10-09 17:11 --------- d-----w c:\program files\Google
2008-10-09 16:49 --------- d-----w c:\programdata\NVIDIA
2008-10-06 18:23 --------- d-----w c:\program files\Macromedia
2008-10-06 18:12 --------- d-----w c:\program files\Common Files\Macromedia
2008-10-06 17:09 --------- d-----w c:\programdata\FLEXnet
2008-10-06 16:53 --------- d-----w c:\program files\MagicISO
2008-10-02 03:49 827,392 ----a-w c:\windows\System32\wininet.dll
2008-09-30 16:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-28 14:49 --------- d-----w c:\users\olivier\AppData\Roaming\SPORE
2008-09-26 18:36 --------- d-----w c:\users\olivier\AppData\Roaming\Nokia
2008-09-18 17:15 --------- d-----w c:\program files\Photosynth
2008-09-18 05:09 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 05:09 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:16 2,032,640 ----a-w c:\windows\System32\win32k.sys
2008-09-03 03:59 468,992 ----a-w c:\windows\System32\newdev.dll
2008-09-03 03:58 74,752 ----a-w c:\windows\System32\newdev.exe
2008-08-22 03:38 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-08-22 03:38 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-08-22 03:38 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-08-22 03:38 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-05-17 12:25 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-05-17 12:25 56 ---ha-w c:\programdata\ezsidmv.dat
2008-04-13 14:00 174 --sha-w c:\program files\desktop.ini
2008-02-28 18:42 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-02-28 18:42 32,768 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-02-28 18:42 16,384 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2008-03-08 12:39 16,384 --sha-w c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-05 171448]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-04-30 22058792]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 1079808]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 1232896]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-21 2752512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"V0380Mon.exe"="c:\windows\V0380Mon.exe" [2007-08-30 28672]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-29 185896]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-09-17 612896]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13580832]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-29 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-29 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-12 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-10 1235736]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2008-03-26 1232896]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-06-21 805392]
MCEBuddy Taskbar Monitor.lnk - c:\windows\Installer\{BAFC1680-D56C-4079-98B7-B71B99F29647}\_6BCC94CCBDEFDDC8F82198.exe [2008-04-24 2462]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
[HKLM\~\startupfolder\C:^Users^olivier^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Yahoo! Widgets.lnk]
path=c:\users\olivier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Yahoo! Widgets.lnk
backup=c:\windows\pss\Yahoo! Widgets.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Live! Cam Manager]
--------- 2007-06-07 14:01 155648 c:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-04-16 11:53 1079808 c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{85A60763-DE73-401D-92E1-A2A490B842CE}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D6175DC9-EBC5-44E4-9B79-58FBDD159DD4}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{C73302CD-758A-4092-A69A-6CF4F9B88736}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{DF11FEA2-514F-4487-8DE8-6FA4995D737E}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{369132C3-E2F3-4560-8538-6FC4EC359638}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{3A333038-2977-4C55-8623-3FA12242B6BE}"= Disabled:UDP:c:\program files\Skype\Phone\Skype.exe:Skype
"{B55B0B2D-B302-4BCE-AF5F-837CEC3FBE06}"= TCP:c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{97286419-4E18-4E11-AD87-D3D3C76B799C}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{AE4AB0C8-CB61-429F-87A6-24757F523AAF}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{1C115FAF-13CB-4F72-BFFC-150DBCCFBA18}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{E497ABD7-80FB-4902-B8AD-8834084BB3FA}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{FEA1DF2A-98AC-4904-97B0-B64D61CB308E}c:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{7223E3EA-B762-440F-9783-C72E91985C55}c:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"TCP Query User{FD09E41B-2B34-4CE5-8C93-8B62D008B961}c:\\users\\olivier\\desktop\\utorrent.exe"= UDP:c:\users\olivier\desktop\utorrent.exe:utorrent.exe
"UDP Query User{1409AFB7-A233-4053-8C19-EE98AEA3BF00}c:\\users\\olivier\\desktop\\utorrent.exe"= TCP:c:\users\olivier\desktop\utorrent.exe:utorrent.exe
"{F74A8FFA-7E50-448A-A549-812087574975}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{B7B0F17A-4646-49D9-9F5B-BAA7770E546A}"= UDP:62483:LocalSubnet:LocalSubnet:emule
"{52D85B89-F9DD-442C-93DE-FE126936FA74}"= TCP:53019:LocalSubnet:LocalSubnet:emule udp
"TCP Query User{42F0E8D8-4EEF-41F1-9FD2-1956A4771894}c:\\program files\\codemasters\\dirt\\dirt.exe"= UDP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"UDP Query User{A43DDB38-F107-4A7B-9C54-86B5C2BD4546}c:\\program files\\codemasters\\dirt\\dirt.exe"= TCP:c:\program files\codemasters\dirt\dirt.exe:DiRT Executable
"TCP Query User{106EB06A-5DC2-4573-A0CA-3BAB4D3B949F}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{B3C44683-DAF4-4ADC-A186-CE55ED9E04DD}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"{4E3238EB-2036-4DFF-8E10-979A368593A3}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{26476188-8F23-4282-9CC0-08B3F4DEDA22}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"TCP Query User{AEFDCB03-7AA1-47FE-ACD7-39F56B6B9422}c:\\program files\\kontiki\\khost.exe"= UDP:c:\program files\kontiki\khost.exe:Delivery Manager
"UDP Query User{E2E8737B-5073-4ABC-90BA-B51C5D805E47}c:\\program files\\kontiki\\khost.exe"= TCP:c:\program files\kontiki\khost.exe:Delivery Manager
"TCP Query User{A37C3CF6-E82E-4724-8458-416DA48617AC}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= UDP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"UDP Query User{E6F269F2-7676-4585-8F36-76841CB4EF3C}c:\\program files\\joost\\xulrunner\\tvprunner.exe"= TCP:c:\program files\joost\xulrunner\tvprunner.exe:tvprunner
"TCP Query User{833EDDF8-FFDE-4B69-86CB-95A082CEB323}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\fpupdate.exe"= UDP:c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe:fpupdate
"UDP Query User{2907D3B8-18DB-4A4E-B98B-937AE8D63188}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\fpupdate.exe"= TCP:c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe:fpupdate
"{67543982-A599-490A-91E2-52FDE14FB29D}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"TCP Query User{C04374FC-FAC5-447B-9D85-CFFD459A2DED}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= UDP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"UDP Query User{9669CB8F-7F5C-432D-BD7D-AE5F8A17C08D}c:\\program files\\nokia\\nokia software updater\\nsu_ui_client.exe"= TCP:c:\program files\nokia\nokia software updater\nsu_ui_client.exe:Nokia Software Updater
"TCP Query User{A8B3D608-5DBF-4D4D-A297-DB4703FBCFA0}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= UDP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"UDP Query User{2BF93007-F360-4994-8D73-823AF91050BF}c:\\program files\\common files\\nokia\\service layer\\a\\nsl_host_process.exe"= TCP:c:\program files\common files\nokia\service layer\a\nsl_host_process.exe:Nokia Service Layer Host Process
"TCP Query User{E7085C07-9507-44D1-962C-74788D657D84}c:\\program files\\ubisoft\\ghost recon advanced warfighter 2\\graw2.exe"= UDP:c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"UDP Query User{5F019DC0-E093-4356-8BCA-4C14EEC5559F}c:\\program files\\ubisoft\\ghost recon advanced warfighter 2\\graw2.exe"= TCP:c:\program files\ubisoft\ghost recon advanced warfighter 2\graw2.exe:Ghost Recon Advanced Warfighter® 2
"{00953079-2D2B-42A4-A7B4-BD041644A8D6}"= UDP:c:\program files\BUFFALO\NASNAVI\NasNavi.exe:BUFFALO NAS Navigator
"{4E0D1169-28AF-4D85-9CE6-6A1E707CBE8E}"= TCP:c:\program files\BUFFALO\NASNAVI\NasNavi.exe:BUFFALO NAS Navigator
"TCP Query User{21DC8668-CD86-4001-B5C9-2ADBE66EE8FB}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{E113EC22-25EA-4D76-8F08-EC8F762F76B2}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{5E9F65F1-0BA1-4207-A543-C4158BBFE94E}c:\\program files\\sightspeed\\sightspeed.exe"= UDP:c:\program files\sightspeed\sightspeed.exe:SightSpeed
"UDP Query User{DB441024-4BEA-4DCC-879A-DDCD2E0D0E70}c:\\program files\\sightspeed\\sightspeed.exe"= TCP:c:\program files\sightspeed\sightspeed.exe:SightSpeed
"TCP Query User{BADE3B29-9ED5-4CD5-B55E-0F27A957AB79}c:\\program files\\windows sidebar\\sidebar.exe"= UDP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"UDP Query User{81B62693-E9D1-4D70-AE07-35BC0C54CCA6}c:\\program files\\windows sidebar\\sidebar.exe"= TCP:c:\program files\windows sidebar\sidebar.exe:Windows Sidebar
"TCP Query User{B312A862-442F-421A-9A3F-4F59BE2C0386}c:\\program files\\emule\\emule.exe"= UDP:c:\program files\emule\emule.exe:eMule
"UDP Query User{A2C11FF0-2799-47DA-B0E9-A129DD906615}c:\\program files\\emule\\emule.exe"= TCP:c:\program files\emule\emule.exe:eMule
"TCP Query User{A2B12053-CA83-43CB-B661-93DFEEBB2AD7}c:\\program files\\transcode360\\transcode360tray.exe"= UDP:c:\program files\transcode360\transcode360tray.exe:
"UDP Query User{0ABD006D-8085-4C43-AC55-39FA5791900A}c:\\program files\\transcode360\\transcode360tray.exe"= TCP:c:\program files\transcode360\transcode360tray.exe:
"TCP Query User{5629E2C6-AAA8-4553-A1AC-5ABB9DF1A033}c:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"UDP Query User{9EF4C413-9E4B-45E2-B5D5-C8F1B02DD315}c:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:c:\program files\orbitdownloader\orbitnet.exe:P2P service of Orbit Downloader
"TCP Query User{0F6C9FD6-6178-4F7A-B099-95F5CEB517ED}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{3948786A-6E2B-4FED-920E-59694AE13D1E}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{6348D67C-4F14-43CC-933C-CCF29569C9BC}"= UDP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{96CB2368-C517-4473-BC29-85FCC52E1FDB}"= TCP:c:\program files\Kontiki\KService.exe:Delivery Manager Service
"{626A32C5-E4EA-473B-8519-C9562D2E730B}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{A47BAF0B-E311-4EE1-AA05-A99DCF473436}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{2847DB09-1A91-4E3E-9AF6-A73A5723EC82}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{CC4B15E2-5A4D-4ED6-B140-96A4244E2415}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-10 12936]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2008-11-10 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-10 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-10 90632]
R2 AEV0380;Creative Camera VF0380 APO service application;c:\windows\system32\V0380Aps.exe [2008-03-20 73728]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-10 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-10 231704]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2008-11-10 1212184]
R2 MCE Buddy;MCE Buddy Service;"c:\program files\Tyrell\MCEBuddy\MCEBuddySvc.exe" [2008-02-07 20480]
R3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2007-04-20 674048]
R3 V0380Dev;Creative Camera VF0380 Driver;c:\windows\system32\DRIVERS\V0380Vid.sys [2008-03-20 274400]
R3 V0380Vfx;Creative Camera VF0380 Video VFX Driver;c:\windows\system32\DRIVERS\V0380Vfx.sys [2008-03-20 7168]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2006-11-02 1083520]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
S3 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\DRIVERS\rtlprot.sys [2007-04-24 15360]
S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2008-06-27 335872]
S3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys [2007-01-30 126344]
S3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys [2007-01-30 27264]
S3 UMPass;Microsoft UMPass Driver;c:\windows\system32\DRIVERS\umpass.sys [2008-04-13 7680]
.
Contents of the 'Scheduled Tasks' folder
2008-11-16 c:\windows\Tasks\RtlVistaStart.job
- c:\program files\ASUS WiFi-AP Solo\RtWLan.exe []
2008-11-16 c:\windows\Tasks\User_Feed_Synchronization-{1A980203-E5BA-4CB1-AF6D-0551D60D5E89}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]
2008-11-16 c:\windows\Tasks\User_Feed_Synchronization-{B5DD0C69-C260-4FD0-B180-C6E98D2CF533}.job
- c:\windows\system32\msfeedssync.exe [2008-01-18 22:33]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe
HKCU-Run-LightScribe Control Panel - c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
HKCU-Run-ceoou - c:\users\olivier\appdata\local\ceoou.exe
HKLM-Run-Transcode360 - c:\program files\Transcode360\Transcode360Tray.exe
HKU-Default-RunOnce-IETI - c:\program files\Skype\Phone\IEPlugin\unins000.exe
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 16:15:05
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Kontiki\KService.exe
c:\windows\System32\WUDFHost.exe
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\ehome\ehsched.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-11-16 16:21:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-16 16:21:18
Pre-Run: 54,450,438,144 bytes free
Post-Run: 54,094,233,600 bytes free
298 --- E O F --- 2008-11-13 21:44:26
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:07:09, on 17/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\conime.exe
C:\Windows\V0380Mon.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [V0380Mon.exe] C:\Windows\V0380Mon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: MCEBuddy Taskbar Monitor.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{FDDD4D34-B08B-4478-A993-C9DCFE178374}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Creative Camera VF0380 APO service application (AEV0380) - Creative Technology Ltd. - C:\Windows\system32\V0380Aps.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: MCE Buddy Service (MCE Buddy) - Unknown owner - C:\Program Files\Tyrell\MCEBuddy\MCEBuddySvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 9566 bytes