combo fix log
ComboFix 09-01-21.04 - David 2009-01-25 10:06:37.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.405 [GMT -8:00]
Running from: c:\documents and settings\David\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
c:\docume~1\David\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\LOG\20090124102305687.log
c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\c.cgm
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\ieModule.dll
c:\documents and settings\All Users\Application Data\Microsoft\Internet Explorer\DLLs\wsokyaxfzv.dll
c:\documents and settings\All Users\Application Data\Microsoft\Protect\svhost.exe
c:\documents and settings\All Users\Application Data\Microsoft\Protect\track.sys
c:\documents and settings\All Users\Application Data\svhost.exe
c:\documents and settings\All Users\Start Menu\Programs\Startup\svchost.exe
c:\documents and settings\David\Start Menu\Programs\Spyware Guard 2009
c:\documents and settings\David\Start Menu\Programs\Spyware Guard 2009\Spyware Guard 2009.lnk
c:\program files\Spyware Guard 2009
c:\program files\Spyware Guard 2009\conf.cfg
c:\program files\Spyware Guard 2009\mbase.vdb
c:\program files\Spyware Guard 2009\quarantine.vdb
c:\program files\Spyware Guard 2009\queue.vdb
c:\program files\Spyware Guard 2009\spywareguard.exe
c:\program files\Spyware Guard 2009\uninstall.exe
c:\program files\Spyware Guard 2009\vbase.vdb
c:\windows\reged.exe
c:\windows\spoolsystem.exe
c:\windows\sys.com
c:\windows\syscert.exe
c:\windows\sysexplorer.exe
c:\windows\system32\batmete.dll
c:\windows\system32\cmdial3.dll
c:\windows\system32\drivers\msqpdxibciqtnn.sys
c:\windows\system32\Drivers\TDSSmqlt.sys
c:\windows\system32\drivers\tdssserv.sys
c:\windows\system32\drivers\Wingl15.sys
c:\windows\system32\jjkmp.ini
c:\windows\system32\mcrh.tmp
c:\windows\system32\msqpdxosetlwev.dll
c:\windows\system32\TDSShrsr.dll
c:\windows\system32\TDSSkkdu.log
c:\windows\system32\TDSSlxwp.dll
c:\windows\system32\TDSSoiqn.dll
c:\windows\system32\TDSSorvd.dat
c:\windows\system32\TDSSriqp.dll
c:\windows\system32\TDSSxfum.dll
c:\windows\system32\WinCtrl32.dl_
c:\windows\system32\WinCtrl32.dll
c:\windows\system32\winscenter.exe
c:\windows\system32\xlibgfl254.dll
c:\windows\vmreg.dll
G:\Autorun.inf
G:\resycled
g:\resycled\bootmatrix.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV.SYS
-------\Legacy_WINGL15
-------\Service_TDSSserv.sys
-------\Service_Wingl15
((((((((((((((((((((((((( Files Created from 2008-12-25 to 2009-01-25 )))))))))))))))))))))))))))))))
.
2009-01-19 23:24 . 2009-01-19 23:24 <DIR> d-------- c:\documents and settings\David\Application Data\Sammsoft
2009-01-19 23:23 . 2009-01-19 23:23 <DIR> d-------- c:\program files\Advanced Registry Optimizer
2009-01-18 15:39 . 2009-01-18 15:39 <DIR> d-------- c:\program files\Enigma Software Group
2009-01-16 13:54 . 2007-06-14 10:09 95,744 --a------ c:\windows\system32\cdfvie.dll
2009-01-06 00:32 . 2009-01-06 00:32 244 --ah----- C:\sqmnoopt03.sqm
2009-01-06 00:32 . 2009-01-06 00:32 232 --ah----- C:\sqmdata03.sqm
2009-01-06 00:31 . 2009-01-06 00:31 244 --ah----- C:\sqmnoopt02.sqm
2009-01-06 00:31 . 2009-01-06 00:31 244 --ah----- C:\sqmnoopt01.sqm
2009-01-06 00:31 . 2009-01-06 00:31 232 --ah----- C:\sqmdata02.sqm
2009-01-06 00:31 . 2009-01-06 00:31 232 --ah----- C:\sqmdata01.sqm
2009-01-04 22:26 . 2009-01-13 16:31 <DIR> d-------- c:\program files\View_Private_MySpace_Profiles
2009-01-04 22:26 . 2009-01-13 16:31 <DIR> d-------- c:\program files\Conduit
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-20 07:14 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-16 22:58 --------- d-----w c:\program files\Veoh Networks
2009-01-16 22:19 --------- d-----w c:\documents and settings\David\Application Data\LimeWire
2009-01-14 02:44 --------- d-----w c:\program files\Nitto 1320 Legends
2009-01-05 05:16 --------- d-----w c:\program files\Warcraft III
2007-04-11 07:05 95,696 ----a-w c:\documents and settings\David\Application Data\sysdoctor.exe
2006-12-31 13:10 24,192 ----a-w c:\documents and settings\David\usbsermptxp.sys
2006-12-31 13:10 22,768 ----a-w c:\documents and settings\David\usbsermpt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7F898A54-6391-45C0-B126-BEB089C9DFD7}]
2007-06-14 10:09 95744 --a------ c:\windows\system32\cdfvie.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Veoh"="c:\program files\Veoh Networks\Veoh\VeohClient.exe" [2008-08-28 3660848]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2008-12-16 3528440]
"AROReminder"="c:\program files\Advanced Registry Optimizer\aro.exe" [2008-08-22 2084480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-01-13 864256]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-06 20:16 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^TA_Start.lnk]
path=c:\documents and settings\David\Start Menu\Programs\Startup\TA_Start.lnk
backup=c:\windows\pss\TA_Start.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^Think-Adz.lnk]
path=c:\documents and settings\David\Start Menu\Programs\Startup\Think-Adz.lnk
backup=c:\windows\pss\Think-Adz.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Download Music^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=c:\documents and settings\Download Music\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=c:\windows\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus Photo R300 Series]
--a------ 2003-06-04 02:00 99840 c:\windows\system32\spool\drivers\w32x86\3\E_S4I2F1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2004-09-13 14:49 49152 c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
--a------ 2006-06-26 10:33 243248 c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 08:24 1694208 c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2006-08-11 20:43 7630848 c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-08-11 20:43 86016 c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 13:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-11-10 12:03 36975 c:\program files\Java\jre1.5.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-08-03 15:02 36352 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-08-11 20:43 1519616 c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"usnjsvc"=3 (0x3)
"sprtsvc_ddoctorv2"=2 (0x2)
"rpcapd"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"ose"=3 (0x3)
"LVSrvLauncher"=2 (0x2)
"LVPrcSrv"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Warcraft III\\war3.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
R0 ochhxnuj;ochhxnuj;c:\windows\system32\drivers\ochhxnuj.sys [2004-08-04 23424]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512]
S4 Rpcccgwtdi;Rpcccgwtdi; [x]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78f4eb2a-5869-11dd-aa23-000cf170e7f9}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\bootmatrix.com g:
.
Contents of the 'Scheduled Tasks' folder
2009-01-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{e28e0583-70fc-42a9-9767-93aa8ad06cf5} - (no file)
HKCU-Run-MS AntiSpyware 2009 - c:\documents and settings\All Users\Application Data\CrucialSoft Ltd\MS AntiSpyware 2009\msas2009.exe
HKLM-Run-spywareguard - c:\program files\Spyware Guard 2009\spywareguard.exe
MSConfigStartUp-ddoctorv2 - c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe
MSConfigStartUp-Intel Audio Studio V2 - c:\windows\fmideploy.exe
MSConfigStartUp-Lexmark_X79-55 - c:\windows\system32\lsasss.exe
MSConfigStartUp-NovaBackup 7 Tray Control - c:\program files\NovaStor\NovaBACKUP\NbkCtrl.exe
MSConfigStartUp-Regscan - c:\windows\system32\regscan.exe
MSConfigStartUp-Skype - d:\backup files\Skype\Phone\Skype.exe
MSConfigStartUp-Yahoo! Pager - c:\program files\Yahoo!\Messenger\ypager.exe
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://cdn.smugmug.com/photos/activex/ImageUploader5-5.0.30.0-080212.cab
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-01-25 10:11:28
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-25 10:16:48 - machine was rebooted [David]
ComboFix-quarantined-files.txt 2009-01-25 18:15:48
Pre-Run: 4,625,358,848 bytes free
Post-Run: 6,972,469,248 bytes free
217 --- E O F --- 2007-09-14 19:59:10