Just done a combofix scan...what do i do next?
ComboFix 10-01-19.01 - Tej 19/01/2010 21:34:16.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.2284 [GMT 0:00]
Running from: c:\users\Tej\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.
2010-01-18 02:43 . 2010-01-18 02:43
d
w- c:\users\Tej\AppData\Roaming\Malwarebytes
2010-01-18 02:43 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-18 02:43 . 2010-01-18 02:43
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 02:43 . 2010-01-18 02:43
d
w- c:\programdata\Malwarebytes
2010-01-18 02:43 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-17 19:21 . 2010-01-17 19:46
d
w- C:\divx
2010-01-17 16:55 . 2010-01-17 16:55
d
w- c:\users\Tej\AppData\Roaming\AnvSoft
2010-01-17 01:22 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-17 01:22 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 20:50 . 2008-11-01 15:52 0 ----a-w- c:\users\Tej\AppData\Local\prvlcl.dat
2010-01-17 19:17 . 2008-10-14 20:49
d
w- c:\program files\DivX
2010-01-17 19:17 . 2009-12-06 03:37
d
w- c:\program files\Common Files\DivX Shared
2010-01-17 14:57 . 2009-07-07 14:35
d
w- c:\users\Tej\AppData\Roaming\BitTorrent
2010-01-17 03:03 . 2008-06-17 12:07
d
w- c:\programdata\Microsoft Help
2010-01-17 03:03 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-01-17 01:03 . 2009-09-10 23:01 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-17 01:02 . 2009-11-17 16:31
d
w- c:\program files\Windows Portable Devices
2010-01-14 11:12 . 2009-10-04 10:21 181120
w- c:\windows\system32\MpSigStub.exe
2009-12-22 12:31 . 2009-12-10 20:10 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-12-06 19:46 . 2008-09-30 19:33 105408 ----a-w- c:\users\Tej\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-05 17:24 . 2009-12-05 17:24
d
w- c:\program files\DebugMode
2009-11-21 06:40 . 2009-12-10 20:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 20:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 20:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 20:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 16:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 17:07 . 2009-11-12 17:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-09 12:31 . 2009-12-13 19:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 19:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 19:42 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-25 17:24 2048 ----a-w- c:\windows\system32\tzres.dll
2009-01-27 23:28 . 2009-01-10 15:08 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-27 23:28 . 2009-01-10 15:08 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-27 23:28 . 2009-01-10 15:08 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-27 23:28 . 2009-01-10 15:08 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-27 23:28 . 2009-01-10 15:08 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-21 14:46 . 2008-04-21 14:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]
"SpareMessaging"="c:\program files\Spare Messaging\MessagingApp.exe" [2007-11-28 42824]
"UpdateP2GShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):06,20,4f,bc,97,34,ca,01
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [05/03/2009 00:02 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [29/10/2008 02:35 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [05/03/2009 00:02 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [05/03/2009 00:02 108552]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [17/06/2008 11:29 25896]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/03/2009 00:01 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [29/04/2009 17:25 1370488]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 15:19 202280]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 15:05 92008]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\System32\drivers\AVerBDA3x.sys [17/06/2008 11:30 1183744]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\System32\drivers\RTL85n86.sys [17/06/2008 11:13 354816]
S1 RCFOX;SonicWALL IPsec Driver;c:\windows\System32\drivers\RCFOX.SYS [01/06/2009 17:47 91136]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/12/2006 10:34 507136]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\System32\drivers\rcvpn.sys [01/06/2009 17:46 23180]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: o2.co.uk\*.broadband
FF - ProfilePath - c:\users\Tej\AppData\Roaming\Mozilla\Firefox\Profiles\4xkahiwj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-c:\program files\Free Video Zilla\FVZilla.exe - (no file)
HKLM-Run-UDC Integration - (no file)
AddRemove-Adobe_acce07fd2c8fe7f9e3f26243e626578 - c:\program files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 21:41
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x859AA856]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8b3a5d24
\Driver\ACPI -> acpi.sys @ 0x80693d68
\Driver\atapi -> ataport.SYS @ 0x807a2a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
Completion time: 2010-01-19 21:45:09
ComboFix-quarantined-files.txt 2010-01-19 21:45
Pre-Run: 340,265,488,384 bytes free
Post-Run: 341,905,874,944 bytes free
- - End Of File - - 2D5C7E683E5A04086789931C2E6F810F
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.2284 [GMT 0:00]
Running from: c:\users\Tej\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-19 to 2010-01-19 )))))))))))))))))))))))))))))))
.
2010-01-18 02:43 . 2010-01-18 02:43
d
w- c:\users\Tej\AppData\Roaming\Malwarebytes
2010-01-18 02:43 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-18 02:43 . 2010-01-18 02:43
d
w- c:\program files\Malwarebytes' Anti-Malware
2010-01-18 02:43 . 2010-01-18 02:43
d
w- c:\programdata\Malwarebytes
2010-01-18 02:43 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-17 19:21 . 2010-01-17 19:46
d
w- C:\divx
2010-01-17 16:55 . 2010-01-17 16:55
d
w- c:\users\Tej\AppData\Roaming\AnvSoft
2010-01-17 01:22 . 2009-10-19 13:38 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-01-17 01:22 . 2009-10-19 13:35 72704 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-18 20:50 . 2008-11-01 15:52 0 ----a-w- c:\users\Tej\AppData\Local\prvlcl.dat
2010-01-17 19:17 . 2008-10-14 20:49
d
w- c:\program files\DivX
2010-01-17 19:17 . 2009-12-06 03:37
d
w- c:\program files\Common Files\DivX Shared
2010-01-17 14:57 . 2009-07-07 14:35
d
w- c:\users\Tej\AppData\Roaming\BitTorrent
2010-01-17 03:03 . 2008-06-17 12:07
d
w- c:\programdata\Microsoft Help
2010-01-17 03:03 . 2006-11-02 11:18
d
w- c:\program files\Windows Mail
2010-01-17 01:03 . 2009-09-10 23:01 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-01-17 01:02 . 2009-11-17 16:31
d
w- c:\program files\Windows Portable Devices
2010-01-14 11:12 . 2009-10-04 10:21 181120
w- c:\windows\system32\MpSigStub.exe
2009-12-22 12:31 . 2009-12-10 20:10 2066200 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-12-06 19:46 . 2008-09-30 19:33 105408 ----a-w- c:\users\Tej\AppData\Local\GDIPFONTCACHEV1.DAT
2009-12-05 17:24 . 2009-12-05 17:24
d
w- c:\program files\DebugMode
2009-11-21 06:40 . 2009-12-10 20:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-10 20:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-10 20:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 04:59 . 2009-12-10 20:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-17 16:31 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-12 17:07 . 2009-11-12 17:07 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-09 12:31 . 2009-12-13 19:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-11-09 12:30 . 2009-12-13 19:42 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-11-09 10:36 . 2009-12-13 19:42 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-29 09:17 . 2009-11-25 17:24 2048 ----a-w- c:\windows\system32\tzres.dll
2009-01-27 23:28 . 2009-01-10 15:08 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2009-01-27 23:28 . 2009-01-10 15:08 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-27 23:28 . 2009-01-10 15:08 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2009-01-27 23:28 . 2009-01-10 15:08 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2009-01-27 23:28 . 2009-01-10 15:08 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-04-21 14:46 . 2008-04-21 14:46 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-08-27 247144]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-05-13 6139904]
"SpareMessaging"="c:\program files\Spare Messaging\MessagingApp.exe" [2007-11-28 42824]
"UpdateP2GShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-10 2043160]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13687328]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 92704]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-01-07 1394000]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):06,20,4f,bc,97,34,ca,01
R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [05/03/2009 00:02 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [29/10/2008 02:35 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [05/03/2009 00:02 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [05/03/2009 00:02 108552]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\System32\drivers\RtlProt.sys [17/06/2008 11:29 25896]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [05/03/2009 00:01 297752]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [29/04/2009 17:25 1370488]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program files\O2\bin\sprtsvc.exe [07/06/2007 15:19 202280]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27/08/2009 15:05 92008]
R3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\System32\drivers\AVerBDA3x.sys [17/06/2008 11:30 1183744]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\System32\drivers\RTL85n86.sys [17/06/2008 11:13 354816]
S1 RCFOX;SonicWALL IPsec Driver;c:\windows\System32\drivers\RCFOX.SYS [01/06/2009 17:47 91136]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 02:23 21504]
S3 PAC207;SoC PC-Camera;c:\windows\System32\drivers\PFC027.SYS [05/12/2006 10:34 507136]
S3 rcvpn;SonicWALL VPN Adapter;c:\windows\System32\drivers\rcvpn.sys [01/06/2009 17:46 23180]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
Supplementary Scan
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: o2.co.uk\*.broadband
FF - ProfilePath - c:\users\Tej\AppData\Roaming\Mozilla\Firefox\Profiles\4xkahiwj.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.allow_platform_file_picker", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.cookie.p3plevel", 1); // 0=low, 1=medium, 2=high, 3=custom
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.enablePad", false); // Allow client to do proxy autodiscovery
c:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.default", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.search.param.Google.1.custom", "chrome://branding/content/searchconfig.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("signon.prefillForms", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.remoteLookups", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.updateURL", "http://sb.google.com/safebrowsing/update?client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.lookupURL", "http://sb.google.com/safebrowsing/lookup?sourceid=firefox-antiphish&features=TrustRank&client={moz:client}&appver={moz:version}&");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.safebrowsing.provider.0.reportURL", "http://sb.google.com/safebrowsing/report?");
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-c:\program files\Free Video Zilla\FVZilla.exe - (no file)
HKLM-Run-UDC Integration - (no file)
AddRemove-Adobe_acce07fd2c8fe7f9e3f26243e626578 - c:\program files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 21:41
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x859AA856]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8b3a5d24
\Driver\ACPI -> acpi.sys @ 0x80693d68
\Driver\atapi -> ataport.SYS @ 0x807a2a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK
**************************************************************************
.
Completion time: 2010-01-19 21:45:09
ComboFix-quarantined-files.txt 2010-01-19 21:45
Pre-Run: 340,265,488,384 bytes free
Post-Run: 341,905,874,944 bytes free
- - End Of File - - 2D5C7E683E5A04086789931C2E6F810F
0