ComboFix 10-03-04.02 - Owner 03/04/2010 19:05:19.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1713 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\sysReserve.ini c:\program files\iWin Games\iWinGamesHookIE.dll c:\windows\system32\Data c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wpcap.dll . ((((((((((((((((((((((((( Files Created from 2010-02-05 to 2010-03-05 ))))))))))))))))))))))))))))))) . 2010-03-03 23:13 . 2010-03-03 23:13 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\FileMaker 2010-03-03 23:13 . 2010-03-03 23:13 -------- d-----w- c:\program files\Davies 2010-02-26 00:49 . 2010-02-26 03:01 -------- d-----w- c:\program files\Project64 1.6 2010-02-14 23:34 . 2010-01-12 04:03 61440 ----a-w- c:\windows\system32\OpenCL.dll 2010-02-14 23:34 . 2010-01-12 04:03 4104192 ----a-w- c:\windows\system32\nvcuda.dll 2010-02-14 23:34 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll 2010-02-14 23:34 . 2010-01-12 04:03 2259560 ----a-w- c:\windows\system32\nvcuvid.dll 2010-02-14 23:34 . 2010-01-12 04:03 14458880 ----a-w- c:\windows\system32\nvoglnt.dll 2010-02-14 23:34 . 2010-01-12 04:03 2283526 ----a-w- c:\windows\system32\nvdata.bin 2010-02-14 23:34 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcodins.dll 2010-02-14 23:34 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod.dll 2010-02-14 23:34 . 2010-01-12 04:03 11632640 ----a-w- c:\windows\system32\nvcompiler.dll 2010-02-14 23:34 . 2010-01-12 04:03 1081344 ----a-w- c:\windows\system32\nvapi.dll 2010-02-13 00:32 . 2010-02-13 00:32 -------- d-----w- c:\documents and settings\Owner\Maximize Games 2010-02-06 22:04 . 2010-03-04 01:59 -------- d-----w- c:\program files\Farm Mania 2010-02-06 22:04 . 2010-02-06 22:04 -------- d-----w- c:\windows\Farm Mania 2010-02-04 02:18 . 2010-02-04 02:18 -------- d-----w- c:\program files\iPod 2010-02-04 02:18 . 2010-02-04 02:19 -------- d-----w- c:\program files\iTunes 2010-02-04 02:18 . 2010-02-04 02:19 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD} 2010-02-04 02:17 . 2010-02-04 02:17 -------- d-----w- c:\program files\Bonjour 2010-02-04 02:15 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-05 00:09 . 2009-11-26 21:57 -------- d-----w- c:\program files\iWin Games 2010-03-05 00:04 . 2006-02-28 12:00 95360 ----a-w- c:\windows\system32\drivers\atapi.sys 2010-03-04 23:47 . 2010-03-04 23:47 95360 ----a-w- c:\windows\system32\drivers\tsk4.tmp 2010-02-25 00:04 . 2008-11-19 08:01 -------- d-----w- c:\documents and settings\Owner\Application Data\U3 2010-02-23 04:14 . 2008-11-19 04:21 11378 ----a-w- c:\documents and settings\Owner\Application Data\wklnhst.dat 2010-02-16 03:12 . 2008-11-25 05:42 -------- d-----w- c:\program files\PeerGuardian2 2010-02-16 03:12 . 2008-11-25 05:39 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent 2010-02-15 23:15 . 2008-11-19 04:06 -------- d-----w- c:\program files\NVIDIA Corporation 2010-02-14 23:35 . 2008-11-19 04:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-02-14 23:35 . 2008-11-19 04:35 -------- d-----w- c:\program files\AGEIA Technologies 2010-02-13 00:44 . 2009-10-23 02:20 -------- d-----w- c:\program files\iWin.com 2010-02-13 00:44 . 2009-04-21 02:46 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-04 02:21 . 2008-11-21 05:43 -------- d-----w- c:\documents and settings\Owner\Application Data\Apple Computer 2010-02-04 02:18 . 2008-11-19 08:02 -------- d-----w- c:\program files\Common Files\Apple 2010-02-04 02:17 . 2009-09-29 00:52 -------- d-----w- c:\program files\QuickTime 2010-02-04 02:15 . 2008-11-19 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2010-01-30 00:37 . 2010-01-30 00:37 -------- d-----w- c:\documents and settings\Owner\Application Data\1morebee 2010-01-29 23:38 . 2009-07-25 20:53 -------- d-----w- c:\program files\Heroes of Newerth 2010-01-22 23:31 . 2009-06-18 23:56 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-12 04:03 . 2008-11-19 03:56 10276768 ----a-w- c:\windows\system32\drivers\nv4_mini.sys 2010-01-12 04:03 . 2008-11-19 03:56 6359168 ----a-w- c:\windows\system32\nv4_disp.dll 2010-01-12 03:17 . 2010-01-12 03:17 278120 ----a-w- c:\windows\system32\nvmccs.dll 2010-01-12 03:17 . 2010-01-12 03:17 154216 ----a-w- c:\windows\system32\nvsvc32.exe 2010-01-12 03:17 . 2010-01-12 03:17 145000 ----a-w- c:\windows\system32\nvcolor.exe 2010-01-12 03:17 . 2010-01-12 03:17 13666408 ----a-w- c:\windows\system32\nvcpl.dll 2010-01-12 03:17 . 2010-01-12 03:17 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-01-12 03:17 . 2010-01-12 03:17 81920 ----a-w- c:\windows\system32\nvwddi.dll 2010-01-10 23:28 . 2009-10-25 00:08 -------- d-----w- c:\program files\Games 2010-01-08 01:45 . 2010-01-08 01:27 -------- d-----w- c:\documents and settings\All Users\Application Data\FarmFrenzy3_America 2010-01-04 02:23 . 2010-01-04 02:23 -------- d-----w- c:\documents and settings\Owner\Application Data\Foxit Software 2009-12-28 02:24 . 2009-12-06 06:23 19 ----a-w- c:\windows\popcinfo.dat 2009-12-22 05:42 . 2006-02-28 12:00 662016 ----a-w- c:\windows\system32\wininet.dll 2009-12-22 05:42 . 2006-02-28 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll 2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll 2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-11-18 17:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192] [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Google Update"="c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-07 133104] "Aim"="c:\program files\AIM\aim.exe" [2009-10-01 3634024] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTSysVol"="c:\program files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-10-31 57344] "P17Helper"="P17.dll" [2005-05-03 64512] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-01-12 13666408] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-01-12 110696] c:\documents and settings\All Users\Start Menu\Programs\Startup\ hp psc 2000 Series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe [2003-4-5 323646] hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672] [HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\documents and settings\Owner\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2009-03-07 21:43 133104 ----atw- c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-01-23 00:16 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerGuardian] 2005-09-18 23:40 1421824 ----a-w- c:\program files\PeerGuardian2\pg2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2008-08-03 23:02 36352 ----a-w- c:\program files\Winamp\winampa.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Dyyno Receiver\\DPPM.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Owner\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Paradox Interactive\\Majesty 2\\Majesty2.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"= "c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"= "c:\\Program Files\\Dragon Age\\bin_ship\\EACoreServer.exe"= "c:\\Program Files\\iWin Games\\iWinGames.exe"= "c:\\Program Files\\iWin Games\\WebUpdater.exe"= "c:\\Program Files\\AIM\\aim.exe"= "c:\\Program Files\\Heroes of Newerth\\hon.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "6112:TCP"= 6112:TCP:Blizzard Downloader "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [1/21/2010 2:12 PM 78104] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [11/11/2009 1:59 PM 25832] . Contents of the 'Scheduled Tasks' folder 2009-04-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34] 2010-03-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1060284298-839522115-1003Core.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-07 21:43] 2010-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-299502267-1060284298-839522115-1003UA.job - c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-03-07 21:43] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 LSP: %SYSTEMROOT%\system32\nvappfilter.dll FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\huz5k1dj.default\ FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\huz5k1dj.default\extensions\NPDyyno@dyyno.com\plugins\npDyyno.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Owner\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false. - - - - ORPHANS REMOVED - - - - HKLM-Run-nwiz - nwiz.exe SafeBoot-klmdb.sys AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe AddRemove-Warcraft III - c:\windows\War3Unin.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-04 19:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi] "ImagePath"="system32\drivers\tsk4.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(812) c:\windows\system32\nvappfilter.dll - - - - - - - > 'explorer.exe'(568) c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\windows\system32\Rundll32.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe c:\program files\Java\jre6\bin\jucheck.exe c:\windows\SoftwareDistribution\Download\a09af09928e177cd9ba61ead21886d9e\update\update.exe . ************************************************************************** . Completion time: 2010-03-04 19:18:43 - machine was rebooted ComboFix-quarantined-files.txt 2010-03-05 00:18 Pre-Run: 163,436,490,752 bytes free Post-Run: 162,971,430,912 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect - - End Of File - - 8F7FE0A1A79F68F38DFBD4B32A2B91B8