ComboFix 10-07-04.04 - Owner 07/05/2010 17:23:23.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.939 [GMT -5:00] Running from: c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Desktop\Firefox Downloads\ComboFix.exe AV: avast! antivirus 4.8.1335 [VPS 100705-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\ErrorProtector Free c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\Abbr c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\ActivationCode c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\HOURS c:\documents and settings\All Users\Application Data\ErrorProtector Free\Data\ProductCode c:\documents and settings\Default User\err.log c:\documents and settings\Owner.YOUR-W04GTXLD67.000\err.log c:\documents and settings\Owner.YOUR-W04GTXLD67.000\john-386.exe c:\documents and settings\Owner.YOUR-W04GTXLD67.000\john-mmx.exe c:\documents and settings\Owner.YOUR-W04GTXLD67.000\MariAri.exe c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Recent\Thumbs.db c:\documents and settings\Owner.YOUR-W04GTXLD67.000\unafs.exe c:\documents and settings\Owner.YOUR-W04GTXLD67.000\unique.exe c:\documents and settings\Owner.YOUR-W04GTXLD67.000\unshadow.exe c:\program files\AVI Codec Pack c:\program files\AVI Codec Pack\AC3\ac3filter.ax c:\program files\AVI Codec Pack\AC3\dialog_patch.exe c:\program files\AVI Codec Pack\LAYER-3\L3CODECP.ACM c:\program files\AVI Codec Pack\LAYER-3\RaMp3Cfg.exe c:\program files\AVI Codec Pack\uninstall.exe c:\program files\Cheat Engine\dbk32.sys c:\program files\Common Files\Companion Wizard c:\program files\Common Files\Companion Wizard\log.txt C:\Thumbs.db c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb c:\windows\cs_cache.ini c:\windows\system\cncs232.dll c:\windows\system\cncs32.dll c:\windows\system32\_004002_.tmp.dll c:\windows\system32\_004003_.tmp.dll c:\windows\system32\_004004_.tmp.dll c:\windows\system32\_004005_.tmp.dll c:\windows\system32\_004012_.tmp.dll c:\windows\system32\_004013_.tmp.dll c:\windows\system32\_004014_.tmp.dll c:\windows\system32\_004015_.tmp.dll c:\windows\system32\_004016_.tmp.dll c:\windows\system32\_004017_.tmp.dll c:\windows\system32\_004018_.tmp.dll c:\windows\system32\_004019_.tmp.dll c:\windows\system32\_004020_.tmp.dll c:\windows\system32\_004021_.tmp.dll c:\windows\system32\_004022_.tmp.dll c:\windows\system32\_004023_.tmp.dll c:\windows\system32\_004024_.tmp.dll c:\windows\system32\_004025_.tmp.dll c:\windows\system32\_004026_.tmp.dll c:\windows\system32\_004027_.tmp.dll c:\windows\system32\_004028_.tmp.dll c:\windows\system32\_004029_.tmp.dll c:\windows\system32\_004030_.tmp.dll c:\windows\system32\_004031_.tmp.dll c:\windows\system32\_004032_.tmp.dll c:\windows\system32\_004033_.tmp.dll c:\windows\system32\_004034_.tmp.dll c:\windows\system32\_004036_.tmp.dll c:\windows\system32\_004037_.tmp.dll c:\windows\system32\_004039_.tmp.dll c:\windows\system32\_004040_.tmp.dll c:\windows\system32\_004041_.tmp.dll c:\windows\system32\_004042_.tmp.dll c:\windows\system32\_004043_.tmp.dll c:\windows\system32\_004044_.tmp.dll c:\windows\system32\_004045_.tmp.dll c:\windows\system32\_004046_.tmp.dll c:\windows\system32\_004047_.tmp.dll c:\windows\system32\_004048_.tmp.dll c:\windows\system32\_004050_.tmp.dll c:\windows\system32\_004051_.tmp.dll c:\windows\system32\_004052_.tmp.dll c:\windows\system32\_004053_.tmp.dll c:\windows\system32\_004054_.tmp.dll c:\windows\system32\_004055_.tmp.dll c:\windows\system32\_004056_.tmp.dll c:\windows\system32\_004059_.tmp.dll c:\windows\system32\_004060_.tmp.dll c:\windows\system32\_004061_.tmp.dll c:\windows\system32\_004062_.tmp.dll c:\windows\system32\_004063_.tmp.dll c:\windows\system32\_004064_.tmp.dll c:\windows\system32\_004065_.tmp.dll c:\windows\system32\_004066_.tmp.dll c:\windows\system32\_004067_.tmp.dll c:\windows\system32\_004068_.tmp.dll c:\windows\system32\_004069_.tmp.dll c:\windows\system32\_004070_.tmp.dll c:\windows\system32\_004071_.tmp.dll c:\windows\system32\_004072_.tmp.dll c:\windows\system32\_004073_.tmp.dll c:\windows\system32\_004074_.tmp.dll c:\windows\system32\_004075_.tmp.dll c:\windows\system32\_004076_.tmp.dll c:\windows\system32\_004077_.tmp.dll c:\windows\system32\_004078_.tmp.dll c:\windows\system32\_004079_.tmp.dll c:\windows\system32\_004080_.tmp.dll c:\windows\system32\_004081_.tmp.dll c:\windows\system32\_004082_.tmp.dll c:\windows\system32\_004083_.tmp.dll c:\windows\system32\_004084_.tmp.dll c:\windows\system32\_004085_.tmp.dll c:\windows\system32\_004086_.tmp.dll c:\windows\system32\_004087_.tmp.dll c:\windows\system32\_004088_.tmp.dll c:\windows\system32\_004089_.tmp.dll c:\windows\system32\_004090_.tmp.dll c:\windows\system32\_004091_.tmp.dll c:\windows\system32\_004092_.tmp.dll c:\windows\system32\_004093_.tmp.dll c:\windows\system32\_004094_.tmp.dll c:\windows\system32\_004095_.tmp.dll c:\windows\system32\_004096_.tmp.dll c:\windows\system32\_004097_.tmp.dll c:\windows\system32\_004098_.tmp.dll c:\windows\system32\_004099_.tmp.dll c:\windows\system32\_004100_.tmp.dll c:\windows\system32\_004101_.tmp.dll c:\windows\system32\_004102_.tmp.dll c:\windows\system32\_004103_.tmp.dll c:\windows\system32\_004104_.tmp.dll c:\windows\system32\_004105_.tmp.dll c:\windows\system32\_004106_.tmp.dll c:\windows\system32\_004107_.tmp.dll c:\windows\system32\_004108_.tmp.dll c:\windows\system32\_004111_.tmp.dll c:\windows\system32\_004112_.tmp.dll c:\windows\system32\_004113_.tmp.dll c:\windows\system32\_004114_.tmp.dll c:\windows\system32\_004115_.tmp.dll c:\windows\system32\_004116_.tmp.dll c:\windows\system32\_004117_.tmp.dll c:\windows\system32\_004119_.tmp.dll c:\windows\system32\_004120_.tmp.dll c:\windows\system32\_004121_.tmp.dll c:\windows\system32\_004122_.tmp.dll c:\windows\system32\_004123_.tmp.dll c:\windows\system32\_004124_.tmp.dll c:\windows\system32\_004125_.tmp.dll c:\windows\system32\_004126_.tmp.dll c:\windows\system32\_004127_.tmp.dll c:\windows\system32\_004128_.tmp.dll c:\windows\system32\_004129_.tmp.dll c:\windows\system32\_004132_.tmp.dll c:\windows\system32\_004133_.tmp.dll c:\windows\system32\_004134_.tmp.dll c:\windows\system32\_004136_.tmp.dll c:\windows\system32\_004137_.tmp.dll c:\windows\system32\_004138_.tmp.dll c:\windows\system32\_004139_.tmp.dll c:\windows\system32\_004140_.tmp.dll c:\windows\system32\_004141_.tmp.dll c:\windows\system32\_004142_.tmp.dll c:\windows\system32\_004143_.tmp.dll c:\windows\system32\_004144_.tmp.dll c:\windows\system32\_004145_.tmp.dll c:\windows\system32\_004146_.tmp.dll c:\windows\system32\_004147_.tmp.dll c:\windows\system32\_004148_.tmp.dll c:\windows\system32\_004149_.tmp.dll c:\windows\system32\_004150_.tmp.dll c:\windows\system32\_004152_.tmp.dll c:\windows\system32\_004153_.tmp.dll c:\windows\system32\_004154_.tmp.dll c:\windows\system32\_004155_.tmp.dll c:\windows\system32\_004157_.tmp.dll c:\windows\system32\_004158_.tmp.dll c:\windows\system32\_004159_.tmp.dll c:\windows\system32\_004160_.tmp.dll c:\windows\system32\_004162_.tmp.dll c:\windows\system32\_004163_.tmp.dll c:\windows\system32\_004164_.tmp.dll c:\windows\system32\_004165_.tmp.dll c:\windows\system32\_004166_.tmp.dll c:\windows\system32\_004167_.tmp.dll c:\windows\system32\_004168_.tmp.dll c:\windows\system32\_004170_.tmp.dll c:\windows\system32\_004171_.tmp.dll c:\windows\system32\_004172_.tmp.dll c:\windows\system32\_004173_.tmp.dll c:\windows\system32\_004174_.tmp.dll c:\windows\system32\_004175_.tmp.dll c:\windows\system32\_004177_.tmp.dll c:\windows\system32\_004180_.tmp.dll c:\windows\system32\_004181_.tmp.dll c:\windows\system32\_004185_.tmp.dll c:\windows\system32\_004186_.tmp.dll c:\windows\system32\_004188_.tmp.dll c:\windows\system32\_004191_.tmp.dll c:\windows\system32\_004193_.tmp.dll c:\windows\system32\_004194_.tmp.dll c:\windows\system32\_004195_.tmp.dll c:\windows\system32\_004196_.tmp.dll c:\windows\system32\_004199_.tmp.dll c:\windows\system32\_004200_.tmp.dll c:\windows\system32\_004201_.tmp.dll c:\windows\system32\_004202_.tmp.dll c:\windows\system32\_004203_.tmp.dll c:\windows\system32\_004208_.tmp.dll c:\windows\system32\_004210_.tmp.dll c:\windows\system32\_004211_.tmp.dll c:\windows\system32\config\systemprofile\err.log c:\windows\system32\ehkmp.bak1 c:\windows\system32\hhkmp.bak1 c:\windows\system32\ihhkj.bak1 c:\windows\system32\ihhkj.bak2 c:\windows\system32\o02PrEz c:\windows\system32\rtutv.bak2 c:\windows\system32\skinboxer43.dll c:\windows\system32\Unpack.exe c:\windows\system32\win c:\windows\system32\X2 c:\windows\system32\X3 c:\windows\system32\X5 c:\windows\system32\X9 c:\windows\system32\ybadd.bak2 c:\windows\xpsp1hfm.log D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_FOPN ((((((((((((((((((((((((( Files Created from 2010-06-05 to 2010-07-05 ))))))))))))))))))))))))))))))) . 2010-06-30 21:02 . 2010-06-30 21:02 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Malwarebytes 2010-06-30 21:00 . 2010-06-30 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-20 22:49 . 2010-06-20 22:49 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Unity 2010-06-15 02:27 . 2010-06-15 02:58 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\River Past G5 2010-06-15 02:27 . 2010-06-15 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-05 22:59 . 2010-03-07 02:58 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Skype 2010-07-05 22:58 . 2008-03-08 23:58 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\skypePM 2010-07-05 22:53 . 2008-09-12 23:32 -------- d-----w- c:\program files\DNA 2010-07-05 22:53 . 2008-09-12 23:32 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\DNA 2010-07-05 22:43 . 2008-11-26 15:08 -------- d-----w- c:\program files\Cheat Engine 2010-07-05 21:51 . 2001-08-17 20:57 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys 2010-07-03 20:43 . 2009-12-24 16:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\TeamViewer 2010-07-02 19:48 . 2010-04-09 20:27 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-30 21:01 . 2010-06-30 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-23 00:54 . 2010-06-23 00:54 -------- d-----w- c:\program files\StreetStrifer HomeStruck 2010-06-19 02:54 . 2010-06-19 02:54 -------- d-----w- c:\program files\PFPortChecker 2010-06-18 23:32 . 2009-01-28 20:51 -------- d-----w- c:\program files\Steam 2010-06-15 02:56 . 2010-06-15 02:38 -------- d-----w- c:\program files\Combined Community Codec Pack 2010-06-15 02:39 . 2010-06-15 02:39 162785 ----a-w- c:\windows\Animated GIF Converter and Booster Pack Uninstaller.exe 2010-06-15 02:38 . 2010-06-15 02:27 -------- d-----w- c:\program files\Common Files\River Past 2010-06-15 02:38 . 2010-06-15 02:27 -------- d-----w- c:\program files\River Past 2010-06-15 02:29 . 2010-06-15 02:28 -------- d-----w- c:\program files\WMV9_VCM 2010-06-15 02:28 . 2010-06-15 02:28 165898 ----a-w- c:\windows\Video Cleaner Uninstaller.exe 2010-06-14 21:28 . 2006-12-21 19:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-12 00:25 . 2010-05-14 23:49 -------- d-----w- c:\program files\Fake Webcam 2010-06-12 00:23 . 2009-01-15 03:33 -------- d-----w- c:\program files\DComSoft 2010-06-12 00:22 . 2009-05-20 00:11 -------- d-----w- c:\program files\Time Stopper 2010-06-12 00:19 . 2008-06-04 04:06 -------- d-----w- c:\program files\Artoonix 2010-06-12 00:19 . 2003-10-11 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-12 00:16 . 2009-04-18 14:22 -------- d-----w- c:\program files\Easy TM Forever 2010-06-12 00:16 . 2009-02-12 22:44 -------- d-----w- c:\program files\Phun 2010-06-12 00:15 . 2009-06-26 04:35 -------- d-----w- c:\program files\Bootfighter Windom XP sp-2.NET 2010-06-12 00:15 . 2009-10-10 00:47 -------- d-----w- c:\program files\Image-Line 2010-06-12 00:13 . 2010-01-23 03:36 -------- d-----w- c:\program files\3DRipperDX 2010-06-12 00:05 . 2003-10-11 12:15 28256 ----a-w- c:\windows\system32\drivers\MxlW2k.sys 2010-06-09 21:12 . 2010-06-09 21:09 -------- d-----w- c:\program files\LEGO Island 2010-06-08 15:30 . 2009-08-03 16:03 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Hamachi 2010-06-06 17:57 . 2005-12-05 18:26 -------- d-----w- c:\program files\Windows Media Connect 2 2010-06-06 17:57 . 2009-07-29 22:45 -------- d-----w- c:\program files\SRB2 Doom Builder 2010-06-06 17:57 . 2009-10-25 22:14 -------- d-----w- c:\program files\Blockland 2010-06-05 20:48 . 2008-08-14 23:03 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-25 18:52 . 2009-04-17 21:56 -------- d-----w- c:\program files\GStudio7 2010-05-19 22:18 . 2009-01-17 01:02 52 -c--a-w- C:\Copy of scaler.bat 2010-05-12 16:21 . 2009-10-02 20:41 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-11 23:15 . 2010-05-11 23:15 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Template 2010-04-29 20:39 . 2010-06-30 21:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 20:39 . 2010-06-30 21:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 22:19 . 2009-08-21 21:04 104000 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2010-04-25 21:53 . 2010-04-25 21:53 323624 ----a-w- c:\windows\system32\wiaaut.dll 2006-11-09 01:01 . 2006-11-09 01:01 0 -c--a-w- c:\program files\Common Files\err.log 2004-08-30 04:40 . 2004-08-30 02:40 0 -csha-w- c:\windows\SMINST\HPCD.sys 2008-11-06 02:00 . 2008-11-06 01:34 56 --sha-r- c:\windows\system32\770DD48848.sys 2008-11-06 02:04 . 2008-11-06 01:34 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll" [2003-08-19 852038] "Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 1424648] "ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2004-06-16 106571] "ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032] "Google Update"="c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-30 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 50176] "PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "WUSB54Gv2"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968] "ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-16 69705] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LTMSG"=LTMSG.exe 7 "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "mmtask"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Kapow! Proxy\\Kapow.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Blockland\\Blockland.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"= "c:\\Documents and Settings\\Owner.YOUR-W04GTXLD67.000\\Desktop\\Folders\\Games\\Hisoutensoku\\th123.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\N8\\NeverBit.exe"= "c:\\Documents and Settings\\Owner.YOUR-W04GTXLD67.000\\Desktop\\Folders\\Games\\SRB2\\srb2win.exe"= "c:\\Documents and Settings\\Owner.YOUR-W04GTXLD67.000\\Desktop\\Folders\\Games\\SRB2\\srb2ogl.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Mozilla Firefox\\SleepIsDeath_v15\\SleepIsDeath.exe"= "c:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"= "c:\\Program Files\\River Past\\Animated GIF Converter and Booster Pack\\VideoCleaner.exe"= "c:\\Games\\Toribash-3.9\\toribash.exe"= "c:\\Games\\Toribash-3.9\\tb.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10800:UDP"= 10800:UDP:Touhou "28000:UDP"= 28000:UDP:Blockland R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/3/2008 4:09 PM 114768] R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [4/17/2009 5:28 PM 3026] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/3/2008 4:09 PM 20560] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7/27/2009 2:37 AM 185640] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys --> c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 pnicml;pnicml;\??\c:\docume~1\OWNERY~1.000\LOCALS~1\Temp\pnicml.sys --> c:\docume~1\OWNERY~1.000\LOCALS~1\Temp\pnicml.sys [?] S3 Tomcat5;Apache Tomcat;"c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 --> c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/3/2007 9:08 AM 685816] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-07-05 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 04:35] 2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2899075602-3811207098-2694297558-1003Core.job - c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 02:05] 2010-07-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2899075602-3811207098-2694297558-1003UA.job - c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 02:05] 2010-07-05 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2010-07-04 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-25 14:46] 2008-04-25 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-25 14:46] 2008-04-25 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-25 15:13] 2010-06-23 c:\windows\Tasks\Windows Update.job - c:\windows\system32\wupdmgr.exe [2004-02-20 12:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://qus10.hpwis.com/ uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/ mSearch Bar = hxxp://srch-qus10.hpwis.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = uInternet Settings,ProxyServer = http=127.0.0.1:5555 IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm TCP: {E2D8D8E4-215E-41DA-BF09-10A76EFFA5E3} = 192.168.0.1,192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Mozilla\Firefox\Profiles\v0vskgvl.default\ FF - plugin: c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_03050024.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . - - - - ORPHANS REMOVED - - - - SafeBoot-klmdb.sys AddRemove-Abe's Oddysee - c:\program files\Abe's Oddysee\Uninst.isu AddRemove-Agree Free MP3 to M4A AAC Converter_is1 - c:\program files\Agree Free MP3 to M4A AAC Converter\unins000.exe AddRemove-AGSAdventureDev301_is1 - c:\program files\Adventure Game Studio 3.0.1\unins000.exe AddRemove-fragMOTION 0.9.1a_is1 - c:\program files\fragMOTION 0.9.1a\unins000.exe AddRemove-GLIntercept_is1 - c:\program files\GLIntercept0_5\unins000.exe AddRemove-Sawer - c:\program files\Image-Line\Sawer\uninstall.exe AddRemove-{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1 - c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Desktop\Folders\Games\Hisoutensoku\th123\unins000.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-05 17:57 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2899075602-3811207098-2694297558-1003\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "datasecu"=hex:5d,f1,7d,18,8b,17,aa,17,3a,fe,30,3a,82,92,70,fb,57,3c,49,85,e9, 1d,ae,e9,68,2b,12,8e,cf,91,6a,de,a9,5c,e3,8d,a9,4f,ae,e7,50,1e,fd,f0,77,79,\ "rkeysecu"=hex:8e,56,38,52,73,b2,40,25,7c,55,61,e5,11,52,71,e0 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1000) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(3548) c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe c:\program files\TeamViewer\Version4\TeamViewer.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\windows\system32\wscntfy.exe c:\windows\SOUNDMAN.EXE c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\rundll32.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2010-07-05 18:13:22 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-05 23:13 Pre-Run: 39,407,091,712 bytes free Post-Run: 41,838,551,040 bytes free Current=7 Default=7 Failed=3 LastKnownGood=11 Sets=,1,2,3,4,5,6,7,8,9,11 - - End Of File - - EEFF52585F80F854C0B3D9313D400CFE