ComboFix 10-07-06.02 - Owner 07/06/2010 22:24:09.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1535.799 [GMT -5:00] Running from: c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Desktop\Firefox Downloads\ComboFix.exe Command switches used :: c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Desktop\CFScript.txt AV: avast! antivirus 4.8.1335 [VPS 100706-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D} FILE :: "c:\docume~1\OWNERY~1.000\LOCALS~1\Temp\pnicml.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PNICML -------\Service_pnicml ((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 ))))))))))))))))))))))))))))))) . 2010-06-30 21:02 . 2010-06-30 21:02 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Malwarebytes 2010-06-30 21:00 . 2010-06-30 21:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-20 22:49 . 2010-06-20 22:49 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Unity 2010-06-15 02:27 . 2010-06-15 02:58 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\River Past G5 2010-06-15 02:27 . 2010-06-15 02:55 -------- d-----w- c:\documents and settings\All Users\Application Data\River Past G5 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-07-07 03:50 . 2010-03-07 02:58 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Skype 2010-07-07 03:46 . 2008-09-12 23:32 -------- d-----w- c:\program files\DNA 2010-07-07 03:46 . 2008-09-12 23:32 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\DNA 2010-07-07 02:59 . 2008-03-08 23:58 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\skypePM 2010-07-06 13:19 . 2008-11-26 15:08 -------- d-----w- c:\program files\Cheat Engine 2010-07-06 10:32 . 2006-12-21 19:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-07-05 21:51 . 2001-08-17 20:57 12160 ----a-w- c:\windows\system32\drivers\fsvga.sys 2010-07-03 20:43 . 2009-12-24 16:55 -------- d-----w- c:\documents and settings\LocalService\Application Data\TeamViewer 2010-07-02 19:48 . 2010-04-09 20:27 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-06-30 21:01 . 2010-06-30 21:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-23 00:54 . 2010-06-23 00:54 -------- d-----w- c:\program files\StreetStrifer HomeStruck 2010-06-19 02:54 . 2010-06-19 02:54 -------- d-----w- c:\program files\PFPortChecker 2010-06-18 23:32 . 2009-01-28 20:51 -------- d-----w- c:\program files\Steam 2010-06-15 02:56 . 2010-06-15 02:38 -------- d-----w- c:\program files\Combined Community Codec Pack 2010-06-15 02:39 . 2010-06-15 02:39 162785 ----a-w- c:\windows\Animated GIF Converter and Booster Pack Uninstaller.exe 2010-06-15 02:38 . 2010-06-15 02:27 -------- d-----w- c:\program files\Common Files\River Past 2010-06-15 02:38 . 2010-06-15 02:27 -------- d-----w- c:\program files\River Past 2010-06-15 02:29 . 2010-06-15 02:28 -------- d-----w- c:\program files\WMV9_VCM 2010-06-15 02:28 . 2010-06-15 02:28 165898 ----a-w- c:\windows\Video Cleaner Uninstaller.exe 2010-06-12 00:25 . 2010-05-14 23:49 -------- d-----w- c:\program files\Fake Webcam 2010-06-12 00:23 . 2009-01-15 03:33 -------- d-----w- c:\program files\DComSoft 2010-06-12 00:22 . 2009-05-20 00:11 -------- d-----w- c:\program files\Time Stopper 2010-06-12 00:19 . 2008-06-04 04:06 -------- d-----w- c:\program files\Artoonix 2010-06-12 00:19 . 2003-10-11 12:03 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-12 00:16 . 2009-04-18 14:22 -------- d-----w- c:\program files\Easy TM Forever 2010-06-12 00:16 . 2009-02-12 22:44 -------- d-----w- c:\program files\Phun 2010-06-12 00:15 . 2009-06-26 04:35 -------- d-----w- c:\program files\Bootfighter Windom XP sp-2.NET 2010-06-12 00:15 . 2009-10-10 00:47 -------- d-----w- c:\program files\Image-Line 2010-06-12 00:13 . 2010-01-23 03:36 -------- d-----w- c:\program files\3DRipperDX 2010-06-12 00:05 . 2003-10-11 12:15 28256 ----a-w- c:\windows\system32\drivers\MxlW2k.sys 2010-06-09 21:12 . 2010-06-09 21:09 -------- d-----w- c:\program files\LEGO Island 2010-06-08 15:30 . 2009-08-03 16:03 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Hamachi 2010-06-06 17:57 . 2005-12-05 18:26 -------- d-----w- c:\program files\Windows Media Connect 2 2010-06-06 17:57 . 2009-07-29 22:45 -------- d-----w- c:\program files\SRB2 Doom Builder 2010-06-06 17:57 . 2009-10-25 22:14 -------- d-----w- c:\program files\Blockland 2010-06-05 20:48 . 2008-08-14 23:03 -------- d-----w- c:\program files\Microsoft Silverlight 2010-05-25 18:52 . 2009-04-17 21:56 -------- d-----w- c:\program files\GStudio7 2010-05-21 19:14 . 2009-10-02 20:41 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-05-19 22:18 . 2009-01-17 01:02 52 -c--a-w- C:\Copy of scaler.bat 2010-05-11 23:15 . 2010-05-11 23:15 -------- d-----w- c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Template 2010-05-06 10:41 . 2007-06-26 16:50 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22 . 2009-07-27 17:40 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-29 20:39 . 2010-06-30 21:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 20:39 . 2010-06-30 21:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-26 22:19 . 2009-08-21 21:04 104000 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2010-04-25 21:53 . 2010-04-25 21:53 323624 ----a-w- c:\windows\system32\wiaaut.dll 2010-04-20 05:30 . 2008-11-13 21:45 285696 ----a-w- c:\windows\system32\atmfd.dll 2006-11-09 01:01 . 2006-11-09 01:01 0 -c--a-w- c:\program files\Common Files\err.log 2004-08-30 04:40 . 2004-08-30 02:40 0 -csha-w- c:\windows\SMINST\HPCD.sys 2008-11-06 02:00 . 2008-11-06 01:34 56 --sha-r- c:\windows\system32\770DD48848.sys 2008-11-06 02:04 . 2008-11-06 01:34 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIEW"="nview.dll" [2003-08-19 852038] "Uniblue SpyEraser"="c:\program files\Uniblue\SpyEraser\SpyEraser.exe" [2008-01-29 1424648] "ATI Launchpad"="c:\program files\ATI Multimedia\main\launchpd.exe" [2004-06-16 106571] "ATI Remote Control"="c:\program files\ATI Multimedia\RemCtrl\ATIRW.exe" [2004-04-16 196608] "updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472] "BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-12 323392] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-18 4363504] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-02-22 26101032] "Google Update"="c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-30 136176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736] "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2003-04-07 114688] "KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992] "AlcxMonitor"="ALCXMNTR.EXE" [2003-04-03 50176] "PS2"="c:\windows\system32\ps2.exe" [2002-08-01 81920] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584] "WUSB54Gv2"="c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InvokeSvc3.exe" [2004-04-19 24576] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-07-11 339968] "ATI DeviceDetect"="c:\program files\ATI Multimedia\main\ATIDtct.EXE" [2004-06-16 69705] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-30 61440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "LTMSG"=LTMSG.exe 7 "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "mmtask"=c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Kapow! Proxy\\Kapow.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\Adobe\\Adobe Flash CS3\\Flash.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Steam\\steamapps\\sonichu\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Steam\\steamapps\\sonichu\\synergy\\hl2.exe"= "c:\\Program Files\\Blockland\\Blockland.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"= "c:\\Documents and Settings\\Owner.YOUR-W04GTXLD67.000\\Desktop\\Folders\\Games\\Hisoutensoku\\th123.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\N8\\NeverBit.exe"= "c:\\Documents and Settings\\Owner.YOUR-W04GTXLD67.000\\Desktop\\Folders\\Games\\SRB2\\srb2win.exe"= "c:\\Documents and Settings\\Owner.YOUR-W04GTXLD67.000\\Desktop\\Folders\\Games\\SRB2\\srb2ogl.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Mozilla Firefox\\SleepIsDeath_v15\\SleepIsDeath.exe"= "c:\\Program Files\\River Past\\Video Cleaner\\VideoCleaner.exe"= "c:\\Program Files\\River Past\\Animated GIF Converter and Booster Pack\\VideoCleaner.exe"= "c:\\Games\\Toribash-3.9\\toribash.exe"= "c:\\Games\\Toribash-3.9\\tb.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10800:UDP"= 10800:UDP:Touhou "28000:UDP"= 28000:UDP:Blockland R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/3/2008 4:09 PM 114768] R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [4/17/2009 5:28 PM 3026] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/3/2008 4:09 PM 20560] R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7/27/2009 2:37 AM 185640] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S3 dump_wmimmc;dump_wmimmc;\??\c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys --> c:\program files\gpotato\TalesRunner\GameGuard\dump_wmimmc.sys [?] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 Tomcat5;Apache Tomcat;"c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe" //RS//Tomcat5 --> c:\program files\Apache Software Foundation\Tomcat 5.5\bin\tomcat5.exe [?] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/3/2007 9:08 AM 685816] --- Other Services/Drivers In Memory --- *NewlyCreated* - GTNDIS5 [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{44BBA844-CC51-11CF-AAFA-00AA00B6015C}] 2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder 2010-07-06 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2006\SystemOptimizer.exe [2005-09-22 04:35] 2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2899075602-3811207098-2694297558-1003Core.job - c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 02:05] 2010-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2899075602-3811207098-2694297558-1003UA.job - c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-03-30 02:05] 2010-07-07 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20] 2010-07-04 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-25 14:46] 2008-04-25 c:\windows\Tasks\Uniblue SpeedUpMyPC.job - c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2008-04-25 14:46] 2008-04-25 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-04-25 15:13] 2010-06-23 c:\windows\Tasks\Windows Update.job - c:\windows\system32\wupdmgr.exe [2004-02-20 12:00] . . ------- Supplementary Scan ------- . uStart Page = hxxp://qus10.hpwis.com/ uDefault_Search_URL = hxxp://srch-qus10.hpwis.com/ mSearch Bar = hxxp://srch-qus10.hpwis.com/ uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = uInternet Settings,ProxyServer = http=127.0.0.1:5555 IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm TCP: {E2D8D8E4-215E-41DA-BF09-10A76EFFA5E3} = 192.168.0.1,192.168.1.1 DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab FF - ProfilePath - c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Application Data\Mozilla\Firefox\Profiles\v0vskgvl.default\ FF - plugin: c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\documents and settings\Owner.YOUR-W04GTXLD67.000\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiCHPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint_03050024.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: content.max.tokenizing.time - 200000 FF - user.js: content.notify.interval - 100000 FF - user.js: content.switch.threshold - 650000 FF - user.js: nglayout.initialpaint.delay - 300 c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-07-06 22:45 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet007\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-2899075602-3811207098-2694297558-1003\Software\SecuROM\License information*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "datasecu"=hex:5d,f1,7d,18,8b,17,aa,17,3a,fe,30,3a,82,92,70,fb,57,3c,49,85,e9, 1d,ae,e9,68,2b,12,8e,cf,91,6a,de,a9,5c,e3,8d,a9,4f,ae,e7,50,1e,fd,f0,77,79,\ "rkeysecu"=hex:8e,56,38,52,73,b2,40,25,7c,55,61,e5,11,52,71,e0 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1004) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(4068) c:\windows\system32\WININET.dll c:\windows\system32\msi.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll c:\program files\Combined Community Codec Pack\Filters\Haali\mmfinfo.dll c:\program files\Combined Community Codec Pack\Filters\Haali\mkunicode.dll c:\program files\Combined Community Codec Pack\Filters\Haali\splitter.ax c:\program files\Combined Community Codec Pack\Filters\Haali\mkzlib.dll c:\program files\Combined Community Codec Pack\Filters\Haali\mkx.dll c:\windows\system32\wmvcore.dll c:\windows\system32\WMASF.DLL . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv2.exe c:\program files\TeamViewer\Version4\TeamViewer.exe c:\windows\SOUNDMAN.EXE c:\program files\Linksys Wireless-G USB Wireless Network Monitor\InfoMyCa.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\rundll32.exe c:\program files\Yahoo!\Messenger\ymsgr_tray.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\taskmgr.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe . ************************************************************************** . Completion time: 2010-07-06 23:02:39 - machine was rebooted ComboFix-quarantined-files.txt 2010-07-07 04:02 ComboFix2.txt 2010-07-06 05:13 Pre-Run: 40,036,958,208 bytes free Post-Run: 40,078,221,312 bytes free Current=7 Default=7 Failed=3 LastKnownGood=11 Sets=,1,2,3,4,5,6,7,8,9,11 - - End Of File - - 8CE4A26ECF1B81542247F16597466F9E