ComboFix 10-08-31.01 - Lee 31/08/2010 20:57:36.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2037.1040 [GMT 1:00] Running from: c:\users\Lee\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: AVG Anti-Virus Free *enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\programdata\hpe229C.dll c:\programdata\SysWoW32 c:\programdata\SysWoW32\_u1023033086v0 c:\programdata\SysWoW32\_u1023033086v1 c:\programdata\SysWoW32\_u1023033086v2 c:\programdata\SysWoW32\mu1023033086v4.kwd c:\programdata\SysWoW32\mu1023033086v5.kwd c:\programdata\SysWoW32\mu1023033086v6.kwd c:\programdata\SysWoW32\mu1023033086v7.kwd c:\programdata\SysWoW32\wu1023033086v0 c:\programdata\SysWoW32\wu1023033086v0.kwd c:\programdata\SysWoW32\wu1023033086v1 c:\programdata\SysWoW32\wu1023033086v1.kwd c:\programdata\SysWoW32\wu1023033086v2 c:\programdata\SysWoW32\wu1023033086v2.kwd c:\programdata\SysWoW32\wu1023033086v3 c:\programdata\SysWoW32\wu1023033086v3.kwd c:\programdata\unrar.exe c:\users\Lee\AppData\Roaming\02000000d30b7ae3988C.manifest c:\users\Lee\AppData\Roaming\02000000d30b7ae3988O.manifest c:\users\Lee\AppData\Roaming\02000000d30b7ae3988P.manifest c:\users\Lee\AppData\Roaming\02000000d30b7ae3988S.manifest c:\users\Lee\AppData\Roaming\66CC.tmp c:\users\Lee\AppData\Roaming\6765.tmp c:\users\Lee\AppData\Roaming\B826.tmp c:\users\Lee\AppData\Roaming\BITS c:\users\Lee\AppData\Roaming\BITS\BITS.ini c:\users\Lee\AppData\Roaming\BITS\pl.dat c:\users\Lee\AppData\Roaming\BITS\UPnP.ini c:\users\Lee\AppData\Roaming\C1DD.tmp c:\users\Lee\AppData\Roaming\C2.tmp c:\users\Lee\AppData\Roaming\C4D7.tmp c:\users\Lee\AppData\Roaming\FlashGetBHO c:\users\Lee\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll c:\users\Lee\AppData\Roaming\FlashGetBHO\GetAllUrl.htm c:\users\Lee\AppData\Roaming\FlashGetBHO\GetUrl.htm c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.drv c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\cb.exe c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\cid.drv c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\cid.exe c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.exe c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\eb.dll c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\energy.tmp c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\exec.dll c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\kernel32.exe c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\pal.dll c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\pal.drv c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\PE.dll c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\PE.sys c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\runddl.tmp c:\users\Lee\AppData\Roaming\Microsoft\Windows\Recent\std.dll c:\users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows System Defender.lnk c:\users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Windows System Defender.lnk c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\nmggnuvi.default\extensions\{6c81d31a-2882-440e-b7c8-e97023b0c357} c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\nmggnuvi.default\extensions\{6c81d31a-2882-440e-b7c8-e97023b0c357}\chrome.manifest c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\nmggnuvi.default\extensions\{6c81d31a-2882-440e-b7c8-e97023b0c357}\chrome\xulcache.jar c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\nmggnuvi.default\extensions\{6c81d31a-2882-440e-b7c8-e97023b0c357}\defaults\preferences\xulcache.js c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\nmggnuvi.default\extensions\{6c81d31a-2882-440e-b7c8-e97023b0c357}\install.rdf c:\users\Lee\AppData\Roaming\SystemProc c:\users\Lee\AppData\Roaming\SystemProc\lsass.exe c:\windows\system32\%appdata% c:\windows\system32\5lD2GSqus6U98j6.vbs c:\windows\system32\ddraw32.dll c:\windows\system32\devmgr32.dll c:\windows\system32\secushr.dat c:\windows\system32\secustat.dat . ((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-31 ))))))))))))))))))))))))))))))) . 2010-08-31 20:10 . 2010-08-31 20:13 -------- d-----w- c:\users\Lee\AppData\Local\temp 2010-08-31 20:10 . 2010-08-31 20:10 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-08-30 14:08 . 2010-08-30 14:08 -------- d-----w- c:\program files\Trend Micro 2010-08-29 18:14 . 2010-08-29 18:14 266240 ----a-w- c:\windows\system32\CSHelper.exe 2010-08-29 18:14 . 2010-08-29 18:14 225280 ----a-w- c:\windows\system32\CSInstru.DLL 2010-08-27 19:25 . 2010-08-29 20:24 -------- d-----w- c:\programdata\1418855363 2010-08-27 19:24 . 2010-08-31 20:09 220160 ----a-w- c:\windows\system32\ddraw32.dll 2010-08-23 17:11 . 2010-08-23 17:11 -------- d-----w- c:\users\Lee\AppData\Local\AskToolbar 2010-08-23 17:10 . 2010-08-23 17:10 -------- d-----w- c:\users\Lee\Boris 2010-08-19 21:19 . 2010-08-19 21:19 -------- d-----w- c:\program files\Hornby Hobbies 2010-08-19 21:16 . 2010-08-19 21:18 -------- d-----w- c:\users\Lee\Hornby Virtual Railway Folder 2010-08-12 22:17 . 2010-06-21 13:37 2037760 ----a-w- c:\windows\system32\win32k.sys 2010-08-12 22:17 . 2010-06-18 17:31 36864 ----a-w- c:\windows\system32\rtutils.dll 2010-08-12 22:17 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe 2010-08-12 22:17 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe 2010-08-12 22:17 . 2010-06-11 16:15 1248768 ----a-w- c:\windows\system32\msxml3.dll 2010-08-12 22:17 . 2010-06-18 15:04 302080 ----a-w- c:\windows\system32\drivers\srv.sys 2010-08-12 22:17 . 2010-06-18 15:04 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2010-08-12 22:17 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys 2010-08-05 18:38 . 2010-08-05 18:38 -------- d-----w- c:\program files\MSECache 2010-08-03 19:26 . 2010-08-03 19:48 -------- d-----w- c:\users\Lee\Scanned Photos 2010-08-03 19:23 . 2010-08-03 19:23 -------- d-----w- c:\programdata\Ezprint 2010-08-03 19:22 . 2010-08-03 19:48 -------- d-----w- c:\program files\Lx_cats 2010-08-03 19:21 . 2007-01-30 06:32 118272 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lxcgpp5c.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-31 20:11 . 2009-10-08 17:07 12 ----a-w- c:\windows\bthservsdp.dat 2010-08-31 20:05 . 2010-06-15 18:48 -------- d-----w- c:\program files\Ask.com 2010-08-31 19:52 . 2010-03-28 09:00 0 ----a-w- c:\users\Lee\AppData\Local\prvlcl.dat 2010-08-31 17:06 . 2010-08-31 17:06 0 ----a-w- c:\users\Lee\AppData\Roaming\6545.tmp 2010-08-30 14:08 . 2010-08-30 14:08 388096 ----a-r- c:\users\Lee\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-29 17:18 . 2010-08-29 17:18 320512 ----a-w- c:\programdata\d3dx10_3732.dll 2010-08-29 17:18 . 2010-08-29 17:18 320512 ----a-w- c:\programdata\d3dx10_3732.dll 2010-08-28 20:52 . 2009-11-08 11:58 -------- d-----w- c:\programdata\avg9 2010-08-27 19:33 . 2009-05-26 09:35 -------- d-----w- c:\users\Lee\AppData\Roaming\FrostWire 2010-08-27 19:24 . 2010-08-27 19:24 320512 ----a-w- c:\programdata\dmutil32.dll 2010-08-27 19:24 . 2010-08-27 19:24 320512 ----a-w- c:\programdata\dmutil32.dll 2010-08-23 18:45 . 2010-04-04 10:44 -------- d-----w- c:\users\Lee\AppData\Roaming\PrimoPDF 2010-08-23 17:11 . 2010-05-10 20:07 -------- d-----w- c:\program files\Mozilla Firefox 3.5 2010-08-22 21:19 . 2006-12-08 07:52 -------- d-----w- c:\program files\Common Files\Java 2010-08-22 21:19 . 2006-12-08 07:52 -------- d-----w- c:\program files\Java 2010-08-22 12:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail 2010-08-21 17:27 . 2006-12-08 07:16 -------- d-----w- c:\programdata\Roxio 2010-08-03 19:23 . 2009-11-21 12:40 -------- d-----w- c:\program files\Lexmark 2300 Series 2010-07-26 21:29 . 2010-07-26 20:28 -------- d-----w- c:\program files\JDownloader 2010-07-17 04:00 . 2010-06-03 18:35 423656 ----a-w- c:\windows\system32\deployJava1.dll 2010-07-15 17:22 . 2009-05-17 00:25 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 17:22 . 2010-07-15 17:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 17:21 . 2009-05-17 00:25 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-07 20:48 . 2010-07-07 20:30 -------- d-----w- c:\users\Lee\AppData\Roaming\Sony 2010-07-07 20:44 . 2010-07-07 20:44 -------- d-----w- c:\program files\Common Files\Sony Shared 2010-07-07 20:43 . 2010-07-07 20:38 -------- d-----w- c:\program files\Sony 2010-07-07 20:42 . 2010-07-07 20:42 10134 ----a-r- c:\users\Lee\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe 2010-07-07 20:38 . 2010-07-07 20:38 -------- d-----w- c:\programdata\Sony Corporation 2010-07-07 20:30 . 2010-07-07 20:30 -------- d-----w- c:\users\Lee\AppData\Roaming\Sony Setup 2010-07-01 11:07 . 2010-07-01 11:07 434176 ----a-w- c:\programdata\Trusteer\Rapport\store\exts\RapportMS\17053\RapportMS.dll 2010-06-26 06:05 . 2010-08-12 22:18 916480 ----a-w- c:\windows\system32\wininet.dll 2010-06-26 06:02 . 2010-08-12 22:18 71680 ----a-w- c:\windows\system32\iesetup.dll 2010-06-26 06:02 . 2010-08-12 22:18 109056 ----a-w- c:\windows\system32\iesysprep.dll 2010-06-26 04:25 . 2010-08-12 22:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2010-06-12 18:02 . 2010-06-12 18:02 655360 ----a-w- c:\users\Lee\AppData\Roaming\Spotify\Gracenote\gnsdk_sdkmanager.dll 2010-06-12 18:02 . 2010-06-12 18:02 282624 ----a-w- c:\users\Lee\AppData\Roaming\Spotify\Gracenote\gnsdk_musicid_file.dll 2010-06-12 18:02 . 2010-06-12 18:02 208896 ----a-w- c:\users\Lee\AppData\Roaming\Spotify\Gracenote\gnsdk_dsp.dll 2010-06-11 16:16 . 2010-08-12 22:18 274944 ----a-w- c:\windows\system32\schannel.dll 2010-06-03 02:41 . 2010-06-03 02:41 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-06-02 22:03 . 2009-05-17 00:24 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2010-05-26 14:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952] "Google Update"="c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-10-27 133104] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224] "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-12-03 167936] "QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744] "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-10 46704] "WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152] "hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800] "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656] "SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312] "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-03-15 180224] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-07-15 2065760] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832] "LXCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2007-02-22 73728] "lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2007-04-29 205744] "EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2007-04-29 103344] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "VistaSp2"=hex(b):71,fe,8b,42,62,27,ca,01 R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2009-03-25 86824] R3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2009-03-25 15016] R3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2009-03-25 114728] R3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2009-03-25 106208] R3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2009-03-25 26024] R3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2009-03-25 104744] R3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2009-03-25 109864] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-05-19 721904] S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-15 216400] S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-07-15 243024] S1 RapportBuka;RapportBuka;c:\windows\system32\drivers\RapportBuka.sys [2010-02-27 390528] S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-07-01 59240] S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-07-01 166632] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136] S2 CSHelper;CopySafe Helper Service;c:\windows\system32\CSHelper.exe [2010-08-29 266240] S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-07-01 840936] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache vvdsvc REG_MULTI_SZ vvdsvc . Contents of the 'Scheduled Tasks' folder 2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3133330365-3398836651-270941216-1000Core.job - c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-27 20:46] 2010-08-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3133330365-3398836651-270941216-1000UA.job - c:\users\Lee\AppData\Local\Google\Update\GoogleUpdate.exe [2009-10-27 20:46] 2010-08-31 c:\windows\Tasks\User_Feed_Synchronization-{B2F50987-206C-4FB5-A5AF-86099DE9C626}.job - c:\windows\system32\msfeedssync.exe [2010-08-12 04:24] . . ------- Supplementary Scan ------- . uStart Page = hxxp://uk.ask.com?o=14196&l=dis mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop uInternet Settings,ProxyOverride = *.local IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\nmggnuvi.default\ FF - prefs.js: browser.startup.homepage - www.google.co.uk FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScope42.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npArtistScopeDRM11.dll FF - plugin: c:\program files\Sony\Media Go\npmediago.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: c:\program files\Veetle\Player\npvlc.dll FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll FF - plugin: c:\users\Lee\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . ------- File Associations ------- . .txt= . - - - - ORPHANS REMOVED - - - - BHO-{044CC9E9-2C92-4979-8DCF-8DED49570C0e} - c:\windows\system32\devmgr32.dll HKCU-Run-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe HKCU-Run-PPAP - c:\programdata\PPLiveVA\Application\PPAP.exe HKCU-Run-RTHDBPL - c:\users\Lee\AppData\Roaming\SystemProc\lsass.exe HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-31 21:12 Windows 6.0.6002 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? HKCU\Software\Microsoft\Windows\CurrentVersion\Run RTHDBPL = c:\users\Lee\AppData\Roaming\SystemProc\lsass.exe???????????????????????????????????#??????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3133330365-3398836651-270941216-1000\Software\SecuROM\License information*] "datasecu"=hex:30,39,65,bc,cc,5d,93,9d,7f,3e,59,20,77,ea,8a,c0,8f,42,e5,0f,e0, d1,d8,2e,f7,54,57,ce,06,e8,e5,27,bf,a6,69,97,52,ba,83,c9,a2,ce,88,aa,00,a2,\ "rkeysecu"=hex:97,39,43,ff,2d,b0,71,fc,e5,c0,df,1c,82,2a,17,56 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(6628) c:\program files\Trusteer\Rapport\bin\rooksbas.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\WLANExt.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe c:\program files\AVG\AVG9\avgnsx.exe c:\windows\system32\lxcgcoms.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\servicing\TrustedInstaller.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\windows\system32\vssvc.exe . ************************************************************************** . Completion time: 2010-08-31 21:22:58 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-31 20:22 Pre-Run: 10,552,926,208 bytes free Post-Run: 10,457,362,432 bytes free - - End Of File - - 61523363D55846C0A529A6ABC4F3BEEA