ComboFix 11-02-23.05 - Renee Evans 02/23/2011 16:00:06.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2659 [GMT -7:00] Running from: d:\documents and settings\Renee Evans\Desktop\ComboFix.exe AV: F-Secure Internet Security 2010 10.00 *Enabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15} FW: F-Secure Internet Security 2010 10.00 *Enabled* {D4747503-0346-49EB-9262-997542F79BF4} . /wow section - STAGE 25 The system cannot find the path specified. @DO was unexpected at this time. ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . d:\documents and settings\All Users\Application Data\.wtav d:\windows\assembly\GAC\__AssemblyInfo__.ini d:\windows\system32\drivers\vbma4e99.sys d:\windows\system32\exefile.exe d:\windows\system32\lvcoinst.dll d:\windows\WinSxS\x86_Microsoft.Windows.Shell.HWEventDetector_6595b64144ccf1df_5.2.2.3_x-ww_5390e909\shsvcs.dll . ((((((((((((((((((((((((( Files Created from 2011-01-23 to 2011-02-23 ))))))))))))))))))))))))))))))) . 2011-02-23 22:25 . 2011-02-23 22:25 -------- d-----w- D:\_OTL 2011-02-23 20:04 . 2011-02-23 20:04 -------- d-----w- D:\RK_Quarantine 2011-02-23 18:36 . 2011-02-23 18:29 830464 ----a-w- D:\RogueKiller.exe 2011-02-22 23:20 . 2011-02-22 23:20 -------- d-----w- d:\documents and settings\Renee Evans\Application Data\Malwarebytes 2011-02-21 22:04 . 2011-02-21 22:04 -------- d-----w- d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-02-21 21:30 . 2010-11-09 20:56 98392 ----a-w- d:\windows\system32\drivers\SBREDrv.sys 2011-02-21 21:30 . 2010-11-09 20:56 27984 ----a-w- d:\windows\system32\sbbd.exe 2011-02-17 18:50 . 2011-02-17 18:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes 2011-02-17 18:35 . 2011-02-19 18:11 16968 ----a-w- d:\windows\system32\drivers\hitmanpro35.sys 2011-02-17 18:35 . 2011-02-17 18:35 -------- d-----w- d:\documents and settings\All Users\Application Data\Hitman Pro 2011-02-17 15:40 . 2011-02-17 15:40 -------- d-----w- d:\documents and settings\Administrator 2011-02-12 13:15 . 2011-02-12 13:15 -------- d-----w- d:\documents and settings\All Users\Application Data\NVIDIA Corporation 2011-02-12 13:15 . 2006-05-06 02:21 4608 ----a-w- d:\windows\system32\drivers\nvport.sys 2011-02-12 13:15 . 2006-03-29 15:51 60416 ----a-w- d:\windows\system32\DSETUP.dll 2011-02-12 13:15 . 2006-03-29 15:50 671744 ----a-w- d:\windows\system32\DolbyHph.dll 2011-02-12 13:15 . 2006-03-29 15:49 9856 ----a-w- d:\windows\system32\drivers\pfc.sys 2011-02-10 18:04 . 1996-08-23 20:10 924432 ----a-w- d:\windows\system\Mfc40.dll 2011-02-10 18:03 . 2011-02-10 18:03 -------- d-----w- d:\windows\Profiles 2011-02-02 17:14 . 2006-06-22 22:29 1413424 ----a-r- d:\windows\system32\drivers\lvpopflt.sys 2011-02-02 17:13 . 2006-06-22 20:51 4770 ----a-r- d:\windows\system32\Repository.reg 2011-02-02 17:13 . 2006-06-22 22:29 38960 ----a-r- d:\windows\system32\drivers\LVUSBSta.sys 2011-02-02 17:13 . 2006-06-22 22:29 513584 ----a-r- d:\windows\system32\LVUI2RC.dll 2011-02-02 17:13 . 2006-06-22 22:29 210480 ----a-r- d:\windows\system32\LVUI2.dll 2011-02-02 17:13 . 2006-06-22 22:29 263728 ----a-r- d:\windows\system32\lvcodec2.dll 2011-02-02 17:13 . 2006-06-22 22:29 961072 ----a-r- d:\windows\system32\drivers\lvuvc.sys 2011-02-02 17:13 . 2003-02-21 12:42 348160 ----a-r- d:\windows\system\msvcr71.dll 2011-02-02 17:12 . 2006-06-22 22:29 55984 ----a-r- d:\windows\system32\drivers\lvselsus.sys 2011-02-02 17:12 . 2006-06-22 22:29 20272 ----a-r- d:\windows\system32\drivers\lvuvcflt.sys 2011-02-02 17:06 . 2011-02-02 17:07 -------- d-----w- d:\program files\Common Files\Logitech 2011-02-02 17:06 . 2011-02-02 17:06 -------- d-----w- d:\program files\Logitech 2011-02-02 17:06 . 2011-02-02 17:06 -------- d-----w- d:\documents and settings\All Users\Application Data\Logitech 2011-02-02 17:03 . 2008-04-14 01:12 91136 ----a-w- d:\windows\system32\kswdmcap.ax 2011-02-02 17:03 . 2008-04-14 01:12 61952 ----a-w- d:\windows\system32\kstvtune.ax 2011-02-02 17:03 . 2008-04-14 01:12 43008 ----a-w- d:\windows\system32\ksxbar.ax 2011-02-02 17:03 . 2008-04-14 01:12 53760 -c--a-w- d:\windows\system32\dllcache\vfwwdm32.dll 2011-02-02 17:03 . 2008-04-14 01:12 53760 ----a-w- d:\windows\system32\vfwwdm32.dll 2011-02-02 17:03 . 2008-04-14 01:12 20992 ----a-w- d:\windows\system32\dshowext.ax 2011-01-25 14:47 . 2011-01-25 14:47 -------- d-----w- d:\program files\Microsoft Silverlight . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-25 15:31 . 2010-12-25 15:31 19072 ----a-w- d:\windows\system32\drivers\PS2.sys 2010-12-25 15:31 . 2010-12-25 15:31 9096 ----a-w- d:\windows\system32\drivers\amdide.sys 2010-12-23 19:09 . 2010-12-23 19:00 96600 ----a-w- d:\windows\system32\drivers\idmtdi.sys 2010-12-13 21:37 . 2010-12-26 21:11 10915840 ----a-w- d:\windows\system32\libmfxhw32.dll 2010-12-13 21:37 . 2010-12-26 21:11 10833920 ----a-w- d:\windows\system32\libmfxsw32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2010-12-23 19:09 67168 ----a-w- g:\program files\Internet Download Manager\IDMShellExt.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="d:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NetWorx"="d:\program files\NetWorx\networx.exe" [2010-01-13 2892288] "F-Secure Manager"="j:\program files\F-Secure Internet Security\Common\FSM32.EXE" [2009-07-09 199264] "F-Secure TNB"="j:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2009-07-09 2349664] "TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-08-25 202256] "LogitechCommunicationsManager"="d:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200] "LogitechQuickCamRibbon"="d:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960] "LVCOMSX"="d:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] d:\documents and settings\All Users\Start Menu\Programs\Startup\ Microsoft Office OneNote 2003 Quick Launch.lnk - g:\program files\Microsoft Office\OFFICE11\ONENOTEM.EXE [2005-3-17 59080] [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=d:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Database Server Manager.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Database Server Manager.lnk backup=d:\windows\pss\QuickBooks Database Server Manager.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=d:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=d:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^Renee Evans^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk] path=d:\documents and settings\Renee Evans\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk backup=d:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-09-21 18:37 932288 ----a-w- d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-12-18 15:58 40368 ----a-w- e:\program files\Adobe Reader\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] 2005-09-13 03:15 69632 ----a-w- d:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllMyNotes] 2010-12-15 18:50 2345224 ----a-w- g:\allmynotes organizer\AllMyNotes.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-08-26 23:31 136176 ----atw- d:\documents and settings\Renee Evans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- d:\program files\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2007-10-15 03:17 49152 ----a-w- d:\program files\HP\HP Software Update\hpwuSchd2.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon] 2007-08-22 22:31 80896 ----a-w- d:\program files\HP\Digital Imaging\bin\HpqSRmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] 2010-12-23 18:37 3274136 ----a-w- g:\program files\Internet Download Manager\IDMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager] 2008-11-18 21:01 623880 ----a-w- d:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] 2005-08-12 11:30 249856 ----a-w- d:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] 2005-08-12 11:30 81920 ----a-w- d:\program files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-08-10 11:15 421888 ----a-w- g:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2005-09-13 03:15 14820864 ----a-w- d:\windows\RTHDCPL.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2010-08-25 18:56 202256 ----a-w- d:\program files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 "AntiSpywareOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "d:\\WINDOWS\\system32\\sessmgr.exe"= "g:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "d:\\Documents and Settings\\Renee Evans\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "d:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "d:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "d:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "d:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "d:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "d:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "d:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "d:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "d:\\Program Files\\Bonjour\\mDNSResponder.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 fsbts;fsbts;d:\windows\system32\drivers\fsbts.sys [6/13/2009 1:48 PM 41256] R0 FSFW;F-Secure Firewall Driver;d:\windows\system32\drivers\fsdfw.sys [6/13/2009 1:06 PM 80000] R0 sptd;sptd;d:\windows\system32\drivers\sptd.sys [8/10/2010 10:58 AM 697328] R1 F-Secure HIPS;F-Secure HIPS Driver;j:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [8/15/2010 1:46 AM 68064] R1 IDMTDI;IDMTDI;d:\windows\system32\drivers\idmtdi.sys [12/23/2010 12:00 PM 96600] R1 PSSDK42;PSSDK42;d:\windows\system32\drivers\pssdk42.sys [7/25/2010 6:45 PM 38976] R1 SBRE;SBRE;d:\windows\system32\drivers\SBREDrv.sys [2/21/2011 2:30 PM 98392] R3 F-Secure Gatekeeper;F-Secure Gatekeeper;j:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [8/15/2010 1:45 AM 124072] S1 SASDIFSV;SASDIFSV;\??\d:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> d:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\d:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> d:\docume~1\ADMINI~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?] S2 LMIRescue_7127b22c-6975-4f47-acfc-689b89ff9f3d;LogMeIn Rescue (7127b22c-6975-4f47-acfc-689b89ff9f3d);"d:\windows\LMI2.tmp\LMI_InstantChat_srv.exe" -service -sid 7127b22c-6975-4f47-acfc-689b89ff9f3d --> d:\windows\LMI2.tmp\LMI_InstantChat_srv.exe [?] S2 LMIRescue_b9595b08-002a-4985-a11a-56836c85b324;LogMeIn Rescue (b9595b08-002a-4985-a11a-56836c85b324);"d:\windows\LMID.tmp\LMI_InstantChat_srv.exe" -service -sid b9595b08-002a-4985-a11a-56836c85b324 --> d:\windows\LMID.tmp\LMI_InstantChat_srv.exe [?] S2 QuickBooksDB17;QuickBooksDB17;g:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 --> g:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB17 [?] S2 VideoAcceleratorService;VideoAcceleratorService;j:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> j:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?] S3 epmntdrv;epmntdrv;d:\windows\system32\epmntdrv.sys [6/13/2009 12:44 PM 8704] S3 EuGdiDrv;EuGdiDrv;d:\windows\system32\EuGdiDrv.sys [6/13/2009 12:44 PM 3072] S3 fsbl;F-Secure BlackLight Engine Driver;\??\d:\docume~1\RENEEE~1\LOCALS~1\Temp\9b81965d-3ce5-4b9c-baa7-045bf58bf712\fsbldrv.sys --> d:\docume~1\RENEEE~1\LOCALS~1\Temp\9b81965d-3ce5-4b9c-baa7-045bf58bf712\fsbldrv.sys [?] S3 FSORSPClient;F-Secure ORSP Client;j:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [8/15/2010 1:46 AM 55904] S3 hitmanpro35;Hitman Pro 3.5 Support Driver;d:\windows\system32\drivers\hitmanpro35.sys [2/17/2011 11:35 AM 16968] S3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link PCI Express Ethernet Controller;d:\windows\system32\drivers\m4cxw2k3.sys [3/10/2005 6:42 AM 227584] S3 npggsvc;nProtect GameGuard Service;d:\windows\system32\GameMon.des -service --> d:\windows\system32\GameMon.des -service [?] S3 QuickBooksDB19;QuickBooksDB19;g:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 --> g:\progra~1\Intuit\QUICKB~1\QBDBMgrN.exe -hvQuickBooksDB19 [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\h:\ntglm7x.sys --> h:\NTGLM7X.sys [?] S4 F-Secure Filter;F-Secure File System Filter;j:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsfilter.sys [8/15/2010 1:45 AM 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer;j:\program files\F-Secure Internet Security\Anti-Virus\win2k\fsrec.sys [8/15/2010 1:45 AM 25184] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2011-02-23 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003Core.job - d:\documents and settings\Renee Evans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 23:31] 2011-02-23 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1078081533-861567501-725345543-1003UA.job - d:\documents and settings\Renee Evans\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-08-26 23:31] 2011-02-23 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-1003.job - d:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02] 2011-02-23 d:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1078081533-861567501-725345543-500.job - d:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02] 2011-02-12 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-1003.job - d:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02] 2011-02-23 d:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1078081533-861567501-725345543-500.job - d:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 09:02] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local IE: &Clean Traces - j:\program files\DAP\Privacy Package\dapcleanerie.htm IE: &Download by Orbit - j:\program files\Orbitdownloader\orbitmxt.dll/201 IE: &Download with &DAP - g:\program files\DAP\dapextie.htm IE: &Grab video by Orbit - j:\program files\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - j:\program files\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - j:\program files\Orbitdownloader\orbitmxt.dll/202 IE: Download &all with DAP - g:\program files\DAP\dapextie2.htm IE: Download all links with IDM - g:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - g:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - g:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 LSP: j:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - g:\program files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-AlcoholAutomount - g:\alcohol 52\AxAutoMntSrv.exe MSConfigStartUp-Skype - d:\program files\Skype\Phone\Skype.exe AddRemove-HijackThis - d:\documents and settings\Administrator\My Documents\Downloads\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-02-23 16:03 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="d:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2e7c9dfb-f3e4-4e98-87e4-897eae0b207b}] @Denied: (Full) (Everyone) "Model"=dword:0000015f "Therad"=dword:00000017 "MData"=hex(0):b1,89,4c,d5,0c,37,6d,d6,88,61,4f,64,8f,4d,34,b9,31,ec,86,2e,d0, 1a,c3,ae,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):9f,fa,f9,d7,03,ae,a8,5b,77,03,9c,63,32,6f,79,d0,15,3a,27,da,07, 76,88,7a,01,47,41,69,98,7b,e8,78,fa,f4,34,57,92,17,9a,22,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Swearware\backup\winsock2\Parameters] @DACL=(02 0000) @SACL= "WinSock_Registry_Version"="2.0" "Current_Protocol_Catalog"="Protocol_Catalog9" "Current_NameSpace_Catalog"="NameSpace_Catalog5" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(796) j:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL . Completion time: 2011-02-23 16:04:27 ComboFix-quarantined-files.txt 2011-02-23 23:04 Pre-Run: 9,944,395,776 bytes free Post-Run: 9,895,161,856 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="XP Professional - System" /fastdetect /NoExecute=OptIn /usepmtimer multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="XP Professional - Media" /noexecute=optin /fastdetect /usepmtimer multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="XP Professional - ECI QB" /noexecute=optin /fastdetect /usepmtimer - - End Of File - - BEAAFB37D75A22762AE52487CF88384A