ComboFix 11-07-24.03 - Owner 07/24/2011 23:06:37.5.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2106 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Image Merger .EXE c:\program files\Image Merger .EXE\Help\pv_registration.mht c:\program files\Image Merger .EXE\imagemerger.exe c:\program files\Image Merger .EXE\license.txt c:\program files\Image Merger .EXE\unins000.dat c:\program files\Image Merger .EXE\unins000.exe c:\program files\Image Merger .EXE\Web\Image Merger .EXE Home Page.url c:\program files\Image Merger .EXE\Web\Order Image Merger .EXE.url c:\program files\Image Merger .EXE\Web\SoftTech InterCorp.url . ---- Previous Run ------- . c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\tmp.reg c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-25 to 2011-07-25 ))))))))))))))))))))))))))))))) . . 2011-07-25 04:15 . 2011-07-25 04:15 -------- d-----w- c:\users\Owner\AppData\Local\temp 2011-07-25 04:15 . 2011-07-25 04:15 -------- d-----w- c:\users\User\AppData\Local\temp 2011-07-25 04:15 . 2011-07-25 04:15 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-25 03:45 . 2011-07-25 03:45 -------- d-----w- C:\_OTL 2011-07-21 04:01 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-21 04:01 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-07-21 04:01 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-19 01:50 . 2011-07-19 01:50 -------- d-----w- c:\users\UpdatusUser 2011-07-19 01:47 . 2011-05-25 06:09 899688 ----a-w- c:\windows\system32\nvdispco3220150.dll 2011-07-19 01:47 . 2011-05-25 06:09 865896 ----a-w- c:\windows\system32\nvgenco322090.dll 2011-07-19 01:47 . 2011-05-25 06:09 6555240 ----a-w- c:\windows\system32\nvwgf2um.dll 2011-07-19 01:47 . 2011-05-25 06:09 57960 ----a-w- c:\windows\system32\OpenCL.dll 2011-07-19 01:47 . 2011-05-25 06:09 16456296 ----a-w- c:\windows\system32\nvoglv32.dll 2011-07-19 01:47 . 2011-05-25 06:09 10589800 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2011-07-19 01:47 . 2011-05-25 06:09 5301352 ----a-w- c:\windows\system32\nvcuda.dll 2011-07-19 01:47 . 2011-05-25 06:09 2804328 ----a-w- c:\windows\system32\nvcuvid.dll 2011-07-19 01:47 . 2011-05-25 06:09 2335848 ----a-w- c:\windows\system32\nvapi.dll 2011-07-19 01:47 . 2011-05-25 06:09 2082408 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-07-19 01:47 . 2011-05-25 06:09 13011560 ----a-w- c:\windows\system32\nvcompiler.dll 2011-07-17 04:52 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-17 04:52 . 2011-07-17 04:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-17 04:52 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-13 05:03 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-13 05:03 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-07-13 05:03 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-06-30 03:28 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-04 15:53 . 2010-09-13 21:04 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-07-04 15:53 . 2010-09-13 21:04 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-06-16 04:17 . 2011-05-14 19:44 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-25 06:09 . 2011-01-08 03:06 2557544 ----a-w- c:\windows\system32\nvsvc.dll 2011-05-25 06:09 . 2011-01-08 03:06 615528 ----a-w- c:\windows\system32\nvvsvc.exe 2011-05-25 06:09 . 2011-01-08 03:06 111208 ----a-w- c:\windows\system32\nvmctray.dll 2011-05-25 06:09 . 2009-07-14 18:29 66664 ----a-w- c:\windows\system32\nvshext.dll 2011-05-25 06:09 . 2011-01-08 03:06 543336 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll 2011-05-25 06:09 . 2011-01-08 03:06 3693672 ----a-w- c:\windows\system32\nvcpl.dll 2011-05-25 06:09 . 2009-06-04 04:41 11992680 ----a-w- c:\windows\system32\nvd3dum.dll 2011-05-25 06:09 . 2011-07-19 01:47 12392 ----a-w- c:\windows\system32\drivers\nvBridge.kmd 2011-05-21 03:35 . 2011-05-21 03:35 304744 ----a-w- c:\windows\system32\nvStreaming.exe 2011-05-10 13:06 . 2011-05-10 13:06 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-05-10 13:06 . 2011-05-10 13:06 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2011-05-04 09:52 . 2010-04-20 02:39 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-05-02 17:16 . 2011-06-16 02:35 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 13:25 . 2011-06-16 02:35 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-04-29 13:25 . 2011-06-16 02:35 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-04-29 13:24 . 2011-06-16 02:35 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-04-29 13:24 . 2011-06-16 02:35 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-04-29 13:24 . 2011-06-16 02:35 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll 2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2011-05-17 18:29 1490312 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal] @="{C5994560-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 14:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified] @="{C5994561-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 14:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict] @="{C5994562-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 14:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked] @="{C5994563-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 14:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly] @="{C5994564-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 14:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted] @="{C5994565-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 14:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded] @="{C5994566-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 14:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored] @="{C5994567-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 14:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned] @="{C5994568-53D9-4125-87C9-F193FC689CB2}" [HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}] 2008-11-02 14:26 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\steam\steam.exe" [2010-11-16 1242448] "Sidebar"="c:\program files\Windows Sidebar\SideBar.exe" [2009-04-11 1233920] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2008-08-06 233576] "Lycosa"="c:\program files\Razer\Lycosa\razerhid.exe" [2008-10-16 147456] "CTxfiHlp"="CTXFIHLP.EXE" [2010-07-08 24576] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768] "dvd43"="c:\program files\dvd43\dvd43_tray.exe" [2009-10-24 827904] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2011-05-25 1951112] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ CurseClientStartup.ccip [2010-3-27 0] . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^APC UPS Status.lnk] backup=c:\windows\pss\APC UPS Status.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Firefox Preloader.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Firefox Preloader.lnk backup=c:\windows\pss\Firefox Preloader.lnk.CommonStartup backupExtension=.CommonStartup . [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip] backup=c:\windows\pss\CurseClientStartup.ccip.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk] path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk backup=c:\windows\pss\ERUNT AutoBackup.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk] path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk backup=c:\windows\pss\LimeWire On Startup.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Pandora.lnk] path=c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pandora.lnk backup=c:\windows\pss\Pandora.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^uTorrent Turbo Booster.lnk] backup=c:\windows\pss\uTorrent Turbo Booster.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk] backup=c:\windows\pss\Xfire.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\L2 Rage Patch] silent [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-03-30 04:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2011-06-08 04:02 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2009-10-13 21:53 323392 ----a-w- c:\users\Owner\Program Files\DNA\btdna.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTRegRun] 2006-10-06 20:17 53248 ------w- c:\windows\Ctregrun.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] 2010-07-08 01:33 24576 ----a-w- c:\windows\System32\Ctxfihlp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2009-10-30 11:57 369200 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-09-01 06:39 1164584 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] 2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus NX400 Series] 2007-12-17 06:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEGA.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2008-10-25 16:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2007-08-31 19:01 1037736 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-06-07 22:51 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lachesis] 2008-10-14 17:46 172032 ----a-w- c:\program files\Razer\Lachesis\razerhid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lycosa] 2008-10-16 23:07 147456 ----a-w- c:\program files\Razer\Lycosa\razerhid.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)] 2011-07-07 00:52 1047656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe [BU] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVRaidService] 2009-06-30 23:40 163872 ----a-w- c:\windows\System32\nvraidservice.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] 2011-05-25 06:09 2557544 ----a-w- c:\windows\System32\nvsvc.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray] 2010-06-22 03:37 2528584 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 23:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] 2009-04-11 04:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD] 2009-01-26 21:31 5365592 --sha-r- c:\program files\Spybot - Search & Destroy\SpybotSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg] 2000-05-11 07:00 90112 ------w- c:\windows\Updreg.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent] 2011-01-05 04:07 395640 ----a-w- c:\program files\uTorrent\uTorrent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2010-12-09 10:45 74752 ----a-w- c:\program files\Winamp\winampa.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] 2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Sidebar] 2009-04-11 04:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2008-01-19 07:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTRegRun"=c:\windows\CTRegRun.EXE "Google Update"="c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" "UpdReg"=c:\windows\UpdReg.EXE "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" . R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-10 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-06-19 79360] R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-02-10 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-07-08 198232] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-07-08 1353304] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-07-08 73816] R3 MovRVDrv32;MovRVDrv32;c:\windows\system32\DRIVERS\MovRVDrv32.sys [2008-04-17 3768] R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-08-02 32512] R3 NTPASp50;NTPASp50 NDIS Protocol Driver;c:\windows\system32\Drivers\NTPASp50.sys [2004-08-10 17536] R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2009-02-03 23096] R3 SndTVideo;SndTVideo;c:\windows\system32\DRIVERS\SndTVideo.sys [2009-02-03 3768] R3 SWLD23U;Netopia 802.11b WLAN USB Adapter;c:\windows\system32\DRIVERS\SWLD23U.sys [x] R3 swlubtl;WLAN USB Boot Device;c:\windows\system32\Drivers\swlubtl.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R4 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112] R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-08-30 3407412] S0 pxscan;pxscan;c:\windows\System32\drivers\pxscan.sys [2009-12-01 30280] S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-04 691696] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-29 136360] S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [2011-05-25 1336712] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504] S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [2010-06-22 1619272] S2 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2009-12-01 47152] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-07-08 198232] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-07-08 1353304] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-07-08 73816] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2010-07-08 1227352] S3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-08 12032] S3 LycoFltr;Lycosa Keyboard;c:\windows\system32\Drivers\Lycosa.sys [2008-05-22 16896] S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2009-12-01 24496] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 16:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2009-05-28 c:\windows\Tasks\Uniblue DiskRescue 2009.job - c:\program files\Uniblue\DiskRescue\UBDiskRescue.exe [2008-09-10 15:22] . 2008-06-15 c:\windows\Tasks\Uniblue SpyEraser.job - c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-06-15 14:50] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: Download Link Using Mega Manager... - c:\program files\Megaupload\Mega Manager\mm_file.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\u7e8w4di.default\ FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.myspace.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q= FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . - - - - ORPHANS REMOVED - - - - . HKCU-Run-PlayNC Launcher - (no file) MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe MSConfigStartUp-IObit Security 360 - c:\program files\IObit\IObit Security 360\IS360tray.exe MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_05\bin\jusched.exe AddRemove-DoWar2R_is1 - c:\program files\DoWar2R\unins000.exe AddRemove-Image Merger .EXE_is1 - c:\program files\Image Merger .EXE\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-24 23:15 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run CTxfiHlp = CTXFIHLP.EXE? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA"="" "Device"="xr3Pxr2+yLnPx87MzrzMy8y7zcs=" . [HKEY_USERS\S-1-5-21-4051726148-2668874063-1496388572-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) "??"=hex:3a,c3,44,b3,dd,ed,7b,f1,2d,5b,dd,38,96,2b,cc,71,49,3c,3f,48,cc,f5,95, 92,a0,ab,59,9b,9d,34,a5,b8,f4,c8,c1,68,c0,e0,35,1e,09,2f,b0,62,f2,4d,09,53,\ "??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50 . [HKEY_USERS\S-1-5-21-4051726148-2668874063-1496388572-1000\Software\SecuROM\License information*] "datasecu"=hex:50,43,a3,4a,1d,f2,dd,a9,81,12,8b,ac,11,d4,4b,be,d1,fa,b8,29,17, 29,19,2b,b0,74,5d,f8,ba,42,1f,f2,d3,bb,f0,5d,55,98,16,6a,27,4f,f3,07,1d,3c,\ "rkeysecu"=hex:12,81,0b,5c,4f,b2,07,fb,f5,76,d8,77,fa,40,31,82 . [HKEY_USERS\S-1-5-21-4051726148-2668874063-1496388572-1000_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):9e,57,4f,df,b8,a8,7d,06,f8,b9,20,ae,1d,42,47,f2,e9,d5,e3,e2,94, 6f,09,0c,c5,1b,79,89,ce,31,f0,f8,8d,36,ec,42,aa,d9,b5,3f,00,00,00,00,00,00,\ . [HKEY_USERS\S-1-5-21-4051726148-2668874063-1496388572-1000_Classes\CLSID\{62db88e5-7000-484c-acd1-f8afff045062}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000139 "Therad"=dword:00000015 "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a, 1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\ . [HKEY_USERS\S-1-5-21-4051726148-2668874063-1496388572-1000_Classes\CLSID\{682cb76d-6ce9-458c-a3da-6e78bf02a154}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "Model"=dword:00000041 "Therad"=dword:0000001f "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,62,9d,ca,bb,66,bc,f3,3e,dd,d8,a4,bc,db,a9,2d,e2,c2,e9,d6,8a,17,69,\ . [HKEY_USERS\S-1-5-21-4051726148-2668874063-1496388572-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) @Allowed: (Read) (RestrictedCode) "scansk"=hex(0):2f,0e,e0,03,f0,80,42,43,d7,29,da,40,1c,1f,ad,45,e9,1a,d1,de,ff, 76,e6,3b,a1,7f,70,e7,91,6e,00,fa,f5,24,50,b7,5c,b8,08,51,00,00,00,00,00,00,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(3764) c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll c:\program files\TortoiseSVN\bin\TortoiseStub.dll c:\program files\TortoiseSVN\bin\TortoiseSVN.dll c:\program files\TortoiseSVN\bin\intl3_tsvn.dll . Completion time: 2011-07-24 23:20:17 ComboFix-quarantined-files.txt 2011-07-25 04:20 ComboFix2.txt 2010-06-29 23:32 ComboFix3.txt 2010-04-18 19:44 ComboFix4.txt 2010-03-24 23:34 ComboFix5.txt 2010-08-21 16:59 . Pre-Run: 3,349,041,152 bytes free Post-Run: 3,246,702,592 bytes free . - - End Of File - - F17FFCB0CB60566FBB385FDE1667791A