ComboFix 12-08-07.05 - Scumgriever 08/08/2012 15:17:45.1.2 - x86 Running from: c:\documents and settings\Scumgriever\Desktop\ComboFix.exe * Created a new restore point . [i] ADS - WINDOWS: deleted 48 bytes in 1 streams. [/i] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\docume~1\SCUMGR~1\LOCALS~1\Temp\1.tmp\F_IN_BOX.dll c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\Scumgriever\Application Data\PriceGong c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\1.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\a.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\b.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\c.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\d.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\e.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\f.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\g.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\h.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\i.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\j.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\k.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\l.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\m.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\n.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\o.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\p.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\q.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\r.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\s.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\t.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\u.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\v.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\w.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\wlu.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\x.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\y.txt c:\documents and settings\Scumgriever\Application Data\PriceGong\Data\z.txt c:\documents and settings\Scumgriever\Application Data\Tauhn c:\documents and settings\Scumgriever\Application Data\Tauhn\unsy.exe c:\documents and settings\Scumgriever\Local Settings\Temp\1.tmp\F_IN_BOX.dll c:\documents and settings\Scumgriever\WINDOWS c:\windows\daemon.dll c:\windows\system32\AegisI5Installer.exe c:\windows\system32\AutoRun.inf c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\drivers\1028_DELL_XPS_Vostro 1500 .MRK c:\windows\system32\drivers\DELL_XPS_Vostro 1500 .MRK c:\windows\system32\drivers\etc\lmhosts c:\windows\system32\drivers\npf.sys c:\windows\system32\Packet.dll c:\windows\system32\SET48.tmp c:\windows\system32\SET99.tmp c:\windows\system32\SET9E.tmp c:\windows\system32\wpcap.dll . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_NPF . . ((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 ))))))))))))))))))))))))))))))) . . 2012-08-08 04:46 . 2012-08-08 04:46 -------- d-----w- C:\_OTL 2012-08-06 08:15 . 2012-08-06 08:16 -------- d-----w- c:\documents and settings\Administrator 2012-08-05 09:54 . 2012-08-05 09:54 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2012-08-05 06:17 . 2012-08-05 06:17 -------- d-----w- c:\documents and settings\Scumgriever\Application Data\Malwarebytes 2012-08-05 06:16 . 2012-08-05 06:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-08-05 06:16 . 2012-08-05 06:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-08-05 06:16 . 2012-07-03 03:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-04 17:11 . 2012-05-31 02:25 237072 ------w- c:\windows\system32\MpSigStub.exe 2012-08-04 17:11 . 2012-07-15 16:41 6891424 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E461BF3-1DE1-48CA-8B79-0F10ADC13E57}\mpengine.dll 2012-08-04 17:09 . 2012-08-04 17:09 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\PCHealth 2012-08-04 17:08 . 2012-08-04 17:09 -------- d-----w- c:\program files\Microsoft Security Client 2012-08-04 17:05 . 2012-08-04 17:05 -------- d-----w- c:\documents and settings\Scumgriever\Local Settings\Application Data\PCHealth 2012-07-19 21:36 . 2012-08-05 04:12 -------- d-----w- c:\documents and settings\Scumgriever\Application Data\Aximry 2012-07-19 21:36 . 2012-07-19 21:36 -------- d-----w- c:\documents and settings\Scumgriever\Application Data\Ogesen 2012-07-17 12:17 . 2012-07-17 12:17 -------- d-----w- c:\program files\Adventure Game Studio 3.2.1 2012-07-16 14:10 . 2012-07-16 14:13 -------- d-----w- c:\documents and settings\Scumgriever\Application Data\freac 2012-07-16 14:09 . 2012-07-16 14:09 -------- d-----w- c:\program files\freac . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-18 09:30 . 2012-04-16 18:35 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-18 09:30 . 2011-05-28 13:26 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-13 13:19 . 2004-08-04 10:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 15:50 . 2008-08-29 10:06 1372672 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 15:50 . 2004-08-04 10:00 1172480 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 04:32 . 2004-08-04 10:00 152576 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:19 . 2008-10-16 04:09 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 05:19 . 2009-07-24 16:55 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 05:19 . 2009-07-24 16:55 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 05:19 . 2009-07-24 16:55 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 05:19 . 2008-10-16 04:07 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 05:19 . 2010-03-02 01:28 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 05:19 . 2009-07-24 16:55 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 05:19 . 2009-07-24 16:55 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 05:19 . 2008-10-16 04:09 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 05:19 . 2004-08-04 10:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 05:19 . 2008-10-16 04:07 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 05:19 . 2009-07-24 16:55 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 05:19 . 2009-07-24 16:55 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 05:18 . 2009-08-05 08:21 214256 ----a-w- c:\windows\system32\muweb.dll 2012-06-02 05:18 . 2009-08-05 08:21 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 05:18 . 2009-08-05 08:21 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-05-31 13:22 . 2004-08-04 10:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-15 15:39 . 2006-03-04 03:33 832512 ----a-w- c:\windows\system32\wininet.dll 2010-02-10 00:25 . 2010-02-10 00:25 83456 ----a-w- c:\program files\University Internet.exe 2012-06-24 02:43 . 2011-12-27 11:59 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2010-10-13 11:28 . 2010-04-28 07:54 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}] 2008-12-09 08:40 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}] 2011-05-09 09:49 176936 ----a-w- c:\program files\Vuze_Remote\prxtbVuz2.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192] "{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-09 333192] "{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\prxtbVuz2.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}] [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}] . [HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912] "MyTomTomSA.exe"="c:\program files\MyTomTom 3\MyTomTomSA.exe" [2012-05-18 434168] "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-04-20 247728] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-05-28 273544] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-27 851968] "KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-07-25 823296] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-07-25 974848] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1386776] "DigidesignMMERefresh"="c:\program files\Digidesign\Drivers\MMERefresh.exe" [2006-11-13 61440] "Dell QuickSet"="c:\program files\Dell\QuickSet\quickset.exe" [2007-05-14 1191936] "InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-05-27 2015136] "PAC207_Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2007-12-10 323584] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424] "NvMediaCenter"="NvMCTray.dll" [2011-01-07 111208] "NVHotkey"="nvHotkey.dll" [2011-01-07 178792] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-03 1753192] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "wave1"=Digi32.dll "MIDI1"=diomidi.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk backup=c:\windows\pss\hp psc 1000 series.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk backup=c:\windows\pss\Microsoft Office.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] 2008-06-11 12:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] 2008-06-11 16:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2009-02-27 07:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] 2008-08-13 21:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] 2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] 2004-08-22 07:05 81920 ----a-w- c:\program files\D-Tools\daemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-06-07 09:33 421776 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002] 2004-08-04 10:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] 2010-11-03 22:51 1753192 ----a-w- c:\program files\NVIDIA Corporation\nView\nwiz.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] 2009-06-25 05:12 1414144 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A] 2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync] 2004-08-04 10:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard] 2010-07-06 19:32 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] 2007-05-06 07:10 405504 ----a-w- c:\windows\stsystra.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2011-06-09 02:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Belkin\\Belkin USB Print and Storage Center\\Connect.exe"= "c:\\Program Files\\Belkin\\Router Setup and Monitor\\BelkinSetup.exe"= . R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [26/06/2010 2:29 AM 155136] R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [26/06/2010 2:29 AM 5248] R0 DigiFilter;DigiFilter;c:\windows\system32\drivers\DigiFilt.sys [25/07/2009 3:59 AM 16384] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/10/2011 1:30 PM 232512] R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [31/08/2009 4:45 AM 464264] R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [31/08/2009 4:46 AM 234888] R2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [17/12/2011 3:27 AM 152576] R2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [17/12/2011 3:27 AM 49152] R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [25/07/2009 3:57 AM 11776] R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [20/08/2011 7:15 PM 12184] R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [7/07/2010 5:32 AM 14088] R2 sxuptp;SXUPTP Driver;c:\windows\system32\drivers\sxuptp.sys [17/12/2011 3:27 AM 246936] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [20/04/2012 3:59 PM 92592] R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [10/10/2009 1:07 AM 493248] S2 gupdate1ca2881898c1352;Google Update Service (gupdate1ca2881898c1352);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2009 6:20 PM 133104] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [15/08/2008 5:46 AM 284016] S3 dalwdmservice;dal service;c:\windows\system32\drivers\Dalwdm.sys [25/07/2009 3:57 AM 109056] S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [15/11/2011 12:40 PM 113280] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2009 6:20 PM 133104] S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 1.1.10.2;c:\windows\system32\drivers\libusb0.sys [24/01/2007 6:08 AM 24832] S3 MBX2DFU;MBX2DFU;c:\windows\system32\drivers\mbx2dfu.sys [25/07/2009 3:58 AM 15488] S3 MBX2MIDK;Digidesign Mbox 2 Midi Driver;c:\windows\system32\drivers\mbx2midk.sys [25/07/2009 3:58 AM 15232] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6/05/2012 12:39 PM 113120] S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [4/08/2009 10:03 PM 17408] S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [18/01/2012 9:49 PM 17848] S3 PAC207;Trust 100K Series Webcam;c:\windows\system32\drivers\PFC027.SYS [6/06/2010 1:49 AM 618112] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *NewlyCreated* - WUAUSERV . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder . 2012-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 07:57] . 2009-11-07 c:\windows\Tasks\FRU Task 2003-04-10 00:56ewlett-Packard2003-04-10 00:56p psc 1200 series272A572217594EBCF1CEE215E352B92AD073FDE4248881498.job - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-09 07:56] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 08:20] . 2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 08:20] . 2010-01-17 c:\windows\Tasks\Install_NSS.job - c:\program files\Vuze\nssstub.exe [2010-01-16 19:34] . 2012-08-08 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03] . 2012-08-08 c:\windows\Tasks\MpIdleTask.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 07:03] . 2012-08-08 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-436374069-484763869-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 00:47] . 2012-08-04 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-436374069-484763869-839522115-1003.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 00:47] . . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyServer = 199.197.2.183:80 uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Scumgriever\Application Data\Mozilla\Firefox\Profiles\04gj2eyl.default\ FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Eritutewf - c:\documents and settings\Scumgriever\Application Data\Tauhn\unsy.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-08-08 15:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*] "value"="?\0c\04\0f\0f98Ú" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1088) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll . - - - - - - - > 'explorer.exe'(2420) c:\windows\system32\WININET.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\btncopy.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Intel\Wireless\Bin\S24EvMon.exe c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\program files\Intel\Wireless\Bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\PnkBstrA.exe c:\program files\Intel\Wireless\Bin\RegSrvc.exe c:\program files\Intel\Wireless\Bin\WLKeeper.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\system32\RunDLL32.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE c:\program files\Intel\Wireless\Bin\Dot1XCfg.exe c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe c:\windows\System32\rundll32.exe c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE c:\windows\System32\rundll32.exe . ************************************************************************** . Completion time: 2012-08-08 15:39:09 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-08 05:38 . Pre-Run: 8,252,817,408 bytes free Post-Run: 12,266,369,024 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 943419780FEBEAC82B64E22C9CFCD1B5