ComboFix 09-10-27.07 - Willium 31/10/2009 8:30.1.1 - NTFSx86 MINIMAL Running from: c:\documents and settings\Willium\Desktop\ComboFix.exe AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Willium\Start Menu\Programs\[Accessories]\Startup\Logitech . Product Registration.lnk c:\windows\system32\AdCache c:\windows\system32\GroupPolicy000.dat c:\windows\system32\SystemService32 Infected copy of c:\windows\system32\eventlog.dll was found and disinfected Restored copy from - c:\windows\ServicePackFiles\i386\eventlog.dll . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED} ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-31 ))))))))))))))))))))))))))))))) . 2009-11-06 19:45 . 2009-10-31 08:03 0 ----a-r- c:\windows\win32k.sys 2009-11-06 19:24 . 2009-11-06 19:24 -------- d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP 2009-11-06 18:27 . 2009-10-28 11:56 -------- d-----w- c:\program files\Gmask 1.70 English 2009-11-06 06:50 . 2009-11-06 06:50 -------- d-----w- c:\documents and settings\Willium\Application Data\Virgin Broadband 2009-11-06 06:50 . 2009-11-06 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Virgin Broadband 2009-11-05 16:48 . 2009-11-05 16:48 -------- d-----w- c:\documents and settings\Willium\Application Data\Unity 2009-11-05 16:43 . 2009-11-05 16:43 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\Unity 2009-11-05 16:43 . 2009-11-05 16:43 -------- d-----w- c:\program files\Unity 2009-11-05 16:30 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll 2009-11-05 16:28 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll 2009-10-27 20:25 . 2009-10-27 20:25 -------- d-----w- c:\program files\Windows Live 2009-10-27 15:43 . 2009-10-27 15:43 120200 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-27 15:39 . 2009-10-27 15:40 -------- d-----w- C:\94a3715beca94d1d71328d050a 2009-10-27 15:30 . 2009-10-27 15:30 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2009-10-27 15:17 . 2009-10-27 15:17 -------- d-----w- c:\documents and settings\Willium\Application Data\Windows Search 2009-10-27 15:13 . 2009-10-27 15:13 -------- d-----w- c:\documents and settings\Willium\Application Data\Windows Desktop Search 2009-10-27 15:12 . 2009-10-28 10:31 -------- d-----w- c:\program files\Windows Desktop Search 2009-10-27 15:12 . 2009-10-27 15:12 -------- d-----w- c:\windows\system32\GroupPolicy 2009-10-27 15:12 . 2008-03-07 17:02 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll 2009-10-27 15:12 . 2008-03-07 17:02 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll 2009-10-27 15:12 . 2008-03-07 17:02 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll 2009-10-27 15:10 . 2009-10-27 15:10 -------- d-----w- c:\windows\system32\URTTEMP 2009-10-27 14:51 . 2009-10-27 14:51 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-10-26 22:25 . 2009-10-26 22:25 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\AVG Security Toolbar 2009-10-26 22:23 . 2009-10-26 22:34 -------- d-----w- C:\$AVG 2009-10-26 22:22 . 2009-10-26 22:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-10-26 22:22 . 2009-10-27 14:46 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-10-26 22:22 . 2009-10-26 22:22 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-10-26 22:22 . 2009-10-27 14:47 -------- d-----w- c:\windows\system32\drivers\Avg 2009-10-26 22:22 . 2009-10-26 22:22 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-10-26 22:22 . 2009-10-27 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-10-26 22:22 . 2009-10-26 22:22 -------- d-----w- c:\program files\AVG 2009-10-26 22:22 . 2009-10-26 22:22 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 2009-10-26 22:16 . 2009-10-26 22:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ZKS_COMPANY_NAME 2009-10-19 17:32 . 2009-10-23 08:32 -------- d-----w- c:\program files\Zax 2009-10-19 16:56 . 2009-10-19 16:56 -------- d-----w- c:\documents and settings\Willium\Application Data\Technology Lighthouse 2009-10-19 16:56 . 2009-10-19 16:56 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP 2009-10-19 16:55 . 2009-10-19 16:55 -------- d-----w- c:\program files\Technology Lighthouse 2009-10-19 07:32 . 2009-10-19 07:32 -------- d-----w- c:\documents and settings\Willium\Local Settings\Application Data\iMesh 2009-10-19 07:32 . 2009-10-19 07:32 -------- d-----w- c:\program files\iMesh Applications . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-05 16:32 . 2008-06-24 12:02 -------- d-----w- c:\program files\Java 2009-10-31 19:44 . 2009-07-27 19:39 -------- d-----w- c:\documents and settings\Willium\Application Data\Juce VST Host 2009-10-31 04:11 . 2008-10-12 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2009-10-28 12:27 . 2008-06-10 12:51 -------- d-----w- c:\program files\Steam 2009-10-27 18:53 . 2008-06-10 13:27 48504 -c--a-w- c:\documents and settings\Willium\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-10-26 22:18 . 2008-06-10 13:02 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-26 22:18 . 2008-06-10 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\ntl 2009-10-26 22:18 . 2008-06-10 13:00 -------- d-----w- c:\program files\Common Files\Command Software 2009-10-26 22:05 . 2008-06-10 14:09 230 ----a-w- c:\windows\freedom.backup.dat 2009-10-23 08:32 . 2008-08-22 16:46 21840 ----atw- c:\windows\system32\SIntfNT.dll 2009-10-23 08:32 . 2008-08-22 16:46 17212 ----atw- c:\windows\system32\SIntf32.dll 2009-10-23 08:32 . 2008-08-22 16:46 12067 ----atw- c:\windows\system32\SIntf16.dll 2009-10-22 18:19 . 2008-11-09 16:15 -------- d-----w- c:\program files\DOSBox-0.72 2009-10-19 14:11 . 2009-09-12 22:08 48 ----a-w- c:\windows\popcinfot.dat 2009-10-19 11:55 . 2008-06-19 18:05 -------- d-----w- c:\program files\NetAnts 2009-10-19 11:30 . 2008-11-07 00:10 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2009-10-19 11:30 . 2008-11-07 00:10 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2009-10-17 19:06 . 2008-10-24 20:14 -------- d-----w- c:\documents and settings\Willium\Application Data\uTorrent 2009-10-17 17:41 . 2009-03-11 00:33 -------- d-----w- c:\program files\Guitar Pro 5 2009-09-22 16:58 . 2009-05-13 18:06 -------- d-----w- c:\program files\Crayon Physics Deluxe 2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-08 08:52 . 2009-09-08 08:52 -------- d-----w- c:\program files\Eidos Interactive 2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 08:08 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-26 08:00 . 2004-08-04 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll 2009-08-04 20:44 . 2004-08-04 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-08-04 14:20 . 2004-08-03 22:59 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-08-02 15:17 . 2009-04-29 16:35 17 ----a-w- c:\windows\popcinfo.dat . ------- Sigcheck ------- [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll [-] 2006-10-18 20:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll [-] 2004-08-04 12:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-18 12:27 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-09-18 1119488] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-06-23 68856] "Steam"="c:\program files\Steam\Steam.exe" [2009-10-26 1217808] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "BJCFD"="c:\program files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "SideWinderTrayV4"="c:\progra~1\MICROS~2\GAMECO~1\common\swtrayv4.exe" [1999-05-12 20545] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-12-20 2656528] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280] "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-27 2010904] "NetFxUpdate_v1.1.4322"="c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe" [2004-08-10 106496] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-05-16 1630208] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Willium\Start Menu\Programs\[Accessories]\Startup\ c:\documents and settings\All Users\Start Menu\Programs\Startup\ BN-WD54G Wireless Utility.lnk - c:\program files\BLUENEXT\BN-WD54G Wireless Utility\Installer\WINXP\BWCU.exe [2009-4-29 598016] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-10-26 22:22 12464 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "KService"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"= "c:\\Program Files\\Kontiki\\KService.exe"= "c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\garrysmod\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\source sdk base\\hl2.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\multiwinia\\multiwinia.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\gish\\gish.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\sam and max episode 4\\sammax104_drm.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus demo\\Exoddus.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\oddworld abes oddysee demo\\AbeDemo.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\the wonderful end of the world\\main.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\peggle extreme\\PeggleExtreme.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\geometry wars\\GeometryWars.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\eets\\Eets.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\gumboy crazy adventures\\GumboyCrazyAdventures.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\gumboy crazy features\\GumboyCrazyFeatures.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\flatout\\flatout.exe"= "c:\\Program Files\\Steam\\steamapps\\lightsxout\\team fortress 2\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\flatout2\\FlatOut2.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Steam\\steamapps\\lightsxout\\source sdk base\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\peggle deluxe\\Peggle.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\peggle nights\\PeggleNights.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"= "c:\\Program Files\\Team17 Software Ltd\\Worms Forts Under Siege\\WF.exe"= "c:\\Team17\\Worms2\\frontend.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\gumboy tournament demo\\GumboyTournament.exe"= "c:\\WINDOWS\\system32\\dpnsvr.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\full pipe\\Fullpipe.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"= "c:\\Program Files\\Games\\Microsoft Games\\Age of Empires II\\empires2.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Steam\\steamapps\\lightsxout\\smashball\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"= "c:\\Program Files\\Steam\\steamapps\\willium_bob_cole\\counter-strike source\\hl2.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\trine demo\\trine_launcher.exe"= "c:\\Program Files\\Steam\\steamapps\\common\\blueberry garden demo\\BlueberryGarden.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"= "c:\\Documents and Settings\\Willium\\Desktop\\Valve Lan Lite - School Edition\\hl.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "56928:TCP"= 56928:TCP:Pando Media Booster "56928:UDP"= 56928:UDP:Pando Media Booster S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [26/10/2009 10:22 PM 333192] S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [26/10/2009 10:22 PM 360584] S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [26/10/2009 10:22 PM 906520] S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [26/10/2009 10:22 PM 285392] S3 DM9USB;DM9601 USB To Fast Ethernet Adapter;c:\windows\system32\drivers\dm9usb.sys [21/03/2002 8:14 AM 21376] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] --- Other Services/Drivers In Memory --- *Deregistered* - mbr . Contents of the 'Scheduled Tasks' folder 2009-10-31 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-16 08:36] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: &Download by NetAnts - c:\progra~1\NetAnts\NAGet.htm IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Download &All by NetAnts - c:\progra~1\NetAnts\NAGetAll.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Willium\Start Menu\Programs\IMVU\Run IMVU.lnk FF - ProfilePath - c:\documents and settings\Willium\Application Data\Mozilla\Firefox\Profiles\151xy818.default\ FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHANS REMOVED - - - - HKLM-Run-ntl Netguard - c:\program files\ntl\ntl Netguard\RPS.exe HKLM-Run-CmUsbSound - cmcnfgu.cpl AddRemove-BigTickRhino2Vst_is1 - c:\program files\Rhino2\unins000.exe AddRemove-Coffee Break PacMan - g:\psp\SAVEDATA\Coffee Break PacMan\uninstall.exe AddRemove-Dance eJay3 - c:\program_files\eJay\Dance3\deinstal.exe AddRemove-De_Blob_EN - c:\program files\De Blob\Uninstall EN.exe AddRemove-eMazing Mazes - c:\progra~1\eGames\EMAZIN~1\UNWISE.EXE AddRemove-Frets on Fire - c:\program files\Frets on Fire\Uninstall.exe AddRemove-Golf Demo - c:\program files\Golf Demo\uninstall.exe AddRemove-Ichor - c:\program files\Ichor\uninstall.exe AddRemove-Metal Gear Solid 1.0 - c:\program files\Metal Gear Solid\UNINSTAL.EXE AddRemove-PianoFX STUDIO 4.0_is1 - c:\program files\PianoFX\unins000.exe AddRemove-Porrasturvat - Stair Dismount - c:\program files\Porrasturvat - Stair Dismount\uninstall.exe AddRemove-Raptor Special Edition - c:\progra~1\Game\eGames\RAPTOR~1\UNWISE.EXE AddRemove-Snooker147 1.0 (Shareware) - c:\program files\Games\[Shareware]\JHC SoftWare\Snooker147 1.0 (Shareware)\DeIsL1.isu AddRemove-Toribash_is1 - c:\games\Toribash-3.32\unins000.exe AddRemove-VoiceMX STUDIO 4_is1 - c:\program files\VoiceMX\unins000.exe AddRemove-2speced client10.5 - c:\documents and settings\Willium\My Documents\My Music\Uninstal.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-10-31 09:00 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1708537768-630328440-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:13,3b,01,e9,a8,bb,5b,e8,6d,33,97,85,58,79,f8,67,86,f9,54,bf,33, 02,c2,64,55,dc,95,cd,b2,af,5d,99,4f,ae,16,03,c7,52,61,64,15,ec,63,40,8d,31,\ "rkeysecu"=hex:3e,80,9e,c4,40,b4,90,83,87,8e,33,49,64,ac,f8,d9 . ------------------------ Other Running Processes ------------------------ . c:\program files\AVG\AVG9\avgchsvx.exe c:\combofix\CF19472.exe c:\combofix\PEV.cfxxe . ************************************************************************** . Completion time: 2009-10-31 9:19 - machine was rebooted ComboFix-quarantined-files.txt 2009-10-31 09:18 Pre-Run: 9,321,820,160 bytes free Post-Run: 11,170,033,664 bytes free - - End Of File - - 2F5F2CF76AEA3DFB1FCA36A03CD38A3D