ComboFix 12-06-23.05 - Naruemon 06/23/2012 19:34:41.1.2 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1536 [GMT -4:00] Running from: c:\documents and settings\Naruemon\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: nProtect GameGuard Personal 3.0 *Enabled/Updated* {7D36BE97-9969-4C9F-9DC1-282DB4E1FBEA} FW: nProtect GameGuard Personal 3.0 *Enabled* {3AC1D7C3-C4DE-490A-8A66-CFCAFFB0849A} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\All Users\Application Data\TEMP\DFC5A2B2.TMP c:\documents and settings\Naruemon\Application Data\PriceGong c:\documents and settings\Naruemon\Application Data\PriceGong\Data\1.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\a.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\b.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\c.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\d.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\e.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\f.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\g.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\h.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\i.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\J.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\k.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\l.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\m.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\mru.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\n.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\o.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\p.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\q.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\r.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\s.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\t.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\u.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\v.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\w.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\x.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\y.xml c:\documents and settings\Naruemon\Application Data\PriceGong\Data\z.xml c:\documents and settings\Naruemon\GateWayMain.exe c:\documents and settings\Naruemon\Local Settings\Application Data\assembly\tmp c:\documents and settings\Naruemon\My Documents\~WRL2150.tmp c:\windows\$NtUninstallKB19013$ c:\windows\$NtUninstallKB19013$\2244202374\@ c:\windows\$NtUninstallKB19013$\2244202374\Desktop.ini c:\windows\$NtUninstallKB19013$\2244202374\L\odetmngk c:\windows\$NtUninstallKB19013$\3144440441 c:\windows\Downloaded Program Files\Temp c:\windows\system32\nspupdt.dll.tmp c:\windows\system32\SET8E.tmp c:\windows\system32\SET9A.tmp c:\windows\system32\SETEF.tmp c:\windows\system32\SETF0.tmp c:\windows\system32\SETF4.tmp c:\windows\system32\SETF5.tmp c:\windows\system32\SETF6.tmp c:\windows\system32\SETFA.tmp c:\windows\system32\SETFC.tmp . c:\windows\system32\drivers\cdrom.sys was missing Restored copy from - c:\windows\system32\dllcache\cdrom.sys . . ((((((((((((((((((((((((( Files Created from 2012-05-24 to 2012-06-24 ))))))))))))))))))))))))))))))) . . 2012-06-24 00:01 . 2012-06-24 00:01 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-06-23 23:55 . 2008-04-14 04:10 62976 ----a-w- c:\windows\system32\drivers\cdrom.sys 2012-06-23 23:55 . 2008-04-14 04:10 62976 ----a-w- c:\windows\system32\dllcache\cdrom.sys 2012-06-23 22:31 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{09585C86-98C2-425F-B6E9-3F2B3A4660C0}\mpengine.dll 2012-06-22 22:30 . 2012-05-31 03:41 6762896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-05 23:36 . 2012-06-05 23:36 -------- d-----w- C:\_OTL 2012-06-02 20:25 . 2012-06-02 20:25 -------- d-----w- c:\documents and settings\Naruemon\Application Data\AskToolbar 2012-06-02 20:24 . 2012-06-02 20:25 -------- d-----w- c:\program files\Ask.com 2012-06-02 20:24 . 2012-06-02 21:32 -------- d-----w- c:\documents and settings\Naruemon\Local Settings\Application Data\AskToolbar 2012-06-02 20:19 . 2012-06-02 20:19 -------- d-----w- c:\program files\MediaFire 2012-06-02 01:03 . 2012-06-02 01:03 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin7.dll 2012-06-02 01:03 . 2012-06-02 01:03 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2012-06-02 01:03 . 2012-06-02 01:03 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2012-06-02 01:03 . 2012-06-02 01:03 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2012-06-02 01:03 . 2012-06-02 01:03 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2012-06-02 01:03 . 2012-06-02 01:03 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2012-06-02 01:03 . 2012-06-02 01:03 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-02 19:19 . 2007-05-22 20:00 22040 ----a-w- c:\windows\system32\wucltui.dll.mui 2012-06-02 19:19 . 2007-05-22 20:00 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui 2012-06-02 19:19 . 2004-08-04 11:00 329240 ----a-w- c:\windows\system32\wucltui.dll 2012-06-02 19:19 . 2004-08-04 11:00 219160 ----a-w- c:\windows\system32\wuaucpl.cpl 2012-06-02 19:19 . 2004-08-04 11:00 210968 ----a-w- c:\windows\system32\wuweb.dll 2012-06-02 19:19 . 2007-05-22 20:00 15384 ----a-w- c:\windows\system32\wuapi.dll.mui 2012-06-02 19:19 . 2005-05-26 08:16 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 19:19 . 2005-04-12 03:04 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 19:19 . 2004-08-04 11:00 97304 ----a-w- c:\windows\system32\cdm.dll 2012-06-02 19:19 . 2004-08-04 11:00 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 19:19 . 2007-05-22 20:00 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui 2012-06-02 19:19 . 2004-08-04 11:00 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 19:19 . 2004-08-04 11:00 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 19:18 . 2008-04-14 03:33 17136 ----a-w- c:\windows\system32\mucltui.dll.mui 2012-06-02 19:18 . 2008-04-14 03:33 275696 ----a-w- c:\windows\system32\mucltui.dll 2012-06-02 19:18 . 2007-07-30 23:18 214256 ----a-w- c:\windows\system32\muweb.dll 2012-05-31 13:22 . 2004-08-04 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2012-05-16 15:08 . 2004-08-04 11:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 13:20 . 2004-08-04 11:00 1863168 ----a-w- c:\windows\system32\win32k.sys 2012-05-11 14:42 . 2004-08-04 11:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-05-11 14:42 . 2004-08-04 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-05-11 11:38 . 2004-08-04 11:00 385024 ------w- c:\windows\system32\html.iec 2012-05-04 13:16 . 1980-01-01 06:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 12:32 . 1980-01-01 06:00 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-05-02 13:46 . 2004-08-04 11:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts 2012-04-04 19:56 . 2010-08-04 02:13 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-03 20:31 . 2011-11-19 06:27 1032192 ----a-w- c:\windows\system32\nspupdt.dll 2012-04-02 21:07 . 2011-11-19 06:21 196928 ----a-w- c:\windows\system32\TKFsAvMU.dll 2012-03-31 20:32 . 2012-03-31 20:32 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-31 20:32 . 2011-06-17 18:01 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-12-21 07:24 . 2011-12-30 23:29 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}] 2009-11-07 05:07 297808 ----a-w- c:\windows\SYSTEM32\mscoree.dll . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-04-09 21:43 1519272 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-04-09 1519272] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17151624] "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-06-02 1957888] "igndlm.exe"="c:\program files\Download Manager\DLM.exe" [2009-05-14 1103216] "Browser Infrastructure Helper"="c:\documents and settings\Naruemon\Local Settings\Application Data\Smartbar\Application\Smartbar.exe" [2012-03-20 19272] "Akamai NetSession Interface"="c:\documents and settings\Naruemon\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-26 4327744] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-12 13672448] "Windows Media Connect 2"="c:\program files\Windows Media Connect 2\WMCCFG.exe" [2006-10-19 8704] "TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-08-13 273544] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928] "PlusService"="c:\program files\Yuna Software\Messenger Plus!\PlusService.exe" [2012-02-27 801792] "nwiz"="nwiz.exe" [2008-11-12 1630208] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-12 86016] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-04-04 981680] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824] "dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384] "DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064] "CTCheck"="c:\program files\Creative\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-04-19 421888] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-04-09 1557160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ 802.11b+g USB Wireless LAN Utility.lnk.disabled [2005-12-3 1639] Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-8-15 113664] Hawking HWU54D Utility.lnk.disabled [2005-4-11 1799] LUMIX Simple Viewer.lnk - c:\program files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2005-12-14 61440] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-10-20 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "mmtask"="c:\program files\Musicmatch\Musicmatch Jukebox\mmtask.exe" "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" /r "MsgCenterExe"="c:\program files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Documents and Settings\\Naruemon\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1136:TCP"= 1136:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface . R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [3/22/2011 9:36 PM 239168] R0 pctDS;PC Tools Data Store;c:\windows\SYSTEM32\DRIVERS\pctDS.sys [3/22/2011 9:36 PM 338880] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608] R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [8/4/2004 7:00 AM 14336] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [6/15/2011 5:33 PM 249648] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/3/2010 10:13 PM 654408] R2 NSPUpdateService;nProtect GameGuard Personal 3.0 Update Service;c:\windows\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspupsvc.exe [11/19/2011 2:27 AM 1252808] R3 MBAMProtector;MBAMProtector;c:\windows\SYSTEM32\DRIVERS\mbam.sys [8/3/2010 10:13 PM 22344] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 1:22 PM 135664] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 9:16 AM 158856] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SYSTEM32\Macromed\Flash\FlashPlayerUpdateService.exe [3/31/2012 4:32 PM 253600] S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [7/7/2011 7:31 PM 195336] S3 EagleXNt;EagleXNt;c:\windows\SYSTEM32\DRIVERS\EagleXNt.sys [10/23/2011 7:04 PM 497632] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/30/2010 1:22 PM 135664] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [11/16/2010 1:10 AM 267568] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232] S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/4/2004 7:00 AM 14336] S3 NPFW;NPFW;c:\windows\SYSTEM32\npfw.sys [11/19/2011 2:22 AM 108736] S3 NPFWFLT;NPFWFLT;c:\windows\SYSTEM32\npfwflt.sys [11/19/2011 2:22 AM 82496] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 NPIDS;NPIDS;c:\windows\SYSTEM32\npids.sys [11/19/2011 2:22 AM 86368] S3 NSPService;nProtect GameGuard Personal 3.0 Service;c:\windows\SYSTEM32\INCAInternet\nProtect GameGuard Personal 3.0\nspsvc.exe [11/29/2011 9:14 PM 581248] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [3/22/2011 9:36 PM 366840] S3 TKCtrl;TKCtrl;c:\windows\SYSTEM32\TKCtrl2k.sys [11/19/2011 2:21 AM 108480] S3 TKFsAvM;TKFsAvM;c:\windows\SYSTEM32\TKFsAv.sys [11/29/2011 9:14 PM 141632] S3 TkFsFtM;MiniFilter Driver;c:\windows\SYSTEM32\TKFsFt.sys [11/19/2011 2:21 AM 18496] S3 TKFW;TKFW;c:\windows\SYSTEM32\TKFW.sys [1/14/2012 9:24 PM 108992] S3 TKFWFLT;TKFWFLT;c:\windows\SYSTEM32\tkfwflt.sys [1/14/2012 9:24 PM 82368] S3 TKIDS;TKIDS;c:\windows\SYSTEM32\tkids.sys [1/14/2012 9:24 PM 88000] S3 TKPcFt;TKPcFt;c:\windows\SYSTEM32\TKPcFtHk.sys [11/29/2011 9:14 PM 28480] S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\SYSTEM32\DRIVERS\ZD1211U.sys [4/11/2005 10:16 PM 273408] S3 XDva238;XDva238;\??\c:\windows\system32\XDva238.sys --> c:\windows\system32\XDva238.sys [?] S3 XDva248;XDva248;\??\c:\windows\system32\XDva248.sys --> c:\windows\system32\XDva248.sys [?] S3 XDva273;XDva273;\??\c:\windows\system32\XDva273.sys --> c:\windows\system32\XDva273.sys [?] S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?] S3 XDva337;XDva337;\??\c:\windows\system32\XDva337.sys --> c:\windows\system32\XDva337.sys [?] S3 XDva344;XDva344;\??\c:\windows\system32\XDva344.sys --> c:\windows\system32\XDva344.sys [?] S3 XDva370;XDva370;\??\c:\windows\system32\XDva370.sys --> c:\windows\system32\XDva370.sys [?] S3 XDva375;XDva375;\??\c:\windows\system32\XDva375.sys --> c:\windows\system32\XDva375.sys [?] S3 XDva380;XDva380;\??\c:\windows\system32\XDva380.sys --> c:\windows\system32\XDva380.sys [?] S3 XDva382;XDva382;\??\c:\windows\system32\XDva382.sys --> c:\windows\system32\XDva382.sys [?] S3 XDva383;XDva383;\??\c:\windows\system32\XDva383.sys --> c:\windows\system32\XDva383.sys [?] S3 XDva385;XDva385;\??\c:\windows\system32\XDva385.sys --> c:\windows\system32\XDva385.sys [?] S3 XDva387;XDva387;\??\c:\windows\system32\XDva387.sys --> c:\windows\system32\XDva387.sys [?] S3 XDva391;XDva391;\??\c:\windows\system32\XDva391.sys --> c:\windows\system32\XDva391.sys [?] S3 ZD1211U(Hawking Technologies);Hawking Technologies HWU54D Hi-Gain Wireless-G USB Adapter(Hawking Technologies);c:\windows\SYSTEM32\DRIVERS\ZD1211U.sys [4/11/2005 10:16 PM 273408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 20:32] . 2012-06-22 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57] . 2012-06-23 c:\windows\Tasks\ConfigExec.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 05:09] . 2012-06-23 c:\windows\Tasks\DataUpload.job - c:\program files\Microsoft Fix it Center\MatsApi.dll [2010-11-16 05:09] . 2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 17:21] . 2012-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 17:21] . 2012-06-24 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 21:03] . 2008-07-17 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job - c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 16:01] . 2012-06-23 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2292039778-2617604353-2424026137-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2012-06-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2292039778-2617604353-2424026137-1006.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2012-06-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2012-04-09 21:43] . . ------- Supplementary Scan ------- . uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = iexplore uInternet Settings,ProxyOverride = 127.0.0.1:9421; uSearchAssistant = hxxp://www.plusnetwork.com/?sp=addr&q={searchTerms} IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 IE: Search &Dictionary - c:\program files\Lexico\Toolbar\dictionary.htm IE: Search &Thesaurus - c:\program files\Lexico\Toolbar\thesaurus.htm IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Naruemon\Start Menu\Programs\IMVU\Run IMVU.lnk LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll Trusted Zone: linkworkspace.com\www TCP: Interfaces\{1D7BC391-8E7B-4233-B94F-3D49E9709F16}: NameServer = 192.168.1.1 TCP: Interfaces\{53B82366-2926-40FA-AFC4-8BDD633EE722}: NameServer = 192.168.1.1 TCP: Interfaces\{BE928E25-F8F3-446E-9932-6FC1208E18E9}: NameServer = 167.206.251.16,167.206.251.80,167.206.251.15 DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab FF - ProfilePath - c:\documents and settings\Naruemon\Application Data\Mozilla\Firefox\Profiles\6kk52tsc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.plusnetwork.com/?sp=hp FF - prefs.js: browser.search.selectedEngine - Messenger Plus Smartbar Search FF - prefs.js: keyword.URL - hxxp://www.plusnetwork.com/?sp=faddr&q= #FF - user.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1940427 FF - user.js: network.cookie.prefsMigrated - true FF - user.js: network.proxy.backup.ftp - FF - user.js: network.proxy.backup.ftp_port - 0 FF - user.js: network.proxy.backup.gopher - FF - user.js: network.proxy.backup.gopher_port - 0 FF - user.js: network.proxy.backup.socks - FF - user.js: network.proxy.backup.socks_port - 0 FF - user.js: network.proxy.backup.ssl - FF - user.js: network.proxy.backup.ssl_port - 0 FF - user.js: network.proxy.ftp - 127.0.0.1 FF - user.js: network.proxy.ftp_port - 8080 FF - user.js: network.proxy.gopher - 127.0.0.1 FF - user.js: network.proxy.gopher_port - 8080 FF - user.js: network.proxy.http - 127.0.0.1 FF - user.js: network.proxy.http_port - 8080 FF - user.js: network.proxy.share_proxy_settings - true FF - user.js: network.proxy.socks - 127.0.0.1 FF - user.js: network.proxy.socks_port - 8080 FF - user.js: network.proxy.ssl - 127.0.0.1 FF - user.js: network.proxy.ssl_port - 8080 FF - user.js: network.proxy.type - 2 user_pref(network.proxy.autoconfig_url,file:///c:\windows\proxy.pac); . - - - - ORPHANS REMOVED - - - - . HKCU-Run-GateWay - c:\documents and settings\Naruemon\GateWayMain.exe HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe Notify-NavLogon - (no file) AddRemove-Game Maker 7.0 - c:\documents and settings\Naruemon\Desktop\software 65\New Folder (5)\Uninstal.exe AddRemove-PunkBusterSvc - c:\program files\GAMERSFIRST\APB RELOADED\Binaries\pbsvc_apb.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files\DivX\DivXCodecUninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-06-23 19:59 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai] "ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll" . [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2292039778-2617604353-2424026137-1006\Software\SecuROM\License information*] "datasecu"=hex:12,3f,c2,2c,e1,77,23,43,19,bd,4c,42,1b,1b,fa,75,29,6f,cb,86,8c, ee,83,58,14,a1,09,13,bf,49,ff,53,42,8e,c8,0f,93,ea,3a,87,df,12,f0,6e,61,00,\ "rkeysecu"=hex:64,b6,bd,e1,3e,80,9e,c4,40,b4,90,83,87,8e,33,49 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(676) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(740) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'explorer.exe'(2536) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\IME\SPGRMR.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\CTsvcCDA.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Dell Support Center\bin\sprtsvc.exe c:\windows\system32\SearchIndexer.exe c:\program files\Canon\CAL\CALMAIN.exe c:\program files\Windows Media Player\WMPNetwk.exe c:\windows\system32\RUNDLL32.EXE c:\program files\Microsoft IntelliPoint\dpupdchk.exe c:\windows\system32\msiexec.exe . ************************************************************************** . Completion time: 2012-06-23 20:18:12 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-24 00:18 . Pre-Run: 2,430,685,184 bytes free Post-Run: 3,557,769,216 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 4F432926D471418FC3245EECB4BFAEF6