ComboFix 09-11-04.02 - Compaq_Administrator 04/11/2009 17:52.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.2046.1311 [GMT 0:00]
Running from: c:\documents and settings\Compaq_Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\INSTALL.LOG
c:\program files\WinPCap\NetMonInstaller.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
c:\program files\WinPCap\Uninstall.exe
c:\windows\kb913800.exe
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2009-10-04 to 2009-11-04 )))))))))))))))))))))))))))))))
.
2009-11-04 17:42 . 2009-11-04 17:42 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-04 16:04 . 2009-11-04 16:04 -------- d-----w- c:\program files\LogMeIn Hamachi
2009-11-03 19:47 . 2009-11-03 19:48 -------- d-----w- C:\rsit
2009-10-31 13:02 . 2009-10-31 13:02 -------- d-----w- c:\program files\Stalker Complete 2009
2009-10-31 12:23 . 2009-10-31 12:23 -------- d-----w- c:\program files\THQ
2009-10-30 14:25 . 2009-10-30 14:25 -------- d-----w- c:\program files\SystemRequirementsLab
2009-10-30 14:25 . 2009-10-30 14:25 138240 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_d.dll
2009-10-30 14:25 . 2009-10-30 14:25 138240 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_c.dll
2009-10-30 14:25 . 2009-10-30 14:25 138240 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_b.dll
2009-10-30 14:25 . 2009-10-30 14:25 138240 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab\SRLProxy_srl_4_1_14_0_a.dll
2009-10-30 14:25 . 2009-10-30 14:25 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\SystemRequirementsLab
2009-10-30 14:19 . 2009-10-30 22:18 -------- d-----w- C:\Fraps
2009-10-29 23:40 . 2007-05-16 16:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
2009-10-29 17:49 . 2009-10-29 17:52 -------- d-----w- C:\$AVG
2009-10-29 17:48 . 2009-10-29 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-10-29 13:06 . 2009-10-29 13:06 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-10-22 06:24 . 2009-09-23 09:41 26176 ---ha-w- c:\windows\system32\hamachi.sys
2009-10-21 16:11 . 2009-10-26 16:28 -------- d-----w- c:\program files\Killing Floor
2009-10-21 16:02 . 2009-10-21 16:03 -------- d-----w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\LogMeIn Hamachi
2009-10-21 16:02 . 2009-11-04 18:05 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2009-10-18 20:32 . 2009-10-18 20:32 -------- d-----w- c:\program files\directx
2009-10-18 20:24 . 2009-10-18 20:32 -------- d-----w- c:\program files\Rockstar Games
2009-10-17 23:12 . 1997-04-08 19:08 299520 ----a-w- c:\windows\uninst.exe
2009-10-17 23:12 . 1996-11-06 19:11 69632 ----a-w- c:\windows\RAUNINST.EXE
2009-10-17 23:12 . 2009-10-17 23:13 -------- d-----w- C:\WESTWOOD
2009-10-17 22:40 . 2009-10-17 22:41 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-17 21:40 . 2009-10-29 15:53 -------- d-----w- C:\Dynamix
2009-10-17 21:27 . 2009-10-17 21:27 -------- d-----w- c:\program files\Dyson
2009-10-17 16:32 . 2009-10-17 16:32 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Toribash
2009-10-17 16:31 . 2009-10-17 16:31 -------- d-----w- C:\Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-04 17:44 . 2009-05-28 12:25 -------- d-----w- c:\program files\Java
2009-11-04 17:09 . 2009-09-05 15:35 -------- d-----w- c:\program files\Steam
2009-11-03 18:31 . 2009-05-28 14:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-03 18:31 . 2009-07-04 08:12 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-02 14:23 . 2009-05-29 11:40 -------- d-----w- c:\program files\AFFPlanetStorm
2009-11-01 20:08 . 2009-05-28 14:27 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\uTorrent
2009-10-31 14:17 . 2009-05-30 18:46 -------- d-----w- c:\program files\Common Files\Adobe
2009-10-29 17:49 . 2009-05-28 14:18 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-10-29 17:49 . 2009-05-28 14:18 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-10-29 17:49 . 2009-05-28 14:18 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-10-29 17:49 . 2009-05-28 14:18 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-10-29 17:48 . 2009-05-28 14:18 -------- d-----w- c:\program files\AVG
2009-10-29 16:29 . 2009-08-26 04:34 -------- d-----w- c:\program files\ijji
2009-10-29 16:26 . 2009-05-28 12:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-28 18:50 . 2009-07-14 06:46 -------- d-----w- c:\program files\Codemasters
2009-10-28 18:47 . 2009-07-14 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Codemasters
2009-10-26 19:00 . 2009-05-28 16:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-10-26 08:50 . 2009-05-28 13:06 -------- d-----w- c:\program files\Google
2009-10-25 17:09 . 2009-05-28 14:12 92336 ----a-w- c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-24 23:32 . 2009-07-19 22:26 491000 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-19 22:22 . 2009-09-22 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-19 22:20 . 2009-05-28 12:53 -------- d-----w- c:\program files\Microsoft Works
2009-10-17 22:41 . 2009-05-31 15:46 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-17 12:23 . 2009-06-12 16:39 -------- d-----w- c:\program files\Diablo II
2009-10-16 22:21 . 2009-09-27 09:24 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Azureus
2009-10-11 04:17 . 2009-05-28 14:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-07 20:38 . 2009-08-26 04:31 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\HpUpdate
2009-10-03 20:16 . 2009-10-03 20:16 -------- d-----w- c:\program files\Veoh Networks
2009-10-02 20:38 . 2009-10-02 20:38 -------- d-----w- c:\program files\Microsoft
2009-09-27 18:19 . 2009-09-27 18:19 3674112 ----a-w- c:\windows\system32\nvwssr.dll
2009-09-27 16:12 . 2009-05-28 12:40 490088 ----a-w- c:\windows\system32\nvudisp.exe
2009-09-27 16:12 . 2009-05-28 12:40 888832 ----a-w- c:\windows\system32\nvapi.dll
2009-09-27 16:12 . 2009-05-28 12:40 7655872 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2009-09-27 16:12 . 2009-05-28 12:40 5900416 ----a-w- c:\windows\system32\nv4_disp.dll
2009-09-27 16:12 . 2009-05-28 12:40 170600 ----a-w- c:\windows\system32\nvcodins.dll
2009-09-27 16:12 . 2009-05-28 12:40 170600 ----a-w- c:\windows\system32\nvcod.dll
2009-09-27 16:12 . 2009-05-28 12:40 10756096 ----a-w- c:\windows\system32\nvoglnt.dll
2009-09-27 16:12 . 2009-04-30 21:02 2194024 ----a-w- c:\windows\system32\nvcuvid.dll
2009-09-27 16:12 . 2009-04-30 21:02 2007040 ----a-w- c:\windows\system32\nvcuda.dll
2009-09-27 16:12 . 2009-04-30 21:02 1714792 ----a-w- c:\windows\system32\nvcuvenc.dll
2009-09-27 16:12 . 2009-04-30 21:02 1604482 ----a-w- c:\windows\system32\nvdata.bin
2009-09-27 10:41 . 2009-09-27 10:41 -------- d-----w- c:\program files\NVIDIA Corporation
2009-09-27 10:41 . 2009-09-27 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2009-09-27 09:25 . 2009-09-27 09:24 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\TuneUpMedia
2009-09-27 09:24 . 2009-09-27 09:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2009-09-27 09:24 . 2009-07-15 19:39 -------- d-----w- c:\program files\iTunes
2009-09-27 09:24 . 2009-09-27 09:24 -------- d-----w- c:\program files\TuneUpMedia
2009-09-27 09:24 . 2009-09-27 09:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2009-09-27 09:23 . 2009-09-27 09:23 -------- d-----w- c:\program files\Vuze
2009-09-24 17:33 . 2009-09-24 17:33 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\XLink Kai
2009-09-24 17:33 . 2009-09-24 17:33 36928 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2009-09-24 17:32 . 2009-09-24 17:32 1449984 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{87C24822-389C-45AA-9E75-0757B8F1A892}\kaiEngine.exe
2009-09-24 17:32 . 2009-09-24 17:32 -------- d-----w- c:\program files\XLink Kai
2009-09-24 15:22 . 2009-09-24 06:52 -------- d-----w- c:\program files\XBC
2009-09-24 09:24 . 2009-05-29 08:38 490088 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-09-22 15:29 . 2009-05-28 21:43 -------- d-----w- c:\program files\MSBuild
2009-09-22 15:27 . 2009-09-22 15:27 -------- d-----w- c:\program files\Microsoft.NET
2009-09-22 15:26 . 2009-09-22 15:26 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2009-09-20 07:21 . 2009-09-20 07:21 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\VSRevoGroup
2009-09-12 17:20 . 2009-09-12 17:20 -------- d-----w- c:\program files\DVD Decrypter
2009-09-11 14:18 . 2009-05-28 19:13 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 14:54 . 2009-05-28 14:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 14:53 . 2009-05-28 14:24 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-04 21:03 . 2009-05-28 19:13 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-04 17:44 . 2009-10-31 12:45 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2009-09-04 17:44 . 2009-10-31 12:45 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2009-09-04 17:44 . 2009-10-31 12:45 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2009-09-04 17:29 . 2009-10-31 12:45 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2009-09-04 17:29 . 2009-10-31 12:45 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2009-09-04 17:29 . 2009-10-31 12:45 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2009-09-04 17:29 . 2009-10-31 12:45 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2009-09-04 17:29 . 2009-10-31 12:45 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2009-09-01 23:21 . 2009-09-01 21:35 2083784360 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\ijjigame\U_SUN_setup.exe
2009-08-30 16:07 . 2009-06-07 20:04 138944 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-08-30 16:07 . 2009-06-07 20:23 355392 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\id Software\quakelive\home\baseq3\cgamex86.dll
2009-08-30 16:07 . 2009-06-07 20:22 179264 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\id Software\quakelive\home\baseq3\uix86.dll
2009-08-30 16:07 . 2009-06-07 20:04 189784 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-08-30 16:07 . 2009-06-07 20:22 57344 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\id Software\quakelive\home\pb\pbag.dll
2009-08-30 16:07 . 2009-06-07 20:22 874660 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\id Software\quakelive\home\pb\pbcl.dll
2009-08-30 16:07 . 2009-06-07 20:22 2661440 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\id Software\quakelive\home\baseq3\quakelive.dll
2009-08-29 08:08 . 2009-05-28 19:15 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 05:09 . 2009-08-29 05:09 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-08-26 21:40 . 2009-06-07 20:04 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-08-26 21:40 . 2009-06-07 20:04 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2009-08-26 10:36 . 2009-08-26 04:37 337197168 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\ijjigame\U_SFInstaller.exe
2009-08-26 10:00 . 2009-08-26 09:50 220926964 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\ijjigame\U_GUNZ_setup.exe
2009-08-26 08:00 . 2009-05-28 19:14 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-26 04:33 . 2009-08-26 04:33 152576 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-25 16:04 . 2009-08-26 09:49 75264 ----a-w- c:\windows\system32\uc_holybeast_launching.dll
2009-08-17 22:33 . 2009-08-17 22:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-06 18:24 . 2009-05-28 19:15 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2009-05-28 19:15 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2009-05-28 19:15 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2008-10-16 13:09 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2009-05-28 19:15 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2009-05-28 19:12 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2009-05-28 19:15 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2009-05-29 09:33 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 18:23 . 2009-05-28 19:15 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 18:23 . 2008-10-16 13:07 215920 ----a-w- c:\windows\system32\muweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 12:12 1119488 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1119488]
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"NokiaMusic FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-07-02 2327840]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2009-09-23 1657448]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-27 13918208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-09-27 86016]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-10-29 2010904]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"ftutil2"="ftutil2.dll" - c:\windows\system32\ftutil2.dll [2004-06-07 106496]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2006-07-21 16261632]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" - c:\windows\arpwrmsg.exe [2005-08-02 77312]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-29 17:49 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf010 00.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\GameTap Web Player\\bin\\release\\GameTapPlayer.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Games\\haloce.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\DarkEden Extreme\\DarkEden.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\Steam\\steamapps\\armendvisoka\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\armendvisoka\\source sdk base\\hl2.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\XBC\\neXBC.exe"=
"c:\\Program Files\\XLink Kai\\kaiEngine.exe"=
"c:\\Program Files\\Steam\\steamapps\\armendvisoka\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\armendvisoka\\half-life\\hl.exe"=
"c:\\Program Files\\Steam\\steamapps\\armendvisoka\\half-life blue shift\\hl.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Steam\\steamapps\\armendvisoka\\garrysmod\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\armendvisoka\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\bin\\SDKLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto\\WINO\\Grand Theft Auto.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2 demo\\left4dead2.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\killingfloor\\System\\KillingFloor.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Steam\\steamapps\\armendvisoka\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\armendvisoka\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\red orchestra\\System\\RedOrchestra.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\stalker shadow of chernobyl\\bin\\XR_3DA.exe"=
"c:\\Program Files\\Steam\\steamapps\\armendvisoka\\team fortress classic\\hl.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [28/05/2009 14:18 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [28/05/2009 14:18 360584]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [29/10/2009 17:48 285392]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [29/10/2009 12:27 1074568]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [19/07/2009 19:11 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [19/07/2009 19:11 8320]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 PsSdk41;PsSdk41;c:\windows\system32\drivers\pssdk41.sys [24/09/2009 17:33 36928]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/startpage
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_GB&c=64&bd=PRESARIO&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ix0fntgg.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ix0fntgg.default\extensions\DTToolbar@toolbar net.com\components\DTToolbarFF.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\ix0fntgg.default\extensions\GameTap@gametap.c om\plugins\npGameTapWebUpdater.dll
FF - plugin: c:\program files\GameTap Web Player\bin\release\npGameTapWebPlayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-11-04 18:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkh.sys >>UNKNOWN [0x8A806938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
atapi.sys @ 0x0 0x0 bytes
\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB7DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB7DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB7DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB7DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB7DFBB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB7DFBB40 atapi.sys
\Driver\atapi IRP hooks detected !
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3288)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\arservice.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-11-04 18:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-04 18:14
ComboFix2.txt 2009-05-28 22:05
Pre-Run: 24,920,944,640 bytes free
Post-Run: 26,803,736,576 bytes free
Login 
Search 
ialer.Win32.BT.g 1
Facebook
Twitter
TechGuy.tv
TSG Mobile