ComboFix 09-04-04.01 - dP 2009-04-04 21:40:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1418 [GMT 2:00]
Running from: d:\documents and settings\dP\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
d:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
d:\windows\system32\404Fix.exe
d:\windows\system32\Agent.OMZ.Fix.exe
d:\windows\system32\dumphive.exe
d:\windows\system32\IEDFix.C.exe
d:\windows\system32\IEDFix.exe
d:\windows\system32\o4Patch.exe
d:\windows\system32\Process.exe
d:\windows\system32\SrchSTS.exe
d:\windows\system32\tmp.reg
d:\windows\system32\VACFix.exe
d:\windows\system32\VCCLSID.exe
d:\windows\system32\WS2Fix.exe
----- BITS: Possible infected sites -----
hxxp://82.98.235.208
.
((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 )))))))))))))))))))))))))))))))
.
2009-04-04 19:31 . 2009-04-04 19:31 <DIR> d-------- d:\program files\Safer Networking
2009-04-04 19:31 . 2009-04-04 19:31 <DIR> d-------- d:\documents and settings\dP\Application Data\Safer Networking
2009-04-04 12:31 . 2009-04-04 12:31 <DIR> d-------- D:\rsit
2009-04-04 12:11 . 2009-04-04 12:11 <DIR> d-------- D:\VundoFix Backups
2009-04-04 04:19 . 2009-04-04 04:19 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-04-04 04:19 . 2009-04-04 04:19 <DIR> d-------- d:\documents and settings\dP\Application Data\Malwarebytes
2009-04-04 04:19 . 2009-04-04 04:19 <DIR> d-------- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-04 04:19 . 2009-03-26 16:49 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-04-04 04:19 . 2009-03-26 16:49 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-04-03 18:01 . 2009-04-03 18:01 <DIR> d-------- d:\program files\Trend Micro
2009-04-01 23:13 . 2009-04-01 23:13 <DIR> d-------- d:\documents and settings\dP\Application Data\ESET
2009-04-01 23:12 . 2009-04-01 23:12 <DIR> d-------- d:\program files\ESET
2009-04-01 18:18 . 2009-04-01 18:18 3,729 ---hs---- d:\windows\system32\tajopava.exe
2009-04-01 18:18 . 2009-04-01 18:18 0 --ah----- d:\windows\system32\BIT7D0.tmp
2009-03-28 04:25 . 2009-03-28 04:25 <DIR> d-------- d:\program files\Cambridge
2009-03-28 04:11 . 2009-03-30 15:46 <DIR> d-------- d:\documents and settings\dP\Application Data\f2fPreIntermediate
2009-03-27 11:03 . 2009-03-27 11:03 <DIR> d-------- d:\program files\Logitech
2009-03-27 11:03 . 2009-03-27 11:03 <DIR> d-------- d:\program files\Common Files\Logitech
2009-03-27 11:03 . 2003-12-11 10:50 152,064 --------- d:\windows\system32\lmoufrc.dll
2009-03-27 11:03 . 2003-12-18 10:50 104,960 --a------ d:\windows\system32\COMNCTR.DLL
2009-03-27 11:03 . 2003-12-18 10:50 97,792 --a------ d:\windows\system32\LGUICOM.DLL
2009-03-27 11:03 . 2003-12-11 10:50 70,894 --a------ d:\windows\system32\drivers\LMouFlt2.Sys
2009-03-27 11:03 . 2003-12-11 10:50 51,582 --------- d:\windows\system32\drivers\L8042PR2.SYS
2009-03-27 11:03 . 2003-12-11 10:50 37,916 --------- d:\windows\system32\drivers\LHIDUSB.SYS
2009-03-27 11:03 . 2003-12-11 10:50 25,630 --a------ d:\windows\system32\drivers\LHidFlt2.Sys
2009-03-27 11:03 . 2003-12-11 10:50 23,372 --------- d:\windows\system32\LCOINST.DLL
2009-03-27 11:03 . 2003-12-11 10:50 20,992 --------- d:\windows\LOGI_MWX.EXE
2009-03-27 11:03 . 2003-12-18 10:50 16,896 --a------ d:\windows\system32\LMOUSE32.DLL
2009-03-27 11:03 . 2003-12-11 10:50 14,092 --------- d:\windows\system32\drivers\LCCFLTR.SYS
2009-03-27 11:03 . 2003-12-18 10:50 3,568 --a------ d:\windows\system32\LMOUSE16.DLL
2009-03-25 00:13 . 2009-03-25 00:13 <DIR> d--h-c--- d:\documents and settings\All Users\Application Data\{0AAA1129-1E09-47FC-B02B-648C164E1F6F}
2009-03-21 00:25 . 2009-03-21 00:25 41,808 --a------ d:\windows\system32\xfcodec.dll
2009-03-20 16:28 . 2009-03-20 16:28 73,728 --a------ d:\windows\system32\javacpl.cpl
2009-03-19 17:10 . 2009-03-19 17:10 <DIR> d-------- d:\documents and settings\All Users\Application Data\FLEXnet
2009-03-19 17:08 . 2009-03-19 17:08 <DIR> d-------- d:\program files\Common Files\Macrovision Shared
2009-03-19 17:07 . 2009-03-19 17:07 <DIR> d-------- D:\TeklaStructures
2009-03-19 17:06 . 2009-03-19 17:10 <DIR> d-------- D:\TeklaStructuresModels
2009-03-18 21:54 . 2009-03-18 21:54 <DIR> d-------- d:\documents and settings\dP\Shared
2009-03-18 21:53 . 2009-04-01 22:29 <DIR> d-------- d:\program files\P2P_Energy
2009-03-18 21:53 . 2009-03-18 21:53 <DIR> d-------- d:\program files\Conduit
2009-03-18 21:53 . 2009-03-18 21:53 <DIR> d-------- d:\documents and settings\dP\Incomplete
2009-03-18 21:53 . 2009-03-18 21:54 <DIR> d-------- d:\documents and settings\dP\Application Data\LimeWireTurbo
2009-03-16 21:22 . 2008-12-25 18:32 3,721,664 --a------ d:\windows\system32\drivers\RtKHDMI.sys
2009-03-16 21:22 . 2008-09-19 18:48 1,200,128 --a------ d:\windows\RtkUpd.exe
2009-03-16 17:00 . 2005-02-02 03:29 20,480 --a------ d:\windows\usnpstd.exe
2009-03-16 16:51 . 2009-04-04 10:26 <DIR> d-------- d:\program files\Uniblue
2009-03-16 16:51 . 2009-03-16 16:51 <DIR> d--h-c--- d:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-03-15 23:38 . 2009-03-15 23:45 <DIR> d-------- d:\program files\SATVOD
2009-03-15 00:12 . 2009-04-04 01:31 <DIR> d-------- d:\documents and settings\dP\Application Data\Uniblue
2009-03-15 00:12 . 2009-03-16 16:56 <DIR> d-------- d:\documents and settings\All Users\Application Data\DriverScanner
2009-03-14 23:19 . 2009-03-14 23:19 <DIR> d-------- d:\windows\Sun
2009-03-14 11:12 . 2009-03-14 11:12 <DIR> d-------- d:\documents and settings\dP\Application Data\The Creative Assembly
2009-03-05 23:11 . 2009-03-05 23:51 <DIR> d-------- d:\program files\PDF Creator Plus 4.0
2009-03-05 23:11 . 2009-03-05 23:11 <DIR> d-------- d:\documents and settings\dP\Application Data\PEERNET
2009-03-05 23:11 . 2009-03-05 23:11 <DIR> d-------- d:\documents and settings\All Users\Application Data\PEERNET
2009-03-04 12:06 . 2009-04-04 21:43 <DIR> d-------- d:\program files\Steam
2009-03-04 12:05 . 2009-03-04 12:06 <DIR> d-------- d:\program files\Microsoft Games for Windows - LIVE
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-04 19:44 --------- d-----w d:\documents and settings\dP\Application Data\Skype
2009-04-04 18:08 --------- d-----w d:\documents and settings\All Users\Application Data\Google Updater
2009-04-04 17:28 --------- d-----w d:\documents and settings\dP\Application Data\skypePM
2009-04-04 04:04 --------- d-----w d:\program files\Xfire
2009-04-04 00:34 138,920 ----a-w d:\windows\system32\drivers\PnkBstrK.sys
2009-04-04 00:33 --------- d-----w d:\documents and settings\dP\Application Data\Xfire
2009-04-01 21:12 --------- d-----w d:\documents and settings\All Users\Application Data\ESET
2009-04-01 16:28 --------- d-----w d:\program files\Morton Benson
2009-04-01 08:02 --------- d-----w d:\program files\Google
2009-03-30 09:18 --------- d-----w d:\documents and settings\dP\Application Data\uTorrent
2009-03-28 02:02 --------- d-----w d:\documents and settings\dP\Application Data\f2fElementary
2009-03-27 09:03 --------- d--h--w d:\program files\InstallShield Installation Information
2009-03-24 22:12 --------- dc-h--w d:\documents and settings\All Users\Application Data\{0151C9FC-719D-4459-B1E2-4685CC6E62A8}
2009-03-20 14:28 --------- d-----w d:\program files\Java
2009-03-19 14:38 --------- d-----w d:\documents and settings\All Users\Application Data\Nero
2009-03-18 11:18 --------- d-----w d:\program files\Common Files\Adobe
2009-03-16 19:21 --------- d-----w d:\documents and settings\All Users\Application Data\DassaultSystemes
2009-03-15 00:41 --------- d-----w d:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-15 00:40 --------- d-----w d:\program files\Microsoft Visual Studio 8
2009-03-15 00:30 --------- d-----w d:\documents and settings\dP\Application Data\BSplayer
2009-03-05 21:11 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2009-03-02 14:47 --------- d-----w d:\program files\Common Files\Adobe AIR
2009-03-01 14:05 --------- d-----w d:\program files\JavaHMO
2009-03-01 14:05 --------- d-----w d:\program files\Common Files\TiVo Shared
2009-03-01 14:04 --------- d-----w d:\program files\Common Files\Java
2009-03-01 13:43 --------- d-----w d:\program files\Paragon Software
2009-03-01 12:57 --------- d-----w d:\program files\DiskInternals
2009-02-28 18:43 --------- d-----w d:\documents and settings\dP\Application Data\DAEMON Tools Pro
2009-02-28 18:42 --------- d-----w d:\program files\DAEMON Tools Pro
2009-02-28 18:37 --------- d-----w d:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-02-28 18:32 717,296 ----a-w d:\windows\system32\drivers\sptd.sys
2009-02-28 10:17 --------- d-----w d:\program files\HUB
2009-02-28 09:57 --------- d-----w d:\documents and settings\dP\Application Data\Red Alert 3 Demo
2009-02-27 22:05 --------- d-----w d:\program files\eMule
2009-02-25 16:34 --------- d-----w d:\program files\MSXML 4.0
2009-02-25 16:34 --------- d-----w d:\program files\DD PlayCam
2009-02-25 16:33 --------- d-----w d:\program files\VideoCAM Eye
2009-02-25 16:33 --------- d-----w d:\program files\Common Files\VCAMEye
2009-02-22 17:46 --------- d-----w d:\documents and settings\dP\Application Data\Sports Interactive
2009-02-22 17:39 --------- d-----w d:\program files\Sports Interactive
2009-02-22 17:38 --------- d-----w d:\documents and settings\All Users\Application Data\Sports Interactive
2009-02-16 22:50 --------- d--h--w d:\program files\Zero G Registry
2009-02-14 19:43 --------- d-----w d:\documents and settings\All Users\Application Data\Fallout3
2009-02-11 15:19 --------- d-----w d:\program files\Adobe Media Player
2009-02-10 21:57 --------- d-----w d:\program files\Common Files\Skype
2009-02-10 21:57 --------- d-----w d:\documents and settings\All Users\Application Data\Skype
2009-02-10 21:57 --------- d-----r d:\program files\Skype
2009-02-08 08:59 --------- d-----w d:\program files\Siber Systems
2009-02-07 19:48 22,328 ----a-w d:\documents and settings\dP\Application Data\PnkBstrK.sys
2009-02-07 19:36 --------- d-----w d:\program files\Activision
2009-02-06 12:24 56,280 ----a-w d:\windows\system32\drivers\epfwtdi.sys
2009-02-06 12:24 33,096 ----a-w d:\windows\system32\drivers\epfwndis.sys
2009-02-06 12:24 130,952 ----a-w d:\windows\system32\drivers\epfw.sys
2009-02-06 12:23 106,208 ----a-w d:\windows\system32\drivers\ehdrv.sys
2009-02-06 12:19 113,448 ----a-w d:\windows\system32\drivers\eamon.sys
2009-01-31 00:04 2,521 ----a-w d:\program files\Common Files\unins000.dat
2009-01-31 00:03 728,858 ----a-w d:\program files\Common Files\unins000.exe
2008-03-09 06:25 236 ---ha-w d:\program files\Common Files\dx.reg
.
------- Sigcheck -------
2009-04-01 00:12 31232 1ec93eaa7ba8fef99e00d26185b7f520 d:\windows\system32\userinit.exe
2004-08-04 02:56 24576 39b1ffb03c2296323832acbae50d2aff d:\windows\system32\dllcache\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"swg"="d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-07 39408]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2009-02-04 23975720]
"DAEMON Tools Pro Agent"="d:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-01-26 228808]
"Steam"="d:\program files\Steam\Steam.exe" [2009-03-04 1410296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Six Engine"="d:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-06-25 5625344]
"PWRISOVM.EXE"="d:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"WinampAgent"="d:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"snpstd"="d:\windows\vsnpstd.exe" [2005-10-11 339968]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-03-20 148888]
"egui"="d:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"RTHDCPL"="RTHDCPL.EXE" [2008-12-26 d:\windows\RTHDCPL.EXE]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 d:\windows\LOGI_MWX.EXE]
d:\documents and settings\dP\Start Menu\Programs\Startup\
Adobe Media Player.lnk - d:\program files\Adobe Media Player\Adobe Media Player.exe [2009-02-11 261120]
OneNote 2007 Screen Clipper and Launcher.lnk - d:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
Xfire.lnk - d:\program files\Xfire\Xfire.exe [2009-03-21 3025232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
"vidc.MJPG"= MJPEGCodecVFW.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Unreal Tournament 3\\Binaries\\UT3.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis Wars\\Bin32\\Crysis.exe"=
"d:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"d:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"d:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CATUTIL.exe"=
"c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CATSysDemon.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Dassault Systemes\\B18\\intel_a\\code\\bin\\CNEXT.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 hotcore3;hc3ServiceName;d:\windows\system32\drivers\hotcore3.sys [2009-03-01 40496]
R1 ehdrv;ehdrv;d:\windows\system32\drivers\ehdrv.sys [2009-02-06 106208]
R1 LUM;LUM;d:\windows\system32\drivers\LUM.sys [2007-06-05 16528]
R1 LUMDriver;LUMDriver;d:\windows\system32\drivers\LUMDriver.sys [2007-04-24 16688]
R2 acedrv11;acedrv11;d:\windows\system32\drivers\acedrv11.sys [2008-07-30 277736]
R2 ekrn;ESET Service;d:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;d:\windows\system32\drivers\l1e51x86.sys [2008-11-26 36864]
S2 gupdate1c95ca59863e4d4;Google Update Service (gupdate1c95ca59863e4d4);d:\program files\Google\Update\GoogleUpdate.exe [2008-12-13 133104]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;d:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad351f41-e161-11dd-99f9-00221585308a}]
\Shell\AutoRun\command - d:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
Contents of the 'Scheduled Tasks' folder
2009-04-04 d:\windows\Tasks\Google Software Updater.job
- d:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 21:25]
2009-04-04 d:\windows\Tasks\GoogleUpdateTaskMachine.job
- d:\program files\Google\Update\GoogleUpdate.exe [2009-02-12 03:22]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Software Informer - d:\program files\Software Informer\softinfo.exe
HKCU-Run-Uniblue RegistryBooster 2009 - d:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-fsm - (no file)
MSConfigStartUp-ares - d:\program files\Ares\Ares.exe
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - d:\documents and settings\dP\Application Data\Mozilla\Firefox\Profiles\lc4zoy5a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1460988&SearchSource=2&q=
FF - component: d:\documents and settings\dP\Application Data\Mozilla\Firefox\Profiles\lc4zoy5a.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: d:\documents and settings\dP\Application Data\Mozilla\Firefox\Profiles\lc4zoy5a.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFAlert.dll
FF - component: d:\documents and settings\dP\Application Data\Mozilla\Firefox\Profiles\lc4zoy5a.default\extensions\{b579a202-4a9e-478b-b9ab-048a4ce7833e}\components\FFExternalAlert.dll
FF - component: d:\documents and settings\dP\Application Data\Mozilla\Firefox\Profiles\lc4zoy5a.default\extensions\
[email protected]\components\coolirisstub.dll
FF - component: d:\program files\BS.Player ControlBar\FirefoxDTT\components\BSToolbarFF.dll
FF - plugin: d:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: d:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: d:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Opera\program\plugins\NPJava11.dll
FF - plugin: d:\program files\Opera\program\plugins\NPJava12.dll
FF - plugin: d:\program files\Opera\program\plugins\NPJava13.dll
FF - plugin: d:\program files\Opera\program\plugins\NPJava14.dll
FF - plugin: d:\program files\Opera\program\plugins\NPJava32.dll
FF - plugin: d:\program files\Opera\program\plugins\NPJPI142_06.dll
FF - plugin: d:\program files\Opera\program\plugins\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-04-04 21:43:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1085031214-436374069-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1085031214-436374069-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:98,0b,2f,d9,1c,ad,6a,09,a3,66,1f,f9,84,cd,05,e0,78,39,50,6d,e6,
da,ec,51,b7,0d,25,4a,16,b6,58,10,7b,5b,55,76,bf,ce,ad,f4,c7,32,37,37,1d,68,\
"rkeysecu"=hex:07,31,a4,ab,e5,fc,54,9e,3c,9e,b3,f3,2a,52,5e,e0
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):06,b1,30,d0,96,61,69,83,f8,c0,ef,3a,d7,f3,13,a3,5b,32,93,18,a0,
51,98,0c,c8,8b,c4,b9,87,1c,21,0d,d1,fa,8e,7f,c4,90,8c,a0,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{c1b3b457-792a-4e4a-940f-648264f3a59c}]
@Denied: (Full) (Everyone)
"Model"=dword:0000016b
"Therad"=dword:0000001e
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe,41,71,cb,3f,46,a4,7c,ab,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1108)
d:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\windows\system32\ati2evxx.exe
d:\windows\system32\userinit.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
d:\windows\system32\PnkBstrA.exe
d:\windows\system32\PnkBstrB.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\wscntfy.exe
d:\program files\Logitech\MouseWare\system\EM_EXEC.EXE
d:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2009-04-04 21:45:47 - machine was rebooted [dP]
ComboFix-quarantined-files.txt 2009-04-04 19:45:45
Pre-Run: 15,303,585,792 bytes free
Post-Run: 19,812,356,096 bytes free
315