[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 08:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2008-11-23 00:36 203720 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ares]
2009-02-03 13:22 1004544 ----a-w- c:\program files\Ares\Ares.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2006-03-22 01:30 1191936 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Computer Alarm Clock]
2007-09-06 23:29 696832 ----a-w- c:\progra~1\Computer Alarm Clock\cac.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative Detector U]
2009-04-30 00:44 188416 ------w- c:\program files\Creative\MediaSource5\CTDetctu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
2009-06-04 07:55 25600 ----a-w- c:\windows\System32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-04-13 13:07 69632 ----a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-03-26 08:10 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-04-04 01:27 110696 ----a-w- c:\windows\System32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PeerBlock]
2009-09-28 10:02 1529432 ----a-w- c:\users\Warren M\Desktop\Utilities\Peerblock\peerblock.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-03-09 17:02 26100520 ----a-r- c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-01-09 12:13 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-19 07:38 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2009-09-04 20:16 158448 ----a-w- c:\program files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):3d,e6,5a,9c,02,58,ca,01
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-27 133104]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-09-12 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-03-04 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-03 22784]
R3 LachesisFltr;Lachesis Mouse Driver;c:\windows\system32\drivers\Lachesis.sys [2007-08-08 12032]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\A275.tmp [x]
R3 pbfilter;pbfilter;c:\users\Warren M\Desktop\Utilities\Peerblock\pbfilter.sys [2009-09-28 16472]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187.sys [2007-11-19 288256]
R4 PCPitstop Scheduling;PCPitstop Scheduling;c:\program files\PCPitstop\PCPitstopScheduleService.exe [2010-05-06 90296]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-03-12 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-12 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2009-11-30 24856]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-12 216200]
S1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-06-14 242896]
S1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [2010-06-08 59240]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [2010-06-08 166632]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-03-12 916760]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-12 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-06-14 2331544]
S2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [2010-06-08 840936]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-03-12 122376]
S3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-03-12 30216]
S3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-03-12 27144]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-27 06:28]
2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-27 06:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://verizon.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {4F552121-1498-4A0E-9498-E37F66562BAC} = 209.18.47.61,209.18.47.62
TCP: {CB8D4A87-4B06-4DFE-A3ED-BAECAC97C141} = 66.75.160.63,66.75.160.64
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF - ProfilePath - c:\users\Warren M\AppData\Roaming\Mozilla\Firefox\Profiles\27fvdsvj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage -
Google
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\users\Warren M\AppData\Roaming\Mozilla\Firefox\Profiles\27fvdsvj.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2010-06-15 13:45
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\A275.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1978815123-2928815371-573437872-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:c4,36,3a,f9,ca,f7,e9,06,47,fd,41,65,1a,36,d2,78,d8,a3,bd,ca,b1,b1,d4,
d2,48,c4,cd,25,11,24,d1,9d,a5,d6,36,f6,83,b1,bb,e5,cb,2b,63,40,d3,67,32,05,\
"??"=hex:5d,2e,bc,00,9b,07,bc,9c,34,34,87,88,c9,ab,ca,0d
[HKEY_USERS\S-1-5-21-1978815123-2928815371-573437872-1000\Software\SecuROM\License information*]
"datasecu"=hex:07,ef,c2,15,1e,f7,9d,37,a7,b0,82,37,74,57,dd,6d,9d,fe,35,eb,11,
12,68,cd,49,76,ef,2c,fc,8b,71,5e,25,d7,da,a2,ef,d7,0f,ee,fb,05,0f,8f,90,af,\
"rkeysecu"=hex:ec,d5,ea,a9,23,85,1f,7d,90,c1,1e,ac,c1,35,ef,ee
.
Completion time: 2010-06-15 13:58:29
ComboFix-quarantined-files.txt 2010-06-15 20:58
ComboFix2.txt 2010-06-15 04:50
Pre-Run: 119,298,715,648 bytes free
Post-Run: 119,286,845,440 bytes free
- - End Of File - - C3C138EA7F4C9A4D35FF315B158D5631