ComboFix 08-10-07.06 - Henrik 2008-10-08 16:00:47.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.499 [GMT 2:00] Running from: C:\Documents and Settings\Henrik\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . E:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 ))))))))))))))))))))))))))))))) . 2008-10-08 15:57 . 2008-10-08 15:57 d--h----- C:\$AVG8.VAULT$ 2008-10-08 15:47 . 2008-10-08 15:48 d-------- C:\WINDOWS\system32\drivers\Avg 2008-10-08 15:47 . 2008-10-08 15:47 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-10-08 15:47 . 2008-10-08 15:47 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-10-08 15:47 . 2008-10-08 15:47 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-10-08 15:46 . 2008-10-08 15:46 d-------- C:\Program Files\AVG 2008-10-08 15:46 . 2008-10-08 15:46 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-10-08 15:26 . 2008-10-08 15:26 3,806 --a------ C:\WINDOWS\system32\tmp.reg 2008-10-08 15:14 . 2008-10-08 15:14 268 --ah----- C:\sqmdata01.sqm 2008-10-08 15:14 . 2008-10-08 15:14 244 --ah----- C:\sqmnoopt01.sqm 2008-10-08 14:19 . 2008-10-08 14:19 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-08 14:19 . 2008-10-08 14:19 d-------- C:\Documents and Settings\Henrik\Application Data\Malwarebytes 2008-10-08 14:19 . 2008-10-08 14:19 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-10-08 14:19 . 2008-09-10 00:07 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-10-08 14:19 . 2008-09-10 00:07 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-10-08 14:08 . 2008-10-08 14:08 244 --ah----- C:\sqmnoopt00.sqm 2008-10-08 14:08 . 2008-10-08 14:08 232 --ah----- C:\sqmdata00.sqm 2008-10-07 18:46 . 2008-10-07 18:46 d-------- C:\Documents and Settings\Henrik\Application Data\Template 2008-10-07 18:45 . 2008-10-07 18:45 0 --a------ C:\Documents and Settings\Henrik\Application Data\wklnhst.dat 2008-10-07 14:29 . 2008-10-07 14:29 d-------- C:\Program Files\Alwil Software 2008-10-07 14:22 . 2008-10-07 14:22 d-------- C:\Program Files\CCleaner 2008-10-06 18:32 . 2008-10-08 15:51 58 --a------ C:\WINDOWS\system32\winwp.bmp 2008-10-06 17:38 . 2008-10-06 17:38 140,288 --a------ C:\WINDOWS\system32\mkrnl.exe 2008-10-01 21:56 . 2008-10-01 21:56 d-------- C:\Program Files\Tibia8.22 2008-10-01 21:21 . 2008-10-07 18:07 d-------- C:\Documents and Settings\Henrik\Application Data\LimeWire 2008-10-01 21:20 . 2008-10-01 21:20 d-------- C:\Program Files\LimeWire 2008-10-01 18:06 . 2008-10-01 18:07 d-------- C:\Program Files\Windows Live Safety Center 2008-09-30 13:54 . 2008-09-30 13:54 d-------- C:\Program Files\Asprate 2008-09-26 17:20 . 2008-09-26 17:20 d-------- C:\Program Files\Opera 2008-09-25 23:26 . 2008-09-25 23:26 d-------- C:\WINDOWS\system32\scripting 2008-09-25 23:26 . 2008-09-25 23:26 d-------- C:\WINDOWS\system32\en 2008-09-25 23:26 . 2008-09-25 23:26 d-------- C:\WINDOWS\system32\bits 2008-09-25 23:26 . 2008-09-25 23:26 d-------- C:\WINDOWS\l2schemas 2008-09-25 23:22 . 2008-09-25 23:22 d-------- C:\WINDOWS\ServicePackFiles 2008-09-25 09:47 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-09-25 09:47 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-09-25 09:47 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-09-24 18:15 . 2008-09-24 18:15 d-------- C:\Program Files\Blackd Tools 2008-09-24 16:40 . 2008-09-24 16:40 d-------- C:\Documents and Settings\Henrik\Application Data\HP 2008-09-24 14:24 . 2008-09-24 14:24 d-------- C:\Documents and Settings\Henrik\Application Data\Ventrilo 2008-09-24 13:44 . 2008-09-24 13:44 d-------- C:\Program Files\Ventrilo 2008-09-24 13:44 . 2008-09-24 13:44 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-09-24 13:41 . 2008-09-24 13:41 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-09-24 13:36 . 2008-09-24 13:36 d-------- C:\Program Files\MSXML 4.0 2008-09-24 13:33 . 2008-10-05 04:59 d-------- C:\Program Files\TibiaCam TV Lite 2008-09-24 13:07 . 2008-09-24 13:07 d-------- C:\Program Files\iTunes 2008-09-24 13:07 . 2008-09-24 13:07 d-------- C:\Program Files\iPod 2008-09-24 13:07 . 2008-10-03 02:03 d-------- C:\Documents and Settings\Henrik\Application Data\Apple Computer 2008-09-24 13:07 . 2008-09-24 13:07 d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2008-09-24 13:07 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll 2008-09-24 13:07 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2008-09-24 13:06 . 2008-09-24 13:06 d-------- C:\Program Files\QuickTime 2008-09-24 13:06 . 2008-09-24 13:06 d-------- C:\Program Files\Bonjour 2008-09-24 13:06 . 2008-09-24 13:06 d-------- C:\Program Files\Apple Software Update 2008-09-24 13:06 . 2008-09-24 13:07 d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-09-24 13:06 . 2008-09-10 16:45 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys 2008-09-24 13:05 . 2008-09-24 13:06 d-------- C:\Program Files\Common Files\Apple 2008-09-24 13:05 . 2008-09-24 13:05 d-------- C:\Documents and Settings\All Users\Application Data\Apple 2008-09-24 12:52 . 2008-09-28 11:03 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-09-24 12:49 . 2008-04-14 02:12 412,160 --------- C:\WINDOWS\system32\photometadatahandler.dll 2008-09-24 12:48 . 2008-04-14 02:12 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll 2008-09-24 12:47 . 2008-04-14 02:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll 2008-09-24 12:32 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-09-24 12:32 . 2008-06-13 13:05 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys 2008-09-24 12:31 . 2006-03-21 05:23 23,040 --------- C:\WINDOWS\kb913800.exe 2008-09-24 12:30 . 2006-12-07 06:14 2,330,624 --------- C:\WINDOWS\system32\dllcache\wmvcore.dll 2008-09-24 12:30 . 2008-04-11 21:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll 2008-09-24 12:30 . 2008-05-01 16:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll 2008-09-24 12:30 . 2008-05-08 16:02 203,136 --------- C:\WINDOWS\system32\dllcache\rmcast.sys 2008-09-24 12:20 . 2008-09-24 12:20 d---s---- C:\Documents and Settings\Henrik\UserData 2008-09-23 23:59 . 2008-09-24 15:59 d-------- C:\Program Files\TibiaBot NG 2008-09-23 23:24 . 2008-09-23 23:24 d-------- C:\Program Files\Windows Live Toolbar 2008-09-23 23:24 . 2008-09-24 12:20 d-------- C:\Documents and Settings\Henrik\Contacts 2008-09-23 23:20 . 2008-09-23 23:23 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-09-23 23:19 . 2008-09-23 23:23 d-------- C:\Program Files\Windows Live 2008-09-23 23:19 . 2008-09-23 23:19 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-23 23:17 . 2008-09-23 23:17 0 --a------ C:\WINDOWS\nsreg.dat 2008-09-23 23:00 . 2001-08-17 14:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-09-23 23:00 . 2008-04-13 20:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-09-23 22:40 . 2008-10-06 22:53 d-------- C:\Documents and Settings\Henrik\Application Data\Tibia 2008-09-23 22:39 . 2008-10-01 21:24 d-------- C:\Program Files\Tibia 2008-09-23 22:25 . 2008-10-08 15:47 d-------- C:\Documents and Settings\Njål 2008-09-23 22:12 . 2006-06-27 18:31 102,400 --a------ C:\WINDOWS\HPWebcam.exe 2008-09-23 22:12 . 2005-11-23 13:55 53,248 --a------ C:\WINDOWS\csnp2uvc.dll 2008-09-23 22:11 . 2008-09-23 22:11 1,797 -rahs---- C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Pavilion dv9000 (RR332EA#UUW)_YN_0Pavi_QCNF6501KCB_E419857DH3_46_I30BD_SQuanta_V66.21_BF.09_T061113_WXP2_L409_M1023_J80_7Intel_8Core2 T5500_91.66_#061027_N8086109A_(RR332EA#UUW)_XMOBILE_CN10_Z.MRK 2008-09-23 22:10 . 2008-10-08 15:07 d-------- C:\Documents and Settings\Henrik 2008-09-23 22:08 . 2008-09-24 06:30 d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Symantec . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-08 13:57 --------- d-----w C:\Program Files\DIGStream 2008-10-07 13:17 --------- d-----w C:\Program Files\Symantec 2008-10-07 13:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-10-07 13:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec 2008-10-01 13:51 87,552 ----a-w C:\WINDOWS\system32\VACFix.exe 2008-09-24 04:40 --------- d-----w C:\Program Files\Windows Plus 2008-09-24 04:40 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-09-24 04:40 --------- d-----w C:\Program Files\Synaptics 2008-09-24 04:40 --------- d-----w C:\Program Files\Sonic 2008-09-24 04:39 --------- d-----w C:\Program Files\RGB 2008-09-24 04:39 --------- d-----w C:\Program Files\NetWaiting 2008-09-24 04:39 --------- d-----w C:\Program Files\Microsoft Works 2008-09-24 04:38 --------- d-----w C:\Program Files\microsoft frontpage 2008-09-24 04:38 --------- d-----w C:\Program Files\Java 2008-09-24 04:38 --------- d-----w C:\Program Files\HP 2008-09-24 04:37 --------- d-----w C:\Program Files\GemMaster 2008-09-24 04:37 --------- d-----w C:\Program Files\ESPNMotion 2008-09-24 04:37 --------- d-----w C:\Program Files\EnglishOtto 2008-09-24 04:37 --------- d-----w C:\Program Files\CONEXANT 2008-09-24 04:37 --------- d-----w C:\Program Files\Common Files\TiVo Shared 2008-09-24 04:36 --------- d-----w C:\Program Files\Common Files\SureThing Shared 2008-09-24 04:36 --------- d-----w C:\Program Files\Common Files\Sonic Shared 2008-09-24 04:36 --------- d-----w C:\Program Files\Common Files\LightScribe 2008-09-24 04:36 --------- d-----w C:\Program Files\Common Files\Java 2008-09-24 04:36 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-09-24 04:36 --------- d-----w C:\Program Files\Common Files\HP 2008-09-24 04:36 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-24 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic 2008-09-24 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\SBSI 2008-09-24 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\InstallShield 2008-09-24 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP 2008-09-24 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream 2008-09-24 04:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-09-23 21:00 --------- d-----w C:\Program Files\HPQ 2008-09-23 20:12 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-23 20:12 --------- d-----w C:\Program Files\Hewlett-Packard 2008-09-19 10:26 82,944 ----a-w C:\WINDOWS\system32\o4Patch.exe 2008-09-19 10:26 82,944 ----a-w C:\WINDOWS\system32\IEDFix.C.exe 2008-09-10 14:45 32,000 ----a-w C:\WINDOWS\system32\drivers\usbaapl.sys 2008-09-08 21:38 88,576 ----a-w C:\WINDOWS\system32\AntiXPVSTFix.exe 2008-08-29 08:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe 2008-08-29 07:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll 2008-08-18 10:19 82,432 ----a-w C:\WINDOWS\system32\404Fix.exe 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 64512] "hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 458752] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 36975] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 7581696] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 86016] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 794713] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-19 102400] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 163840] "Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 40960] "RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 1187840] "Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 643072] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-08 1234712] "nwiz"="nwiz.exe" [2006-07-20 C:\WINDOWS\system32\nwiz.exe] "MsmqIntCert"="mqrt.dll" [2008-04-14 C:\WINDOWS\system32\mqrt.dll] "High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 C:\WINDOWS\system32\CHDAudPropShortcut.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696] HP Pavilion Webcam Tray Icon.lnk - C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe [2008-09-23 102400] HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-24 73728] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-08 97928] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-08 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-08 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-08 76040] S3 5U870CAP_VID_1262&PID_25FD;HP Pavilion Webcam ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-06 61952] S3 USBAAPL;Apple Mobile USB Driver;C:\WINDOWS\system32\Drivers\usbaapl.sys [2008-09-10 32000] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480 . - - - - ORPHANS REMOVED - - - - HKCU-Run-msupdate.exe - C:\WINDOWS\system32\msupdate.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Henrik\Application Data\Mozilla\Firefox\Profiles\4gg3tebd.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.no/ FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava11.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava12.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava13.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava14.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJava32.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll FF -: plugin - C:\Program Files\Java\jre1.5.0_06\bin\NPOJI610.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-10-08 16:04:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????Z??????`?@?????L?@ scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\msdtc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\ehome\ehrecvr.exe C:\WINDOWS\ehome\ehSched.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\ehome\ehmsas.exe C:\Program Files\AVG\AVG8\avgrsx.exe . ************************************************************************** . Completion time: 2008-10-08 16:08:54 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-08 14:08:46 Pre-Run: 51 265 728 512 bytes free Post-Run: 51,295,952,896 bytes free 284 --- E O F --- 2008-09-26 11:11:32