ComboFix 09-05-14.07 - Andy 17/05/2009 17:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.503.188 [GMT 1:00]
Running from: c:\documents and settings\Andy\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Andy\My Documents\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FILE ::
c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
c:\windows\system32\lujivoni.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Andy\Application Data\BitTorrent
c:\documents and settings\Andy\Application Data\BitTorrent\David_Guetta_Ft._Kelly_Rowland-Love_Takes_Over_Remixes-Remix_CDM-2009-PULSE.1.torrent
c:\documents and settings\Andy\Application Data\BitTorrent\David_Guetta_Ft._Kelly_Rowland-Love_Takes_Over_Remixes-Remix_CDM-2009-PULSE.torrent
c:\documents and settings\Andy\Application Data\BitTorrent\resume.dat
c:\documents and settings\Andy\Application Data\BitTorrent\resume.dat.old
c:\program files\BitTorrent
c:\program files\BitTorrent\BitTorrentIE.2.dll
c:\program files\BitTorrent\uninst.exe
c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
c:\windows\system32\lujivoni.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_lyissjk
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.
2009-05-15 14:47 . 2009-05-15 14:47 -------- d-----w c:\windows\system32\CatRoot_bak
2009-05-15 14:46 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-15 14:45 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-15 14:45 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-15 14:45 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-15 14:45 . 2008-05-08 14:02 203136 -c----w c:\windows\system32\dllcache\rmcast.sys
2009-05-15 14:45 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-15 14:45 . 2008-12-11 10:57 333952 -c----w c:\windows\system32\dllcache\srv.sys
2009-05-15 14:45 . 2008-04-11 19:04 691712 -c----w c:\windows\system32\dllcache\inetcomm.dll
2009-05-13 15:28 . 2009-05-13 15:28 -------- d-----w c:\program files\Trend Micro
2009-05-12 18:37 . 2009-05-12 18:37 -------- d-----w c:\documents and settings\Andy\Application Data\Malwarebytes
2009-05-12 18:37 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-12 18:37 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-12 18:37 . 2009-05-12 18:37 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-12 18:37 . 2009-05-12 18:37 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-12 17:12 . 2009-05-12 17:12 -------- d-----w c:\documents and settings\Andy\Local Settings\Application Data\Identities
2009-05-08 14:52 . 2009-05-17 16:57 -------- d-----w c:\documents and settings\Andy\Tracing
2009-05-08 14:49 . 2009-05-08 14:49 -------- d-----w c:\program files\Microsoft
2009-05-08 14:48 . 2009-05-08 14:48 -------- d-----w c:\program files\Windows Live SkyDrive
2009-05-08 14:45 . 2009-05-08 14:52 43920 ----a-w c:\documents and settings\Andy\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-08 14:26 . 2009-05-08 14:26 -------- d-----w c:\documents and settings\Andy\Local Settings\Application Data\Mozilla
2009-05-08 14:08 . 2009-05-11 12:40 -------- d-----w c:\documents and settings\Andy\Local Settings\Application Data\Adobe
2009-05-08 14:08 . 2009-05-10 00:00 -------- d-----w c:\documents and settings\Andy\Application Data\AVGTOOLBAR
2009-05-05 14:54 . 2009-05-05 14:54 -------- d-----w c:\program files\Common Files\DVDVideoSoft
2009-05-05 14:54 . 2009-05-05 14:54 -------- d-----w c:\program files\DVDVideoSoft
2009-04-25 23:16 . 2009-05-05 22:23 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-25 21:02 . 2002-01-05 14:37 344064 ----a-w c:\windows\system32\msvcr70.dll
2009-04-21 16:58 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-21 16:58 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-21 16:58 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-21 16:58 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-21 16:58 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-21 16:58 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-21 16:58 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-21 16:58 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-21 16:58 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-21 16:56 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-21 16:56 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-29 16:23 . 2009-03-29 16:23 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-24 15:08 . 2007-02-07 12:10 43336 ----a-w c:\documents and settings\Linzi\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-06 14:22 . 2004-08-03 23:56 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-03 23:56 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-03 23:56 78336 ----a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-15_14.39.16 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-02-10 18:12 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
- 2007-02-10 18:12 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
- 2002-08-29 12:00 . 2009-05-13 14:18 41688 c:\windows\system32\perfc009.dat
+ 2002-08-29 12:00 . 2009-05-16 12:52 41688 c:\windows\system32\perfc009.dat
+ 2004-08-03 23:56 . 2008-06-24 16:43 74240 c:\windows\system32\mscms.dll
+ 2008-06-24 16:43 . 2008-06-24 16:43 74240 c:\windows\system32\dllcache\mscms.dll
- 2007-02-07 10:34 . 2009-04-29 14:12 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 23040 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 61440 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 27136 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 11264 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 86016 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 12288 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2007-03-22 19:05 . 2007-03-22 19:05 97632 c:\windows\Installer\$PatchCache$\Managed\9040110900063D11C8EF10054038389C\11.0.8173\PP7X32.DLL
+ 2007-02-07 10:34 . 2009-05-16 09:17 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 4096 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-12-03 15:17 . 2009-02-06 11:11 110592 c:\windows\system32\services.exe
+ 2008-12-03 15:17 . 2008-12-05 06:54 144896 c:\windows\system32\schannel.dll
- 2008-12-03 15:17 . 2004-08-03 23:56 144896 c:\windows\system32\schannel.dll
+ 2002-08-29 12:00 . 2009-05-16 12:52 315718 c:\windows\system32\perfh009.dat
- 2002-08-29 12:00 . 2009-05-13 14:18 315718 c:\windows\system32\perfh009.dat
+ 2008-12-03 15:17 . 2009-02-09 12:10 714752 c:\windows\system32\ntdll.dll
+ 2004-08-03 23:56 . 2008-06-20 17:46 245248 c:\windows\system32\mswsock.dll
- 2004-08-03 23:56 . 2008-04-14 00:12 245248 c:\windows\system32\mswsock.dll
+ 2008-12-03 15:17 . 2009-02-09 12:10 729088 c:\windows\system32\lsasrv.dll
+ 2008-12-03 15:17 . 2009-03-21 14:06 989696 c:\windows\system32\kernel32.dll
+ 2007-02-07 09:48 . 2008-04-11 19:04 691712 c:\windows\system32\inetcomm.dll
- 2007-02-07 09:48 . 2008-04-14 00:11 691712 c:\windows\system32\inetcomm.dll
- 2007-02-07 09:39 . 2009-05-08 21:39 193776 c:\windows\system32\FNTCACHE.DAT
+ 2007-02-07 09:39 . 2009-05-16 12:45 193776 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-03 23:56 . 2008-07-07 20:26 253952 c:\windows\system32\es.dll
+ 2008-12-03 15:17 . 2008-06-20 11:08 225856 c:\windows\system32\drivers\tcpip6.sys
+ 2008-12-03 15:17 . 2008-06-20 11:51 361600 c:\windows\system32\drivers\tcpip.sys
+ 2008-12-03 15:17 . 2008-12-11 10:57 333952 c:\windows\system32\drivers\srv.sys
+ 2008-12-03 15:17 . 2008-05-08 14:02 203136 c:\windows\system32\drivers\rmcast.sys
+ 2008-12-03 15:17 . 2008-10-24 11:21 455296 c:\windows\system32\drivers\mrxsmb.sys
- 2008-12-03 15:18 . 2008-06-13 13:10 272128 c:\windows\system32\drivers\bthport.sys
+ 2008-12-03 15:18 . 2008-06-13 11:05 272128 c:\windows\system32\drivers\bthport.sys
+ 2008-12-03 15:17 . 2008-08-14 10:04 138496 c:\windows\system32\drivers\afd.sys
- 2004-08-03 23:56 . 2008-04-14 00:11 147968 c:\windows\system32\dnsapi.dll
+ 2004-08-03 23:56 . 2008-06-20 17:46 147968 c:\windows\system32\dnsapi.dll
+ 2008-06-20 11:08 . 2008-06-20 11:08 225856 c:\windows\system32\dllcache\tcpip6.sys
+ 2008-06-20 11:51 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\tcpip.sys
+ 2008-06-20 17:46 . 2008-06-20 17:46 245248 c:\windows\system32\dllcache\mswsock.dll
- 2007-02-07 09:47 . 2008-05-01 14:30 331776 c:\windows\system32\dllcache\msadce.dll
+ 2007-02-07 09:47 . 2008-05-01 14:33 331776 c:\windows\system32\dllcache\msadce.dll
+ 2008-07-07 20:26 . 2008-07-07 20:26 253952 c:\windows\system32\dllcache\es.dll
+ 2008-06-20 17:46 . 2008-06-20 17:46 147968 c:\windows\system32\dllcache\dnsapi.dll
+ 2008-06-20 11:40 . 2008-08-14 10:04 138496 c:\windows\system32\dllcache\afd.sys
+ 2008-12-03 15:17 . 2009-02-09 12:10 617472 c:\windows\system32\advapi32.dll
- 2007-02-07 10:34 . 2009-04-29 14:12 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 409600 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 286720 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 249856 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 794624 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 135168 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2007-02-07 10:34 . 2009-05-16 09:17 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2007-02-07 10:34 . 2009-04-29 14:12 593920 c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-05-15 14:45 . 2008-10-24 11:21 455296 c:\windows\Driver Cache\i386\mrxsmb.sys
+ 2009-05-15 14:46 . 2008-06-13 11:05 272128 c:\windows\Driver Cache\i386\bthport.sys
+ 2008-12-03 15:17 . 2009-02-09 11:13 1846784 c:\windows\system32\win32k.sys
- 2004-08-03 23:56 . 2008-04-14 00:12 1288192 c:\windows\system32\quartz.dll
+ 2004-08-03 23:56 . 2008-12-20 22:14 1288192 c:\windows\system32\quartz.dll
+ 2008-12-03 15:17 . 2009-02-06 11:08 2189056 c:\windows\system32\ntoskrnl.exe
+ 2008-12-03 15:17 . 2009-02-07 18:02 2066048 c:\windows\system32\ntkrnlpa.exe
+ 2008-09-10 01:14 . 2008-09-10 01:14 1307648 c:\windows\system32\msxml6.dll
+ 2009-02-09 11:13 . 2009-02-09 11:13 1846784 c:\windows\system32\dllcache\win32k.sys
+ 2008-12-20 22:14 . 2008-12-20 22:14 1288192 c:\windows\system32\dllcache\quartz.dll
+ 2009-02-07 18:02 . 2009-02-07 18:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2008-09-10 01:14 . 2008-09-10 01:14 1307648 c:\windows\system32\dllcache\msxml6.dll
+ 2009-05-15 14:45 . 2009-02-06 11:08 2189056 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2009-05-15 14:45 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2009-02-07 18:02 . 2009-02-07 18:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2009-05-15 14:45 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2009-05-16 09:08 . 2009-05-06 23:16 24699336 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-10-18 802816]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-10-18 696320]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-01 1392640]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-06-06 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-06-06 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-06-06 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 36975]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-01-26 1601304]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-03-24 282624]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-01-26 22:17 10520 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Spooler"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [04/12/2008 18:50 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [04/12/2008 18:50 107272]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [04/12/2008 18:50 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [04/12/2008 18:50 298264]
S0 szkg5;szkg;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2009-01-28 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext =
hxxp://url.urtbk.com/cpv.jsp?p=113120&a ... 2%3D0.0038FF - ProfilePath - c:\documents and settings\Andy\Application Data\Mozilla\Firefox\Profiles\ngbr32x7.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPJPI150_03.dll
FF - plugin: c:\program files\Java\jre1.5.0_03\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-17 17:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(812)
c:\windows\System32\BCMLogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKEEPER.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\rundll32.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-17 17:59 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-17 16:59
ComboFix2.txt 2009-05-15 14:41
Pre-Run: 25,913,630,720 bytes free
Post-Run: 25,905,082,368 bytes free
262 --- E O F --- 2009-05-16 09:18