Here it is
ComboFix 10-05-04.01 - Heinrich 05/04/2010 15:41:18.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1386 [GMT -7:00]
Running from: c:\documents and settings\Heinrich\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Heinrich\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Sunbelt Personal Firewall *disabled* {82B1150E-9B37-49FC-83EB-D52197D900D0}
FILE ::
"c:\docume~1\Heinrich\LOCALS~1\Temp\pfsvgae.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Heinrich\Application Data\uTorrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Cage The Elephant-Cage The Elephant (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Company of Thieves.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Dead Confederate - Wrecking Ball 2008.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\dht.dat
c:\documents and settings\Heinrich\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Ella Set 085.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Sandra Set 083.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Sandra Set 084.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Sandra Set 087.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Sandra Set 39.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Fame Girls Sandra Set 41.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Frank The Baptist.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Haujobb.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Kates Playground - My Hoodie.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Kirlian_Camera.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\LS Ukrainian (Gentle) Angels Sets 151-175.zip.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\LS Ukrainian (Gentle) Angels Sets 176-200.zip.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Lush - All LP Albums (FLAC).torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Medicine - Shot Forth Self Living [1992].torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\MGMT - Oracular Spectacular [2008].torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\My Bloody Valentine - Discography.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Pics.rar.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\resume.dat
c:\documents and settings\Heinrich\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Heinrich\Application Data\uTorrent\Ride - Nowhere [Mp3-vrb-Remastered].torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\rss.dat
c:\documents and settings\Heinrich\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Heinrich\Application Data\uTorrent\settings.dat
c:\documents and settings\Heinrich\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Heinrich\Application Data\uTorrent\The Cruxshadows.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\The.Airborne.Toxic.Event-The.Airborne.Toxic.Event.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Tipi Model set 17-2.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\utorrent.lng
c:\documents and settings\Heinrich\Application Data\uTorrent\Virginia 131-136.torrent
c:\documents and settings\Heinrich\Application Data\uTorrent\Virginia Sets 128-130.torrent
c:\program files\uTorrent
c:\program files\WindowsUpdate
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PFSVGAE
-------\Service_pfsvgae
((((((((((((((((((((((((( Files Created from 2010-04-04 to 2010-05-04 )))))))))))))))))))))))))))))))
.
2010-04-23 21:03 . 2010-04-23 21:03 -------- d-----w- c:\program files\Trend Micro
2010-04-23 01:51 . 2010-04-23 01:56 -------- d-----w- c:\program files\CCleaner
2010-04-22 23:36 . 2010-04-26 05:27 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-04-22 23:35 . 2010-04-22 23:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-04-22 23:35 . 2010-04-22 23:35 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-04-22 23:04 . 2010-05-02 19:48 6153352 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-22 19:24 . 2010-04-22 19:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-04-22 19:20 . 2010-04-22 19:20 -------- d-s---w- c:\documents and settings\NetworkService\UserData
2010-04-08 08:40 . 2010-05-02 21:21 0 ----a-w- c:\documents and settings\Heinrich\Local Settings\Application Data\prvlcl.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-04 22:50 . 2009-06-26 22:42 -------- d-----w- c:\program files\Steam
2010-05-02 19:49 . 2010-01-03 20:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-01 19:21 . 2009-09-22 21:52 1 ----a-w- c:\documents and settings\Heinrich\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-29 22:39 . 2010-01-03 20:21 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-01-03 20:21 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-29 02:43 . 2004-08-04 12:00 3328 ----a-w- c:\windows\system32\drivers\pciide.sys
2010-04-27 09:28 . 2009-11-22 00:20 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-23 07:46 . 2010-03-31 05:40 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2010-04-23 05:43 . 2009-02-22 19:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-04-23 01:54 . 2009-02-22 19:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-20 16:18 . 2009-02-22 19:16 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-10 04:01 . 2009-02-22 21:40 -------- d-----w- c:\program files\World of Warcraft
2010-03-31 22:53 . 2010-03-31 22:53 -------- d-----w- c:\documents and settings\Heinrich\Application Data\My Games
2010-03-31 22:50 . 2004-08-04 12:00 163644 ----a-w- c:\windows\system32\drivers\secdrv.sys
2010-03-31 22:20 . 2009-02-22 18:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-31 22:20 . 2010-03-31 22:20 -------- d-----w- c:\program files\Firaxis Games
2010-03-31 20:47 . 2010-03-31 20:47 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 20:46 . 2010-03-31 20:46 503808 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb3a667-n\msvcp71.dll
2010-03-31 20:46 . 2010-03-31 20:46 61440 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ed28572-n\decora-sse.dll
2010-03-31 20:46 . 2010-03-31 20:46 499712 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb3a667-n\jmc.dll
2010-03-31 20:46 . 2010-03-31 20:46 348160 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7eb3a667-n\msvcr71.dll
2010-03-31 20:46 . 2010-03-31 20:46 12800 ----a-w- c:\documents and settings\Heinrich\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6ed28572-n\decora-d3d.dll
2010-03-31 20:45 . 2009-09-22 21:47 -------- d-----w- c:\program files\Java
2010-03-27 21:39 . 2010-03-27 21:39 -------- d-----w- c:\program files\Sierra
2010-03-24 22:43 . 2010-03-24 22:43 272384 ----a-w- c:\documents and settings\Heinrich\Application Data\Acreon\WowMatrix\Modules\curl.exe
2010-03-24 22:43 . 2010-03-24 22:43 258048 ----a-w- c:\documents and settings\Heinrich\Application Data\Acreon\WowMatrix\Libraries\wmzip.dll
2010-03-24 22:43 . 2010-03-24 22:43 196608 ----a-w- c:\documents and settings\Heinrich\Application Data\Acreon\WowMatrix\Libraries\wmweb.dll
2010-03-24 22:43 . 2010-03-24 22:43 -------- d-----w- c:\documents and settings\Heinrich\Application Data\Acreon
2010-03-10 08:02 . 2004-08-04 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 17:26 . 2009-11-24 06:06 -------- d-----w- c:\program files\Warcraft III
2010-03-09 16:31 . 2009-02-22 19:16 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-09 16:31 . 2009-02-22 19:16 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-09 16:31 . 2009-02-22 19:16 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-09 16:31 . 2010-03-09 16:31 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-03-09 16:31 . 2009-02-22 19:16 -------- d-----w- c:\program files\AVG
2010-03-09 11:28 . 2009-03-07 00:32 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-26 06:12 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-16 13:17 . 2004-08-04 12:00 2137088 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2016768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:47 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2003-12-18 18:33 . 2010-03-31 05:39 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 14:46 . 2010-03-31 05:39 10960 ----a-w- c:\program files\EULA.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Steam"="c:\program files\Steam\Steam.exe" [2010-04-26 1238352]
"Google Update"="c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-11-28 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"SkyTel"="SkyTel.EXE" [2009-02-22 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2009-02-22 16262656]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0379.0\mswinext.exe" [2009-12-09 240992]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-03-09 16:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Heinrich^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\documents and settings\Heinrich\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daorigins.exe"=
"c:\\Program Files\\Dragon Age\\DAOriginsLauncher.exe"=
"c:\\Program Files\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/22/2009 12:16 PM 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/22/2009 12:16 PM 242896]
R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [2/22/2009 12:52 PM 270888]
R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 5:54 AM 66600]
R1 SSHDRV85;SSHDRV85;c:\windows\system32\drivers\SSHDRV85.sys [7/22/2009 8:28 PM 78848]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [3/9/2010 9:31 AM 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/9/2010 9:31 AM 308064]
R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [10/31/2008 8:24 AM 95528]
R2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [10/31/2008 8:24 AM 1365288]
R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2/22/2009 12:52 PM 65576]
S3 Asushwio;Asushwio;c:\windows\system32\drivers\ASUSHWIO.SYS [2/22/2009 1:14 PM 5824]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\Dragon Age\bin_ship\daupdatersvc.service.exe [2/18/2010 8:14 PM 25832]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GTNDIS5
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-507921405-839522115-1004Core.job
- c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 20:58]
2010-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-507921405-839522115-1004UA.job
- c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-11-28 20:58]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/FF - ProfilePath - c:\documents and settings\Heinrich\Application Data\Mozilla\Firefox\Profiles\h3bblgkv.default\
FF - prefs.js: browser.search.defaulturl -
hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=FF - prefs.js: browser.startup.homepage -
hxxp://www.google.com/FF - prefs.js: keyword.URL -
hxxp://www.bing.com/search?FORM=SOLTDF&PC=SUN1&q=FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Heinrich\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-05-04 15:50
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Sunbelt Software\Personal Firewall\SbPFCl.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2010-05-04 15:58:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-04 22:58
ComboFix2.txt 2010-04-29 04:03
Pre-Run: 6,713,634,816 bytes free
Post-Run: 6,653,059,072 bytes free
- - End Of File - - 695EEAFD9B2F338085F34063357D5BFE