ComboFix 10-08-12.03 - neu 15-08-2010 9:42.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.519 [GMT 2:00] Running from: c:\users\neu\Desktop\ComboFix.exe Command switches used :: c:\users\neu\Desktop\CFScript.txt AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} FILE :: "c:\windows\system32\drivers\jtjraig.sys" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\users\neu\Application Data\F66A434C23CD1EDF55770408338A544E c:\users\neu\Local Settings\Application Data\yixedtvai c:\windows\system32\drivers\jtjraig.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_JTJRAIG -------\Service_jtjraig ((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 ))))))))))))))))))))))))))))))) . 2010-08-14 21:59 . 2008-04-13 18:31 36352 -c--a-w- c:\windows\system32\dllcache\intelppm.sys 2010-08-14 21:59 . 2008-04-13 18:31 36352 ----a-w- c:\windows\system32\drivers\intelppm.sys 2010-08-14 08:09 . 2010-08-14 08:09 -------- d-----w- c:\users\neu\Application Data\AVG9 2010-08-13 22:28 . 2010-07-23 15:22 43008 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll 2010-08-13 22:28 . 2010-07-23 15:22 338944 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll 2010-08-13 22:28 . 2010-07-23 15:22 346112 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll 2010-08-13 22:28 . 2010-07-23 15:22 1496064 ----a-w- c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll 2010-08-13 20:02 . 2010-08-13 20:02 388096 ----a-r- c:\users\Martine\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2010-08-13 20:00 . 2010-08-13 20:00 -------- d-----w- c:\users\Martine\Application Data\Malwarebytes 2010-08-13 19:59 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-08-13 19:59 . 2010-08-13 19:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-08-13 19:59 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-07-21 10:12 . 2010-07-21 10:12 1615200 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgssie.dll 2010-07-21 10:12 . 2010-07-21 10:12 1373536 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgssff.dll 2010-07-21 10:12 . 2010-07-21 10:12 1107296 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgxpl.dll 2010-07-21 10:12 . 2010-07-21 10:12 4368224 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgcorex.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-08-15 07:52 . 2010-01-23 12:15 -------- d-----w- c:\program files\Dl_cats 2010-08-13 22:15 . 2009-08-14 13:58 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-12 21:50 . 2009-07-30 19:50 -------- d-----w- c:\users\neu\Application Data\BitTorrent 2010-07-19 11:20 . 2010-07-13 19:42 -------- d-----w- c:\users\neu\Application Data\Belastingdienst 2010-07-18 14:28 . 2010-06-30 22:31 -------- d-----w- c:\users\neu\Application Data\vlc 2010-07-15 20:04 . 2010-07-15 20:04 242896 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgtdix.sys 2010-07-15 20:04 . 2010-07-15 20:04 216200 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgldx86.sys 2010-07-15 20:04 . 2009-07-13 17:35 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2010-07-15 20:04 . 2010-07-15 20:04 12536 ----a-w- c:\windows\system32\avgrsstx.dll 2010-07-15 20:03 . 2009-07-13 17:35 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2010-07-15 20:01 . 2010-07-15 20:01 813336 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avginet.dll 2010-07-15 20:01 . 2010-07-15 20:01 624920 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgiproxy.exe 2010-07-15 20:01 . 2010-07-15 20:01 1690464 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgupd.dll 2010-07-15 20:01 . 2010-07-15 20:01 1038688 ----a-w- c:\users\All Users\Application Data\avg9\update\backup\avgupd.exe 2010-06-23 22:24 . 2010-06-23 22:24 122352 ----a-w- c:\users\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2010-06-23 05:19 . 2010-06-23 05:19 501936 ----a-w- c:\users\All Users\Application Data\Google\Google Toolbar\Update\gtb35.tmp.exe 2010-06-22 10:14 . 2010-02-15 16:41 -------- d-----w- c:\users\Martine\Application Data\vlc 2010-06-17 22:18 . 2010-03-08 05:41 -------- d-----w- c:\users\neu\Application Data\dvdcss 2010-06-14 14:31 . 2009-07-13 18:36 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe 2010-06-08 14:55 . 2009-07-13 19:07 48224 ----a-w- c:\users\Martine\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-07 20:50 . 2009-07-13 19:49 48224 ----a-w- c:\users\neu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-06-07 19:14 . 2010-04-26 19:12 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-06-04 04:23 . 2009-07-13 19:47 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2008-08-16 16:42 . 2008-08-16 16:42 13112 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2008-08-16 16:42 . 2008-08-16 16:42 70456 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2008-08-16 16:42 . 2008-08-16 16:42 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2008-08-16 16:42 . 2008-08-16 16:42 20800 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2008-08-16 16:43 . 2008-08-16 16:43 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2008-08-16 16:42 . 2008-08-16 16:42 31032 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2008-08-16 16:42 . 2008-08-16 16:42 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2008-05-21 07:41 . 2008-05-21 07:41 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll 2008-05-21 07:41 . 2008-05-21 07:41 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll 2008-05-21 07:41 . 2008-05-21 07:41 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll 2008-06-05 12:58 . 2008-06-05 12:58 648504 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2008-08-16 16:42 . 2008-08-16 16:42 23864 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2010-01-24 15:02 . 2010-01-24 07:46 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VisualTaskTips"="c:\windows\System32\visualtasktips.exe" [2007-09-05 36352] "TopDesk"="c:\windows\System32\topdesk.exe" [2007-06-20 1912832] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-13 39408] "Google Update"="c:\users\neu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-13 133104] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600] "dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2006-11-03 291720] "MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008] "DLCXCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792] "NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2007-08-06 1230848] "VisualTaskTips"="c:\windows\System32\visualtasktips.exe" [2007-09-05 36352] "TopDesk"="c:\windows\System32\topdesk.exe" [2007-06-20 1912832] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_2"="shell32" [X] "ProfileFolderName"="hc" [X] "CheckUpdates"="wuauclt" [X] "nltide_3"="advpack.dll" [2009-03-08 128512] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoRecentDocsNetHood"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,32,\ [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\NovaLogic\\Delta Force Task Force Dagger\\Update.exe"= "c:\\Program Files\\NovaLogic\\Delta Force Task Force Dagger\\DFTFD.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\WINDOWS\\system32\\dlcxcoms.exe"= "c:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"= "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [26-4-2010 21:12 64288] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [13-7-2009 19:35 216400] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [13-7-2009 19:35 243024] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15-7-2010 22:03 308136] R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?] R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [6-4-2010 10:44 90112] R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [27-8-2009 17:05 92008] R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [6-4-2010 10:44 27632] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2-2-2010 21:49 135664] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4-2-2010 17:52 1352832] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [4-11-2006 3:19 13592] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{34A19196-274E-4D75-9D30-D7A45A0A4178}] 2004-08-04 00:07 11776 ----a-r- c:\program files\Windows Sidebar\regsvr32.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6B9228DA-9C15-419e-856C-19E768A13BDC}] 2004-08-04 00:07 11776 ----a-r- c:\program files\Windows Sidebar\regsvr32.exe . Contents of the 'Scheduled Tasks' folder 2010-08-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 19:12] 2010-07-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] 2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:49] 2010-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 19:49] 2010-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-179605362-725345543-1001Core.job - c:\users\neu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:39] 2010-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390067357-179605362-725345543-1001UA.job - c:\users\neu\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-13 18:39] 2010-08-15 c:\windows\Tasks\User_Feed_Synchronization-{7D778ED9-B444-4554-BF21-4B9AE0A800A4}.job - c:\windows\system32\msfeedssync.exe [2007-09-23 02:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://vliegvissen.startpagina.nl/ uInternet Settings,ProxyServer = http=127.0.0.1:6522 uInternet Settings,ProxyOverride = IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html DPF: {445F47D7-E043-4BD6-82EB-7A1BD0EBA773} - hxxp://www.psapoll.com/CopyGuardIE.cab DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game.zylom.com/activex/zylomgamesplayer.cab FF - ProfilePath - c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\ FF - prefs.js: browser.search.defaulturl - hxxp://flvdirect.iamwired.net/websearch.php?src=tops&search= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://vliegvissen.startpagina.nl/prikbord/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=nl&q= FF - component: c:\program files\Mozilla Firefox\extensions\{127d6e99-a34f-39ba-eb0f-a3f76fd9b718}\components\tfvOw-8kok.dll FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - component: c:\users\neu\Application Data\Mozilla\Firefox\Profiles\oznuie15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: c:\users\neu\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-08-15 09:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run DLCXCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\(–€|ÿÿÿÿg•€|é•A~*] "3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(1424) c:\windows\system32\WININET.dll c:\windows\System32\topdesk153.dll c:\windows\System32\VttHooks.dll c:\progra~1\WINDOW~2\wmpband.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\wpdshserviceobj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_dut.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\portabledevicetypes.dll c:\windows\system32\portabledeviceapi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\SOUNDMAN.EXE c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\dlcxcoms.exe c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\iPod\bin\iPodService.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-08-15 09:55:04 - machine was rebooted ComboFix-quarantined-files.txt 2010-08-15 07:55 ComboFix2.txt 2010-08-14 22:29 ComboFix3.txt 2010-05-12 13:14 Pre-Run: 21.830.078.464 bytes free Post-Run: 21.812.961.280 bytes free - - End Of File - - BFDAAD2573F5EA09DC2A0E29C4805BBA