Video and power management issues

**zenjimc** · 2011-01-29, 19:54

ComboFix 11-01-28.03 - James Collins 01/29/2011 13:32:18.6.2 - x86
Running from: c:\documents and settings\James Collins\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\James Collins\GoToAssistDownloadHelper.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-28 to 2011-01-29 )))))))))))))))))))))))))))))))
.

2011-01-24 13:32 . 2006-03-29 14:05 32768 ------w- c:\windows\system32\IJRMF.exe
2011-01-24 04:27 . 2011-01-24 04:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonIJEPPEX2
2011-01-24 04:27 . 2011-01-24 04:27 -------- d--h--w- c:\documents and settings\All Users\Application Data\CanonEPP
2011-01-24 04:15 . 2011-01-24 04:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Canon IJ Network Tool
2011-01-24 04:15 . 2010-03-19 00:25 307200 ----a-w- c:\windows\system32\CNC5200L.dll
2011-01-24 04:15 . 2010-03-18 22:12 1335296 ----a-w- c:\windows\system32\CNC5200C.dll
2011-01-24 04:15 . 2010-03-18 22:12 114688 ----a-w- c:\windows\system32\CNC5200I.dll
2011-01-24 04:15 . 2010-03-18 22:11 106496 ----a-w- c:\windows\system32\CNC5200U.dll
2011-01-24 04:15 . 2008-08-25 23:02 15872 ----a-w- c:\windows\system32\CNHMCA.dll
2011-01-24 04:13 . 2011-01-24 04:13 -------- d-----w- c:\documents and settings\James Collins\Application Data\Canon Easy-WebPrint EX
2011-01-24 04:08 . 2010-04-07 10:00 73216 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPPAE.DLL
2011-01-24 04:08 . 2010-04-07 10:00 290816 ----a-w- c:\windows\system32\CNMLMAE.DLL
2011-01-24 04:08 . 2010-04-07 10:00 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\CNMPDAE.DLL
2011-01-24 04:08 . 2010-03-11 08:56 180224 ----a-w- c:\windows\system32\CNMIUAE.DLL
2011-01-24 04:07 . 2011-01-24 04:07 -------- d-----w- c:\windows\system32\STRING
2011-01-24 04:07 . 2010-02-05 10:37 34816 ----a-w- c:\windows\system32\CNMNPUI.DLL
2011-01-24 04:07 . 2010-02-05 10:37 340992 ----a-w- c:\windows\system32\CNMNPPM.DLL
2011-01-19 03:27 . 2011-01-19 03:27 -------- d-----w- c:\program files\Common Files\Java
2011-01-19 03:27 . 2011-01-19 03:27 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-09 15:25 . 2011-01-09 15:25 -------- d--h--w- c:\windows\msdownld.tmp
2011-01-09 15:22 . 2011-01-09 15:23 -------- dc-h--w- c:\windows\ie8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-19 03:27 . 2010-05-03 19:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-25 13:01 . 2006-12-24 12:38 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-12-20 23:09 . 2010-10-23 04:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 23:08 . 2010-10-23 04:06 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-13 02:19 . 2008-03-11 20:40 111928 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-12-13 02:18 . 2009-03-05 00:51 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-12-13 02:18 . 2008-03-11 20:40 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-11 23:40 . 2010-11-07 11:25 5468 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-18 18:12 . 2005-08-16 08:40 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52 . 2005-08-16 08:18 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2005-08-16 08:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2005-08-16 08:18 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2005-08-16 08:18 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2005-08-16 08:18 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2005-08-16 08:18 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-07-20 22:51 . 2010-07-20 22:13 1874384736 ----a-w- c:\program files\MSSetupv87.exe
2009-10-30 16:56 . 2009-10-30 16:56 85504 ----a-w- c:\program files\Inherit.exe
2008-03-15 13:58 . 2008-03-15 13:58 774144 -c--a-w- c:\program files\RngInterstitial.dll
2010-10-14 03:28 . 2010-12-12 05:14 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 155648]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624]
"RetroExpress"="c:\progra~1\RETROS~1\RETROS~1.5\RetroExpress.exe" [2008-07-16 9499928]
"QuiKProtect"="c:\program files\Iomega\QuikProtect\StartQuikProtect.exe" [2010-06-24 58672]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 69632]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-09-30 1193848]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-03-03 140640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-11 24576]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Steam"="c:\program files\Steam\Steam.exe" -silent

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\iPod\\bin\\iPodService.exe"=
"c:\\Program Files\\Dell Support Center\\bin\\sprtcmd.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Turbine\\Dungeons and Dragons Online - Eberron Unlimited\\dndclient.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"i:\\Games\\Steam\\steamapps\\common\\audiosurf\\engine\\QuestViewer.exe"=
"i:\\Games\\Steam\\steamapps\\common\\torchlight\\TorchED\\Editor.exe"=
"i:\\Games\\Steam\\steamapps\\bartawe\\ricochet\\hl.exe"=
"i:\\Games\\Steam\\steamapps\\bartawe\\team fortress classic\\hl.exe"=
"i:\\Games\\Steam\\steamapps\\common\\alien swarm\\swarm.exe"=
"i:\\Games\\Steam\\steamapps\\common\\alien swarm\\srcds.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"i:\\Games\\Steam\\steamapps\\bartawe\\half-life\\hl.exe"=
"i:\\Games\\Steam\\steamapps\\bartawe\\deathmatch classic\\hl.exe"=
"i:\\Games\\Steam\\steamapps\\bartawe\\day of defeat\\hl.exe"=
"i:\\Games\\Steam\\steamapps\\bartawe\\counter-strike\\hl.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"i:\\Games\\Steam\\steamapps\\common\\world of goo\\WorldOfGoo.exe"=
"i:\\Games\\Steam\\steamapps\\common\\aquaria\\Aquaria.exe"=
"i:\\Games\\Steam\\steamapps\\common\\penumbra overture\\redist\\Penumbra.exe"=
"c:\\Program Files\\2K Games\\Firaxis Games\\Sid Meier's Civilization IV Colonization\\Colonization.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9842:TCP"= 9842:TCP:*:Disabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*:Disabled:SolidNetworkManager
"56767:TCP"= 56767:TCP:Pando Media Booster
"56767:UDP"= 56767:UDP:Pando Media Booster
"56961:TCP"= 56961:TCP:Pando Media Booster
"56961:UDP"= 56961:UDP:Pando Media Booster
"58465:TCP"= 58465:TCP:Pando Media Booster
"58465:UDP"= 58465:UDP:Pando Media Booster
"1567:TCP"= 1567:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R0 vvqlbdup;vvqlbdup;c:\windows\System32\drivers\goyxxt.sys [x]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 136176]
R3 BW2NDIS5;BW2NDIS5;c:\windows\system32\Drivers\BW2NDIS5.sys [x]
R3 cafd20fe-06de-444d-aff9-1c1458602f1e;cafd20fe-06de-444d-aff9-1c1458602f1e;d:\cds300\cds300.dll [x]
R3 CSVirtA;Cisco Systems SSL VPN Adapter;c:\windows\system32\DRIVERS\CSVirtA.sys [2009-06-29 22136]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\DRIVERS\mfendisk.sys [2010-10-14 88544]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-10-14 84264]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [2007-06-19 23680]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 XDva279;XDva279;c:\windows\system32\XDva279.sys [x]
S1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-10-14 84072]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [2010-02-18 95024]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-04-14 14336]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-10-14 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-10-14 141792]
S2 QPCopyEngine;QPCopyEngine;c:\program files\Iomega\QuikProtect\QpMonitor.exe [2010-06-24 247088]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-10-14 55840]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-10-14 313288]
S3 mfendiskmp;mfendiskmp;c:\windows\system32\DRIVERS\mfendisk.sys [2010-10-14 88544]
S3 QsFsFltr;QsFsFltr;c:\windows\system32\DRIVERS\QsFsFltr.sys [2010-06-24 19384]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder

2011-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]

2011-01-29 c:\windows\Tasks\Disk Cleanup.job
- c:\windows\system32\cleanmgr.exe [2005-08-16 00:12]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 01:53]

2011-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 01:53]

2009-11-07 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2011-01-18 20:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List
IE: Easy-WebPrint High Speed Print
IE: Easy-WebPrint Preview
IE: Easy-WebPrint Print
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: eastersealsnh.org
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: mcafee.com\us
Trusted Zone: microsoft.com\www.update
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
DPF: {C49134CC-B5EF-458C-A442-E8DFE7B4645F} - hxxp://www.yoyogames.com/downloads/activex/YoYo.cab
FF - ProfilePath - c:\documents and settings\James Collins\Application Data\Mozilla\Firefox\Profiles\c6yuu406.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1641676&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: McAfee SiteAdvisor: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\McAfee\SiteAdvisor
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: YoYo Games InstantPlay: yyginstantplay@yoyogames.com - %profile%\extensions\yyginstantplay@yoyogames.com
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-Easy Dock - c:\documents and settings\James Collins\My Documents\RCA easyRip\EZDock.exe
AddRemove-Earthworm Jim - D:\Wormload.exe
AddRemove-Final Fantasy VII - i:\ff7\Uninst.isu
AddRemove-Icewind Dale - i:\icewinddale\Uninst.isu
AddRemove-RCA Detective™_is1 - c:\documents and settings\James Collins\My Documents\RCA Detective\unins000.exe
AddRemove-Steam App 12900 - c:\program files\Steam\steam.exe
AddRemove-Steam App 26800 - c:\program files\Steam\steam.exe
AddRemove-Steam App 29100 - c:\program files\Steam\steam.exe
AddRemove-Steam App 400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 70 - c:\program files\Steam\steam.exe
AddRemove-Steam App 8400 - c:\program files\Steam\steam.exe
AddRemove-Steam App 9060 - c:\program files\Steam\steam.exe
AddRemove-Steam App 92 - c:\program files\Steam\steam.exe
AddRemove-Tyrian 2000_is1 - i:\tyrian 2000\unins000.exe
AddRemove-UnityWebPlayer - c:\documents and settings\James Collins\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-29 13:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2161225801-2422398383-4254196062-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\2.5]
"FRT"="nMjzxitZB/4VdJAdYfYnlnvYYu23aZR0MkH0nx1luC8xDJI5l78pxA=="
"PLCK"="VOBD6raQEIiMaDtdSc70Nd1y3NRW5C2r"
"Percents"="0 0.0339 0.2877 0.3684 0.3854 0.8608 0.8959 0.8988 "
"Increment"=".002410"

[HKEY_USERS\S-1-5-21-2161225801-2422398383-4254196062-1006\Software\Sony Creative Software\M*e*d*i*a* *M*a*n*a*g*e*r* *f*o*r* *P*S*P*"!\3.0]
"FRT"="sz3qdEiwYrMHaIdStypx5EiPTglpXrHGwmEEtuCNm0hx7/DAfnqnSA=="
"PLCK"="MWqpPA71eVee3L5VyGRsYPpru91q3mBA"
"PHSH"=""
"Percents"="0.0012 0.0682 0.1506 0.4912 0.8176 0.8724 0.8776 "
"Increment"=".002577"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1092)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-01-29 13:48:46
ComboFix-quarantined-files.txt 2011-01-29 18:48

Pre-Run: 164,140,306,432 bytes free
Post-Run: 164,126,011,392 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

- - End Of File - - 40548C05489C42858D497EA1A06F57E2

Thanks again -

Thread: Video and power management issues

Thread Tools

Display

Threaded View

Combofix log

Posting Permissions