ComboFix 11-08-06.02 - Administrator 08/07/2011  13:39:52.1.4 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3510.2707 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
 * Created a new restore point
 * Resident AV is active
.
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\1pR4583SV.com
c:\documents and settings\Administrator\Local Settings\Application Data\1pR4583SV.exe
c:\documents and settings\All Users\Application Data\1pR4583SV.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\1pR4583SV.exe
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
c:\program files\Common Files\Java\Java Update\jusched.exe
c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe
c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe
c:\program files\DellTPad\Apoint.exe
c:\program files\McAfee\Common Framework\udaterui.exe
c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE
c:\program files\Microsoft Office Communicator\communicator.exe
c:\windows\Fonts\1pR4583SV.com
c:\windows\system32\config\systemprofile\1pR4583SV.com
c:\windows\Tasks\At100.job
c:\windows\Tasks\At101.job
c:\windows\Tasks\At108.job
c:\windows\Tasks\At110.job
c:\windows\Tasks\At114.job
.
.
(((((((((((((((((((((((((   Files Created from 2011-07-07 to 2011-08-07  )))))))))))))))))))))))))))))))
.
.
2011-08-03 20:48 . 2011-08-02 16:23	39940	----a-w-	c:\windows\system32\1pR4583SV.com
2011-08-02 19:47 . 2010-07-16 12:59	656320	----a-w-	c:\windows\system32\drivers\pctEFA.sys
2011-08-02 19:47 . 2010-07-16 12:59	338880	----a-w-	c:\windows\system32\drivers\pctDS.sys
2011-08-02 19:47 . 2011-01-17 07:10	251560	----a-w-	c:\windows\system32\drivers\pctgntdi.sys
2011-08-02 19:47 . 2010-12-10 14:57	160448	----a-w-	c:\windows\system32\drivers\PCTAppEvent.sys
2011-08-02 19:47 . 2010-12-10 11:24	239168	----a-w-	c:\windows\system32\drivers\PCTCore.sys
2011-08-02 19:47 . 2010-12-16 06:46	70536	----a-w-	c:\windows\system32\drivers\pctplsg.sys
2011-08-02 19:47 . 2011-08-02 20:01	--------	d-----w-	c:\program files\PC Tools Security
2011-08-02 19:47 . 2011-08-02 19:47	--------	d-----w-	c:\program files\Common Files\PC Tools
2011-08-02 19:47 . 2011-08-02 19:47	--------	d-----w-	c:\documents and settings\Administrator\Application Data\PC Tools
2011-08-02 19:47 . 2011-08-02 20:01	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP
2011-08-02 19:45 . 2011-08-02 19:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Tools
2011-08-02 18:44 . 2011-08-02 20:01	--------	d-----w-	c:\program files\Free Window Registry Repair
2011-08-02 18:34 . 2011-08-02 18:34	--------	d-----w-	c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}
2011-08-02 18:26 . 2011-08-02 18:26	--------	d-----w-	c:\documents and settings\LocalService\Tracing
2011-08-02 18:09 . 2011-08-02 18:09	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-08-02 18:09 . 2011-08-02 18:09	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-02 18:09 . 2011-08-03 22:54	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-08-02 18:00 . 2011-08-02 18:00	--------	d-----w-	c:\program files\Uniblue
2011-08-02 18:00 . 2011-08-02 18:00	--------	d-----w-	c:\documents and settings\Administrator\Local Settings\Application Data\PackageAware
2011-08-01 11:14 . 2011-08-01 11:15	--------	d-----w-	c:\documents and settings\RLewandowski\Application Data\wargaming.net
2011-07-19 13:12 . 2011-07-23 01:30	--------	d-----w-	c:\documents and settings\Administrator\Application Data\Mumble
2011-07-19 13:00 . 2011-07-19 13:00	--------	d-----w-	c:\program files\Mumble
2011-07-18 23:14 . 2011-07-18 23:18	--------	d-----w-	c:\documents and settings\Administrator\Application Data\wargaming.net
2011-07-16 18:14 . 2011-08-04 16:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Sony Ericsson
2011-07-16 18:14 . 2011-07-16 18:25	--------	d-----w-	c:\program files\Sony Ericsson
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-02 18:30 . 2010-09-07 04:45	0	----a-w-	c:\documents and settings\Administrator\Local Settings\Application Data\WavXMapDrive.bat
2011-08-02 07:15 . 2010-09-08 12:02	0	----a-w-	c:\documents and settings\RLewandowski\Local Settings\Application Data\WavXMapDrive.bat
2011-06-26 22:38 . 2011-05-19 06:47	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-19 10:43 . 2010-09-08 09:14	0	----a-w-	c:\documents and settings\jmach\Local Settings\Application Data\WavXMapDrive.bat
2009-05-08 09:43 . 2010-06-28 14:28	3145728	----a-w-	c:\program files\Common Files\sapxlhelper.dll
2009-05-08 09:43 . 2010-06-28 14:28	192512	----a-w-	c:\program files\Common Files\sapconsr3.dll
2009-05-08 09:43 . 2010-06-28 14:28	626688	----a-w-	c:\program files\Common Files\sapconsaccess.dll
2009-05-08 09:43 . 2010-06-28 14:28	40960	----a-w-	c:\program files\Common Files\DigitalSignature.ocx
.
[code]<pre>
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl .exe
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM .exe
c:\program files\Common Files\Java\Java Update\jusched .exe
c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint .exe
c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService .exe
c:\program files\DellTPad\Apoint .exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\Malwarebytes' Anti-Malware\mbam .exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui .exe
c:\program files\McAfee\Common Framework\udaterui .exe
c:\program files\McAfee\VirusScan Enterprise\SHSTAT .exe
c:\program files\Microsoft Office Communicator\communicator .exe
c:\program files\QuickTime\qttask  .exe
c:\program files\Uniblue\RegistryBooster\launcher .exe
c:\program files\Wave Systems Corp\Services Manager\DocMgr\bin\WavXDocMgr .exe
</pre>[/code]
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 10:45	62832	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 10:45	62832	----a-w-	c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [N/A]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 170008]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 145432]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-08-02 39940]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]
"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [N/A]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [N/A]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [N/A]
"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [N/A]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [N/A]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [N/A]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2010-2-8 1338224]
Proxy Switcher.lnk - c:\windows\Installer\{555F08C0-4695-47BB-8D9A-8E9BE43DD4E3}\_FADFE86C957E69CD685B76.exe [2011-6-17 894]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]
VPN Client.lnk - c:\windows\Installer\{A7091E1D-36A4-47F1-A739-173CC341414F}\Icon3E5562ED7.ico [2010-9-7 6144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"MaxGPOScriptWait"= 32000 (0x7d00)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-725345543-682003330-124139\Scripts\Logon\0\0]
"Script"=UCClientConfig.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-725345543-682003330-124139\Scripts\Logon\1\0]
"Script"=\\var11nt\Software\7-zip\7zip.bat
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-725345543-682003330-18110\Scripts\Logon\0\0]
"Script"=UCClientConfig.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1390067357-725345543-682003330-18110\Scripts\Logon\1\0]
"Script"=\\var11nt\Software\7-zip\7zip.bat
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe"= %windir%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:172.0.0.0/255.0.0.0:Enabled:Remote Assistance Service
"%windir%\PCHealth\HelpCtr\Binaries\Helpctr.exe"= %windir%\PCHealth\HelpCtr\Binaries\Helpctr.exe:172.0.0.0/255.0.0.0:Enabled:Remote Assistance Control
"%programfiles%\sap\frontend\sapgui\saplgpad.exe"= %programfiles%\sap\frontend\sapgui\saplgpad.exe:172.0.0.0/255.0.0.0:Enabled:SAP Logon Pad 7.1 for Windows
"%programfiles%\sap\frontend\sapgui\saplogon.exe"= %programfiles%\sap\frontend\sapgui\saplogon.exe:172.0.0.0/255.0.0.0:Enabled:SAP Logon 7.1 for Windows
"%programfiles%\Network Associates\VirusScan\mcconsol.exe"= %programfiles%\Network Associates\VirusScan\mcconsol.exe:172.0.0.0/255.0.0.0:Enabled:VirusScan-Konsole
"%programfiles%\\Network Associates\\Common Framework\\FrameworkService.exe"=
"%programfiles%\Network Associates\Common Framework\CmdAgent.exe"= %programfiles%\Network Associates\Common Framework\CmdAgent.exe:172.0.0.0/255.0.0.0:Enabled:McAfee Common Framework
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\windows\system32\mnmsrvc.exe"= c:\windows\system32\mnmsrvc.exe:172.0.0.0/255.0.0.0:Enabled:Netmeeting Remote Desktop Sharing
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"f:\\EVE(tranq)\\bin\\ExeFile.exe"=
"f:\\EVE macro\\bin\\ExeFile.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=
"f:\\EVE (Black Ice)\\bin\\ExeFile.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"f:\\World_of_Tanks\\WOTLauncher.exe"=
"f:\\World_of_Tanks\\WorldOfTanks.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management 
"135:TCP"= 135:TCP:Remote Assistance
"139:TCP"= 139:TCP:172.0.0.0/255.0.0.0:Enabled:@xpsp2res.dll,-22004
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\ICMPSettings]
"AllowInboundTimeStampRequest"= 1 (0x1)
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/2/2011 9:47 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [8/2/2011 9:47 PM 338880]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [5/10/2010 3:24 PM 1803584]
R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [11/20/2009 5:42 PM 278304]
R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [2/8/2010 4:20 PM 376688]
R2 FBSWorker;Ferro Backup System - Worker;c:\program files\FERRO Software\Ferro Backup System\FBSWorker.exe [9/8/2010 12:23 PM 188568]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2/4/2011 8:07 PM 22816]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [9/8/2010 12:20 PM 69192]
R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [6/28/2010 8:46 PM 42672]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [6/28/2010 8:45 PM 113664]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [7/7/2010 3:43 PM 540288]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [6/28/2010 8:47 PM 132480]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [6/28/2010 8:44 PM 235520]
S?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 MBAMService;MBAMService;"c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe" --> c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [?]
S3 MBAMProtector;MBAMProtector;\??\c:\windows\system32\drivers\mbam.sys --> c:\windows\system32\drivers\mbam.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [9/8/2010 12:20 PM 67240]
S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [6/28/2010 1:20 PM 65664]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [8/2/2011 9:47 PM 366840]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [6/28/2010 8:52 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-05 c:\windows\Tasks\At25.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At26.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-06 c:\windows\Tasks\At27.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-06 c:\windows\Tasks\At28.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-06 c:\windows\Tasks\At29.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-06 c:\windows\Tasks\At30.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-06 c:\windows\Tasks\At31.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-06 c:\windows\Tasks\At32.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-06 c:\windows\Tasks\At33.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-06 c:\windows\Tasks\At34.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-06 c:\windows\Tasks\At35.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-06 c:\windows\Tasks\At36.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-07 c:\windows\Tasks\At37.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-07 c:\windows\Tasks\At38.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At39.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At40.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At41.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At42.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At43.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At44.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At45.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At46.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At47.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
2011-08-05 c:\windows\Tasks\At48.job
- c:\windows\system32\1pR4583SV.com [2011-08-03 16:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.pl/
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 212.76.34.49 212.76.34.50
DPF: {479B29EF-9A2C-11D0-B696-00A0C903487A} - hxxp://www.millenniumdm.pl/teleinwestor/IE/sunloadn.cab
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\documents and settings\All Users\Application Data\{3C0AACBF-B491-4BE5-BAF9-AA46E0629E42}\bm_installer.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-07 13:56
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ... 
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(1408)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(3996)
c:\windows\system32\WININET.dll
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\drivers\media\sthd_5.10.0.6281\stacsv.exe
c:\program files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\IBM\Lotus\Notes\nslsvice.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\IBM\Lotus\Notes\ntmulti.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\mfeann.exe
c:\windows\system32\CCM\CcmExec.exe
c:\program files\OnyxBox Software\Proxy Switcher\Proxy Switcher.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\IDT\WDM\sttray .exe
c:\program files\iPass\iPassConnect\iPassPeriodicUpdateApp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\msiexec.exe
c:\windows\system32\MsiExec.exe
c:\program files\iPass\iPassConnect\PBUpdate.exe
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-08-07  13:58:42 - machine was rebooted
ComboFix-quarantined-files.txt  2011-08-07 11:58
.
Pre-Run: 156,080,275,456 bytes free
Post-Run: 156,633,931,776 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 6F4D4995AB73B35B8BDE37FC5477DA80