ComboFix 08-03-03.16 - Edward 2008-03-04 16:01:37.3 - NTFSx86 Running from: C:\Documents and Settings\Edward\Desktop\Combo-Fix.exe Command switches used :: C:\Documents and Settings\Edward\Desktop\CFScript.txt FILE :: C:\arbfikac.exe C:\Documents and Settings\Edward\.exe C:\jupss.exe C:\qsdjpwpb.exe C:\WINDOWS\BMf784c838.xml C:\WINDOWS\eqodowomuq.dll C:\WINDOWS\SYSTEM32\ebwgxhsq.ini C:\WINDOWS\SYSTEM32\frgrraem.ini C:\WINDOWS\SYSTEM32\iuhejwry.ini C:\WINDOWS\SYSTEM32\jhbykovs.ini C:\WINDOWS\SYSTEM32\jkghje.dll C:\WINDOWS\SYSTEM32\ldbjrkjv.ini C:\WINDOWS\SYSTEM32\ydcnlsfl.ini C:\WINDOWS\SYSTEM32\yljmgbvp.ini C:\WINDOWS\SYSTEM32\yoenolaw.dll C:\wpohl.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\arbfikac.exe C:\Documents and Settings\Edward\.exe C:\Documents and Settings\Edward\Application Data\FrostWire C:\Documents and Settings\Edward\Application Data\FrostWire\.NetworkShare\LimeWireWin4.16.3.exe C:\Documents and Settings\Edward\Application Data\FrostWire\createtimes.cache C:\Documents and Settings\Edward\Application Data\FrostWire\data.ser C:\Documents and Settings\Edward\Application Data\FrostWire\fileurns.bak C:\Documents and Settings\Edward\Application Data\FrostWire\fileurns.cache C:\Documents and Settings\Edward\Application Data\FrostWire\filters.props C:\Documents and Settings\Edward\Application Data\FrostWire\frostwire.props C:\Documents and Settings\Edward\Application Data\FrostWire\gnutella.net C:\Documents and Settings\Edward\Application Data\FrostWire\installation.props C:\Documents and Settings\Edward\Application Data\FrostWire\library.dat C:\Documents and Settings\Edward\Application Data\FrostWire\pub1.key C:\Documents and Settings\Edward\Application Data\FrostWire\public.key C:\Documents and Settings\Edward\Application Data\FrostWire\questions.props C:\Documents and Settings\Edward\Application Data\FrostWire\responses.cache C:\Documents and Settings\Edward\Application Data\FrostWire\secureMessage.key C:\Documents and Settings\Edward\Application Data\FrostWire\spam.dat C:\Documents and Settings\Edward\Application Data\FrostWire\tables.props C:\Documents and Settings\Edward\Application Data\FrostWire\themes\frostwire_theme.skin C:\Documents and Settings\Edward\Application Data\FrostWire\themes\frostwire_theme\kill.png C:\Documents and Settings\Edward\Application Data\FrostWire\themes\frostwire_theme\kill_on.png C:\Documents and Settings\Edward\Application Data\FrostWire\themes\frostwire_theme\theme.txt C:\Documents and Settings\Edward\Application Data\FrostWire\ttree.cache C:\Documents and Settings\Edward\Application Data\FrostWire\version.key C:\Documents and Settings\Edward\Application Data\FrostWire\version.xml C:\Documents and Settings\Edward\Application Data\FrostWire\xml\data\audio.sxml C:\Documents and Settings\Edward\Application Data\FrostWire\xml\data\delete_me C:\Documents and Settings\Edward\Application Data\FrostWire\xml\data\video.sxml C:\Documents and Settings\Edward\Application Data\FrostWire\xml\misc\application.gif C:\Documents and Settings\Edward\Application Data\FrostWire\xml\misc\audio.gif C:\Documents and Settings\Edward\Application Data\FrostWire\xml\misc\document.gif C:\Documents and Settings\Edward\Application Data\FrostWire\xml\misc\image.gif C:\Documents and Settings\Edward\Application Data\FrostWire\xml\misc\video.gif C:\Documents and Settings\Edward\Application Data\FrostWire\xml\schemas\application.xsd C:\Documents and Settings\Edward\Application Data\FrostWire\xml\schemas\audio.xsd C:\Documents and Settings\Edward\Application Data\FrostWire\xml\schemas\document.xsd C:\Documents and Settings\Edward\Application Data\FrostWire\xml\schemas\image.xsd C:\Documents and Settings\Edward\Application Data\FrostWire\xml\schemas\video.xsd C:\Documents and Settings\Edward\Application Data\uTorrent C:\Documents and Settings\Edward\Application Data\uTorrent\Ad-Aware SE Professional v1.06 + Multi Lang + All Ad-Ons.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\dht.dat C:\Documents and Settings\Edward\Application Data\uTorrent\dht.dat.old C:\Documents and Settings\Edward\Application Data\uTorrent\ESET.NOD32.Antivirus.Business.Edition.v3.0.566.CRACKED-CU.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\Mr.Brooks.DVDR-Replica.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\PC Booster 2008 1.0.0.1.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\Photoshop CS3 Extended Crack - WORKS.1.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\Photoshop CS3 Extended Crack - WORKS.2.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\Photoshop CS3 Extended Crack - WORKS.3.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\Photoshop CS3 Extended Crack - WORKS.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\Pop up Blocker Pro (Rich-Media Ads Edition)5.0.1.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\resume.dat C:\Documents and Settings\Edward\Application Data\uTorrent\resume.dat.old C:\Documents and Settings\Edward\Application Data\uTorrent\settings.dat C:\Documents and Settings\Edward\Application Data\uTorrent\settings.dat.old C:\Documents and Settings\Edward\Application Data\uTorrent\SpyHunter.3.4.9-MKDEV.TEAM.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\Spyware Doctor 5.5.0.178 - Final UPDATED.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\ss2g-ialdvdr.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\The_Fast_And_The_Furious_Tokyo_Drift_EUR_PSP-REV0.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\Transformers.MP4.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\Transformers.PROPER.DVDR-ThP.torrent C:\Documents and Settings\Edward\Application Data\uTorrent\wintasksprotrial2.rar.torrent C:\jupss.exe C:\Program Files\.autoreg\ C:\Program Files\FrostWire C:\Program Files\FrostWire\log.txt C:\Program Files\uTorrent C:\Program Files\uTorrent\uTorrent.exe C:\qsdjpwpb.exe C:\WINDOWS\BMf784c838.xml C:\WINDOWS\eqodowomuq.dll C:\WINDOWS\SYSTEM32\bbbbb\ C:\WINDOWS\SYSTEM32\ebwgxhsq.ini C:\WINDOWS\SYSTEM32\frgrraem.ini C:\WINDOWS\SYSTEM32\iuhejwry.ini C:\WINDOWS\SYSTEM32\jhbykovs.ini C:\WINDOWS\SYSTEM32\jkghje.dll C:\WINDOWS\SYSTEM32\ldbjrkjv.ini C:\WINDOWS\SYSTEM32\ydcnlsfl.ini C:\WINDOWS\SYSTEM32\yljmgbvp.ini C:\WINDOWS\SYSTEM32\yoenolaw.dll C:\wpohl.exe . ((((((((((((((((((((((((( Files Created from 2008-02-04 to 2008-03-04 ))))))))))))))))))))))))))))))) . 2008-03-03 23:15 . 2008-03-04 15:52 0 ---hs---- C:\WINDOWS\S7E46A0CD.tmp 2008-03-02 22:45 . 2008-03-02 23:32 d-------- C:\VundoFix Backups 2008-03-02 22:24 . 2008-03-02 22:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-03-02 22:24 . 2008-03-02 22:24 1,409 --a------ C:\WINDOWS\QTFont.for 2008-02-26 21:16 . 2008-02-26 21:16 d-------- C:\Program Files\AskSBar 2008-02-26 19:03 . 2008-02-26 19:03 102,664 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys 2008-02-26 19:02 . 2008-03-01 21:04 d-------- C:\Documents and Settings\Edward\.housecall6.6 2008-02-26 16:46 . 2008-02-26 16:46 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot 2008-02-26 16:45 . 2008-02-26 18:51 13,312 --a------ C:\WINDOWS\SYSTEM32\bbbbb 2008-02-26 16:13 . 2008-02-26 16:13 d-------- C:\Program Files\LIUtilities 2008-02-25 21:45 . 2008-03-03 19:27 d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-02-25 21:44 . 2008-03-03 23:05 d-------- C:\Program Files\Spyware Doctor 2008-02-25 21:44 . 2008-02-25 21:44 d-------- C:\Documents and Settings\Edward\Application Data\PC Tools 2008-02-25 21:44 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksyssec.sys 2008-02-25 21:44 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\iksysflt.sys 2008-02-25 21:44 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikfilesec.sys 2008-02-25 21:44 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\kcom.sys 2008-02-25 18:00 . 2008-02-25 18:00 d-------- C:\Program Files\inKline Global 2008-02-23 23:57 . 2008-02-23 23:57 d-------- C:\Documents and Settings\All Users\Application Data\Elaborate Bytes 2008-02-23 23:34 . 2008-03-03 23:05 d-------- C:\Program Files\Pop up Blocker Pro RMA Edition 2008-02-23 23:14 . 2008-03-03 23:05 d-------- C:\Program Files\AdwareAlert 2008-02-23 21:17 . 2008-02-23 23:42 d-------- C:\Program Files\Elaborate Bytes 2008-02-19 21:27 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr 2008-02-19 21:27 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys 2008-02-19 21:27 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys 2008-02-19 21:27 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys 2008-02-19 21:27 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys 2008-02-19 21:27 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys 2008-02-19 21:26 . 2008-02-19 21:26 d-------- C:\Program Files\Alwil Software 2008-02-19 21:26 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe 2008-02-19 21:26 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\SYSTEM32\actskin4.ocx 2008-02-19 20:55 . 2008-03-01 21:04 d-------- C:\Program Files\Trend Micro 2008-02-19 16:27 . 2008-03-03 23:05 d-------- C:\Program Files\Spybot Search & Destroy 2008-02-17 23:31 . 2008-02-11 09:52 19,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\adwarealert.sys 2008-02-17 18:54 . 2008-03-02 20:24 d-------- C:\Documents and Settings\Edward\Application Data\AdwareAlert 2008-02-17 17:50 . 2008-02-18 18:07 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2008-02-16 01:30 . 2008-02-18 18:19 d-------- C:\Documents and Settings\All Users\Application Data\McAfee 2008-02-14 23:18 . 2008-02-14 23:18 d-------- C:\Program Files\Enigma Software Group 2008-02-14 19:36 . 2008-02-14 19:36 d-------- C:\Program Files\CookieBoy 2k8 Ltd 2008-02-14 16:41 . 2008-02-14 16:41 10,344 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\symlcbrd.sys 2008-02-14 16:21 . 2008-02-14 16:34 8,014 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.CAT 2008-02-14 16:21 . 2008-02-14 16:34 806 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.INF 2008-02-11 22:30 . 2008-02-11 23:30 d-------- C:\Program Files\UltraVNC 2008-02-09 22:02 . 2008-02-19 21:30 1,519,616 --a------ C:\WINDOWS\SYSTEM32\nwiz.exe 2008-02-09 19:02 . 2008-02-09 19:02 d-------- C:\Program Files\Webroot 2008-02-09 19:02 . 2008-02-09 19:02 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot 2008-02-09 19:02 . 2008-02-09 19:02 d-------- C:\Documents and Settings\Edward\Application Data\Webroot 2008-02-09 19:02 . 2008-02-09 19:02 d-------- C:\Documents and Settings\All Users\Application Data\Webroot 2008-02-09 19:02 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll 2008-02-09 19:02 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ssidrv.sys 2008-02-09 19:02 . 2008-01-04 20:34 23,920 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sskbfd.sys 2008-02-09 19:02 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\sshrmd.sys 2008-02-09 19:02 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\SSFS0BB9.sys 2008-02-09 18:24 . 2008-02-09 18:24 d-------- C:\Program Files\SpywareBlaster 2008-02-08 22:05 . 2007-12-06 21:21 6,066,176 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll 2008-02-08 22:05 . 2007-06-30 22:31 2,455,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat 2008-02-08 22:05 . 2007-06-30 22:36 991,232 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui 2008-02-08 22:05 . 2007-12-06 21:21 459,264 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll 2008-02-08 22:05 . 2007-12-06 21:21 383,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll 2008-02-08 22:05 . 2007-12-06 21:21 267,776 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll 2008-02-08 22:05 . 2007-12-06 21:21 63,488 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll 2008-02-08 22:05 . 2007-12-06 21:21 52,224 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll 2008-02-08 22:05 . 2007-12-06 06:00 13,824 -----c--- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe 2008-02-08 22:04 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\SYSTEM32\DLLCACHE\custsat.dll 2008-02-05 16:25 . 2008-02-05 16:26 d-------- C:\NETGEAR MIMO G . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-04 20:47 --------- d-----w C:\Program Files\Java 2008-03-04 04:05 --------- d-----w C:\Program Files\Windows Defender 2008-03-04 04:05 --------- d-----w C:\Program Files\QuickTime 2008-03-04 04:05 --------- d-----w C:\Program Files\iTunes 2008-03-04 04:05 --------- d-----w C:\Program Files\ESPNRunTime 2008-03-04 04:05 --------- d-----w C:\Program Files\AIM95 2008-02-26 03:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-02-25 23:00 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-19 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-17 22:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-02-16 07:12 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-05 21:12 --------- d--h--w C:\Documents and Settings\Edward\Application Data\Move Networks 2008-02-05 21:11 --------- d-----w C:\Program Files\Common Files\Real 2008-02-05 21:06 --------- d-----w C:\Program Files\Palm 2008-02-05 20:57 --------- d-----w C:\Program Files\My Stuff 2008-01-30 22:27 --------- d-----w C:\Program Files\Plaxo 2008-01-29 02:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-01-29 01:55 --------- d-----w C:\Program Files\Microsoft Works 2008-01-29 01:53 --------- d-----w C:\Program Files\Microsoft.NET 2008-01-29 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream 2008-01-25 20:01 32,768 ----a-w C:\Documents and Settings\Edward\services.exe 2008-01-23 04:21 90,616 ----a-w C:\Documents and Settings\Edward\Application Data\GDIPFONTCACHEV1.DAT 2008-01-21 23:09 --------- d-----w C:\Program Files\Yahoo! 2008-01-21 23:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL 2008-01-21 23:05 --------- d-----w C:\Program Files\Living Books 2008-01-20 22:46 278,538 ----a-w C:\WINDOWS\Fonts\Setup.exe 2008-01-19 20:53 --------- d-----w C:\Documents and Settings\Edward\Application Data\MD5 Checksum Verifier 2008-01-16 22:39 --------- d-----w C:\Program Files\Audio Editor Gold 2008-01-14 22:16 --------- d-----w C:\Program Files\Microsoft Home Publishing 2000 2008-01-11 23:25 --------- d-----w C:\Program Files\RcvSystem 2008-01-07 20:17 10 ----a-w C:\Program Files\.autoreg 2008-01-04 20:49 --------- d-----w C:\Documents and Settings\Edward\Application Data\FreeCall 2006-12-18 05:41 5,632 --sh--w C:\Program Files\Thumbs.db 2006-03-16 23:02 560 ----a-w C:\Documents and Settings\Edward\Application Data\ViewerApp.dat 2006-02-12 22:59 11,486,720 ----a-w C:\Program Files\TiVo Desktop 2.2.exe 2005-08-30 23:13 313,283 ----a-w C:\Program Files\cwshredder.zip 2004-11-03 23:34 28,124 ----a-w C:\Program Files\PI's Adam.pdf 2004-06-01 13:27 137,216 ----a-w C:\Program Files\CWShredder.exe 2003-10-14 04:42 32,320 ----a-w C:\Documents and Settings\Edward\removeme.exe 2007-04-07 15:33 2,516 --sha-w C:\WINDOWS\SYSTEM32\KGyGaAvL.sys . [code]
----a-w         5,367,664 2008-02-20 02:31:03  C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI .exe
[/code] ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {DE9C389F-3316-41A7-809B-AA305ED9D922} {2318C2B1-4965-11D4-9B18-009027A5CD4F} {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} {8E718888-423F-11D2-876E-00A0C9082467} [HKEY_CLASSES_ROOT\clsid\{f0d4b239-da4b-4daf-81e4-dfee4931a4aa}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360] "Pop up Blocker Pro Rich-Media Ads Edition"="C:\Program Files\Pop up Blocker Pro RMA Edition\pdie.exe" [2008-03-03 15:19 1311232] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 02:56 33280 C:\WINDOWS\SYSTEM32\rundll32.exe] "Logitech Utility"="Logi_MwX.Exe" [2002-11-08 04:50 19968 C:\WINDOWS\LOGI_MWX.EXE] "SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-03-03 15:19 847872] "PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [2008-03-03 15:19 14450688] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2008-02-19 21:30 132496] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2002-11-24 03:40:29 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "AllowLegacyWebView"= 1 (0x1) "AllowUnhashedWebView"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoViewOnDrive"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"= "C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "C:\\Program Files\\Common Files\\AOL\\1130193630\\ee\\aolsoftware.exe"= "C:\\Program Files\\Common Files\\AOL\\1130193630\\ee\\aim6.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\UltraVNC\\repeater.exe"= "C:\\Program Files\\UltraVNC\\winvnc.exe"= "C:\\Program Files\\UltraVNC\\vncviewer.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5900:TCP"= 5900:TCP:VNC [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50292d6e-7815-11db-8d54-0007e9bbeae2}] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{50292d6f-7815-11db-8d54-0007e9bbeae2}] \Shell\AutoRun\command - H:\setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c8bc06e0-c3bd-11db-8d74-0007e9bbeae2}] \Shell\AutoRun\command - F:\LaunchU3.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\f5d94ac0-0718-4ed1-83fd-e34a38ac835b] C:\WINDOWS\System32\obarnxq.exe . Contents of the 'Scheduled Tasks' folder "2008-03-04 08:00:00 C:\WINDOWS\Tasks\AdwareAlert Scheduled Scan.job" - C:\Program Files\AdwareAlert\AdwareAlert .exe - C:\Program Files\AdwareAlert "2008-02-29 21:16:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-03-04 06:49:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job" - C:\Program Files\Windows Defender\MpCmdRun.exe "2008-03-04 21:15:10 C:\WINDOWS\Tasks\PCHealth Scheduler for Upload Library.job" - C:\WINDOWS\PCHealth\UploadLB\Binaries\UploadM.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-03-04 16:12:50 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\System32\wdfmgr.exe C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe C:\Program Files\UltraVNC\winvnc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Logitech\MouseWare\system\em_exec.exe . ************************************************************************** . Completion time: 2008-03-04 16:20:11 - machine was rebooted ComboFix-quarantined-files.txt 2008-03-04 21:20:06 ComboFix2.txt 2008-03-04 04:24:38 ComboFix3.txt 2008-03-04 01:10:55 . 2008-02-13 08:13:07 --- E O F ---