ComboFix 08-04-09.8 - jd 2008-04-10 23:30:19.5 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2045 [GMT -7:00] Running from: C:\Users\jd\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-03-11 to 2008-04-11 ))))))))))))))))))))))))))))))) . 2008-04-10 23:00 . 2008-04-10 23:00 d-------- C:\Program Files\Panda Security 2008-04-10 22:46 . 2008-04-10 22:46 d-------- C:\Program Files\CCleaner 2008-04-10 22:42 . 2008-04-10 22:42 d-------- C:\Program Files\CleanUp! 2008-04-10 22:28 . 2008-04-10 22:28 691 --a------ C:\Users\jd\AppData\Roaming\GetValue.vbs 2008-04-10 22:28 . 2008-04-10 22:28 35 --a------ C:\Users\jd\AppData\Roaming\SetValue.bat 2008-04-10 03:02 . 2008-04-10 03:02 d-------- C:\Program Files\Wisdom-soft AutoScreenRecorder 3 Pro 2008-04-09 15:42 . 2008-04-09 15:42 d-------- C:\Program Files\Microsoft Silverlight 2008-04-09 14:14 . 2008-02-28 21:16 2,027,008 --a------ C:\WINDOWS\System32\win32k.sys 2008-04-09 14:14 . 2008-02-14 16:19 944,184 --a------ C:\WINDOWS\System32\winload.exe 2008-04-09 14:14 . 2008-02-18 22:10 620,088 --a------ C:\WINDOWS\System32\ci.dll 2008-04-09 14:14 . 2008-02-28 23:39 371,712 --a------ C:\WINDOWS\System32\srcore.dll 2008-04-09 14:14 . 2008-02-28 23:38 313,856 --a------ C:\WINDOWS\System32\rstrui.exe 2008-04-09 14:14 . 2008-02-28 23:39 40,960 --a------ C:\WINDOWS\System32\srclient.dll 2008-04-09 14:14 . 2008-02-28 23:51 19,000 --a------ C:\WINDOWS\System32\kd1394.dll 2008-04-09 14:14 . 2008-02-28 23:38 16,384 --a------ C:\WINDOWS\System32\srdelayed.exe 2008-04-09 14:14 . 2008-02-28 23:34 7,168 --a------ C:\WINDOWS\System32\f3ahvoas.dll 2008-04-09 14:14 . 2008-02-28 23:35 6,656 --a------ C:\WINDOWS\System32\kbd106n.dll 2008-04-06 06:20 . 2008-03-29 11:31 75,856 --a------ C:\WINDOWS\System32\drivers\aswSP.sys 2008-04-06 06:20 . 2008-03-29 11:35 20,560 --a------ C:\WINDOWS\System32\drivers\aswFsBlk.sys 2008-03-30 13:39 . 2008-03-30 13:39 d-------- C:\Users\taraandmichelle\AppData\Roaming\Hewlett-Packard 2008-03-30 13:38 . 2008-03-30 13:38 dr------- C:\Users\taraandmichelle\Videos 2008-03-30 13:38 . 2008-03-30 13:38 dr------- C:\Users\taraandmichelle\Searches 2008-03-30 13:38 . 2008-03-30 13:38 dr------- C:\Users\taraandmichelle\Saved Games 2008-03-30 13:38 . 2008-03-30 13:38 dr------- C:\Users\taraandmichelle\Pictures 2008-03-30 13:38 . 2008-03-30 13:38 dr------- C:\Users\taraandmichelle\Music 2008-03-30 13:38 . 2008-03-30 13:38 dr------- C:\Users\taraandmichelle\Links 2008-03-30 13:38 . 2008-03-30 13:38 dr------- C:\Users\taraandmichelle\Downloads 2008-03-30 13:38 . 2008-03-30 13:38 dr------- C:\Users\taraandmichelle\Documents 2008-03-30 13:38 . 2008-03-30 13:38 dr------- C:\Users\taraandmichelle\Contacts 2008-03-30 13:38 . 2006-11-02 05:37 d-------- C:\Users\taraandmichelle\AppData\Roaming\Media Center Programs 2008-03-30 13:38 . 2008-03-30 13:38 d-------- C:\Users\taraandmichelle\AppData\Roaming\Grisoft 2008-03-30 13:38 . 2008-03-30 13:38 d-------- C:\Users\taraandmichelle\AppData\Roaming\DisplayTune 2008-03-30 13:38 . 2008-03-30 13:38 d--h----- C:\Users\taraandmichelle\AppData 2008-03-25 17:46 . 2008-03-25 17:46 32,896 --a------ C:\WINDOWS\System32\iglhxs32.vp 2008-03-25 17:07 . 2008-03-25 17:07 539,160 --a------ C:\WINDOWS\System32\igfxcfg.exe 2008-03-25 17:07 . 2008-03-25 17:07 256,536 --a------ C:\WINDOWS\System32\igfxsrvc.exe 2008-03-25 17:07 . 2008-03-25 17:07 170,520 --a------ C:\WINDOWS\System32\igfxzoom.exe 2008-03-25 17:07 . 2008-03-25 17:07 170,520 --a------ C:\WINDOWS\System32\igfxext.exe 2008-03-25 17:07 . 2008-03-25 17:07 166,424 --a------ C:\WINDOWS\System32\hkcmd.exe 2008-03-25 17:07 . 2008-03-25 17:07 141,848 --a------ C:\WINDOWS\System32\igfxtray.exe 2008-03-25 17:07 . 2008-03-25 17:07 133,656 --a------ C:\WINDOWS\System32\igfxpers.exe 2008-03-25 16:56 . 2008-03-25 16:56 147,456 --a------ C:\WINDOWS\System32\igfxCoIn_v1461.dll 2008-03-25 16:44 . 2008-03-25 16:44 3,301,376 --a------ C:\WINDOWS\System32\igdumd32.dll 2008-03-25 16:44 . 2008-03-25 16:44 2,307,072 --a------ C:\WINDOWS\System32\drivers\igdkmd32.sys 2008-03-25 16:42 . 2008-03-25 16:42 2,215,364 --a------ C:\WINDOWS\System32\igklg400.bin 2008-03-25 16:42 . 2008-03-25 16:42 1,971,732 --a------ C:\WINDOWS\System32\igklg450.bin 2008-03-25 16:42 . 2008-03-25 16:42 29,932 --a------ C:\WINDOWS\System32\igmedcompkrn.bin 2008-03-25 16:33 . 2008-03-25 16:33 2,420,736 --a------ C:\WINDOWS\System32\ig4icd32.dll 2008-03-25 16:33 . 2008-03-25 16:33 2,174,976 --a------ C:\WINDOWS\System32\ig4dev32.dll 2008-03-25 16:29 . 2008-03-25 16:29 176,128 --a------ C:\WINDOWS\System32\igfxrsve.lrc 2008-03-25 16:29 . 2008-03-25 16:29 172,032 --a------ C:\WINDOWS\System32\igfxrtrk.lrc 2008-03-25 16:29 . 2008-03-25 16:29 163,840 --a------ C:\WINDOWS\System32\igfxrtha.lrc 2008-03-25 16:25 . 2008-03-25 16:25 204,800 --a------ C:\WINDOWS\System32\igfxpph.dll 2008-03-25 16:25 . 2008-03-25 16:25 135,168 --a------ C:\WINDOWS\System32\igfxdo.dll 2008-03-25 16:25 . 2008-03-25 16:25 122,880 --a------ C:\WINDOWS\System32\igfxcpl.cpl 2008-03-25 16:25 . 2008-03-25 16:25 69,632 --a------ C:\WINDOWS\System32\oemdspif.dll 2008-03-25 16:25 . 2008-03-25 16:25 24,576 --a------ C:\WINDOWS\System32\igfxexps.dll 2008-03-25 16:24 . 2008-03-25 16:24 3,293,184 --a------ C:\WINDOWS\System32\igfxress.dll 2008-03-25 16:24 . 2008-03-25 16:24 172,032 --a------ C:\WINDOWS\System32\igfxrenu.lrc 2008-03-23 00:13 . 2008-04-04 14:46 d-------- C:\Program Files\Tasker 2008-03-20 17:47 . 2008-03-20 17:47 d-------- C:\Users\jd\AppData\Roaming\DivX 2008-03-20 17:47 . 2008-03-20 17:47 d-------- C:\Program Files\DivX 2008-03-20 17:47 . 2008-03-20 17:47 d-------- C:\Program Files\Common Files\PX Storage Engine 2008-03-20 17:40 . 2008-03-20 17:40 d-------- C:\Program Files\IrfanView 2008-03-20 17:19 . 2008-03-20 17:19 203,776 --a------ C:\WINDOWS\System32\clrviddc.dll 2008-03-20 17:05 . 2008-03-20 17:05 25 --a------ C:\WINDOWS\cdplayer.ini 2008-03-20 16:59 . 2008-03-20 16:59 d-------- C:\Program Files\Real 2008-03-20 16:59 . 2008-03-20 16:59 d-------- C:\Program Files\Common Files\xing shared 2008-03-20 16:59 . 2008-03-20 16:59 d-------- C:\Program Files\Common Files\Real 2008-03-20 16:54 . 2008-03-20 16:54 d-------- C:\Program Files\FLV to AVI MPEG WMV 3GP MP4 iPod Converter 2008-03-20 16:52 . 2008-03-20 16:52 d-------- C:\Users\jd\AppData\Roaming\Download Manager 2008-03-20 16:38 . 2008-03-20 16:38 d-------- C:\Program Files\GustoSoft 2008-03-20 16:28 . 2008-03-20 16:28 36 ---h----- C:\WINDOWS\System32\swk.ini 2008-03-14 13:35 . 2008-03-20 16:20 d-------- C:\WINDOWS\System32\quicktime 2008-03-14 13:10 . 2008-03-14 13:10 d-------- C:\Program Files\FLVPlayer4Free 2008-03-12 16:38 . 2008-03-14 13:06 49 --a------ C:\amp.bat 2008-03-12 16:14 . 2008-03-12 16:14 d-------- C:\Users\god\{aecf07a3-04b6-4084-aa3a-f341706c78b8} 2008-03-12 16:12 . 2008-03-12 16:13 d-------- C:\Program Files\Microsoft LifeCam 2008-03-12 15:58 . 2008-03-12 15:58 d-------- C:\Users\All Users\Xerox 2008-03-12 15:58 . 2008-03-12 15:58 d-------- C:\ProgramData\Xerox 2008-03-11 14:48 . 2007-12-16 15:50 1,060,920 --a------ C:\WINDOWS\System32\drivers\ntfs.sys 2008-03-11 14:48 . 2007-12-16 02:56 41,984 --a------ C:\WINDOWS\System32\drivers\monitor.sys 2008-03-11 07:13 . 2008-03-11 07:13 d-------- C:\Users\god\AppData\Roaming\MSNInstaller 2008-03-11 04:44 . 2008-03-14 12:55 d-------- C:\Program Files\WinAce 2008-03-11 00:23 . 2008-03-12 04:42 230,424 --a------ C:\img2-001.raw . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-11 05:34 3,900 ----a-w C:\Windows\System32\tmp.reg 2008-04-10 05:48 --------- d-----w C:\Program Files\Windows Mail 2008-03-29 18:45 1,146,232 ----a-w C:\Windows\System32\aswBoot.exe 2008-03-29 18:32 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys 2008-03-29 18:29 23,152 ----a-w C:\Windows\system32\drivers\aswRdr.sys 2008-03-29 18:27 42,912 ----a-w C:\Windows\system32\drivers\aswTdi.sys 2008-03-29 18:23 95,608 ----a-w C:\Windows\System32\AvastSS.scr 2008-03-26 00:07 920,088 ----a-w C:\Windows\System32\igxpun.exe 2008-03-25 23:26 241,664 ----a-w C:\Windows\System32\igfxTMM.dll 2008-03-25 23:25 48,640 ----a-w C:\Windows\System32\igfxsrvc.dll 2008-03-25 23:25 106,496 ----a-w C:\Windows\System32\hccutils.dll 2008-03-25 23:24 204,800 ----a-w C:\Windows\System32\igfxdev.dll 2008-03-20 23:24 --------- d-----w C:\ProgramData\Viewpoint 2008-03-20 23:21 --------- d-----w C:\Program Files\Yahoo! 2008-03-20 23:21 --------- d-----w C:\Program Files\The Weather Channel FW 2008-03-19 09:59 --------- d-----w C:\Program Files\Java 2008-03-12 23:39 --------- d-----w C:\Users\god\AppData\Roaming\Yahoo! 2008-03-11 03:40 --------- d-----w C:\ProgramData\WildTangent 2008-03-11 02:47 --------- d-----w C:\ProgramData\HiddenSecretsNightmare 2008-03-11 01:16 --------- d-----w C:\Users\jd\AppData\Roaming\PlayFirst 2008-03-11 01:16 --------- d-----w C:\ProgramData\PlayFirst 2008-03-11 01:15 --------- d-----w C:\Program Files\HP Games 2008-03-07 10:40 --------- d-----w C:\ProgramData\Yahoo! 2008-03-02 06:00 --------- d-----w C:\Program Files\Common Files\PocketSoft 2008-03-02 05:59 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-03-02 05:59 --------- d-----w C:\Program Files\RedlightCenter 2008-02-29 18:07 --------- d-----w C:\Users\jd\AppData\Roaming\Home Sweet Home 2008-02-29 03:14 --------- d-----w C:\Users\jd\AppData\Roaming\funkitron 2008-02-28 09:40 --------- d-----w C:\Users\jd\AppData\Roaming\PeerNetworking 2008-02-27 07:01 --------- d-----w C:\Program Files\Microsoft IntelliPoint 2008-02-26 02:57 --------- d-----w C:\Program Files\MMD 2008-02-26 02:46 --------- d-----w C:\Program Files\Cambrosia Webcam Viewer 2008-02-26 02:25 --------- d-----w C:\ProgramData\Seiz System Engineering 2008-02-26 02:01 --------- d-----w C:\Program Files\Loveline Video Personals 2008-02-26 00:41 --------- d-----w C:\ProgramData\Spybot - Search & Destroy 2008-02-25 10:59 --------- d-----w C:\Users\god\AppData\Roaming\Camfrog 2008-02-25 10:58 --------- d-----w C:\Program Files\Camfrog 2008-02-25 06:39 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-02-25 06:35 --------- d-----w C:\Users\jd\AppData\Roaming\SUPERAntiSpyware.com 2008-02-25 06:35 --------- d-----w C:\Users\god\AppData\Roaming\Systweak 2008-02-25 06:35 --------- d-----w C:\ProgramData\Systweak 2008-02-25 06:35 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-02-23 07:21 --------- d-----w C:\Users\jd\AppData\Roaming\MySpace 2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll 2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll 2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll 2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2008-02-21 02:05 524,288 ----a-w C:\Windows\System32\DivXsm.exe 2008-02-21 02:05 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll 2008-02-21 02:05 200,704 ----a-w C:\Windows\System32\ssldivx.dll 2008-02-21 02:05 1,044,480 ----a-w C:\Windows\System32\libdivx.dll 2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll 2008-02-21 02:04 823,296 ----a-w C:\Windows\System32\divx_xx07.dll 2008-02-21 02:04 81,920 ----a-w C:\Windows\System32\dpl100.dll 2008-02-21 02:04 802,816 ----a-w C:\Windows\System32\divx_xx11.dll 2008-02-21 02:04 682,496 ----a-w C:\Windows\System32\DivX.dll 2008-02-21 02:04 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll 2008-02-21 02:04 57,344 ----a-w C:\Windows\System32\dpv11.dll 2008-02-21 02:04 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll 2008-02-21 02:04 344,064 ----a-w C:\Windows\System32\dpus11.dll 2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu11.dll 2008-02-21 02:04 294,912 ----a-w C:\Windows\System32\dpu10.dll 2008-02-21 02:04 196,608 ----a-w C:\Windows\System32\dtu100.dll 2008-02-21 02:03 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe 2008-02-21 02:03 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll 2008-02-20 06:33 --------- d-----w C:\Users\jd\AppData\Roaming\acccore 2008-02-19 15:05 --------- d-----w C:\ProgramData\AOL OCP 2008-02-19 15:04 --------- d-----w C:\Users\god\AppData\Roaming\acccore 2008-02-19 15:04 --------- d-----w C:\Program Files\AIM6 2008-02-19 15:03 --------- d-----w C:\ProgramData\AOL 2008-02-19 15:03 --------- d-----w C:\Program Files\Common Files\AOL 2008-02-19 14:23 --------- d-----w C:\Users\jd\AppData\Roaming\ArcSoft 2008-02-19 14:19 --------- d-----w C:\Program Files\ArcSoft 2008-02-19 11:58 --------- d-----w C:\Program Files\Common Files\ArcSoft 2008-02-19 11:56 --------- d-----w C:\Program Files\CIF USB Camera 2008-02-18 21:18 --------- d-----w C:\Program Files\Common Files\Java 2008-02-15 02:17 --------- d-----w C:\Users\jd\AppData\Roaming\WildTangent 2008-02-14 08:41 --------- d-----w C:\Program Files\MSXML 4.0 2008-02-14 08:31 --------- d-----w C:\Users\god\AppData\Roaming\Malwarebytes 2008-02-14 08:31 --------- d-----w C:\ProgramData\Malwarebytes 2008-02-14 08:31 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-02-13 20:29 --------- d-----w C:\Users\jd\AppData\Roaming\DisplayTune 2008-02-13 20:22 --------- d-----w C:\Users\god\AppData\Roaming\DisplayTune 2008-02-13 20:20 --------- d-----w C:\Program Files\Portrait Displays 2008-02-13 20:20 --------- d-----w C:\Program Files\Common Files\Portrait Displays 2008-02-13 10:07 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2008-02-13 10:07 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2008-02-13 10:04 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-02-13 10:04 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe 2008-02-13 10:04 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe 2008-02-13 10:04 24,064 ----a-w C:\Windows\System32\netcfg.exe 2008-02-13 10:04 22,016 ----a-w C:\Windows\System32\netiougc.exe 2008-02-13 10:04 216,632 ----a-w C:\Windows\system32\drivers\netio.sys 2008-02-13 10:04 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll 2008-02-13 10:04 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys 2008-02-13 10:03 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-02-13 10:03 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-02-13 10:03 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll 2008-02-13 10:03 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8388F272-9EDA-4F4E-88FD-4711CBA4BA2B}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "MySpaceIM"="C:\Users\jd\AppData\Roaming\MySpace\IM\bin\MySpaceIM.exe" [2008-02-01 13:32 8699904] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 05:35 125440] "Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-01-03 09:15 50528] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 08:01 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 09:16 65536] "OsdMaestro"="C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 04:59 118784] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-07-12 17:36 178712] "RtHDVCpl"="RtHDVCpl.exe" [2007-10-25 06:52 4702208 C:\WINDOWS\RtHDVCpl.exe] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048] "SunJavaUpdateReg"="C:\Windows\system32\jureg.exe" [2007-04-07 03:56 54936] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 17:24 54840] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 11:37 79224] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25 6731312] "DT HPW"="C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" [2007-09-28 15:52 81920] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "Monitor"="C:\Windows\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488] "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2006-11-21 18:09 842584] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-05-17 14:45 279912] "VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 14:46 709992] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-20 16:59 185896] "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 05:35 176128] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-03-25 17:07 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-03-25 17:07 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-03-25 17:07 133656] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{A0DDBAE3-E446-4108-B381-F651AC1B26C1}"= c:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector "{800F0533-0CEA-488A-B060-CFD01DC7D7D8}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{06B3F4A6-83B7-475C-931E-A535EAA6DCAE}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{C0F57016-838B-44B0-9037-FAF8D451E500}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{EF6BE102-92BA-42D0-A5EF-54FF468ABD4D}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{D61F84E3-C54E-4863-B984-7CC3D484F8AF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{3031D4D9-4997-4B41-9477-B1F129DCF7F4}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{5741E60D-1FD3-4640-BF5A-32AF5F2E5537}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{9505A35D-D5B1-43A0-8A60-9E4656578D8D}"= UDP:C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service "{427EC3FA-3BD5-4A7B-AD57-12DBB1BDC035}"= TCP:C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\RpcSandraSrv.exe:SiSoftware Sandra Agent Service "{BF860E54-26A8-4718-9041-B50D45836314}"= UDP:C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service "{3B118716-0E9E-4B7C-A385-69E9852B96BB}"= TCP:C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI.SP1a\Win32\RpcDataSrv.exe:SiSoftware Database Agent Service "{683F6AD8-5D9F-4F67-A39E-91DB253AEC18}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "{D5A4A783-CDDA-4F26-B99F-8891F57F3D57}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader "TCP Query User{17915865-ECAC-4B17-B71A-7F8196ABBB9A}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM "UDP Query User{1ACB3CC7-C4C1-418A-A51B-9833C31B43CC}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM "TCP Query User{17BD65CF-D942-4C31-A305-FE8B096F1D91}C:\\users\\jd\\appdata\\roaming\\myspace\\im\\bin\\myspaceim.exe"= UDP:C:\users\jd\appdata\roaming\myspace\im\bin\myspaceim.exe:myspaceim.exe "UDP Query User{BD8D18FE-C2FE-4B1A-9A0C-FDA8F4B0E628}C:\\users\\jd\\appdata\\roaming\\myspace\\im\\bin\\myspaceim.exe"= TCP:C:\users\jd\appdata\roaming\myspace\im\bin\myspaceim.exe:myspaceim.exe "TCP Query User{A9DEC402-8C82-45B7-A043-5AEBE0EB0519}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= UDP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary "UDP Query User{84C7E111-FED0-46ED-9082-A5A3394E467E}C:\\program files\\java\\jre1.6.0_03\\bin\\javaw.exe"= TCP:C:\program files\java\jre1.6.0_03\bin\javaw.exe:Java(TM) Platform SE binary "TCP Query User{9E6F10DA-06A9-40DF-B8F3-3830725935D5}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module "UDP Query User{823D4983-5357-46B8-836A-97BD61DF77A5}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module "TCP Query User{CFB14C21-97ED-4D84-9321-20B594A06F56}C:\\program files\\abelcam\\abelcam.exe"= UDP:C:\program files\abelcam\abelcam.exe:AbelCam "UDP Query User{A79CA279-8724-4D4B-BAF5-37C082A41007}C:\\program files\\abelcam\\abelcam.exe"= TCP:C:\program files\abelcam\abelcam.exe:AbelCam "TCP Query User{8DFE7138-0EB2-4764-84B2-D59E11D0EF04}C:\\program files\\redlightcenter\\redlightcenter\\redlightcenter.exe"= UDP:C:\program files\redlightcenter\redlightcenter\redlightcenter.exe:Redlightcenter "UDP Query User{56309AF2-15BA-49FA-A421-87D36CE8E26D}C:\\program files\\redlightcenter\\redlightcenter\\redlightcenter.exe"= TCP:C:\program files\redlightcenter\redlightcenter\redlightcenter.exe:Redlightcenter "TCP Query User{018C1261-CC97-4DAA-B02F-FAE6F0119D03}C:\\chain\\creation.exe"= UDP:C:\chain\creation.exe:2AM Creation game engine "UDP Query User{CA1BCCF8-DE4F-4A1B-B8B3-41C126598101}C:\\chain\\creation.exe"= TCP:C:\chain\creation.exe:2AM Creation game engine "{557FF32D-3C5B-4573-A11D-B08812D10758}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{4F13E4A1-F93A-4AAB-BB75-C469C345824D}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{F0926790-9409-4709-8D44-06666DE2D6CE}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{5FCC4847-0DFB-41BA-8045-1B73FC43D98D}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{2F66519D-D3F5-4671-8BD5-1E5CC63EDF06}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F8E9BF38-A650-42B2-8EB5-D913D3A6E2CD}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{1CBBD1F8-B72C-4776-B5A1-C8A32B1560D4}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{E2D1E94D-8EF5-4834-98E1-100CA161850E}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 11:31] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 11:35] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 11:32] R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-05-17 14:45] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-28 09:44] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-03-25 16:44] S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 16:33] S3 PAC207;SoC PC-Camera;C:\Windows\system32\DRIVERS\PFC027.SYS [2006-12-05 11:34] *Newly Created Service* - CATCHME . ************************************************************************** catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-10 23:32:54 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> C:\Program Files\ArcSoft\PhotoImpression 5\share\pihook.dll . Completion time: 2008-04-10 23:33:40 ComboFix-quarantined-files.txt 2008-04-11 06:33:32 ComboFix2.txt 2008-03-16 09:10:12 ComboFix3.txt 2008-02-26 00:45:31 Pre-Run: 258,675,306,496 bytes free Post-Run: 258,647,531,520 bytes free . 2008-04-09 22:43:26 --- E O F ---