ComboFix 08-04-20.2 - Lou 2008-04-21 9:34:49.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2050 [GMT -4:00] Running from: C:\Users\Lou\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((( Files Created from 2008-03-21 to 2008-04-21 ))))))))))))))))))))))))))))))) . 2008-04-13 20:19 . 2008-04-21 08:10 d-------- C:\Program Files\WinAVI Video Converter 2008-04-08 23:14 . 2008-04-08 23:14 54,156 --ah----- C:\Windows\QTFont.qfn 2008-04-08 23:14 . 2008-04-08 23:14 1,409 --a------ C:\Windows\QTFont.for 2008-04-08 20:02 . 2008-02-14 19:19 944,184 --a------ C:\Windows\System32\winload.exe 2008-04-08 20:02 . 2008-02-19 01:10 620,088 --a------ C:\Windows\System32\ci.dll 2008-04-08 20:02 . 2008-02-29 02:39 371,712 --a------ C:\Windows\System32\srcore.dll 2008-04-08 20:02 . 2008-02-29 02:38 313,856 --a------ C:\Windows\System32\rstrui.exe 2008-04-08 20:02 . 2008-02-29 02:39 40,960 --a------ C:\Windows\System32\srclient.dll 2008-04-08 20:02 . 2008-02-29 02:51 19,000 --a------ C:\Windows\System32\kd1394.dll 2008-04-08 20:02 . 2008-02-29 02:38 16,384 --a------ C:\Windows\System32\srdelayed.exe 2008-04-08 20:02 . 2008-02-29 02:34 7,168 --a------ C:\Windows\System32\f3ahvoas.dll 2008-04-08 20:02 . 2008-02-29 02:35 6,656 --a------ C:\Windows\System32\kbd106n.dll 2008-04-08 20:01 . 2008-02-29 00:16 2,027,008 --a------ C:\Windows\System32\win32k.sys 2008-04-08 20:01 . 2008-02-21 00:43 296,448 --a------ C:\Windows\System32\gdi32.dll 2008-04-07 21:48 . 2008-04-07 22:07 524,288 --ahs---- C:\Users\Lou\ntuser.dat{e5fd28cb-0503-11dd-82ef-001d091e4b72}.TMContainer00000000000000000002.regtrans-ms 2008-04-07 21:48 . 2008-04-07 22:07 524,288 --ahs---- C:\Users\Lou\ntuser.dat{e5fd28cb-0503-11dd-82ef-001d091e4b72}.TMContainer00000000000000000001.regtrans-ms 2008-04-07 21:48 . 2008-04-07 22:07 65,536 --ahs---- C:\Users\Lou\ntuser.dat{e5fd28cb-0503-11dd-82ef-001d091e4b72}.TM.blf 2008-04-05 21:59 . 2008-04-05 21:59 d-------- C:\Users\Lou\AppData\Roaming\NeroDCTemplates 2008-04-03 16:47 . 2008-04-03 16:47 d-------- C:\Program Files\Common Files\Java 2008-04-01 15:26 . 2008-04-01 15:26 d-------- C:\Program Files\Trend Micro 2008-03-29 22:32 . 2008-03-29 22:32 d-------- C:\Windows\System32\Kaspersky Lab 2008-03-29 22:32 . 2008-03-29 22:32 d-------- C:\Users\All Users\Kaspersky Lab 2008-03-27 17:09 . 2008-03-05 15:56 3,786,760 --a------ C:\Windows\System32\D3DX9_37.dll 2008-03-27 17:09 . 2008-03-05 15:56 1,420,824 --a------ C:\Windows\System32\D3DCompiler_37.dll 2008-03-27 17:09 . 2008-03-05 16:03 479,752 --a------ C:\Windows\System32\XAudio2_0.dll 2008-03-27 17:09 . 2008-02-05 23:07 462,864 --a------ C:\Windows\System32\d3dx10_37.dll 2008-03-27 17:09 . 2007-10-22 03:39 267,272 --a------ C:\Windows\System32\xactengine2_10.dll 2008-03-27 17:09 . 2008-03-05 16:03 238,088 --a------ C:\Windows\System32\xactengine3_0.dll 2008-03-27 17:09 . 2008-03-05 16:00 25,608 --a------ C:\Windows\System32\X3DAudio1_3.dll 2008-03-27 17:03 . 2008-04-12 07:48 d--h----- C:\Windows\msdownld.tmp 2008-03-27 16:55 . 2008-03-27 16:59 d-------- C:\Program Files\FEAR Perseus Mandate 2008-03-27 11:08 . 2008-04-10 21:49 d-------- C:\Program Files\SpywareBlaster . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-21 13:17 30,272 ----a-w C:\Windows\system32\drivers\pssdk31.drv 2008-04-21 11:32 --------- d-----w C:\Users\Lou\AppData\Roaming\dvdcss 2008-04-21 11:32 --------- d-----w C:\Users\Lou\AppData\Roaming\.BitTornado 2008-04-21 11:06 --------- d-----w C:\Program Files\RivaTuner v2.06 2008-04-15 00:23 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-09 00:45 --------- d-----w C:\Program Files\Windows Mail 2008-04-08 17:02 --------- d-----w C:\Users\Lou\AppData\Roaming\LimeWire 2008-04-08 01:46 --------- d-----w C:\Program Files\MagicISO 2008-04-03 20:48 --------- d-----w C:\Program Files\Java 2008-03-29 17:48 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-03-27 18:54 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-03-21 00:10 --------- d-----w C:\Program Files\LG Drivers 2008-03-19 21:52 --------- d-----w C:\Program Files\Norton Internet Security 2008-03-07 18:40 13,035 ----a-w C:\Windows\system32\drivers\SymRedir.cat 2008-03-07 18:40 1,358 ----a-w C:\Windows\system32\drivers\SymRedir.inf 2008-03-07 18:39 39,984 ----a-w C:\Windows\system32\drivers\symids.sys 2008-03-07 18:39 37,936 ----a-w C:\Windows\system32\drivers\symndisv.sys 2008-03-07 18:39 27,696 ----a-w C:\Windows\system32\drivers\symredrv.sys 2008-03-07 18:39 191,536 ----a-w C:\Windows\system32\drivers\symtdi.sys 2008-03-07 18:39 145,968 ----a-w C:\Windows\system32\drivers\symfw.sys 2008-03-07 18:39 12,848 ----a-w C:\Windows\system32\drivers\symdns.sys 2008-03-07 01:32 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf 2008-03-07 01:32 23,904 ----a-w C:\Windows\system32\drivers\COH_Mon.sys 2008-03-07 01:32 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat 2008-02-28 06:38 84,512 ----a-w C:\Users\Lou\AppData\Roaming\GDIPFONTCACHEV1.DAT 2008-02-26 04:04 --------- d-----w C:\Program Files\ffdshow 2008-02-26 03:58 --------- d-----w C:\Users\Lou\AppData\Roaming\Winamp 2008-02-26 03:58 --------- d-----w C:\Program Files\Winamp 2008-02-26 01:54 --------- d-----w C:\Program Files\Common Files\NSV 2008-02-21 00:04 --------- d-----w C:\Program Files\BitPim 2008-02-10 06:13 60,968 ----a-w C:\Users\Lou\GoToAssistDownloadHelper.exe 2008-01-26 06:30 22,328 ----a-w C:\Users\Lou\AppData\Roaming\PnkBstrK.sys 2008-01-22 19:46 164 ----a-w C:\install.dat 2008-01-16 18:55 174 --sha-w C:\Program Files\desktop.ini . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ChoiceMail"="C:\Program Files\DigiPortal Software\ChoiceMail\ChoiceMail.exe" [2007-10-02 13:23 5230592] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59 115816] "NWEReboot"="" [] "SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2008-01-04 21:56 5367664] C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ RivaTuner.lnk - C:\Program Files\RivaTuner v2.06\RivaTuner.exe [2007-10-30 14:05:00 2650112] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "Disehdx"= {067D4C36-6943-42D1-A670-937A2838BE45} - C:\Windows\system32\dskihdb.dll [2008-01-16 22:37 761856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL 2008-03-27 14:54 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Digital Line Detect.lnk backup=C:\Windows\pss\Digital Line Detect.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk backup=C:\Windows\pss\Microsoft Office.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^Lou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PowerReg Scheduler.exe] path=C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PowerReg Scheduler.exe backup=C:\Windows\pss\PowerReg Scheduler.exe.Startup backupExtension=.Startup [HKLM\~\startupfolder\C:^Users^Lou^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RivaTuner.lnk] path=C:\Users\Lou\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\RivaTuner.lnk backup=C:\Windows\pss\RivaTuner.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] --a------ 2007-06-11 05:25 6731312 C:\Program Files\GRISOFT\AVG Anti-Spyware 7.5\avgas.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-01-10 00:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CCUTRAYICON] --a------ 2007-06-27 11:18 215256 C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2006-11-12 06:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter] --a------ 2007-11-15 10:23 202544 C:\Program Files\Dell Support Center\bin\sprtcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate] --a------ 2007-11-15 10:24 16384 C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] --a------ 2006-11-02 08:35 125440 C:\Windows\ehome\ehTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus CX3800 Series] --a------ 2007-01-25 06:00 179200 C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIACA.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-12-13 20:10 1688872 C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] --a------ 2007-11-26 22:02 456072 C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2006-10-03 12:37 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel] --a------ 2007-12-05 13:30 2295072 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 15:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NMSSupport] --a------ 2007-06-27 11:14 439512 C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2006-11-02 05:45 44544 C:\Windows\System32\rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune] C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2006-11-02 05:45 44544 C:\Windows\System32\rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc] --a------ 2006-11-02 05:45 44544 C:\Windows\System32\rundll32.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv] --------- 2007-08-31 22:02 128296 C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-02-18 11:36 385024 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RivaTunerStartupDaemon] --a------ 2007-10-30 14:05 2650112 C:\Program Files\RivaTuner v2.06\RivaTuner.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp] --a------ 2007-09-12 04:40 405504 C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] --a------ 2007-08-31 17:46 1460560 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter Security Suite] --a------ 2008-01-23 15:48 344064 C:\Program Files\Enigma Software Group\SpyHunter\SHStartup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-03-27 14:54 1481968 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng] --a------ 2008-01-29 18:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 13:19 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender] --a------ 2008-01-16 22:38 1006264 C:\Program Files\Windows Defender\MSASCui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2006-11-02 08:36 201728 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{75B9A9E2-CCE5-46EB-B3ED-1DF59A193BA8}"= C:\Program Files\CyberLink\PowerDVD DX\PowerDVD.exe:CyberLink PowerDVD DX "{8EDE5A09-30DD-49D0-8D37-8A6A5171585E}"= C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe:CyberLink PowerDVD DX Resident Program "{43FBC295-3EF0-4FC0-9162-B897B0372F90}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{61EB5C2F-C598-4D27-AAB6-6A2FF946E1FC}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{4866BEB9-CAA9-420C-8FDC-FB495D64B0C6}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{ABD3D71D-0241-42CE-BBE8-330BAB6F9799}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{C32D4FDC-5C12-44D6-8676-4455AB00F13B}"= UDP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{1E78DFEA-6E93-4EF4-A7D9-64439256B51C}"= TCP:Profile=Private|Profile=Public:LocalSubnet:LocalSubnet|C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{F161FF10-733C-43BD-81C3-237FCE4A03C3}"= TCP:Profile=Private|Profile=Public|9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery "{6514FDF2-C619-40E0-9DE4-0218407DBD53}"= TCP:Profile=Private|Profile=Public|1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery "{052B1593-3434-46F4-B214-E38138044FD4}"= Disabled:UDP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "{5F47FA16-C29E-4C22-B82C-CDC0B767B9BB}"= Disabled:TCP:C:\Program Files\Adobe\Photoshop Elements 6.0\AdobePhotoshopElementsMediaServer.exe:Adobe Photoshop Elements Media Server "TCP Query User{F3150310-EBBA-4510-8495-06B2F24E2386}C:\\program files\\digiportal software\\choicemail\\choicemail.exe"= UDP:C:\program files\digiportal software\choicemail\choicemail.exe:ChoiceMail "UDP Query User{46F5846B-4F82-495B-828C-63414E5D447B}C:\\program files\\digiportal software\\choicemail\\choicemail.exe"= TCP:C:\program files\digiportal software\choicemail\choicemail.exe:ChoiceMail "{0994AFAE-7D6F-40E2-A4E3-AB9D9F932A27}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{D7004304-D273-46E2-BABD-5F4337514114}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{FC5DFF16-509E-4692-848F-1D7CA01E68D5}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{A827BA85-F1EB-4177-B4A5-97435E7CBD7B}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32 "{7A9C5780-1252-4B16-BBC7-7F94AC9C97EC}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{D8FE101E-99A0-4805-BE69-40AD5A9796AA}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32 "{13B2C350-B43A-4C6F-BADF-AB8E5D446EAC}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{66722616-712E-423C-93D2-179ACA53E78E}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA "{BAAFAA4B-06FC-446B-8047-10ADD1172357}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB "{2A057F64-63D3-4745-A231-297CE58439FC}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080407.003\IDSvix86.sys [2008-02-13 12:18] R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};C:\Program Files\CyberLink\PowerDVD DX\[u]0[/u]00.fcl [2007-08-31 22:07] R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2007-02-12 12:46] R2 NMSCore;Intel(R) NMSCore;"C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe" [2007-06-27 11:14] R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2007-02-18 21:34] R2 QualityManager;Intel(R) Quality Manager;"C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe" [2007-06-27 11:17] R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45] R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe [2007-11-15 10:23] R2 svcChoiceMail;Choice Mail;C:\Program Files\DigiPortal Software\ChoiceMail\\CMServer.exe [2007-10-02 13:23] R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2006-11-02 05:45] R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 20:39] R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2008-01-16 15:28] R3 LazerUsb;Lumanate Lazer USB;C:\Windows\system32\DRIVERS\LazerUsb.sys [2007-10-16 21:19] R3 PsSdk31;PsSdk31;C:\Windows\system32\Drivers\pssdk31.drv [2008-04-21 09:17] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 14:39] S3 DHTRACE;Intel(R) DHTrace Controller;C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe [2007-06-27 11:15] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 03:36] S4 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service [] S4 SpyHunter3 Service;SpyHunter3 Service;"C:\Program Files\Enigma Software Group\SpyHunter\SHService.exe" [2008-01-23 15:48] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr *Newly Created Service* - CATCHME *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder "2008-04-07 04:21:32 C:\Windows\Tasks\Casper Scheduled Copy of Disk 1 to Disk 2.job" - C:\Program Files\Future Systems Solutions\Casper 4.0\CASPER.EXE?/COPY 1 2 /SIZE:57544704;24165872640;725930311680 /FS:FAT;NTFS;NTFS /VS:0x519C8406 /VT:0x2D4B48CE /uid:C58A96F3FDB1424E87047621A0D3D09C /AUTOSTART /Y "2008-04-01 02:55:19 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Lou.job" - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK: "2008-04-01 04:30:02 C:\Windows\Tasks\wrSpySweeper_LC8EBE7589FC648EC93F760D755E3512A.job" - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe>/ScheduleSweep=wrSpySweeper_LC8EBE7589FC648EC93F760D755E3512A - C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.ex - C:\ . ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\Windows\Explorer.exe -> ?:\Windows\system32\Normaliz.dll . Completion time: 2008-04-21 9:38:33 ComboFix-quarantined-files.txt 2008-04-21 13:38:29 Pre-Run: 447,724,601,344 bytes free Post-Run: 447,731,347,456 bytes free 284 --- E O F --- 2008-04-09 00:19:42