ComboFix 08-04-24.1 - CONDRA 2008-04-26 12:55:11.4 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1787 [GMT -4:00] Running from: C:\Documents and Settings\CONDRA\Desktop\ComboFix.exe * Created a new restore point [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color] . ((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 ))))))))))))))))))))))))))))))) . 2008-04-26 10:54 . 2008-04-26 10:54 d-------- C:\VundoFix Backups 2008-04-25 18:01 . 2008-04-25 18:01 57,344 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT_TU_79306 2008-04-25 18:01 . 2008-04-25 18:01 24,576 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_18053 2008-04-25 17:54 . 2008-04-25 17:54 57,344 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT_TU_55128 2008-04-25 17:54 . 2008-04-25 17:54 24,576 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_22174 2008-04-25 12:04 . 2008-04-25 12:04 57,344 --a------ C:\Documents and Settings\LocalService\NTUSER.DAT_TU_32190 2008-04-25 12:04 . 2008-04-25 12:04 24,576 --a------ C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_88463 2008-04-25 12:00 . 2008-04-25 12:01 d-------- C:\Program Files\TuneUp Utilities 2008 2008-04-25 12:00 . 2008-04-25 12:00 d-------- C:\Documents and Settings\CONDRA\Application Data\TuneUp Software 2008-04-25 12:00 . 2008-04-25 12:00 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-04-25 12:00 . 2008-04-25 12:00 307,968 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-04-25 12:00 . 2008-02-27 13:15 28,416 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-04-23 22:17 . 2008-04-24 07:27 d-------- C:\Program Files\Google 2008-04-23 19:53 . 2008-04-23 19:53 d-------- C:\Program Files\K-Lite Codec Pack 2008-04-23 12:31 . 2008-04-23 12:31 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-04-22 20:54 . 2008-04-22 20:54 0 --a------ C:\WINDOWS\vpc32.INI 2008-04-22 19:30 . 2006-09-18 17:55 109,744 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2008-04-22 19:30 . 2006-09-18 17:55 48,816 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2008-04-22 19:29 . 2008-04-26 10:41 d-------- C:\Program Files\Symantec AntiVirus 2008-04-22 19:29 . 2008-04-22 19:30 d-------- C:\Program Files\Symantec 2008-04-22 19:29 . 2008-04-22 19:30 d-------- C:\Program Files\Common Files\Symantec Shared 2008-04-22 19:29 . 2008-04-22 19:29 d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-04-22 11:36 . 2008-04-22 11:36 d-------- C:\Documents and Settings\CONDRA\Application Data\Talkback 2008-04-22 11:36 . 2008-04-22 11:36 0 --a------ C:\WINDOWS\nsreg.dat 2008-04-21 17:49 . 2008-04-21 19:46 d-------- C:\Program Files\Prevx2 2008-04-21 17:49 . 2008-04-21 18:20 d-------- C:\Documents and Settings\CONDRA\Application Data\Prevx 2008-04-21 16:02 . 2008-04-21 16:02 194 --a------ C:\WINDOWS\system32\RBDELDRV.BAT 2008-04-21 15:53 . 2008-04-21 15:53 d-------- C:\Program Files\CleanUp! 2008-04-20 20:32 . 2008-04-20 20:32 d-------- C:\Program Files\Lavasoft 2008-04-20 20:32 . 2008-04-20 23:12 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-20 10:56 . 2008-04-20 10:56 d-------- C:\WINDOWS\system32\delete me 2008-04-17 12:28 . 2008-04-23 23:01 d-------- C:\Documents and Settings\All Users\Application Data\TrackMania 2008-04-17 08:44 . 2008-04-17 08:44 d--h-c--- C:\WINDOWS\ie8 2008-04-16 12:35 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll 2008-04-16 12:35 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll 2008-04-16 12:35 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll 2008-04-16 12:35 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll 2008-04-16 12:35 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll 2008-04-16 12:35 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll 2008-04-16 10:42 . 2008-04-16 10:42 d-------- C:\Program Files\Microsoft Silverlight 2008-04-14 19:09 . 2008-04-14 19:09 d-------- C:\WINDOWS\system32\Futuremark 2008-04-09 11:15 . 2006-12-18 17:46 5,783,552 --a------ C:\WINDOWS\system\CM108.cpl 2008-04-09 11:15 . 2006-12-21 18:05 1,294,336 --a------ C:\WINDOWS\system32\drivers\CM108.sys 2008-04-09 11:15 . 2001-11-23 13:08 712,704 --a------ C:\WINDOWS\system32\a3d108pu.dll 2008-04-09 11:15 . 2004-04-14 12:28 315,392 --a------ C:\WINDOWS\system\fltr108.dll 2008-04-09 11:15 . 2006-10-02 20:02 262,144 --a------ C:\WINDOWS\Cmi108Uninstall.exe 2008-04-09 11:15 . 2006-10-13 11:02 249,856 --a------ C:\WINDOWS\system32\CM108rm.exe 2008-04-09 11:15 . 2005-03-07 15:29 45,056 --a------ C:\WINDOWS\system32\CM108rm.dll 2008-04-09 11:15 . 2006-03-09 18:45 32,768 --a------ C:\WINDOWS\system32\c108prop.dll 2008-04-09 11:15 . 2008-04-14 21:50 645 --a------ C:\WINDOWS\system\Cm108.ini 2008-04-08 00:22 . 2008-04-09 11:15 d-------- C:\Program Files\eDimensional USB audio 2008-03-30 11:42 . 2008-03-30 11:42 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles 2008-03-30 11:40 . 2008-03-30 11:40 d-------- C:\WINDOWS\nvidia icons 2008-03-30 11:39 . 2008-03-30 11:42 d-------- C:\WINDOWS\nview 2008-03-30 11:39 . 2008-03-04 11:02 442,368 --a------ C:\WINDOWS\system32\nvudisp.exe 2008-03-30 11:39 . 2008-03-30 12:58 164,598 --a------ C:\WINDOWS\system32\nvapps.xml 2008-03-30 11:39 . 2008-03-04 11:02 159,975 --a------ C:\WINDOWS\system32\nvapps.nvb 2008-03-30 11:39 . 2008-03-04 11:02 17,937 --a------ C:\WINDOWS\system32\nvdisp.nvu 2008-03-30 11:38 . 2008-03-30 11:38 d-------- C:\NVIDIA 2008-03-27 11:50 . 2008-03-27 11:50 d-------- C:\Program Files\Giant 2008-03-27 11:20 . 2008-03-27 11:20 d-------- C:\Program Files\LucasArts 2008-03-27 07:40 . 2008-04-22 12:02 d-------- C:\WINDOWS\system32\Adobe . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-04-26 16:04 --------- d-----w C:\Program Files\Steam 2008-04-25 22:07 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-04-25 15:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-25 15:50 --------- d-----w C:\Documents and Settings\CONDRA\Application Data\BitTorrent 2008-04-25 02:00 --------- d-----w C:\Program Files\PeerGuardian2 2008-04-24 01:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-23 23:48 --------- d-----w C:\Program Files\DivX 2008-04-23 18:01 --------- d-----w C:\Documents and Settings\CONDRA\Application Data\mIRC 2008-04-23 17:29 --------- d-----w C:\Program Files\mIRC 2008-04-22 21:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-04-22 21:32 --------- d-----w C:\Program Files\THQ 2008-04-22 00:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx 2008-04-20 21:32 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys 2008-04-20 21:32 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2008-04-20 02:23 --------- d-----w C:\Documents and Settings\CONDRA\Application Data\GrabIt 2008-04-16 02:30 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-02 01:21 --------- d-----w C:\Program Files\Adobeman's DVDA GUI 2008-04-01 22:28 2,102,272 ----a-w C:\WINDOWS\system32\x264vfw.dll 2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\divx.dll 2008-03-28 17:41 7,680 ----a-w C:\WINDOWS\system32\ff_vfw.dll 2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll 2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll 2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys 2008-03-18 02:19 --------- d-----w C:\Program Files\Pro Imaging Powertoys 2008-03-18 02:19 --------- d-----w C:\Program Files\Common Files\Nikon 2008-03-18 02:09 --------- d-----w C:\Program Files\Canon 2008-03-18 02:08 --------- d-----w C:\Program Files\Common Files\Canon 2008-03-18 01:33 --------- d-----w C:\Program Files\Common Files\Adobe 2008-03-15 12:40 --------- d-----w C:\Program Files\Electronic Arts 2008-03-12 17:10 633,344 ------w C:\WINDOWS\system32\gpprefcl.dll 2008-03-10 23:48 --------- d-s---w C:\Program Files\HLSW 2008-03-04 00:01 830,464 ----a-w C:\WINDOWS\system32\wininet.dll 2008-03-04 00:01 434,176 ----a-w C:\WINDOWS\system32\vbscript.dll 2008-03-04 00:01 156,160 ----a-w C:\WINDOWS\system32\msls31.dll 2008-03-04 00:01 142,848 ------w C:\WINDOWS\system32\IESetting.dll 2008-03-03 23:53 78,336 ----a-w C:\WINDOWS\system32\ieencode.dll 2008-03-03 23:52 41,984 ----a-w C:\WINDOWS\system32\licmgr10.dll 2008-03-03 23:52 17,920 ----a-w C:\WINDOWS\system32\corpol.dll 2008-03-03 23:51 69,120 ----a-w C:\WINDOWS\system32\iesetup.dll 2008-03-03 23:51 69,120 ----a-w C:\WINDOWS\system32\admparse.dll 2008-03-03 23:50 48,128 ----a-w C:\WINDOWS\system32\mshtmler.dll 2008-03-03 23:50 45,568 ----a-w C:\WINDOWS\system32\mshta.exe 2008-03-03 23:50 36,352 ----a-w C:\WINDOWS\system32\imgutil.dll 2008-02-29 00:19 215,144 ----a-w C:\WINDOWS\patchw32.dll 2008-02-29 00:11 --------- d-----w C:\Program Files\AGEIA Technologies 2008-02-28 16:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink 2008-02-28 14:39 --------- d-----w C:\Program Files\DVDFab Decrypter 3 2008-02-27 20:32 --------- d-----w C:\Program Files\PowerISO 2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll 2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll 2007-11-14 15:08 22,328 ----a-w C:\Documents and Settings\CONDRA\Application Data\PnkBstrK.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 13:32 81920] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2006-06-01 07:09 136192] "Tweak UI"="TWEAKUI.CPL" [2003-03-25 07:49 106544 C:\WINDOWS\system32\tweakui.cpl] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-03-04 11:02 8523776] "nwiz"="nwiz.exe" [2008-03-04 11:02 1626112 C:\WINDOWS\system32\nwiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-03-04 11:02 81920] "CM108Sound"="CM108.cpl" [] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 19:26 52896] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-27 20:33 125168] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "EditLevel"= 0 (0x0) "NoCommonGroups"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.iv41"= ir41_32.dll "msacm.l3acm"= L3codecp.acm "vidc.yv12"= yv12vfw.dll "vidc.3ivx"= 3ivxVfWCodec.dll "vidc.avrn"= AvidAVICodec.dll "VIDC.mszh"= avimszh.dll "vidc.zlib"= avizlib.dll "vidc.div3"= DivXc32.dll "vidc.div4"= DivXc32f.dll "vidc.ap41"= DivXc32f.dll "vidc.dvx4"= divx4.dll "vidc.em2v"= ETXCodec.dll "vidc.hfyu"= huffyuv.dll "vidc.vp31"= vp31vfw.dll "vidc.sjpg"= pmjpeg32.dll "vidc.rud0"= rududu.dll "msacm.wrpr"= aviwrap.dll "vidc.wrpr"= aviwrap.dll "vidc.wnv1"= WNVPLAY1.DLL "msacm.divxa32"= divxa32.acm "vidc.advs"= Dvc.dll "vidc.aflc"= flccodec32.dll "vidc.afli"= flccodec32.dll "vidc.aasc"= Aasc32.dll "vidc.asv1"= asusasv1.dll "vidc.asv2"= asusasv2.dll "vidc.vcr1"= ativcr1.dll "vidc.vcr2"= ativcr2.dll "vidc.mwv1"= icmw_32.dll "vidc.bt20"= btvvc32.drv "vidc.y41p"= btvvc32.drv "msacm.pcdv"= pcdv.acm "vidc.cdvc"= CSCCDVC.DLL "vidc.ddvc"= CSCdvsd.DLL "vidc.dps0"= DpsAviCC.dll "MSVideo"= DPSVidCap.drv "vidc.frwu"= frwu.dll "vidc.frwd"= frwd.dll "vidc.frwt"= frwt.dll "vidc.glzw"= GLZW.dll "vidc.gpeg"= GPEG.dll "msacm.imc"= IMC32.ACM "vidc.i263"= i263_32.drv "vidc.ir21"= IR21_R.DLL "vidc.rt21"= IR21_R.DLL "vidc.dvsd"= MCDVD_32.DLL "vidc.dcmj"= MCMJPG32.DLL "vidc.dv25"= DigiVCap.dll "vidc.dv50"= DigiVCap.dll "vidc.msmc"= DigiVCap.dll "vidc.mmjp"= DigiVCap.dll "vidc.mmes"= DigiVCap.dll "vidc.vixl"= Miroxl32.dll "vidc.mjpg"= m3jpeg32.dll "vidc.dmb1"= m3jpeg32.dll "vidc.mj2c"= M3JP2K32.dll "vidc.tvmj"= MMTVMJ.dll "vidc.fljp"= MMTVMJ.dll "vidc.nt00"= NTCodec.dll "vidc.pdvc"= idvcodec.dll "vidc.ipdv"= idvcodec.dll "vidc.pvw2"= pvwv220.dll "vidc.pimj"= pvljpg20.dll "vidc.mjpx"= pvmjpg21.dll "vidc.miro"= mirodv2avi.dll "vidc.mjpa"= rtmjpgcdc.dll "vidc.pim1"= pclepim1.dll "msacm.qmpeg"= qmpeg.acm "vidc.rmp4"= rmp4.dll "vidc.sony"= sonydv.dll "vidc.s422"= tekyuv.dll "vidc.vssv"= vsscodec.dll "vidc.cscd"= camcodec.dll "VIDC.X264"= x264vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Event Planner Reminder.lnk] backup=C:\WINDOWS\pss\Event Planner Reminder.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk] backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^CONDRA^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2008-01-11 20:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\amd_dc_opt] --a------ 2007-07-23 12:06 77824 C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] --a------ 2007-08-03 13:51 202024 C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2007-10-31 21:21 286016 C:\Program Files\BitTorrent_DNA\dna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray] --a------ 2005-05-19 09:47 57344 C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] --a------ 2003-06-18 02:00 45056 C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2003-09-17 11:43 57344 C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp] --a------ 2007-04-09 12:32 19968 C:\WINDOWS\system32\Ctxfihlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-09-18 10:16 171464 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EA Core] --a------ 2007-09-14 20:06 2486272 C:\Program Files\Electronic Arts\EADM\Core.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --a------ 2007-08-24 08:00 33648 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer] --a------ 2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] C:\WINDOWS\system32\dumprep 0 -k [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray] -ra------ 2003-03-25 07:49 53248 C:\WINDOWS\system32\MMTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray2K] -ra------ 2003-03-25 07:49 57344 C:\WINDOWS\system32\MMTray2k.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTrayLSI] -ra------ 2003-03-25 07:49 53248 C:\WINDOWS\system32\MMTrayLSI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-08-08 10:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nHancer] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrevxOne] --a------ 2008-01-23 12:32 1997880 C:\Program Files\Prevx2\PXConsole.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Update] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "idsvc"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "Creative Service for CDROM Access"=2 (0x2) "EPSON_PM_RPCV4_01"=2 (0x2) "ose"=3 (0x3) "odserv"=3 (0x3) "NMIndexingService"=3 (0x3) "Nero BackItUp Scheduler 3"=2 (0x2) "Microsoft Office Groove Audit Service"=3 (0x3) "InCDsrv"=2 (0x2) "AVG Anti-Spyware Guard"=2 (0x2) "IDriverT"=3 (0x3) "SSScsiSV"=3 (0x3) "SPTISRV"=3 (0x3) "SonicStage Back-End Service"=3 (0x3) "PACSPTISVR"=3 (0x3) "MSCSPTISRV"=3 (0x3) "FLEXnet Licensing Service"=3 (0x3) "Bonjour Service"=2 (0x2) "aawservice"=2 (0x2) "PREVXAgent"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\BitTorrent\\bittorrent.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "C:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundTimestampRequest"= 1 (0x1) "AllowInboundMaskRequest"= 1 (0x1) "AllowInboundRouterRequest"= 1 (0x1) "AllowOutboundDestinationUnreachable"= 1 (0x1) "AllowOutboundSourceQuench"= 1 (0x1) "AllowOutboundParameterProblem"= 1 (0x1) "AllowOutboundTimeExceeded"= 1 (0x1) "AllowRedirect"= 1 (0x1) "AllowOutboundPacketTooBig"= 1 (0x1) R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 08:00] R3 CM1083264;C-Media CM108 Like Sound UDAX Interface;C:\WINDOWS\system32\drivers\CM108.sys [2006-12-21 18:05] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-04-25 12:00] S3 USBPNPA;USB PnP Sound Device Interface;C:\WINDOWS\system32\drivers\CM108.sys [2006-12-21 18:05] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp *Newly Created Service* - CATCHME . Contents of the 'Scheduled Tasks' folder "2008-04-26 16:00:00 C:\WINDOWS\Tasks\1-Click Maintenance.job" - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-04-26 12:56:37 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-04-26 12:57:13 ComboFix-quarantined-files.txt 2008-04-26 16:57:10 Pre-Run: 44,996,132,864 bytes free Post-Run: 44,980,678,656 bytes free 347 --- E O F --- 2008-04-23 16:31:16