ComboFix 08-05-01.3 - Roe 2008-05-12 11:02:56.4 - NTFSx86 Running from: C:\Documents and Settings\Roe\Desktop\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 ))))))))))))))))))))))))))))))) . 2008-05-11 11:15 . 2008-05-11 11:15 d-------- C:\Program Files\ERUNT 2008-05-08 12:02 . 2008-05-08 12:02 d-------- C:\Program Files\Common Files\AnswerWorks 5.0 2008-05-08 11:57 . 2008-05-08 11:57 d-------- C:\Program Files\Quicken 2008-05-08 11:57 . 2008-05-08 11:57 d-------- C:\Documents and Settings\Roe\Application Data\Intuit 2008-05-08 11:56 . 2008-05-08 11:56 d-------- C:\Documents and Settings\All Users\Application Data\Intuit 2008-05-08 11:56 . 2008-05-08 11:57 120 --a------ C:\WINDOWS\QUICKEN.INI 2008-05-07 17:22 . 2008-05-07 17:22 d-------- C:\Program Files\ESET 2008-05-06 20:16 . 2008-05-06 20:16 d-------- C:\Documents and Settings\Roe\Application Data\Malwarebytes 2008-05-06 20:15 . 2008-05-06 20:15 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-05-06 20:15 . 2008-05-06 20:15 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-05-06 20:15 . 2008-05-05 20:46 27,048 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys 2008-05-06 20:15 . 2008-05-05 20:46 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-05-06 20:07 . 2008-05-06 20:07 d-------- C:\_OTMoveIt 2008-05-06 09:15 . 2008-05-06 09:15 d-------- C:\WINDOWS\ERUNT 2008-05-06 09:06 . 2008-05-06 13:16 d-------- C:\SDFix 2008-05-05 21:07 . 2008-05-05 21:07 d-------- C:\Program Files\Trend Micro 2008-05-05 20:37 . 2008-05-05 20:37 d-------- C:\Program Files\Unlocker 2008-05-05 20:37 . 2008-05-07 08:22 d-------- C:\Documents and Settings\Roe\Application Data\Desktopicon 2008-05-05 20:24 . 2008-05-05 20:24 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-05 20:24 . 2008-05-05 20:24 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-04 18:34 . 2008-05-04 18:34 d-------- C:\!KillBox 2008-05-04 18:32 . 2008-05-04 18:37 d-------- C:\Program Files\Windows Live 2008-05-04 18:32 . 2008-05-04 18:37 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-04 18:32 . 2008-05-04 21:14 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-05-04 14:52 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe 2008-05-04 14:52 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf 2008-05-04 12:48 . 2008-05-04 18:13 d-------- C:\Program Files\COMODO 2008-05-04 12:48 . 2008-05-04 18:13 d-------- C:\Documents and Settings\Roe\Application Data\Comodo 2008-05-03 20:25 . 2008-05-03 20:25 d-------- C:\Program Files\AVG 2008-05-03 20:25 . 2008-05-04 09:58 d-------- C:\Documents and Settings\Roe\Application Data\AVGTOOLBAR 2008-05-03 20:25 . 2008-05-05 20:12 d-------- C:\Documents and Settings\All Users\Application Data\avg8 2008-05-03 18:31 . 2008-05-03 18:31 d-------- C:\Program Files\RogueRemover FREE 2008-05-03 14:20 . 2008-05-03 14:20 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo! 2008-05-03 14:20 . 2006-03-15 05:00 4,224 --a------ C:\WINDOWS\system32\beep.sys 2008-04-26 20:37 . 2008-05-01 18:32 d-------- C:\Documents and Settings\Roe\Application Data\ZoomBrowser EX 2008-04-26 20:35 . 2008-04-26 20:35 d-------- C:\Documents and Settings\Roe\Application Data\Canon 2008-04-26 20:35 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-04-26 20:35 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-04-25 12:19 . 2008-05-01 18:32 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-04-25 11:51 . 2008-04-25 11:51 d-------- C:\Program Files\Common Files\Canon 2008-04-23 18:36 . 2008-04-23 18:36 d-------- C:\Program Files\LizardTech 2008-04-23 18:35 . 2008-04-23 18:35 dr------- C:\UDC Output Files 2008-04-23 18:35 . 2008-04-23 18:35 d-------- C:\Program Files\Universal Document Converter 2008-04-23 18:35 . 2007-08-14 20:57 5,632 --a------ C:\WINDOWS\system32\udcpm.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-09 03:05 --------- d-----w C:\Documents and Settings\Roe\Application Data\TeraCopy 2008-05-08 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-08 18:57 --------- d-----w C:\Program Files\Common Files\Palo Alto Software 2008-05-08 18:57 --------- d-----w C:\Program Files\Common Files\Intuit 2008-05-08 03:53 --------- d-----w C:\Program Files\SUPERAntiSpyware 2008-05-08 03:53 --------- d-----w C:\Program Files\MSN Messenger 2008-05-08 03:53 --------- d-----w C:\Program Files\iTunes 2008-05-05 03:58 --------- d-----w C:\Program Files\The Print Shop 20 2008-05-04 17:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-05-04 17:43 --------- d-----w C:\Documents and Settings\Roe\Application Data\SUPERAntiSpyware.com 2008-05-01 21:23 --------- d-----w C:\Documents and Settings\Roe\Application Data\Vso 2008-04-25 19:21 --------- d-----w C:\Program Files\CANON 2008-04-09 00:44 --------- d-----w C:\Program Files\Bonjour 2008-04-09 00:43 --------- d-----w C:\Program Files\Common Files\Adobe 2008-04-09 00:36 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2008-04-08 17:42 364,544 ----a-w C:\WINDOWS\system32\WDBtnMgr.exe 2008-04-08 04:10 223,128 ----a-w C:\WINDOWS\system32\drivers\vaxscsi.sys 2008-04-08 04:10 --------- d-----w C:\Program Files\Alcohol Soft 2008-04-08 04:07 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd6477.sys 2008-04-08 04:07 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-08 04:05 --------- d-----w C:\Documents and Settings\Roe\Application Data\DMCache 2008-04-04 04:28 --------- d-----w C:\Documents and Settings\Roe\Application Data\Corel 2008-03-20 00:07 --------- d-----w C:\Program Files\Mayoko 2008-03-13 23:52 33,800 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-03-13 23:44 29,704 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-03-13 23:43 40,456 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-03-12 23:35 --------- d-----w C:\Program Files\VLCPortable 2008-01-11 03:03 47,360 ----a-w C:\Documents and Settings\Roe\Application Data\pcouffin.sys 2007-12-26 00:40 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-09-22 01:21 2,393 ----a-w C:\Documents and Settings\Roe\Application Data\SAS7_000.DAT 2007-11-05 21:11 88 --sha-w C:\WINDOWS\system32\4D7CD740B4.sys 2008-01-29 04:40 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((( snapshot@2008-05-07_16.44.18.20 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-07 23:36:03 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-12 16:40:27 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2005-10-20 19:02:28 163,328 ----a-w C:\WINDOWS\erdnt\5-11-2008\ERDNT.EXE + 2008-05-11 18:21:39 8,122,368 ----a-w C:\WINDOWS\erdnt\5-11-2008\Users\[u]0[/u]0000001\NTUSER.DAT + 2008-05-11 18:21:39 49,152 ----a-w C:\WINDOWS\erdnt\5-11-2008\Users\[u]0[/u]0000002\UsrClass.dat + 2008-05-08 18:57:17 295,606 ----a-r C:\WINDOWS\Installer\{3B0F52AC-EF5C-4831-B221-06C782E41280}\ARPPRODUCTICON.exe + 2008-05-08 18:57:17 295,606 ----a-r C:\WINDOWS\Installer\{3B0F52AC-EF5C-4831-B221-06C782E41280}\NewShortcut1_E715633012F6421883A4BCE59058C2A8.exe + 2008-05-08 18:57:17 40,960 ----a-r C:\WINDOWS\Installer\{3B0F52AC-EF5C-4831-B221-06C782E41280}\NewShortcut7_E715633012F6421883A4BCE59058C2A8.exe + 2008-05-08 18:57:17 40,960 ----a-r C:\WINDOWS\Installer\{3B0F52AC-EF5C-4831-B221-06C782E41280}\QuickenOLBackupLaunc_0D2E80C8087543EB962347118E2DFBCA.exe + 2008-05-08 00:22:57 10,134 ----a-r C:\WINDOWS\Installer\{86A6E235-C08F-4A14-B14C-793C7D8844A0}\callmsi.exe + 2008-05-08 00:22:57 136,448 ----a-r C:\WINDOWS\Installer\{86A6E235-C08F-4A14-B14C-793C7D8844A0}\egui.exe - 2006-03-15 12:00:00 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe + 2008-02-10 18:44:56 158,208 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\MSConfig.exe - 2006-03-15 12:00:00 158,208 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe + 2008-02-10 18:44:56 158,208 -c--a-w C:\WINDOWS\system32\dllcache\msconfig.exe + 2008-02-04 22:38:19 65,536 ----a-w C:\WINDOWS\system32\fxredir.exe + 2007-08-09 03:34:46 1,721,712 ----a-w C:\WINDOWS\system32\inetclnt.dll + 2006-12-02 05:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-02 05:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-02 05:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-02 07:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-02 07:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-02 07:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-02 07:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-02 07:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-02 07:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-02 07:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-02 07:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-02 07:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-02 07:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-02 07:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2008-02-06 21:44 4670704] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-28 13:39 1667584] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-02-28 23:06 2321600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 16:48 1443072] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Palo Alto Software Update Manager 8.0.lnk] backup=C:\WINDOWS\pss\Palo Alto Software Update Manager 8.0.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^Roe^Start Menu^Programs^Startup^Cyber-shot Viewer Media Check Tool.lnk] backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas .exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater] --a------ 2007-02-28 23:06 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --------- 2005-05-03 03:43 69632 C:\WINDOWS\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDAgent] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitDefender Antiphishing Helper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting] --a------ 2007-03-13 16:38 39264 c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] --a------ 2004-08-10 04:04 59392 C:\WINDOWS\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fxredir] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] --a------ 2007-04-19 22:57 162584 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] --a------ 2007-04-19 22:57 142104 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-02-16 16:15 221184 C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-02-16 16:15 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\monitr32] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MPTBox] --a------ 2008-02-06 13:46 151552 C:\PROGRA~1\Canon\MULTIP~1\MPTBox.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2008-01-28 13:39 1667584 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] --a------ 2007-04-19 22:57 138008 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2007-09-17 22:05 282624 C:\Program Files\QuickTime\qttask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] --------- 2007-04-12 02:33 16132608 C:\WINDOWS\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2007-12-07 16:08 21686568 C:\Program Files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate] --a------ 2003-09-29 16:00 155648 C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware] --a------ 2008-02-05 20:35 1310720 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UDC Integration] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2008-05-01 21:15 15872 C:\Program Files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager] --a------ 2008-04-08 10:42 364544 C:\WINDOWS\system32\WDBtnMgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2008-02-06 21:44 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection] --a------ 2007-06-08 07:59 224248 C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "wuauserv"=3 (0x3) "wscsvc"=2 (0x2) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Messenger\\msmsgs.exe"= R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-03-13 16:52] R2 cis1284;cis1284;C:\WINDOWS\system32\drivers\cis1284.sys [2001-06-26 21:00] S3 gdrv;gdrv;C:\WINDOWS\gdrv.sys [2007-09-16 13:43] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\WINDOWS\system32\DRIVERS\wdcsam.sys [2006-09-07 22:16] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{21DB17A7-9EB9-0768-D9C5-22A71AD280F1}] C:\WINDOWS\system32:svchost.exe . ************************************************************************** catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-05-12 11:06:22 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-05-12 11:09:01 ComboFix-quarantined-files.txt 2008-05-12 18:08:53 ComboFix2.txt 2008-05-08 04:00:09 ComboFix3.txt 2008-05-07 23:44:42 Pre-Run: 335,042,375,680 bytes free Post-Run: 335,183,400,960 bytes free 240