ComboFix 08-05-11.1 - Dad 2008-05-12 17:06:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.225 [GMT -5:00]
Running from: C:\Users\Dad\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.
2008-05-12 17:06 . 2008-05-12 17:06 6,736 --a------ C:\Windows\System32\drivers\PROCEXP90.SYS
2008-05-11 12:46 . 2008-05-11 12:46
d-------- C:\Users\Aldo\AppData\Roaming\Malwarebytes
2008-05-11 11:57 . 2008-05-11 12:01 d-------- C:\Users\Dad\.SunDownloadManager
2008-05-10 21:09 . 2008-05-10 21:09 d-------- C:\Users\Dad\AppData\Roaming\Uniblue
2008-05-10 19:12 . 2008-05-10 19:12 0 --ah----- C:\Users\Default.LOG2
2008-05-10 19:12 . 2008-05-10 19:12 0 --ah----- C:\Users\Default.LOG1
2008-05-10 19:12 . 2008-05-10 19:12 0 --ah----- C:\ProgramData.LOG2
2008-05-10 19:12 . 2008-05-10 19:12 0 --ah----- C:\ProgramData.LOG1
2008-05-10 16:46 . 2008-05-10 16:46 d-------- C:\Users\Dad\AppData\Roaming\Malwarebytes
2008-05-10 16:46 . 2008-05-10 16:46 d-------- C:\Users\All Users\Malwarebytes
2008-05-10 16:46 . 2008-05-10 16:46 d-------- C:\ProgramData\Malwarebytes
2008-05-10 16:46 . 2008-05-10 16:46 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-05-10 16:46 . 2008-05-05 20:46 27,048 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-10 16:46 . 2008-05-05 20:46 15,864 --a------ C:\Windows\System32\drivers\mbam.sys
2008-05-10 16:45 . 2008-05-10 16:45 d-------- C:\Users\Dad\AppData\Roaming\Download Manager
2008-05-08 23:39 . 2008-05-08 23:45 d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-05-08 23:39 . 2008-05-08 23:45 d-------- C:\ProgramData\Spybot - Search & Destroy
2008-05-08 23:39 . 2008-05-08 23:39 d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-08 18:50 . 2008-05-08 18:50 d-------- C:\Users\Dad\AppData\Roaming\Symantec
2008-05-08 18:26 . 2008-05-08 18:26 d-------- C:\Program Files\Trend Micro
2008-05-08 17:20 . 2008-05-08 17:34 d-------- C:\Program Files\Panda Security
2008-05-08 16:40 . 2008-05-08 16:40 d-------- C:\Program Files\CCleaner
2008-05-07 23:14 . 2008-05-10 19:08 d-------- C:\Users\All Users\Lavasoft
2008-05-07 23:14 . 2008-05-10 19:08 d-------- C:\ProgramData\Lavasoft
2008-05-04 22:04 . 2003-03-15 23:15 90,112 --a------ C:\Windows\unvise32.exe
2008-05-04 16:53 . 2008-05-05 20:12 d-------- C:\Users\Aldo\Black Jack II Games
2008-05-01 20:18 . 2008-05-01 20:18 d-------- C:\Program Files\Apple Software Update
2008-04-28 19:38 . 2008-04-28 19:38 d-------- C:\Program Files\Microsoft Silverlight
2008-04-27 22:52 . 2008-04-27 22:52 215 --a------ C:\MITsWizard.tmp
2008-04-27 18:34 . 2008-04-27 18:34 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2008-04-27 18:21 . 2008-04-27 18:21 d-------- C:\Media Backup Data
2008-04-27 17:00 . 2008-04-27 17:00 d-------- C:\Program Files\Windows Mobile Device Handbook
2008-04-24 18:57 . 2008-04-30 16:54 d-------- C:\Users\Aldo\P2 Firmware
2008-04-21 21:48 . 2008-04-21 21:49 d-------- C:\Windows\System32\Adobe
2008-04-13 11:45 . 2008-04-13 11:45 d-------- C:\Program Files\BitLord
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 03:23 41,378 ----a-w C:\Users\Dad\AppData\Roaming\nvModes.dat
2008-05-11 17:31 41,520 ----a-w C:\Users\Aldo\AppData\Roaming\nvModes.dat
2008-05-11 17:06 --------- d-----w C:\Program Files\Java
2008-05-09 21:07 --------- d-----w C:\ProgramData\Viewpoint
2008-05-08 03:10 --------- d-----w C:\Program Files\Common Files\SureThing Shared
2008-05-08 03:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-08 03:09 --------- d-----w C:\Program Files\Microsoft Works
2008-04-30 00:51 --------- d---a-w C:\ProgramData\TEMP
2008-04-27 23:13 --------- d-----w C:\Program Files\Samsung
2008-04-13 17:45 --------- d-----w C:\Program Files\MyFree Codec
2008-04-08 21:25 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 21:18 --------- d-----w C:\Program Files\CONEXANT
2008-04-08 04:56 --------- d-----w C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2008-04-08 04:55 --------- d-----w C:\Users\Guest\AppData\Roaming\Symantec
2008-04-07 03:57 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-06 17:25 --------- d-----w C:\Program Files\AIM6
2008-04-02 02:50 --------- d-----w C:\ProgramData\SongbirdVLC
2008-03-29 15:35 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-29 03:11 --------- d-----w C:\Program Files\Common Files\Steam
2008-03-26 17:45 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-03-24 23:54 --------- d-----w C:\ProgramData\Symantec
2008-03-20 01:50 --------- d-----w C:\ProgramData\NVIDIA
2008-03-20 01:17 174 --sha-w C:\Program Files\desktop.ini
2008-03-20 01:04 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-20 01:04 --------- d-----w C:\Program Files\Windows Journal
2008-03-20 01:04 --------- d-----w C:\Program Files\Windows Collaboration
2008-03-20 01:04 --------- d-----w C:\Program Files\Windows Calendar
2008-03-20 01:03 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-03-20 01:03 --------- d-----w C:\Program Files\Windows Defender
2008-03-20 00:29 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-03-20 00:29 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-03-19 22:48 47,560 ----a-w C:\Windows\System32\SPReview.exe
2008-03-19 22:48 152,576 ----a-w C:\Windows\System32\SPWizUI.dll
2008-03-19 00:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-18 23:49 --------- d-----w C:\Users\Aldo\AppData\Roaming\Symantec
2008-03-18 23:48 --------- d-----w C:\Program Files\Norton Internet Security
2008-03-18 23:47 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-18 23:47 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-18 23:47 10,563 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-18 23:47 --------- d-----w C:\Program Files\Symantec
2008-03-18 23:16 --------- d-----w C:\ProgramData\Symantec Temporary Files
2008-03-04 07:34 2,125,312 ----a-w C:\Windows\System32\CnxtAp32.dll
2008-02-29 07:14 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 07:11 988,216 ----a-w C:\Windows\System32\winload.exe
2008-02-29 07:11 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-02-29 06:53 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:53 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 04:21 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-02-29 04:12 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 04:12 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-22 05:05 615,992 ----a-w C:\Windows\System32\ci.dll
2008-02-22 05:01 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-02-22 04:57 295,936 ----a-w C:\Windows\System32\gdi32.dll
2007-10-18 22:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-18 22:34 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-18 22:34 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-08-04 19:05 22 --sha-w C:\Windows\SMINST\HPCD.sys
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-06 23:05 349552 --a------ C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-18 18:46 116088 --a------ C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-06 23:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-06 23:05 349552]
[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"WindowsWelcomeCenter"="rundll32.exe" [2006-11-02 04:45 44544 C:\Windows\System32\rundll32.exe]
"HPADVISOR"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 17:23 1773568]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 15:21 50528]
"RunSpySweeperScheduleAtStartup"="C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe" [2007-03-23 16:23 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 19:45 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 12:58 159744]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 15:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 18:12 317128]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 18:21 132624]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 20:47 51048]
"NvSvc"="RUNDLL32.exe" [2006-11-02 04:45 44544 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 04:45 44544 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 04:45 44544 C:\Windows\System32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-06-07 18:05:38 553021]
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-06-19 04:16:13 53248]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 17:51 192512]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
""=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
""=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
""=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
""=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB1750F3-5206-4252-B1F7-0F45231E3F15}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DE933817-50B7-4A7F-96EC-88D5D61DFF7B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5C5E8761-4CFD-41C0-9050-EC4C4BC84ADF}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{B517CE8D-1A9F-431F-84A4-8A97DA74D4C3}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{B963EDC7-43C8-4470-8415-C420CF92E4D7}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{48E205BD-85DE-41B1-A8A6-D4DCE588F554}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F944F207-0E68-4334-A5CB-F20014E43D79}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CB11AF77-AEC3-4AC3-A72F-48BD83B597E4}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C4C9C119-72A8-4131-B56E-AD8944C5803C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D4A0809E-419C-452D-8B2C-A23617F81487}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{87B1402B-E5AD-4458-B74E-49D1B90C67AD}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BA7E6E97-A29D-4CB9-A5FD-999BCFF2DCF9}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{CA08CCEB-7962-4A3F-A079-A616C0F14FFF}C:\\program files\\swiftswitch\\swiftswitch.exe"= UDP:C:\program files\swiftswitch\swiftswitch.exe:World Switcher for RuneScape
"UDP Query User{744DDADC-BCBA-4D5F-990B-88B4936ED246}C:\\program files\\swiftswitch\\swiftswitch.exe"= TCP:C:\program files\swiftswitch\swiftswitch.exe:World Switcher for RuneScape
"TCP Query User{44B4DD11-DF62-442C-BAD3-0D62E043A047}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{DAA3C18D-2F20-4592-84B0-F8E1A8DAF7C9}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"{A8C4A795-F582-4359-B28A-F4DF299CEDA5}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{07244AD2-09B1-4605-A8F0-2A445CE4BCB5}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{54524F26-13A1-4B21-923D-A02A1DA64C9A}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EAC4078A-E92D-456F-BB50-364F52716594}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{D268515E-0BE8-43D3-B1BB-659D50A81E1C}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{070F2F88-0AE5-45C4-BC6E-D1F4407D87FA}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{972AD423-3B1B-4399-AA7E-8C2008CB1DEA}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{D595EB53-439A-42C5-BFFD-6A6A65D4DA6F}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{BFD2E765-8E02-490B-98D5-C50A29F95752}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{DA8193E3-9A93-42DD-A10F-DD227A822FA1}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BF6551B4-B99D-4EA3-99C9-6305EE600B1B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080507.010\IDSvix86.sys [2008-02-13 11:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 03:44]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 14:34]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-13 00:50]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 Flash1;Flash1;C:\SwSetup\SP38062\winphlash\Flash1.sys [2006-03-01 18:54]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 23:24:29 C:\Windows\Tasks\HPCeeScheduleForAldo.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
"2008-04-12 15:10:00 C:\Windows\Tasks\HPCeeScheduleForDad.job"
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
"2008-05-06 01:38:22 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Aldo.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 17:12:11
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-12 17:14:50
ComboFix-quarantined-files.txt 2008-05-12 22:14:40
Pre-Run: 106,300,796,928 bytes free
Post-Run: 106,293,284,864 bytes free
257 --- E O F --- 2008-05-06 21:00:10