ComboFix 08-05-11.1 - Dad 2008-05-12 17:06:34.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.1.1033.18.225 [GMT -5:00]
Running from: C:\Users\Dad\Desktop\ComboFix.exe
.

(((((((((((((((((((((((((   Files Created from 2008-04-12 to 2008-05-12  )))))))))))))))))))))))))))))))
.

2008-05-12 17:06 . 2008-05-12 17:06	6,736	--a------	C:\Windows\System32\drivers\PROCEXP90.SYS
2008-05-11 12:46 . 2008-05-11 12:46	<DIR>	d--------	C:\Users\Aldo\AppData\Roaming\Malwarebytes
2008-05-11 11:57 . 2008-05-11 12:01	<DIR>	d--------	C:\Users\Dad\.SunDownloadManager
2008-05-10 21:09 . 2008-05-10 21:09	<DIR>	d--------	C:\Users\Dad\AppData\Roaming\Uniblue
2008-05-10 19:12 . 2008-05-10 19:12	0	--ah-----	C:\Users\Default.LOG2
2008-05-10 19:12 . 2008-05-10 19:12	0	--ah-----	C:\Users\Default.LOG1
2008-05-10 19:12 . 2008-05-10 19:12	0	--ah-----	C:\ProgramData.LOG2
2008-05-10 19:12 . 2008-05-10 19:12	0	--ah-----	C:\ProgramData.LOG1
2008-05-10 16:46 . 2008-05-10 16:46	<DIR>	d--------	C:\Users\Dad\AppData\Roaming\Malwarebytes
2008-05-10 16:46 . 2008-05-10 16:46	<DIR>	d--------	C:\Users\All Users\Malwarebytes
2008-05-10 16:46 . 2008-05-10 16:46	<DIR>	d--------	C:\ProgramData\Malwarebytes
2008-05-10 16:46 . 2008-05-10 16:46	<DIR>	d--------	C:\Program Files\Malwarebytes' Anti-Malware
2008-05-10 16:46 . 2008-05-05 20:46	27,048	--a------	C:\Windows\System32\drivers\mbamcatchme.sys
2008-05-10 16:46 . 2008-05-05 20:46	15,864	--a------	C:\Windows\System32\drivers\mbam.sys
2008-05-10 16:45 . 2008-05-10 16:45	<DIR>	d--------	C:\Users\Dad\AppData\Roaming\Download Manager
2008-05-08 23:39 . 2008-05-08 23:45	<DIR>	d--------	C:\Users\All Users\Spybot - Search & Destroy
2008-05-08 23:39 . 2008-05-08 23:45	<DIR>	d--------	C:\ProgramData\Spybot - Search & Destroy
2008-05-08 23:39 . 2008-05-08 23:39	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-05-08 18:50 . 2008-05-08 18:50	<DIR>	d--------	C:\Users\Dad\AppData\Roaming\Symantec
2008-05-08 18:26 . 2008-05-08 18:26	<DIR>	d--------	C:\Program Files\Trend Micro
2008-05-08 17:20 . 2008-05-08 17:34	<DIR>	d--------	C:\Program Files\Panda Security
2008-05-08 16:40 . 2008-05-08 16:40	<DIR>	d--------	C:\Program Files\CCleaner
2008-05-07 23:14 . 2008-05-10 19:08	<DIR>	d--------	C:\Users\All Users\Lavasoft
2008-05-07 23:14 . 2008-05-10 19:08	<DIR>	d--------	C:\ProgramData\Lavasoft
2008-05-04 22:04 . 2003-03-15 23:15	90,112	--a------	C:\Windows\unvise32.exe
2008-05-04 16:53 . 2008-05-05 20:12	<DIR>	d--------	C:\Users\Aldo\Black Jack II Games
2008-05-01 20:18 . 2008-05-01 20:18	<DIR>	d--------	C:\Program Files\Apple Software Update
2008-04-28 19:38 . 2008-04-28 19:38	<DIR>	d--------	C:\Program Files\Microsoft Silverlight
2008-04-27 22:52 . 2008-04-27 22:52	215	--a------	C:\MITsWizard.tmp
2008-04-27 18:34 . 2008-04-27 18:34	0	--ah-----	C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2008-04-27 18:21 . 2008-04-27 18:21	<DIR>	d--------	C:\Media Backup Data
2008-04-27 17:00 . 2008-04-27 17:00	<DIR>	d--------	C:\Program Files\Windows Mobile Device Handbook
2008-04-24 18:57 . 2008-04-30 16:54	<DIR>	d--------	C:\Users\Aldo\P2 Firmware
2008-04-21 21:48 . 2008-04-21 21:49	<DIR>	d--------	C:\Windows\System32\Adobe
2008-04-13 11:45 . 2008-04-13 11:45	<DIR>	d--------	C:\Program Files\BitLord

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 03:23	41,378	----a-w	C:\Users\Dad\AppData\Roaming\nvModes.dat
2008-05-11 17:31	41,520	----a-w	C:\Users\Aldo\AppData\Roaming\nvModes.dat
2008-05-11 17:06	---------	d-----w	C:\Program Files\Java
2008-05-09 21:07	---------	d-----w	C:\ProgramData\Viewpoint
2008-05-08 03:10	---------	d-----w	C:\Program Files\Common Files\SureThing Shared
2008-05-08 03:09	---------	d-----w	C:\ProgramData\Microsoft Help
2008-05-08 03:09	---------	d-----w	C:\Program Files\Microsoft Works
2008-04-30 00:51	---------	d---a-w	C:\ProgramData\TEMP
2008-04-27 23:13	---------	d-----w	C:\Program Files\Samsung
2008-04-13 17:45	---------	d-----w	C:\Program Files\MyFree Codec
2008-04-08 21:25	---------	d-----w	C:\Program Files\Windows Mail
2008-04-08 21:18	---------	d-----w	C:\Program Files\CONEXANT
2008-04-08 04:56	---------	d-----w	C:\Users\Guest\AppData\Roaming\Hewlett-Packard
2008-04-08 04:55	---------	d-----w	C:\Users\Guest\AppData\Roaming\Symantec
2008-04-07 03:57	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-04-06 17:25	---------	d-----w	C:\Program Files\AIM6
2008-04-02 02:50	---------	d-----w	C:\ProgramData\SongbirdVLC
2008-03-29 15:35	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-03-29 03:11	---------	d-----w	C:\Program Files\Common Files\Steam
2008-03-26 17:45	0	---ha-w	C:\Windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-03-24 23:54	---------	d-----w	C:\ProgramData\Symantec
2008-03-20 01:50	---------	d-----w	C:\ProgramData\NVIDIA
2008-03-20 01:17	174	--sha-w	C:\Program Files\desktop.ini
2008-03-20 01:04	---------	d-----w	C:\Program Files\Windows Sidebar
2008-03-20 01:04	---------	d-----w	C:\Program Files\Windows Journal
2008-03-20 01:04	---------	d-----w	C:\Program Files\Windows Collaboration
2008-03-20 01:04	---------	d-----w	C:\Program Files\Windows Calendar
2008-03-20 01:03	---------	d-----w	C:\Program Files\Windows Photo Gallery
2008-03-20 01:03	---------	d-----w	C:\Program Files\Windows Defender
2008-03-20 00:29	82,432	----a-w	C:\Windows\System32\axaltocm.dll
2008-03-20 00:29	101,888	----a-w	C:\Windows\System32\ifxcardm.dll
2008-03-19 22:48	47,560	----a-w	C:\Windows\System32\SPReview.exe
2008-03-19 22:48	152,576	----a-w	C:\Windows\System32\SPWizUI.dll
2008-03-19 00:06	---------	d-----w	C:\Program Files\Common Files\Symantec Shared
2008-03-18 23:49	---------	d-----w	C:\Users\Aldo\AppData\Roaming\Symantec
2008-03-18 23:48	---------	d-----w	C:\Program Files\Norton Internet Security
2008-03-18 23:47	805	----a-w	C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-18 23:47	123,952	----a-w	C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-18 23:47	10,563	----a-w	C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-18 23:47	---------	d-----w	C:\Program Files\Symantec
2008-03-18 23:16	---------	d-----w	C:\ProgramData\Symantec Temporary Files
2008-03-04 07:34	2,125,312	----a-w	C:\Windows\System32\CnxtAp32.dll
2008-02-29 07:14	19,000	----a-w	C:\Windows\System32\kd1394.dll
2008-02-29 07:11	988,216	----a-w	C:\Windows\System32\winload.exe
2008-02-29 07:11	927,288	----a-w	C:\Windows\System32\winresume.exe
2008-02-29 06:53	46,592	----a-w	C:\Windows\System32\setbcdlocale.dll
2008-02-29 06:53	40,960	----a-w	C:\Windows\System32\srclient.dll
2008-02-29 06:53	378,368	----a-w	C:\Windows\System32\srcore.dll
2008-02-29 06:35	6,656	----a-w	C:\Windows\System32\kbd106n.dll
2008-02-29 04:21	2,032,128	----a-w	C:\Windows\System32\win32k.sys
2008-02-29 04:12	318,464	----a-w	C:\Windows\System32\rstrui.exe
2008-02-29 04:12	14,848	----a-w	C:\Windows\System32\srdelayed.exe
2008-02-22 05:05	615,992	----a-w	C:\Windows\System32\ci.dll
2008-02-22 05:01	826,880	----a-w	C:\Windows\System32\wininet.dll
2008-02-22 04:57	295,936	----a-w	C:\Windows\System32\gdi32.dll
2007-10-18 22:34	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-18 22:34	32,768	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-18 22:34	16,384	--sha-w	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
2007-08-04 19:05	22	--sha-w	C:\Windows\SMINST\HPCD.sys
.

------- Sigcheck -------

.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}]
2008-02-06 23:05	349552	--a------	C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\coIEPlg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
2008-03-18 18:46	116088	--a------	C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll" [2008-02-06 23:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"= C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.5\CoIEPlg.dll [2008-02-06 23:05 349552]

[HKEY_CLASSES_ROOT\clsid\{7febefe3-6b19-4349-98d2-ffb09d4b49ca}]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar.1]
[HKEY_CLASSES_ROOT\CoIEPlg.CoToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920]
"WindowsWelcomeCenter"="rundll32.exe" [2006-11-02 04:45 44544 C:\Windows\System32\rundll32.exe]
"HPADVISOR"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 17:23 1773568]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 15:21 50528]
"RunSpySweeperScheduleAtStartup"="C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe" [2007-03-23 16:23 86016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-18 23:38 1008184]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 03:50 1021224]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 19:45 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 12:58 159744]
"HP Health Check Scheduler"="[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [ ]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 15:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 18:12 317128]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"SMSTray"="C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe" [2007-09-20 18:21 132624]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-25 20:47 51048]
"NvSvc"="RUNDLL32.exe" [2006-11-02 04:45 44544 C:\Windows\System32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2006-11-02 04:45 44544 C:\Windows\System32\rundll32.exe]
"NvMediaCenter"="RUNDLL32.exe" [2006-11-02 04:45 44544 C:\Windows\System32\rundll32.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-06-07 18:05:38 553021]
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-06-19 04:16:13 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{88485281-8b4b-4f8d-9ede-82e29a064277}"= C:\PROGRA~1\MarkAny\CONTEN~1\MACSMA~1.DLL [2004-11-23 17:51 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"= 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"<NO NAME>"= 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"= 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"= 
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{EB1750F3-5206-4252-B1F7-0F45231E3F15}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DE933817-50B7-4A7F-96EC-88D5D61DFF7B}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5C5E8761-4CFD-41C0-9050-EC4C4BC84ADF}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{B517CE8D-1A9F-431F-84A4-8A97DA74D4C3}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{B963EDC7-43C8-4470-8415-C420CF92E4D7}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{48E205BD-85DE-41B1-A8A6-D4DCE588F554}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F944F207-0E68-4334-A5CB-F20014E43D79}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CB11AF77-AEC3-4AC3-A72F-48BD83B597E4}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C4C9C119-72A8-4131-B56E-AD8944C5803C}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D4A0809E-419C-452D-8B2C-A23617F81487}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{87B1402B-E5AD-4458-B74E-49D1B90C67AD}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{BA7E6E97-A29D-4CB9-A5FD-999BCFF2DCF9}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{CA08CCEB-7962-4A3F-A079-A616C0F14FFF}C:\\program files\\swiftswitch\\swiftswitch.exe"= UDP:C:\program files\swiftswitch\swiftswitch.exe:World Switcher for RuneScape
"UDP Query User{744DDADC-BCBA-4D5F-990B-88B4936ED246}C:\\program files\\swiftswitch\\swiftswitch.exe"= TCP:C:\program files\swiftswitch\swiftswitch.exe:World Switcher for RuneScape
"TCP Query User{44B4DD11-DF62-442C-BAD3-0D62E043A047}C:\\program files\\aim6\\aim6.exe"= UDP:C:\program files\aim6\aim6.exe:AIM
"UDP Query User{DAA3C18D-2F20-4592-84B0-F8E1A8DAF7C9}C:\\program files\\aim6\\aim6.exe"= TCP:C:\program files\aim6\aim6.exe:AIM
"{A8C4A795-F582-4359-B28A-F4DF299CEDA5}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{07244AD2-09B1-4605-A8F0-2A445CE4BCB5}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{54524F26-13A1-4B21-923D-A02A1DA64C9A}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{EAC4078A-E92D-456F-BB50-364F52716594}"= UDP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{D268515E-0BE8-43D3-B1BB-659D50A81E1C}"= TCP:C:\Windows\System32\muzapp.exe:MUZ AOD APP player
"{070F2F88-0AE5-45C4-BC6E-D1F4407D87FA}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{972AD423-3B1B-4399-AA7E-8C2008CB1DEA}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{D595EB53-439A-42C5-BFFD-6A6A65D4DA6F}C:\\program files\\bitlord\\bitlord.exe"= UDP:C:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{BFD2E765-8E02-490B-98D5-C50A29F95752}C:\\program files\\bitlord\\bitlord.exe"= TCP:C:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{DA8193E3-9A93-42DD-A10F-DD227A822FA1}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{BF6551B4-B99D-4EA3-99C9-6305EE600B1B}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\ipsdefs\20080507.010\IDSvix86.sys [2008-02-13 11:18]
R2 LiveUpdate Notice;LiveUpdate Notice;"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon []
R2 RapiMgr;Windows Mobile-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R2 WcesComm;Windows Mobile-2003-based device connectivity;C:\Windows\system32\svchost.exe [2008-01-18 23:33]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 06:27]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2006-09-15 03:44]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-02-05 14:34]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-10-13 00:50]
S3 COH_Mon;COH_Mon;C:\Windows\system32\Drivers\COH_Mon.sys [2008-03-06 21:32]
S3 Flash1;Flash1;C:\SwSetup\SP38062\winphlash\Flash1.sys [2006-03-01 18:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
WindowsMobile	REG_MULTI_SZ   	wcescomm rapimgr
LocalServiceRestricted	REG_MULTI_SZ   	WcesComm RapiMgr

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-04-27 23:24:29 C:\Windows\Tasks\HPCeeScheduleForAldo.job"
- C:\Program Files\Hewlett-Packard\SDP\Ceement\HPCEE.exe
"2008-04-12 15:10:00 C:\Windows\Tasks\HPCeeScheduleForDad.job"
- C:\Program Files\hewlett-packard\sdp\ceement\HPCEE.exe
"2008-05-06 01:38:22 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Aldo.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 17:12:11
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-12 17:14:50
ComboFix-quarantined-files.txt  2008-05-12 22:14:40

Pre-Run: 106,300,796,928 bytes free
Post-Run: 106,293,284,864 bytes free

257	--- E O F ---	2008-05-06 21:00:10