ComboFix 08-05-29.1 - xxx 2008-06-01 14:29:05.1 - NTFSx86 Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1080 [GMT 5.5:30] Running from: C:\Users\xxx\Desktop\Malware Removal Stuff\ComboFix.exe * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Windows\system32\qoMgdBTN.dll C:\Windows\system32\x64 . ((((((((((((((((((((((((( Files Created from 2008-05-01 to 2008-06-01 ))))))))))))))))))))))))))))))) . 2008-06-01 14:09 . 2008-06-01 14:09 d-------- C:\VundoFix Backups 2008-06-01 12:58 . 2008-06-01 13:01 d-------- C:\Users\All Users\Spybot - Search & Destroy 2008-06-01 12:58 . 2008-06-01 13:01 d-------- C:\ProgramData\Spybot - Search & Destroy 2008-06-01 12:58 . 2008-06-01 12:58 d-------- C:\Program Files\Spybot - Search & Destroy 2008-06-01 12:02 . 2008-06-01 12:02 159,978 --a------ C:\Windows\Marsu-Fix 2.3 Uninstaller.exe 2008-06-01 10:13 . 2008-06-01 10:17 d-------- C:\Users\All Users\Lavasoft 2008-06-01 10:13 . 2008-06-01 10:17 d-------- C:\ProgramData\Lavasoft 2008-06-01 10:13 . 2008-06-01 10:13 d-------- C:\Program Files\Lavasoft 2008-06-01 10:13 . 2008-06-01 10:13 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-05-29 19:50 . 2008-03-08 07:38 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-05-29 19:50 . 2008-03-08 09:51 1,695,744 --a------ C:\Windows\System32\gameux.dll 2008-05-28 14:34 . 2008-05-28 14:34 171,136 -rahs---- C:\grldr 2008-05-17 11:03 . 2008-05-17 11:03 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf 2008-05-16 20:23 . 2008-05-16 20:23 d-------- C:\PerfLogs 2008-05-16 20:14 . 2008-05-16 20:14 d-------- C:\Program Files\IDT 2008-05-16 20:01 . 2008-05-16 19:36 152,576 --a------ C:\Windows\System32\SPWizUI.dll 2008-05-16 20:01 . 2008-05-16 19:36 47,560 --a------ C:\Windows\System32\SPReview.exe 2008-05-16 19:45 . 2008-01-18 23:33 193,024 --a------ C:\Windows\System32\recdisc.exe 2008-05-16 19:45 . 2008-01-18 23:36 6,656 --a------ C:\Windows\System32\sdspres.dll 2008-05-16 19:44 . 2008-01-18 23:33 599,552 --a------ C:\Windows\System32\vsp1cln.exe 2008-05-16 19:44 . 2008-01-18 23:36 142,336 --a------ C:\Windows\System32\spp.dll 2008-05-16 19:44 . 2008-01-18 23:36 28,160 --a------ C:\Windows\System32\sxproxy.dll 2008-05-16 19:41 . 2008-01-18 23:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll 2008-05-16 19:39 . 2008-01-18 23:36 2,588,160 --a------ C:\Windows\System32\UIHub.dll 2008-05-16 19:36 . 2008-05-16 19:36 d-------- C:\534c0e588f9c819dc0f2689b 2008-05-16 19:36 . 2008-05-16 20:03 196,608 --a------ C:\Windows\SPInstall.etl 2008-05-16 19:36 . 2008-01-18 23:33 44,032 --a------ C:\Windows\System32\cbsra.exe 2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\Windows\System32\lsdelete.exe 2008-05-16 00:26 . 2008-05-16 00:26 d-------- C:\Users\xxx\AppData\Roaming\Media Player Classic 2008-05-09 10:06 . 2008-02-13 16:44 7,921,664 --a------ C:\Windows\System32\idtsg.cpl 2008-05-04 19:53 . 2008-05-04 19:53 d-------- C:\Users\xxx\AppData\Roaming\AD ON Multimedia 2008-05-04 19:53 . 2008-05-04 19:53 d-------- C:\Users\xxx\AppData\Roaming\AccurateRip 2008-05-04 14:06 . 2008-05-15 23:52 d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-05-03 10:36 . 2008-05-03 12:03 d-------- C:\Users\xxx\AppData\Roaming\Winamp 2008-05-03 10:36 . 2008-05-03 10:38 d-------- C:\Program Files\Winamp . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-06-01 06:16 --------- d-----w C:\Program Files\ESET 2008-05-31 11:09 --------- d-----w C:\Users\xxx\AppData\Roaming\uTorrent 2008-05-31 07:06 --------- d-----w C:\Users\xxx\AppData\Roaming\foobar2000 2008-05-29 13:41 --------- d-----w C:\Users\xxx\AppData\Roaming\VSO 2008-05-20 03:39 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-19 09:37 2,516 --sha-w C:\Windows\System32\KGyGaAvL.sys 2008-05-19 04:36 --------- d-----w C:\Users\xxx\AppData\Roaming\FileZilla 2008-05-18 19:06 --------- d-----w C:\Program Files\FileZilla Client 2008-05-16 15:06 174 --sha-w C:\Program Files\desktop.ini 2008-05-16 14:56 --------- d-----w C:\Program Files\Windows Sidebar 2008-05-16 14:56 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-05-16 14:56 --------- d-----w C:\Program Files\Windows Mail 2008-05-16 14:56 --------- d-----w C:\Program Files\Windows Journal 2008-05-16 14:56 --------- d-----w C:\Program Files\Windows Defender 2008-05-16 14:56 --------- d-----w C:\Program Files\Windows Collaboration 2008-05-16 14:56 --------- d-----w C:\Program Files\Windows Calendar 2008-05-16 14:37 82,432 ----a-w C:\Windows\System32\axaltocm.dll 2008-05-16 14:37 101,888 ----a-w C:\Windows\System32\ifxcardm.dll 2008-05-16 04:16 --------- d-----w C:\Program Files\FlashGet 2008-05-15 18:24 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-04 14:23 --------- d-----w C:\Program Files\Exact Audio Copy 2008-05-04 08:35 --------- d-----w C:\ProgramData\WLInstaller 2008-05-02 05:28 --------- d-----w C:\Users\xxx\AppData\Roaming\Apple Computer 2008-04-29 05:50 15,648 ----a-w C:\Windows\system32\drivers\NSDriver.sys 2008-04-29 05:49 15,648 ----a-w C:\Windows\system32\drivers\Awrtrd.sys 2008-04-29 05:49 12,960 ----a-w C:\Windows\system32\drivers\Awrtpd.sys 2008-04-28 18:57 208,353 ----a-w C:\Windows\fix.exe 2008-04-23 09:30 71,176 ----a-w C:\Windows\system32\drivers\epfw.sys 2008-04-23 09:30 54,280 ----a-w C:\Windows\system32\drivers\epfwtdi.sys 2008-04-23 09:30 30,728 ----a-w C:\Windows\system32\drivers\epfwndis.sys 2008-04-23 09:23 29,704 ----a-w C:\Windows\system32\drivers\easdrv.sys 2008-04-23 09:22 40,456 ----a-w C:\Windows\system32\drivers\eamon.sys 2008-04-17 04:17 --------- d-----w C:\Program Files\iTunes 2008-04-17 04:17 --------- d-----w C:\Program Files\iPod 2008-04-17 04:15 --------- d-----w C:\Program Files\QuickTime 2008-04-17 03:14 --------- d-----w C:\Program Files\Apple Software Update 2008-04-15 14:48 --------- d-----w C:\Program Files\Mozilla Firefox 3 Beta 3 2008-04-11 11:53 38,400 ----a-w C:\Windows\System32\SoundSchemes.exe 2008-03-12 20:21 678,408 ----a-w C:\Windows\System32\gpprefcl.dll 2008-03-08 04:19 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-03-08 04:19 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-03-08 04:19 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-03-08 04:19 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-03-08 01:58 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll . ------- Sigcheck ------- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseSVN] @={30351346-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseSVN] @={30351347-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseSVN] @={30351348-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseSVN] @={3035134B-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseSVN] @={3035134C-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseSVN] @={3035134D-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseSVN] @={3035134E-7B7D-4FCC-81B4-1E394CA267EB} [HKEY_CLASSES_ROOT\CLSID\{30351346-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351347-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{30351348-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134B-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134C-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134D-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CLASSES_ROOT\CLSID\{3035134E-7B7D-4FCC-81B4-1E394CA267EB}] 2008-02-16 12:35 536576 --a------ C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-18 23:33 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-18 23:33 125952] "PMCLoader"="C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2007-05-30 12:25 105544] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-18 23:33 202240] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488] "cmds"="C:\Users\xxx\AppData\Local\Temp\kHAPhgDw.dll" [2008-05-31 10:03 373248] "BM97e1062e"="C:\Users\xxx\AppData\Local\Temp\uvepvmof.dll" [2008-05-31 22:35 126464] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "FileZilla Server Interface"="C:\Program Files\FileZilla Server\FileZilla Server Interface.exe" [2007-10-19 23:35 937984] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 03:10 55824 C:\Windows\KHALMNPR.Exe] "LifeCam"="C:\Program Files\Microsoft LifeCam\LifeExp.exe" [2007-01-12 17:48 275800] "VX1000"="C:\Windows\vVX1000.exe" [2006-12-05 15:38 707360] "MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-18 23:33 227840] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 20:13 141848] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 20:13 166424] "Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 20:13 133656] "SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2008-02-13 16:45 409600] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-04-23 14:57 1443072] "TrialReset"="C:\Windows\fix.exe" [2008-04-29 00:27 208353] C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [2007-12-12 23:56:18 12829216] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-22 09:49:12 784912] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll [HKLM\~\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk] path=C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk backup=C:\Windows\pss\Adobe Gamma.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\94d235b2] C:\Users\xxx\AppData\Local\Temp\wppxtvat.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM97e1062e] --------- 2008-05-31 22:35 126464 C:\Users\xxx\AppData\Local\Temp\uvepvmof.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds] --------- 2008-05-31 10:03 373248 C:\Users\xxx\AppData\Local\Temp\kHAPhgDw.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2008-01-17 22:21 486856 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite] --a------ 2008-01-17 22:21 486856 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface] --a------ 2007-10-19 23:35 937984 C:\Program Files\FileZilla Server\FileZilla Server Interface.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-09-25 14:59 2007088 C:\Program Files\FlashGet\FlashGet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] --a------ 2007-01-02 02:52 3739648 C:\Users\xxx\AppData\Roaming\Google\Google Talk\googletalk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup] --a------ 2005-08-11 16:30 249856 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler] --a------ 2005-08-11 16:30 81920 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\manager] C:\Windows\System32\drivers\setup\manager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer] C:\Users\xxx\AppData\Local\Temp\qoMccbca.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Orb] --a------ 2007-10-08 05:48 360448 C:\Program Files\Winamp Remote\bin\OrbTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCLoader] --a------ 2007-05-30 12:25 105544 C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMCRemote] --a------ 2007-04-24 16:59 253000 C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2007-04-09 17:53 200704 C:\Program Files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] -ra------ 2005-08-09 19:14 155648 C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2007-03-14 03:43 83608 C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --a------ 2007-09-10 10:22 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] C:\Program Files\Winamp\winampa.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] --a------ 2008-01-18 23:33 202240 C:\Program Files\Windows Media Player\WMPNSCFG.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] --a------ 2007-06-11 18:16 4670968 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] --a------ 2005-07-16 03:18 479232 C:\Program Files\Google\Gmail Notifier\gnotify.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "TCP Query User{3B8B3FF3-BA75-43D4-AE1A-7A25B58F17F4}D:\\setups\\utorrent.exe"= UDP:D:\setups\utorrent.exe:utorrent "UDP Query User{1B26DD20-5D7C-4A45-B73F-6812DB50BD5B}D:\\setups\\utorrent.exe"= TCP:D:\setups\utorrent.exe:utorrent "{54445A42-6C65-4A34-8A7F-9ACB955E6956}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{2991FF27-A308-417E-BABC-0E360C73434A}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{64C701A9-BF08-45A1-AB46-F6AD4114ABE8}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{2A21596F-C587-4E89-B9A2-85D69DFB6467}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{EB91ED37-CFAC-460A-9819-4B4F34B9E85F}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "TCP Query User{AEC1C2B7-AB43-4008-A64D-F375164AAED4}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{6E65298C-4A28-4CB4-A93F-A1C0093D9AE7}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{09A7C4FE-DD2A-487D-8E3C-4A7D49BDD424}C:\\users\\xxx\\desktop\\utorrent.exe"= UDP:C:\users\xxx\desktop\utorrent.exe:utorrent.exe "UDP Query User{F33888B0-F987-4B0D-9493-B3FFDB27461B}C:\\users\\xxx\\desktop\\utorrent.exe"= TCP:C:\users\xxx\desktop\utorrent.exe:utorrent.exe "{179F50E0-0EC5-4686-B712-E7FE32202024}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{03EC8CA9-8468-4953-ACCF-CBD98A744595}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{BCC85B98-8C14-46D0-BFA6-23A545015718}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{26F29420-7B13-471B-A722-383135EC0306}C:\\program files\\opera\\opera.exe"= UDP:C:\program files\opera\opera.exe:Opera Internet Browser "UDP Query User{A883F280-A250-4695-AFEF-E0FFD79608D3}C:\\program files\\opera\\opera.exe"= TCP:C:\program files\opera\opera.exe:Opera Internet Browser "TCP Query User{22036BD3-EA68-4DF7-810D-3C53E07192D9}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{B6A551D2-1339-41B2-88C2-3D8D3B4E3086}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "TCP Query User{4A5FEFE3-F801-48A4-BC33-F2BD6B0EFD64}D:\\setups\\utorrent.exe"= UDP:D:\setups\utorrent.exe:utorrent "UDP Query User{3E12BE7A-C16E-4766-9CBA-5B0275F43057}D:\\setups\\utorrent.exe"= TCP:D:\setups\utorrent.exe:utorrent "{A6F69D75-56C2-4B4B-B984-60459324CC22}"= UDP:21:FTP "TCP Query User{F221BFD8-4948-40BC-9239-B34CCBE13FA7}C:\\program files\\xampp\\apache\\bin\\apache.exe"= UDP:C:\program files\xampp\apache\bin\apache.exe:Apache HTTP Server "UDP Query User{5FD2064F-DEBD-4F2B-8C0A-B30E418700DF}C:\\program files\\xampp\\apache\\bin\\apache.exe"= TCP:C:\program files\xampp\apache\bin\apache.exe:Apache HTTP Server "TCP Query User{B95C7D50-A0BB-435F-A928-BCD3C40AB2CC}C:\\program files\\xampp\\mysql\\bin\\mysqld.exe"= UDP:C:\program files\xampp\mysql\bin\mysqld.exe:mysqld "UDP Query User{F69086E4-CB69-4ECA-9E88-46E2FCDA6821}C:\\program files\\xampp\\mysql\\bin\\mysqld.exe"= TCP:C:\program files\xampp\mysql\bin\mysqld.exe:mysqld "{C28249F8-627C-49E6-BA78-35AD9114BB1F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "TCP Query User{675A081C-616B-4B7E-942E-5AD3CBC60263}C:\\program files\\mirc\\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC "UDP Query User{D99462A5-3FE4-4D3E-B945-196D145176F9}C:\\program files\\mirc\\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC "{5B6771B2-3D45-4508-97C6-33946F04F3F0}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{BD1C3414-A022-41F6-941A-1BD37ADBF4CC}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb "{36849269-68F4-4D0B-83E7-6B54FD63E690}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{DBF76AC1-51AD-4656-A06A-517B2AF682A5}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray "{270A624B-17B6-47A4-86BA-5D83D7704A8B}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{CEA8880E-6D8B-418F-9769-75E5535B55EC}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR "{F4A5066C-86F0-4CB9-8BFE-704BF3E6EB0D}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "{0B18B766-8B7E-4738-9E04-290650CE5366}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client "TCP Query User{9E8EA8B4-0CB4-4232-8716-B0983E63958D}C:\\users\\xxx\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\xxx\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe "UDP Query User{CD16EBA7-69C6-47A1-8A72-B86A04E2EBAD}C:\\users\\xxx\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\xxx\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe "TCP Query User{47FBDE9E-383D-454D-AE2A-7B135018492F}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{7558ABF5-C5A6-468E-852C-27DA84BE28EE}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "{526CAD1A-CAAF-4C92-A12F-0744178B4385}"= UDP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{98D1BC26-A521-4EFF-9ABC-939E2E07248E}"= TCP:C:\Program Files\SmartFTP Client\SmartFTP.exe:SmartFTP Client "{CB40994B-BCCA-42FD-A6A2-8AEB188DBB4F}"= UDP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{8061D4FD-C86B-4A50-87B7-25651D2396D1}"= TCP:C:\Program Files\Microsoft LifeCam\LifeCam.exe:LifeCam.exe "{E70D17D2-E8C1-468A-BA02-309959C2D415}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{553DC4D1-0683-43DB-89A7-8EBEC7F455FE}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{A7CA8A02-22DF-4225-8493-90BD2D52D5D1}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{7E4E43A8-0788-419F-BA2B-1FBCA8E43D14}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour "{1D410982-CED6-4C81-A477-592B5A47CFC9}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes "{A3C37462-4E06-4425-95C2-CE30CA1E979D}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes "{B63D7393-9DFE-4641-9F07-4D565C1951F2}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2007-01-04 14:13] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 19:36] R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 10:43] S0 OemBiosDevice;Royalty OEM BIOS Extension;C:\Windows\system32\DRIVERS\royal.sys [2007-06-26 01:20] S2 Apache2.2;Apache2.2;"C:\Program Files\xampp\apache\bin\apache.exe" -k runservice [] S3 3xHybrid;Pinnacle PCTV 100i-110i-300i-310i-MCE;C:\Windows\system32\DRIVERS\3xHybrid.sys [2006-11-22 09:53] S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\Windows\system32\DRIVERS\s125bus.sys [2007-04-24 09:33] S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\s125mdfl.sys [2007-04-24 09:33] S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\s125mdm.sys [2007-04-24 09:33] S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\s125mgmt.sys [2007-04-24 09:33] S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\s125obex.sys [2007-04-24 09:33] S3 UMPass;Microsoft UMPass Driver;C:\Windows\system32\DRIVERS\umpass.sys [2008-01-18 21:53] S3 VX1000;VX-1000;C:\Windows\system32\DRIVERS\VX1000.sys [2006-12-05 15:39] S3 w550bus;Sony Ericsson W550 driver (WDM);C:\Windows\system32\DRIVERS\w550bus.sys [2005-08-01 14:46] S3 w550mdfl;Sony Ericsson W550 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\w550mdfl.sys [2005-08-01 14:46] S3 w550mdm;Sony Ericsson W550 USB WMC Modem Drivers;C:\Windows\system32\DRIVERS\w550mdm.sys [2005-08-01 14:46] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e1f156af-22a2-11dd-b05d-001676bd533a}] \shell\AutoRun\command - H:\wdsync.exe *Newly Created Service* - CATCHME [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}] %SystemRoot%\system32\soundschemes.exe /AddRegistration . Contents of the 'Scheduled Tasks' folder "2008-05-31 15:42:31 C:\Windows\Tasks\User_Feed_Synchronization-{8BA75D23-B9B0-42AC-829F-1996DEAE088B}.job" - C:\Windows\system32\msfeedssync.exe . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-01 14:34:49 Windows 6.0.6001 Service Pack 1 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... ************************************************************************** . Completion time: 2008-06-01 14:38:24 ComboFix-quarantined-files.txt 2008-06-01 09:07:21 Pre-Run: 5,667,037,184 bytes free Post-Run: 5,723,545,600 bytes free 320 --- E O F --- 2008-05-30 04:07:05