Here is the log:
ComboFix 08-03-13.4 - Joe 2008-03-14 0:16:39.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1076 [GMT -4:00]
Running from: C:\Users\Joe\Desktop\ComboFix.exe
Command switches used :: C:\Users\Joe\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Windows\System32\tmp1_107332830942.bk
C:\Windows\System32\tmp1_13865494944.bk
C:\Windows\System32\tmp1_199920745655.bk
C:\Windows\System32\tmp1_213578329106.bk
C:\Windows\System32\tmp1_225830683667.bk
C:\Windows\System32\tmp1_23432055393.bk
C:\Windows\System32\tmp1_246159806140.bk
C:\Windows\System32\tmp1_288401137230.bk
C:\Windows\System32\tmp1_318986509866.bk
C:\Windows\System32\tmp1_328863357969.bk
C:\Windows\System32\tmp1_33800436225.bk
C:\Windows\System32\tmp1_340703208716.bk
C:\Windows\System32\tmp1_343050353151.bk
C:\Windows\System32\tmp1_364241705948.bk
C:\Windows\System32\tmp1_378265591509.bk
C:\Windows\System32\tmp1_391790681322.bk
C:\Windows\System32\tmp1_494870165978.bk
C:\Windows\System32\tmp1_586070141020.bk
C:\Windows\System32\tmp1_587896330325.bk
C:\Windows\System32\tmp1_696719828490.bk
C:\Windows\System32\tmp1_714112674920.bk
C:\Windows\System32\tmp1_725838793363.bk
C:\Windows\System32\tmp1_81385524054.bk
C:\Windows\System32\tmp1_83888545989.bk
C:\Windows\System32\tmp1_854588327056.bk
C:\Windows\System32\tmp2_145787625732.bk
C:\Windows\System32\tmp2_245733671776.bk
C:\Windows\System32\tmp2_301920540700.bk
C:\Windows\System32\tmp2_341608207747.bk
C:\Windows\System32\tmp2_360605270783.bk
C:\Windows\System32\tmp2_4784586937.bk
C:\Windows\System32\tmp2_685186249029.bk
C:\Windows\System32\tmp2_749556227628.bk
C:\Windows\System32\tmp2_784446362273.bk
C:\Windows\System32\tmp3_140036668761.bk
C:\Windows\System32\tmp3_142612355527.bk
C:\Windows\System32\tmp3_209063572496.bk
C:\Windows\System32\tmp3_246528241066.bk
C:\Windows\System32\tmp3_30290061493.bk
C:\Windows\System32\tmp3_31262231462.bk
C:\Windows\System32\tmp3_370442141873.bk
C:\Windows\System32\tmp3_370467776061.bk
C:\Windows\System32\tmp3_372084750695.bk
C:\Windows\System32\tmp3_391890492231.bk
C:\Windows\System32\tmp3_418329142249.bk
C:\Windows\System32\tmp3_462066241266.bk
C:\Windows\System32\tmp3_463950218618.bk
C:\Windows\System32\tmp3_486853368270.bk
C:\Windows\System32\tmp3_493930878773.bk
C:\Windows\System32\tmp3_513523392800.bk
C:\Windows\System32\tmp3_515426791227.bk
C:\Windows\System32\tmp3_571515527837.bk
C:\Windows\System32\tmp3_585602540263.bk
C:\Windows\System32\tmp3_649482313581.bk
C:\Windows\System32\tmp3_677216154790.bk
C:\Windows\System32\tmp3_702744439923.bk
C:\Windows\System32\tmp3_738409478291.bk
C:\Windows\System32\tmp3_79396304230.bk
C:\Windows\System32\tmp3_814344684701.bk
C:\Windows\System32\tmp3_891677372600.bk
C:\Windows\System32\tmp4_180179832786.bk
C:\Windows\System32\tmp4_189087146038.bk
C:\Windows\System32\tmp4_192660288684.bk
C:\Windows\System32\tmp4_193417238654.bk
C:\Windows\System32\tmp4_202918442622.bk
C:\Windows\System32\tmp4_247890193531.bk
C:\Windows\System32\tmp4_254704680177.bk
C:\Windows\System32\tmp4_29006704202.bk
C:\Windows\System32\tmp4_298338727008.bk
C:\Windows\System32\tmp4_30569503796.bk
C:\Windows\System32\tmp4_3147038173.bk
C:\Windows\System32\tmp4_400024455963.bk
C:\Windows\System32\tmp4_447073130519.bk
C:\Windows\System32\tmp4_460814415178.bk
C:\Windows\System32\tmp4_537290827401.bk
C:\Windows\System32\tmp4_589273127426.bk
C:\Windows\System32\tmp4_68282321189.bk
C:\Windows\System32\tmp4_696056664665.bk
C:\Windows\System32\tmp4_715630791397.bk
C:\Windows\System32\tmp4_727260392501.bk
C:\Windows\System32\tmp4_793197588909.bk
C:\Windows\System32\tmp4_811428211103.bk
C:\Windows\System32\tmp4_824586425476.bk
C:\Windows\System32\tmp4_834771184090.bk
C:\Windows\System32\tmp4_8891704363.bk
C:\WINDOWS\winlogon.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\tmp1_107332830942.bk
C:\Windows\System32\tmp1_13865494944.bk
C:\Windows\System32\tmp1_199920745655.bk
C:\Windows\System32\tmp1_213578329106.bk
C:\Windows\System32\tmp1_225830683667.bk
C:\Windows\System32\tmp1_23432055393.bk
C:\Windows\System32\tmp1_246159806140.bk
C:\Windows\System32\tmp1_288401137230.bk
C:\Windows\System32\tmp1_318986509866.bk
C:\Windows\System32\tmp1_328863357969.bk
C:\Windows\System32\tmp1_33800436225.bk
C:\Windows\System32\tmp1_340703208716.bk
C:\Windows\System32\tmp1_343050353151.bk
C:\Windows\System32\tmp1_364241705948.bk
C:\Windows\System32\tmp1_378265591509.bk
C:\Windows\System32\tmp1_391790681322.bk
C:\Windows\System32\tmp1_494870165978.bk
C:\Windows\System32\tmp1_586070141020.bk
C:\Windows\System32\tmp1_587896330325.bk
C:\Windows\System32\tmp1_696719828490.bk
C:\Windows\System32\tmp1_714112674920.bk
C:\Windows\System32\tmp1_725838793363.bk
C:\Windows\System32\tmp1_81385524054.bk
C:\Windows\System32\tmp1_83888545989.bk
C:\Windows\System32\tmp1_854588327056.bk
C:\Windows\System32\tmp2_145787625732.bk
C:\Windows\System32\tmp2_245733671776.bk
C:\Windows\System32\tmp2_301920540700.bk
C:\Windows\System32\tmp2_341608207747.bk
C:\Windows\System32\tmp2_360605270783.bk
C:\Windows\System32\tmp2_4784586937.bk
C:\Windows\System32\tmp2_685186249029.bk
C:\Windows\System32\tmp2_749556227628.bk
C:\Windows\System32\tmp2_784446362273.bk
C:\Windows\System32\tmp3_140036668761.bk
C:\Windows\System32\tmp3_142612355527.bk
C:\Windows\System32\tmp3_209063572496.bk
C:\Windows\System32\tmp3_246528241066.bk
C:\Windows\System32\tmp3_30290061493.bk
C:\Windows\System32\tmp3_31262231462.bk
C:\Windows\System32\tmp3_370442141873.bk
C:\Windows\System32\tmp3_370467776061.bk
C:\Windows\System32\tmp3_372084750695.bk
C:\Windows\System32\tmp3_391890492231.bk
C:\Windows\System32\tmp3_418329142249.bk
C:\Windows\System32\tmp3_462066241266.bk
C:\Windows\System32\tmp3_463950218618.bk
C:\Windows\System32\tmp3_486853368270.bk
C:\Windows\System32\tmp3_493930878773.bk
C:\Windows\System32\tmp3_513523392800.bk
C:\Windows\System32\tmp3_515426791227.bk
C:\Windows\System32\tmp3_571515527837.bk
C:\Windows\System32\tmp3_585602540263.bk
C:\Windows\System32\tmp3_649482313581.bk
C:\Windows\System32\tmp3_677216154790.bk
C:\Windows\System32\tmp3_702744439923.bk
C:\Windows\System32\tmp3_738409478291.bk
C:\Windows\System32\tmp3_79396304230.bk
C:\Windows\System32\tmp3_814344684701.bk
C:\Windows\System32\tmp3_891677372600.bk
C:\Windows\System32\tmp4_180179832786.bk
C:\Windows\System32\tmp4_189087146038.bk
C:\Windows\System32\tmp4_192660288684.bk
C:\Windows\System32\tmp4_193417238654.bk
C:\Windows\System32\tmp4_202918442622.bk
C:\Windows\System32\tmp4_247890193531.bk
C:\Windows\System32\tmp4_254704680177.bk
C:\Windows\System32\tmp4_29006704202.bk
C:\Windows\System32\tmp4_298338727008.bk
C:\Windows\System32\tmp4_30569503796.bk
C:\Windows\System32\tmp4_3147038173.bk
C:\Windows\System32\tmp4_400024455963.bk
C:\Windows\System32\tmp4_447073130519.bk
C:\Windows\System32\tmp4_460814415178.bk
C:\Windows\System32\tmp4_537290827401.bk
C:\Windows\System32\tmp4_589273127426.bk
C:\Windows\System32\tmp4_68282321189.bk
C:\Windows\System32\tmp4_696056664665.bk
C:\Windows\System32\tmp4_715630791397.bk
C:\Windows\System32\tmp4_727260392501.bk
C:\Windows\System32\tmp4_793197588909.bk
C:\Windows\System32\tmp4_811428211103.bk
C:\Windows\System32\tmp4_824586425476.bk
C:\Windows\System32\tmp4_834771184090.bk
C:\Windows\System32\tmp4_8891704363.bk
.
((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.
2008-03-13 22:29 . 2008-03-13 22:33 <DIR> d-------- C:\Windows\LastGood
2008-03-13 22:27 . 2008-03-13 22:28 <DIR> d-------- C:\Program Files\Microsoft IntelliPoint
2008-03-13 07:41 . 2008-03-13 07:41 <DIR> d-------- C:\Deckard
2008-03-13 01:05 . 2008-03-13 01:05 <DIR> d-------- C:\_OTMoveIt
2008-03-11 21:28 . 2007-12-16 18:50 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-11 21:28 . 2007-12-16 05:56 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-09 18:44 . 2008-03-09 18:44 40 --a------ C:\Windows\System32\drmgsZ7Ś†
2008-03-07 13:40 . 2008-03-07 13:40 13,035 --a------ C:\Windows\System32\drivers\SymRedir.cat
2008-03-07 13:40 . 2008-03-07 13:40 1,358 --a------ C:\Windows\System32\drivers\SymRedir.inf
2008-03-07 13:39 . 2008-03-07 13:39 191,536 --a------ C:\Windows\System32\drivers\symtdi.sys
2008-03-07 13:39 . 2008-03-07 13:39 145,968 --a------ C:\Windows\System32\drivers\symfw.sys
2008-03-07 13:39 . 2008-03-07 13:39 39,984 --a------ C:\Windows\System32\drivers\symids.sys
2008-03-07 13:39 . 2008-03-07 13:39 37,936 --a------ C:\Windows\System32\drivers\symndisv.sys
2008-03-07 13:39 . 2008-03-07 13:39 27,696 --a------ C:\Windows\System32\drivers\symredrv.sys
2008-03-07 13:39 . 2008-03-07 13:39 12,848 --a------ C:\Windows\System32\drivers\symdns.sys
2008-03-06 21:52 . 2008-03-06 21:52 <DIR> d-------- C:\Users\Amy\AppData\Roaming\Skype
2008-03-03 12:48 . 2008-03-03 12:48 1,191 --a------ C:\Windows\System32\1.tsk
2008-03-01 12:31 . 2008-03-01 12:31 68 --a------ C:\Windows\System32\tmp2_774872335599.bk
2008-03-01 12:31 . 2008-03-01 12:31 68 --a------ C:\Windows\System32\tmp1_564451576936.bk
2008-03-01 00:34 . 2008-03-01 00:39 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-01 00:34 . 2008-03-01 00:39 <DIR> d-a------ C:\ProgramData\TEMP
2008-02-29 23:25 . 2008-02-29 23:25 0 --a------ C:\Windows\Irremote.ini
2008-02-25 00:59 . 2008-02-25 01:03 <DIR> d-------- C:\Program Files\Windows Live
2008-02-25 00:59 . 2008-02-25 01:01 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-25 00:56 . 2008-02-25 00:56 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-02-25 00:56 . 2008-02-25 00:56 <DIR> d-------- C:\ProgramData\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 04:16 --------- d-----w C:\Program Files\LogMeIn
2008-03-12 07:15 --------- d-----w C:\Program Files\Windows Mail
2008-03-12 07:09 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-11 00:12 --------- d-----w C:\Program Files\Symantec
2008-03-11 00:12 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-01 07:18 --------- d-----w C:\Program Files\Common Files\Nero
2008-03-01 07:13 --------- d-----w C:\ProgramData\Nero
2008-03-01 05:21 --------- d-----w C:\Users\Joe\AppData\Roaming\uTorrent
2008-02-14 02:28 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 02:28 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 02:20 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 02:20 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 02:19 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 02:19 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 02:19 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 02:19 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 02:19 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 02:18 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 02:18 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 02:18 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 02:18 217,144 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 02:18 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 02:16 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 02:16 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 02:16 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 02:16 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 02:16 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 02:16 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 02:12 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 02:12 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 02:12 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 02:12 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-14 02:09 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-08 12:17 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 04:22 --------- d-----w C:\Program Files\Nero
2008-02-05 04:09 --------- d-----w C:\Program Files\NeroInstall.bak
2008-02-05 03:35 --------- d-----w C:\Users\Joe\AppData\Roaming\Nero
2008-02-01 09:03 --------- d-----w C:\ProgramData\Symantec
2008-01-30 19:06 --------- d-----w C:\ProgramData\Applications
2008-01-15 14:54 10,537 ----a-w C:\Windows\system32\drivers\COH_Mon.cat
2008-01-15 10:28 706 ----a-w C:\Windows\system32\drivers\COH_Mon.inf
2008-01-09 05:34 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-20 14:43 248,448 ----a-w C:\Windows\System32\Prounstl.exe
2007-12-15 01:05 35,424 ----a-w C:\Windows\System32\e100bmsg.dll
2007-08-29 11:21 174 --sha-w C:\Program Files\desktop.ini
2007-08-06 04:59 262,144 ----a-w C:\ProgramData\ntuser.dat
2006-10-13 01:49 154,983 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_09_24_21_39_19_small.dmp.zip
2006-08-26 14:26 96,765 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_08_26_04_47_37_small.dmp.zip
2006-08-26 14:26 91,892 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_08_26_04_52_46_small.dmp.zip
2006-08-26 14:26 166,991 ----a-w C:\Windows\Internet Logs\vsmon_2nd_2006_08_26_04_42_06_small.dmp.zip
2007-10-23 14:27 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-23 14:27 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-23 14:27 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Windows\System32\1.tsk ----
C:\Windows\System32\1.tsk\
---- Directory of C:\Windows\System32\drmgsZ7O+ ----
C:\Windows\System32\drmgsZ7O+\
((((((((((((((((((((((((((((( snapshot@2008-03-13_22.01.54.69 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-12 07:15:43 51,200 ----a-w C:\Windows\inf\infpub.dat
+ 2008-03-14 02:33:17 51,200 ----a-w C:\Windows\inf\infpub.dat
- 2008-03-12 07:15:39 86,016 ----a-w C:\Windows\inf\infstor.dat
+ 2008-03-14 02:33:16 86,016 ----a-w C:\Windows\inf\infstor.dat
- 2008-03-12 07:15:39 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-03-14 02:33:16 86,016 ----a-w C:\Windows\inf\infstrng.dat
+ 2008-03-14 02:28:09 25,214 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\ARPPRODUCTICON.exe
+ 2008-03-14 02:28:10 25,214 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\CPL_DTSC.exe
+ 2008-03-14 02:28:10 25,214 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\CPL_SC.exe
+ 2008-03-14 02:28:10 25,214 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\HCG_SC.exe
+ 2008-03-14 02:28:10 4,846 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\MouseUG.exe
+ 2008-03-14 02:28:10 29,926 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut1_6463554370E7436D8D6D4A721595029E.exe
+ 2008-03-14 02:28:10 29,926 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut2_6463554370E7436D8D6D4A721595029E.exe
+ 2008-03-14 02:28:10 65,536 ----a-r C:\Windows\Installer\{8C5FAD77-F678-4758-A296-C12F08D179E0}\NewShortcut3_4748AC220AD3439FA5EECE4BB6C12AAC.exe
- 2008-03-14 01:58:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-14 04:20:47 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-03-14 04:20:47 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-03-14 01:56:13 262,144 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-03-14 04:08:38 262,144 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-03-14 01:56:13 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-14 04:08:38 245,760 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-03-14 01:56:13 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-03-14 04:08:38 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2007-08-21 05:13:04 24,064 ----a-w C:\Windows\System32\drivers\point32k.sys
+ 2007-08-31 15:58:20 18,856 ----a-w C:\Windows\System32\DriverStore\FileRepository\nuidfltr.inf_08a963fb\nuidfltr.sys
+ 2007-08-31 16:01:28 1,421,736 ----a-w C:\Windows\System32\DriverStore\FileRepository\nuidfltr.inf_08a963fb\wdfcoinstaller01005.dll
+ 2007-08-21 05:13:04 24,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\pnt32pk.inf_167bee79\point32k.sys
+ 2007-08-21 05:13:04 24,064 ----a-w C:\Windows\System32\DriverStore\FileRepository\pnt32uk.inf_b59e34a6\point32k.sys
- 2008-03-13 05:22:41 11,170 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-73586283-746137067-725345543-1003_UserData.bin
+ 2008-03-14 02:00:32 11,426 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-73586283-746137067-725345543-1003_UserData.bin
- 2008-03-13 05:22:40 80,152 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-03-14 02:00:29 80,458 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 01:34 1232896]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-11-02 05:45 8704]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:34 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-22 23:15 171448]
"TivoTransfer"="C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" [2007-08-06 11:12 1192960]
"TivoNotify"="C:\Program Files\TiVo\Desktop\TiVoNotify.exe" [2007-08-06 11:13 375808]
"TivoServer"="C:\Program Files\TiVo\Desktop\TiVoServer.exe" [2007-08-06 11:14 1492480]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2007-10-23 15:19 1410344]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:33 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 19:58 1006264]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\Windows\System32\HdAShCut.exe]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 14:03 63048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-11 22:28 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-11 22:28 8497696]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-11 22:28 81920]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 13:48 509224]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 01:59 115816]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30 517768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 19:36 267048]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-05-22 23:15 171448]
C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
NETGEAR WG111v2 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v2\WG111v2.exe [2007-10-14 01:12:28 1261568]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON PictureMate Deluxe]
--a------ 2004-10-17 03:00 98304 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9TA.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-11-02 19:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a------ 2007-05-17 10:52 505368 C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
--a------ 2007-05-17 10:53 780312 C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-10-19 21:16 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-01 00:01 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WD Button Manager]
--a------ 2006-08-26 01:28 331776 C:\Windows\System32\WDBtnMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\system32\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\MSN Messenger\msncall.exe"= C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"137:UDP"= 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:*:Enabled:@xpsp2res.dll,-22005
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"C:\Program Files\MSN Messenger\msnmsgr.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msnmsgr.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe-UDP-Domain"= TCP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msncall.exe-TCP-Domain"= UDP:C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"%windir%\Network Diagnostic\xpnetdiag.exe-UDP-Domain"= TCP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\Network Diagnostic\xpnetdiag.exe-TCP-Domain"= UDP:%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"10284:UDP-Domain"= TCP:10284:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10283:UDP-Domain"= TCP:10283:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10282:UDP-Domain"= TCP:10282:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10281:UDP-Domain"= TCP:10281:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10280:UDP-Domain"= TCP:10280:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10243:TCP-Domain"= UDP:10243:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"C:\Program Files\uTorrent\utorrent.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\uTorrent\utorrent.exe:µTorrent
"C:\Program Files\uTorrent\utorrent.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\uTorrent\utorrent.exe:µTorrent
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe-UDP-Standard"= TCP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client 2.0
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe-TCP-Standard"= UDP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client 2.0
"C:\Program Files\Skype\Phone\Skype.exe-UDP-Standard"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"C:\Program Files\Skype\Phone\Skype.exe-TCP-Standard"= UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe:Bonjour
"C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe:Bonjour
"C:\Program Files\MSN Messenger\msnmsgr.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msnmsgr.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\MSN Messenger\msnmsgr.exe:Windows Live Messenger 8.0
"C:\Program Files\MSN Messenger\msncall.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\MSN Messenger\msncall.exe:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:Microsoft Office Outlook
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:Microsoft Office Outlook
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"C:\Program Files\Microsoft Office Communicator\communicator.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"C:\Program Files\Microsoft Office Communicator\communicator.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Microsoft Office Communicator\communicator.exe:Communicator
"C:\Program Files\Messenger\msmsgs.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\Program Files\Messenger\msmsgs.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Messenger\msmsgs.exe:Windows Messenger
"C:\Program Files\iTunes\iTunes.exe-UDP-Standard"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\Program Files\iTunes\iTunes.exe-TCP-Standard"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe-UDP-Standard"= TCP:Profile=Public|C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe-TCP-Standard"= UDP:Profile=Public|C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
"%windir%\Network Diagnostic\xpnetdiag.exe-UDP-Standard"= TCP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"%windir%\Network Diagnostic\xpnetdiag.exe-TCP-Standard"= UDP:Profile=Public|%windir%\Network Diagnostic\xpnetdiag.exe:@xpsp3res.dll,-20000
"10284:UDP-Standard"= TCP:10284:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10283:UDP-Standard"= TCP:10283:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10282:UDP-Standard"= TCP:10282:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10281:UDP-Standard"= TCP:10281:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10280:UDP-Standard"= TCP:10280:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"10243:TCP-Standard"= UDP:10243:LocalSubnet:LocalSubnet:Windows Media Player Network Sharing Service
"{715D0F7B-DF63-452E-84B5-8C4ECF754C8E}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{66B21F60-D284-450B-83DB-43FA29D3308C}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{3C9921BB-E099-49E1-A3C3-5D4200595E96}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{29E177BA-366C-46C4-B5AF-1FDF31FE6D62}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{836CD222-B431-47FD-96A1-CA53215CFC7C}"= UDP:2190:TivoBeacon-Port2190
"{617CA2F7-2E94-418D-84E8-D25A10F93072}"= UDP:C:\Program Files\Yahoo!\Intellisync for Yahoo!\IS4Yahoo.exe:IS4Yahoo!
"{4E651503-09CD-405D-BBC7-5677F7E8A220}"= TCP:C:\Program Files\Yahoo!\Intellisync for Yahoo!\IS4Yahoo.exe:IS4Yahoo!
"{5B296AE9-E319-452B-9DF3-3A0F5D40EFFD}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{D56225BB-8DB0-4755-AC16-B0B3D591B5A1}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{436051B3-2303-4AD3-82DF-CD1655D34E44}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{A387CFB7-2DBF-416C-B3FD-893C29C66C50}"= UDP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client
"{D30ED345-6ABA-4DCA-A5B9-93EB77837766}"= TCP:C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:SmartFTP Client
"{DE20175E-F9C8-41DE-9D69-5801EA4BB4FC}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{0315835E-3F64-4740-BFDE-84C4CD7AF6B1}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{151A7F3C-BCA1-480D-B4E9-66E68F08B294}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DBF94E6A-8031-46F3-BD50-E0F1C4ABA9BB}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5A13E575-2B25-4AE3-B17F-0D6EE74E26C5}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{82D628D7-8136-421D-9F64-771651D8398F}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{79856095-7965-4776-B958-1A3EB749B226}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{CC51D0FC-C309-49B3-9EBC-4D17A732E412}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{2DA90A09-6E17-428E-9527-C0DC4F9E3465}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{BED99D26-C0E5-4FA0-9F05-EAB0452D24D9}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"UDP Query User{116C20C9-57CE-453A-8A42-662B5469F9DB}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
"{6726E7F6-0F1A-4AD1-B0EF-46C0D610EFF9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BE03829F-5E87-4652-A0F7-B4D7B5381A39}"= UDP:50100:OpenScape Toolbar - Outbound
"{56F2CDB4-AE16-4B29-A291-D1EF0DBA2AA8}"= UDP:40001:OpenScape Toolbar - Inbound
"{9B65081F-283E-452C-B9F0-FFC12B958202}"= UDP:40002:OpenScape Toolbar - Inbound2
"{6C4464A2-69D5-4351-A0AD-3CCD62F853A3}"= Disabled:TCP:5353:LocalSubnet:LocalSubnet:mDNS-SD/Bonjour
"{31DC2CDE-8E3B-414E-A3FB-DDC3D1A3A2F2}"= UDP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{68796B4D-3B48-46A6-A524-FD023C28ABE8}"= TCP:C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe:TiVo Beacon Service
"{0676E983-6999-488C-A3B4-FDB867B99573}"= UDP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{4CAF1A9B-EA36-4285-A0DC-736A39E76740}"= TCP:C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe:TiVo Transfer Service
"{8D267463-251D-4CB3-9830-13BF11B629AB}"= UDP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{5E00A58F-C64A-43C6-8724-5A6738B1A199}"= TCP:C:\Program Files\TiVo\Desktop\TiVoServer.exe:TiVo Server Service
"{5815106C-E59D-4553-83F6-7D357D4F9B0A}"= UDP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{2CF684D5-F321-4069-A621-1B9DDF986CA4}"= TCP:C:\Program Files\TiVo\Desktop\TiVoDesktop.exe:TiVo Desktop User Interface
"{9BB3933C-9EBC-48E6-9D41-910C99984E62}"= Disabled:UDP:7289:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7289
"{1EC0CB35-3F40-4CC9-827C-66AC17B83B8E}"= Disabled:UDP:7290:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7290
"{58FAE405-4DA9-4319-8D84-A3B0AAD59DCE}"= Disabled:UDP:7291:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7291
"{97EC8265-2C40-4414-8196-0670C48AFFBF}"= Disabled:UDP:7292:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7292
"{C7D2DE48-62F0-4226-9E69-7A2188F689B6}"= Disabled:UDP:7293:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7293
"{AB37D5B7-D22E-4166-9265-F235869B2242}"= Disabled:UDP:7294:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7294
"{D33285DE-29A8-42BD-929F-7AD6474EDED8}"= Disabled:UDP:7295:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7295
"{3FFB6E12-8502-4E9B-AAA1-B48BFCDBC5E4}"= Disabled:UDP:7296:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7296
"{628C7E2C-4047-48E5-9489-93AF182B1A56}"= Disabled:UDP:7297:LocalSubnet:LocalSubnet:TiVo HME Host: Port 7297
"{1A4BFEEE-56E2-4A7C-A68B-8494377D33D1}"= UDP:1099:TiVo HME Host: Port 1099
"{59E8C21B-1A96-43DB-AC6C-955B002BA16C}"= UDP:5353:as
"{2BC43936-53AA-4F2B-8C57-2BF331B48823}"= UDP:1527:TiVo HME Host: Port 1527
"{6AE7B46D-76D0-4E3E-BE87-7D615C391B19}"= UDP:8081:TiVo HME Host: Port 8081
"TCP Query User{7341BD67-C381-4CED-93CE-D2D5F0210DBE}C:\windows\system32\javaw.exe"= UDP:C:\windows\system32\javaw.exe:Java Platform SE binary|Desc=Java Platform SE binary
"UDP Query User{C3DFD784-693E-4196-B9A0-0E70A432F642}C:\windows\system32\javaw.exe"= TCP:C:\windows\system32\javaw.exe:Java Platform SE binary|Desc=Java Platform SE binary
"TCP Query User{B0384BDE-264C-44FD-9DD4-D26B6051D7D3}C:\program files\tivo\desktop\tivoserver.exe"= UDP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process|Desc=TiVo Server Service Process
"UDP Query User{64324745-BE18-4FA9-9964-DC361B94793C}C:\program files\tivo\desktop\tivoserver.exe"= TCP:C:\program files\tivo\desktop\tivoserver.exe:TiVo Server Service Process|Desc=TiVo Server Service Process
"{FFC2B937-1C99-4211-8649-A5C6C7AB485D}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0BA566B6-8801-4760-86AE-A4ED36EE32A1}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{9A208CB5-DB72-44CD-B8E8-50E715656778}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)|Edge=TRUE|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe"= %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
"%windir%\system32\sessmgr.exe"= %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
"C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe"= C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:*:Enabled:Sid Meier's Civilization 4
"C:\Program Files\iTunes\iTunes.exe"= C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
"C:\Program Files\Messenger\msmsgs.exe"= C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
"C:\Program Files\Microsoft Office Communicator\communicator.exe"= C:\Program Files\Microsoft Office Communicator\communicator.exe:*:Enabled:Communicator
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
"C:\Program Files\MSN Messenger\msncall.exe"= C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)
"C:\Program Files\MSN Messenger\msnmsgr.exe"= C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0
"C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe"= C:\Program Files\MusicIP\MusicIP Mixer\mDNSResponder.exe:*:Enabled:Bonjour
"C:\Program Files\Skype\Phone\Skype.exe"= C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
"C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe"= C:\Program Files\SmartFTP Client 2.0\SmartFTP.exe:*:Enabled:SmartFTP Client 2.0
"C:\Program Files\uTorrent\utorrent.exe"= C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent
"C:\WINDOWS\winlogon.exe"= C:\WINDOWS\winlogon.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\GloballyOpenPorts\List]
"10243:TCP"= 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP"= 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP"= 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP"= 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP"= 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP"= 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"137:UDP"= 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP"= 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"139:TCP"= 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"1900:UDP"= 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP"= 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"445:TCP"= 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\system32\DRIVERS\scmndisp.sys [2007-01-18 12:20]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080312.001\IDSvix86.sys [2008-02-13 12:18]
R2 iPCAgent;iPCAgent;C:\Program Files\iPass\iPassConnect\iPCAgent.exe [2006-01-19 20:06]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-04-17 14:00]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\Windows\system32\drivers\LMIRfsDriver.sys [2007-04-05 11:55]
R2 TivoBeacon2;TiVo Beacon;"C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe" /service []
R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v2.sys [2007-01-05 11:54]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2008-03-07 13:39]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\Windows\system32\DRIVERS\wg111v2.sys [2007-01-05 11:54]
S3 VAIO TV Tuner Library Service;VAIO TV Tuner Library Service;"C:\Program Files\Common Files\Sony Shared\TVTunerLib\TunerLibSvc.exe" [2006-10-23 14:06]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WudfServiceGroup REG_MULTI_SZ WUDFSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e64e5c9-43d6-11dc-a2d1-00146c610ccf}]
\shell\AutoRun\command - I:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7e64e5d1-43d6-11dc-a2d1-00146c610ccf}]
\shell\AutoRun\command - I:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-03-10 11:37:17 C:\Windows\Tasks\Norton Security Online - Run Full System Scan - Joe.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exe
"2008-03-14 01:35:06 C:\Windows\Tasks\User_Feed_Synchronization-{2DF07F7E-3CF9-4752-882B-D0C41D3A10C6}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-14 00:21:00
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-14 0:22:38
ComboFix-quarantined-files.txt 2008-03-14 04:22:34
ComboFix2.txt 2008-03-14 02:03:01
.
2008-03-12 07:09:49 --- E O F ---