ComboFix 08-03-22.3 - Hello Matthew! 2008-03-24 13:31:26.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2606 [GMT -6:00]
Running from: C:\Users\Hello Matthew!\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Hello Matthew!\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 )))))))))))))))))))))))))))))))
.
2008-03-23 21:05 . 2008-03-23 21:05 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-03-23 21:05 . 2008-03-23 21:05 <DIR> d-------- C:\ProgramData\Lavasoft
2008-03-23 21:05 . 2008-03-23 21:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-23 21:01 . 2008-03-23 21:01 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-23 21:01 . 2005-08-25 18:19 115,920 --a------ C:\Windows\System32\MSINET.OCX
2008-03-23 17:43 . 2008-03-23 20:51 <DIR> d-------- C:\Program Files\Sophos
2008-03-23 10:47 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-03-23 10:47 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-03-23 10:47 . 2008-03-22 15:49 86,528 --a------ C:\Windows\System32\VACFix.exe
2008-03-23 10:47 . 2008-03-15 17:16 82,432 --a------ C:\Windows\System32\IEDFix.exe
2008-03-23 10:47 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-03-23 10:47 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-03-22 19:47 . 2008-03-22 19:47 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-03-22 19:47 . 2008-03-22 19:47 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-03-22 19:43 . 2008-03-22 19:43 <DIR> d-------- C:\Users\Hello Matthew!\AppData\Roaming\SUPERAntiSpyware.com
2008-03-22 19:43 . 2008-03-22 19:43 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-22 19:42 . 2008-03-23 21:04 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 19:27 . 2008-03-22 19:27 <DIR> d-------- C:\Users\Hello Matthew!\AppData\Roaming\Malwarebytes
2008-03-22 19:27 . 2008-03-22 19:27 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-03-22 19:27 . 2008-03-22 19:27 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-03-20 13:55 . 2008-03-20 13:55 <DIR> d-------- C:\Users\All Users\LightScribe
2008-03-20 13:55 . 2008-03-20 13:55 <DIR> d-------- C:\ProgramData\LightScribe
2008-03-19 21:17 . 2008-03-19 21:17 <DIR> d-------- C:\Program Files\Soldier of Fortune II - Double Helix
2008-03-19 21:16 . 2008-03-19 21:23 770 --a------ C:\Windows\Sof2.INI
2008-03-19 13:34 . 2008-03-19 13:34 108,144 --a------ C:\Windows\System32\CmdLineExt.dll
2008-03-19 13:30 . 2008-03-19 13:30 <DIR> d-------- C:\Program Files\Firaxis Games
2008-03-19 12:06 . 2008-03-19 12:06 <DIR> d-------- C:\Users\Hello Matthew!\AppData\Roaming\Grisoft
2008-03-19 12:06 . 2007-05-30 06:10 10,872 --a------ C:\Windows\System32\drivers\AvgAsCln.sys
2008-03-19 01:16 . 2005-03-04 20:08 32,768 --a------ C:\Program Files\SleepTimer.exe
2008-03-19 00:39 . 2008-03-23 21:02 <DIR> d-a------ C:\Users\All Users\TEMP
2008-03-19 00:39 . 2008-03-23 21:02 <DIR> d-a------ C:\ProgramData\TEMP
2008-03-18 23:56 . 2008-03-18 23:56 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-18 23:21 . 2008-03-18 23:21 <DIR> d-------- C:\Users\All Users\vsosdk
2008-03-18 23:21 . 2008-03-18 23:21 <DIR> d-------- C:\ProgramData\vsosdk
2008-03-18 23:10 . 2008-03-18 23:24 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-03-18 23:10 . 2008-03-18 23:24 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-03-18 23:10 . 2008-03-18 23:10 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-18 22:57 . 2008-03-18 22:57 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-03-18 19:45 . 2008-03-18 19:45 <DIR> d-------- C:\Program Files\Sierra
2008-03-18 19:31 . 2008-03-18 19:31 278,984 --a------ C:\Windows\System32\drivers\atksgt.sys
2008-03-18 19:31 . 2008-03-18 19:31 25,416 --a------ C:\Windows\System32\drivers\lirsgt.sys
2008-03-18 19:21 . 2008-03-18 20:01 <DIR> d-------- C:\Program Files\The Witcher
2008-03-18 19:17 . 2008-03-18 19:17 <DIR> d-------- C:\Program Files\Prey
2008-03-18 18:59 . 2008-03-18 22:57 <DIR> d-------- C:\Users\Hello Matthew!\AppData\Roaming\Vso
2008-03-18 18:59 . 2008-03-18 22:57 47,360 --a------ C:\Users\Hello Matthew!\AppData\Roaming\pcouffin.sys
2008-03-18 18:58 . 2008-03-18 18:58 <DIR> d-------- C:\Windows\WinRAR
2008-03-18 18:55 . 2008-03-18 18:55 <DIR> d-------- C:\Users\All Users\Adobe Systems
2008-03-18 18:55 . 2008-03-18 18:55 <DIR> d-------- C:\ProgramData\Adobe Systems
2008-03-18 18:53 . 2008-03-18 18:53 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-18 18:46 . 2008-03-18 18:46 <DIR> d-------- C:\Users\All Users\Media Center Programs
2008-03-18 18:46 . 2008-03-18 18:46 <DIR> d-------- C:\ProgramData\Media Center Programs
2008-03-18 18:41 . 2008-03-18 18:41 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-03-18 18:40 . 2008-03-18 22:57 <DIR> d-------- C:\Users\Hello Matthew!\AppData\Roaming\BitTorrent
2008-03-18 18:27 . 2008-03-18 18:27 <DIR> d-------- C:\Program Files\Eidos
2008-03-18 18:00 . 2008-03-18 18:00 <DIR> dr-h----- C:\Users\Hello Matthew!\AppData\Roaming\SecuROM
2008-03-18 17:51 . 2008-03-18 17:51 <DIR> d-------- C:\Program Files\Ubisoft
2008-03-18 17:47 . 2008-03-18 20:02 <DIR> d-------- C:\Users\Hello Matthew!\AppData\Roaming\Auslogics
2008-03-18 17:41 . 2008-03-18 17:41 <DIR> d-------- C:\Program Files\Auslogics
2008-03-18 17:40 . 2008-03-18 17:40 <DIR> d-------- C:\Program Files\CCleaner
2008-03-18 17:40 . 2008-03-18 17:40 <DIR> d-------- C:\Program Files\BitTorrent
2008-03-18 17:16 . 2008-03-18 17:16 55 --a------ C:\xmp.bat
2008-03-18 17:09 . 2008-03-18 17:10 <DIR> d-------- C:\Program Files\Analog Devices
2008-03-18 16:39 . 2008-03-18 16:39 <DIR> d-------- C:\Users\All Users\LogiShrd
2008-03-18 16:39 . 2008-03-18 16:39 <DIR> d-------- C:\ProgramData\LogiShrd
2008-03-18 16:38 . 2008-01-09 10:26 301,656 --a------ C:\Windows\System32\BtCoreIf.dll
2008-03-18 16:38 . 2008-03-18 16:38 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-03-18 16:37 . 2008-03-18 16:38 <DIR> d-------- C:\Program Files\Common Files\Logishrd
2008-03-18 15:39 . 2008-03-18 15:39 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-18 15:38 . 2008-03-18 15:38 <DIR> d-------- C:\Windows\PCHEALTH
2008-03-18 15:38 . 2008-03-18 15:38 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-18 15:37 . 2008-03-18 15:39 <DIR> d-------- C:\Users\All Users\Microsoft Help
2008-03-18 15:37 . 2008-03-18 15:39 <DIR> d-------- C:\ProgramData\Microsoft Help
2008-03-18 15:37 . 2008-03-18 15:37 <DIR> dr-h----- C:\MSOCache
2008-03-18 15:25 . 2008-03-18 15:25 <DIR> d-------- C:\Users\All Users\EPSON
2008-03-18 15:25 . 2008-03-18 15:25 <DIR> d-------- C:\ProgramData\EPSON
2008-03-18 15:25 . 2006-08-10 00:02 75,264 --a------ C:\Windows\System32\E_FLBBIA.DLL
2008-03-18 15:25 . 2006-04-19 00:00 62,976 --a------ C:\Windows\System32\E_FD4BBIA.DLL
2008-03-18 15:24 . 2006-10-12 22:00 61,952 --a------ C:\Windows\System32\escwiad.dll
2008-03-18 14:55 . 2008-03-18 14:55 0 --a------ C:\Windows\nsreg.dat
2008-03-18 14:49 . 2008-03-22 12:23 <DIR> d-------- C:\Users\Hello Matthew!\AppData\Roaming\AVG7
2008-03-18 14:49 . 2008-03-19 12:06 <DIR> d-------- C:\Users\All Users\Grisoft
2008-03-18 14:49 . 2008-03-18 22:45 <DIR> d-------- C:\Users\All Users\avg7
2008-03-18 14:49 . 2008-03-19 12:06 <DIR> d-------- C:\ProgramData\Grisoft
2008-03-18 14:49 . 2008-03-18 22:45 <DIR> d-------- C:\ProgramData\avg7
2008-03-18 14:49 . 2008-03-18 14:49 499,712 --a------ C:\Windows\System32\msvcp71.dll
2008-03-18 14:49 . 2008-03-18 14:49 348,160 --a------ C:\Windows\System32\msvcr71.dll
2008-03-18 14:49 . 2008-03-18 14:52 53,768 --a------ C:\Windows\System32\drivers\avgwfp.sys
2008-03-18 14:49 . 2008-03-18 14:49 9,216 --a------ C:\Windows\System32\avgwlntf.dll
2008-03-18 14:46 . 2008-03-18 14:46 <DIR> d-------- C:\Users\Hello Matthew!\AppData\Roaming\Logitech
2008-03-18 14:46 . 2008-03-18 14:46 0 --ah----- C:\Windows\System32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-03-18 14:42 . 2008-03-18 14:42 <DIR> d-------- C:\Users\All Users\Logitech
2008-03-18 14:42 . 2008-03-18 14:42 <DIR> d-------- C:\ProgramData\Logitech
2008-03-18 14:42 . 2008-03-18 14:42 <DIR> d-------- C:\Program Files\Logitech
2008-03-18 14:42 . 2008-03-18 16:38 <DIR> d-------- C:\Program Files\Common Files\Logitech
2008-03-18 14:42 . 2008-01-09 10:27 170,512 --a------ C:\Windows\System32\kemutb.dll
2008-03-18 14:42 . 2008-01-09 10:28 141,840 --a------ C:\Windows\System32\KemUtil.dll
2008-03-18 14:42 . 2008-01-09 10:28 117,264 --a------ C:\Windows\System32\KemWnd.dll
2008-03-18 14:42 . 2008-01-09 10:28 76,304 --a------ C:\Windows\System32\KemXML.dll
2008-03-08 15:43 . 2008-03-08 15:43 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-03-08 15:42 . 2008-03-20 13:55 <DIR> d-------- C:\Users\Hello Matthew!\AppData\Roaming\Ahead
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 21:48 593,920 ----a-w C:\Windows\System32\AEADIExt.dll
2008-03-12 21:48 126,768 ----a-w C:\Windows\System32\AEADIAPO.dll
2008-03-05 21:03 479,752 ----a-w C:\Windows\System32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w C:\Windows\System32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w C:\Windows\System32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w C:\Windows\System32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w C:\Windows\System32\D3DCompiler_37.dll
2008-03-04 15:11 18,804,224 ----a-w C:\Windows\Web\Wallpaper\imageres.dll
2008-03-04 15:11 18,804,224 ----a-w C:\Windows\System32\imageres.dll
2008-02-25 16:05 174 --sha-w C:\Program Files\desktop.ini
2008-02-25 16:02 --------- d-----w C:\Program Files\Windows Sidebar
2008-02-25 16:02 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-02-25 16:02 --------- d-----w C:\Program Files\Windows Mail
2008-02-25 16:02 --------- d-----w C:\Program Files\Windows Journal
2008-02-25 16:02 --------- d-----w C:\Program Files\Windows Defender
2008-02-25 16:02 --------- d-----w C:\Program Files\Windows Collaboration
2008-02-25 16:02 --------- d-----w C:\Program Files\Windows Calendar
2008-02-25 15:52 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-02-25 15:52 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-02-06 04:07 462,864 ----a-w C:\Windows\System32\d3dx10_37.dll
2008-01-19 07:44 986,680 ----a-w C:\Windows\System32\winload.exe
2008-01-19 07:44 926,776 ----a-w C:\Windows\System32\winresume.exe
2008-01-19 07:43 614,968 ----a-w C:\Windows\System32\ci.dll
2008-01-19 07:43 376,376 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-19 07:43 3,600,440 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-01-19 07:43 3,548,728 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-01-19 07:43 247,352 ----a-w C:\Windows\System32\clfs.sys
2008-01-19 07:42 94,776 ----a-w C:\Windows\System32\MigAutoPlay.exe
2008-01-19 07:42 51,768 ----a-w C:\Windows\System32\PSHED.DLL
2008-01-19 07:42 177,208 ----a-w C:\Windows\System32\halmacpi.dll
2008-01-19 07:42 141,880 ----a-w C:\Windows\System32\halacpi.dll
2008-01-19 07:41 24,120 ----a-w C:\Windows\System32\BOOTVID.DLL
2008-01-19 07:41 21,560 ----a-w C:\Windows\System32\kdusb.dll
2008-01-19 07:41 19,512 ----a-w C:\Windows\System32\kdcom.dll
2008-01-19 07:38 46,080 ----a-w C:\Windows\System32\NAPCRYPT.DLL
2008-01-19 07:38 4,595,712 ----a-w C:\Windows\System32\AuthFWSnapin.dll
2008-01-19 07:38 242,744 ----a-w C:\Windows\System32\rsaenh.dll
2008-01-19 07:38 155,704 ----a-w C:\Windows\System32\dssenh.dll
2008-01-19 07:38 131,640 ----a-w C:\Windows\System32\basecsp.dll
2008-01-19 07:38 103,936 ----a-w C:\Windows\System32\NAPHLPR.DLL
2008-01-19 07:38 1,203,792 ----a-w C:\Windows\System32\ntdll.dll
2008-01-19 07:36 99,840 ----a-w C:\Windows\System32\ulib.dll
2008-01-19 07:35 98,304 ----a-w C:\Windows\System32\mssitlb.dll
2008-01-19 07:34 98,816 ----a-w C:\Windows\System32\mfps.dll
2008-01-19 07:33 98,304 ----a-w C:\Windows\System32\makecab.exe
2008-01-19 07:32 258,048 ----a-w C:\Windows\System32\winspool.drv
2008-01-19 07:32 21,504 ----a-w C:\Windows\System32\msacm32.drv
2008-01-19 07:32 166,912 ----a-w C:\Windows\System32\wdmaud.drv
2008-01-19 07:32 1,370,624 ----a-w C:\Windows\System32\Aurora.scr
2008-01-19 07:31 7,680 ----a-w C:\Windows\System32\spwizres.dll
2008-01-19 07:31 57,856 ----a-w C:\Windows\System32\nlsbres.dll
2008-01-19 07:31 118,272 ----a-w C:\Windows\System32\RDPENCDD.dll
2008-01-19 07:30 17,920 ----a-w C:\Windows\System32\netevent.dll
2008-01-19 07:29 705,536 ----a-w C:\Windows\System32\imagesp1.dll
2008-01-19 07:29 58,880 ----a-w C:\Windows\System32\msobjs.dll
2008-01-19 07:28 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-01-19 07:26 36,864 ----a-w C:\Windows\System32\cdd.dll
2008-01-19 06:06 8,147,456 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-19 06:01 14,336 ----a-w C:\Windows\System32\tsddd.dll
2008-01-19 06:01 134,656 ----a-w C:\Windows\System32\rdpdd.dll
2008-01-19 05:52 56,320 ----a-w C:\Windows\System32\vga256.dll
2008-01-19 05:52 21,504 ----a-w C:\Windows\System32\vga64k.dll
2008-01-19 05:52 11,776 ----a-w C:\Windows\System32\framebuf.dll
2008-01-19 05:52 10,752 ----a-w C:\Windows\System32\vga.dll
2008-01-19 05:50 14,848 ----a-w C:\Windows\System32\iscsilog.dll
2008-01-19 05:48 20,992 ----a-w C:\Windows\System32\msdtcVSp1res.dll
2008-01-19 05:48 1,291,264 ----a-w C:\Windows\System32\comres.dll
2008-01-19 05:46 4,240,384 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-19 05:39 13,312 ----a-w C:\Windows\System32\WsmRes.dll
2008-01-19 05:37 2,031,616 ----a-w C:\Windows\System32\win32k.sys
2008-01-19 05:36 289,792 ----a-w C:\Windows\System32\atmfd.dll
2008-01-19 05:33 56,320 ----a-w C:\Windows\System32\graftabl.com
2008-01-19 05:31 8,322,048 ----a-w C:\Windows\System32\spwizimg.dll
2008-01-19 05:27 8,704 ----a-w C:\Windows\System32\kd1394.dll
2008-01-19 05:26 605,696 ----a-w C:\Windows\System32\adtschema.dll
2008-01-19 03:17 100,043 ----a-w C:\Windows\System32\StructuredQuerySchema.bin
2008-01-05 11:36 195,122 ----a-w C:\Windows\System32\winrm.vbs
2008-01-05 11:35 80,047 ----a-w C:\Windows\System32\slmgr.vbs
2008-01-05 11:34 15,181 ----a-w C:\Windows\System32\gatherWirelessInfo.vbs
2008-01-05 11:27 96,760 ----a-w C:\Windows\System32\dfshim.dll
2008-01-05 11:27 84,480 ----a-w C:\Windows\System32\mscories.dll
2008-01-05 11:27 282,112 ----a-w C:\Windows\System32\mscoree.dll
2008-01-05 11:27 158,720 ----a-w C:\Windows\System32\mscorier.dll
2008-01-05 11:21 779,800 ----a-w C:\Windows\System32\PresentationNative_v0300.dll
2008-01-05 11:21 579,584 ----a-w C:\Windows\System32\icardagt.exe
2008-01-05 11:21 350,744 ----a-w C:\Windows\System32\PresentationHost.exe
2008-01-05 11:21 33,304 ----a-w C:\Windows\System32\PresentationHostProxy.dll
2008-01-05 11:21 28,672 ----a-w C:\Windows\System32\TsWpfWrp.exe
2008-01-05 11:21 12,198 ----a-w C:\Windows\System32\gatherWiredInfo.vbs
2008-01-05 11:21 11,776 ----a-w C:\Windows\System32\icardres.dll
2008-01-05 11:21 106,520 ----a-w C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 01:33 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 17:05 143360]
"EPSON Stylus CX6000 Series"="C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBIA.exe" [2006-10-18 02:01 143360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 01:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-19 01:38 1008184]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 16:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 16:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 16:06 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 14:40 155648]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 00:17 55824 C:\Windows\KHALMNPR.Exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-18 14:50 579072]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 19:34 868352]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-18 14:49 219136]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-18 16:38:06 789008]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgwlntf]
avgwlntf.dll 2008-03-18 14:49 9216 C:\Windows\System32\avgwlntf.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{218A2E94-69BF-4740-91B3-61C889E3C032}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{C78A760F-F9EA-40BC-9BAB-AA60A62C68F6}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{7F84E129-AAA4-441B-B300-5F706D87DB26}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{EC49DD35-A410-4858-9937-4BFB92D0012D}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe:Rainbow Six Vegas
"{22F88704-B7F3-43F8-9FFD-0F7D2FF44FC6}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"{74132FBA-EDD0-4835-A352-2DE18DDB1C89}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe:Rainbow Six Vegas Updater
"TCP Query User{9D4794D5-98A6-4DFC-83E7-D97EE24C62D7}C:\\program files\\bittorrent\\bittorrent.exe"= UDP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"UDP Query User{BBE71E08-7BCB-410C-9E8C-8319ADDF3399}C:\\program files\\bittorrent\\bittorrent.exe"= TCP:C:\program files\bittorrent\bittorrent.exe:bittorrent
"{700D7A1B-699B-4012-B288-CFE9863E18E2}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{9B4E9F09-2605-4873-A3B8-69A665F10F41}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic.exe:World in Conflict
"{3F9BA9AF-2024-40AA-8BCA-614C6CF7E489}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{C97A0BDA-B0D0-4F45-B566-905F6FD6CDCE}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_online.exe:World in Conflict - Online Only
"{2FA9833E-5C5A-470C-BF9B-545E5EEB4EBB}"= UDP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"{4D88EE51-B3C4-45C9-B73B-BCE7F271B979}"= TCP:C:\Program Files\Sierra Entertainment\World in Conflict\wic_ds.exe:World in Conflict - Dedicated Server
"TCP Query User{6CB2E23C-D477-4261-BD41-A99507BCE1B9}C:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:C:\program files\sierra\fear\fpupdate.exe:fpupdate
"UDP Query User{6A8C26D1-0388-4F76-9E36-99D63AA18ECA}C:\\program files\\sierra\\fear\\fpupdate.exe"= TCP:C:\program files\sierra\fear\fpupdate.exe:fpupdate
"{1C0A8B65-0D72-46AD-AC1E-FA3C13FBA0D2}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{DEC433FF-2D1D-463D-BCCA-C7C6B25A69AE}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{1E476106-E0BD-4054-AA01-5560E7A34C39}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR
"{15212A79-F2FA-4610-8201-17F9CAE7BDA4}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2008-03-18 14:52]
S3 BQJ;BQJ;C:\Users\HELLOM~1\AppData\Local\Temp\BQJ.exe [2008-03-23 19:00]
S3 QOEZ;QOEZ;C:\Users\HELLOM~1\AppData\Local\Temp\QOEZ.exe [2008-03-23 18:49]
S3 UVTLUEPKZQ;UVTLUEPKZQ;C:\Users\HELLOM~1\AppData\Local\Temp\UVTLUEPKZQ.exe [2008-03-23 18:48]
.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 03:30:29 C:\Windows\Tasks\User_Feed_Synchronization-{0A4B7E45-9D3B-46DE-81CC-3A72A06FFF83}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-24 13:32:49
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-24 13:33:13
ComboFix-quarantined-files.txt 2008-03-24 19:33:11
.
2008-03-18 20:46:55 --- E O F ---