I couldnt delete any of the files as it says that I need permission.
As for the combodix log here it is :
ComboFix 08-05-15.3 - mapcom 2008-05-18 10:17:39.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.1.1033.18.1261 [GMT 5.5:30]
Running from: C:\Users\mapcom\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\ddcAtusR.dll
C:\Windows\system32\mlJaaXoL.dll
C:\Windows\system32\UpMedia
C:\Windows\system32\UpMedia\ContentTool.dll
C:\Windows\system32\UpMedia\SearchTool.dll
C:\Windows\system32\UpMedia\uninstallSE.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-18 to 2008-05-18 )))))))))))))))))))))))))))))))
.
2008-05-17 16:55 . 2008-05-18 09:50 <DIR> d----c--- C:\Program Files\Common Files\Steam
2008-05-17 16:46 . 2008-05-17 16:46 <DIR> d-------- C:\Users\All Users\NVIDIA
2008-05-17 16:46 . 2008-05-17 16:46 <DIR> d-------- C:\ProgramData\NVIDIA
2008-05-17 16:40 . 2008-05-17 16:40 <DIR> d-------- C:\Windows\nvidia icons
2008-05-17 16:39 . 2008-05-02 22:46 768,544 --a------ C:\Windows\System32\nvcplui.exe
2008-05-17 16:39 . 2008-05-02 22:46 420,384 --a------ C:\Windows\System32\nvcpl.cpl
2008-05-17 16:39 . 2008-05-02 22:46 313,888 --a------ C:\Windows\System32\nvexpbar.dll
2008-05-17 16:38 . 2008-04-30 17:27 442,368 --a------ C:\Windows\System32\NVUNINST.EXE
2008-05-17 16:37 . 2008-05-17 16:37 <DIR> d----c--- C:\NVIDIA
2008-05-17 16:23 . 2008-05-17 16:23 <DIR> d----c--- C:\Program Files\SystemRequirementsLab
2008-05-17 13:21 . 2008-05-17 13:21 <DIR> d----c--- C:\Program Files\Trend Micro
2008-05-17 08:59 . 2008-05-17 08:59 <DIR> d----c--- C:\Program Files\MSN Password Recovery
2008-05-17 08:57 . 2008-05-17 08:57 118 --a------ C:\Windows\System32\MRT.INI
2008-05-08 01:35 . 2008-05-08 01:35 <DIR> d-------- C:\Users\mapcom\AppData\Roaming\SystemRequirementsLab
2008-05-07 23:26 . 2008-05-07 23:26 2,337,865 --a------ C:\Windows\System32\pbsvc.exe
2008-05-07 23:26 . 2008-05-07 23:26 22,328 --a------ C:\Users\mapcom\AppData\Roaming\PnkBstrK.sys
2008-05-06 10:28 . 2008-05-06 10:28 <DIR> d----c--- C:\Program Files\Browser Mouse
2008-05-06 10:28 . 2000-05-10 10:59 6,205 --a------ C:\Windows\System32\LWBHMVXD.VXD
2008-05-06 10:27 . 2008-05-06 10:27 <DIR> d----c--- C:\Memorex
2008-05-05 18:14 . 2008-05-05 18:14 <DIR> d-------- C:\Users\All Users\TechSmith
2008-05-05 18:14 . 2008-05-05 18:14 <DIR> d-------- C:\ProgramData\TechSmith
2008-05-05 18:14 . 2008-05-05 18:14 <DIR> d-------- C:\Program Files\TechSmith
2008-05-02 15:42 . 2008-05-02 15:42 <DIR> d----c--- C:\Program Files\Apple Software Update
2008-04-26 16:29 . 2008-04-26 16:29 <DIR> d-------- C:\Program Files\Investintech.com Inc
2008-04-25 21:42 . 2008-04-25 21:43 <DIR> d-------- C:\Program Files\OpenTTD
2008-04-25 21:36 . 2008-04-25 21:36 <DIR> d----c--- C:\MPS
2008-04-25 21:36 . 1996-09-30 19:46 24,576 --------- C:\Windows\UniFISH.exe
2008-04-20 14:45 . 2008-04-27 12:07 294 --a------ C:\Windows\ODBC.INI
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-18 04:18 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-17 07:02 --------- d-----w C:\Program Files\Norton Security Scan
2008-05-17 03:41 --------- d-----w C:\Users\mapcom\AppData\Roaming\uTorrent
2008-05-15 17:11 --------- d-----w C:\Users\mapcom\AppData\Roaming\LimeWire
2008-05-14 21:31 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-14 21:31 --------- d-----w C:\Program Files\Windows Mail
2008-05-08 08:37 --------- d-----w C:\Program Files\VstPlugins
2008-05-08 08:37 --------- d-----w C:\Program Files\Image-Line
2008-05-07 20:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-07 17:56 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-05-07 17:56 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-05-02 10:48 --------- d-----w C:\Program Files\Safari
2008-04-25 16:58 --------- d-----w C:\Users\mapcom\AppData\Roaming\Skype
2008-04-25 16:49 --------- d-----w C:\Users\mapcom\AppData\Roaming\skypePM
2008-04-20 03:51 --------- d-----w C:\Program Files\Java
2008-04-15 09:42 271,360 ----a-w C:\Windows\system32\drivers\atksgt.sys
2008-04-15 09:42 --------- dc----w C:\Program Files\AGEIA Technologies
2008-04-15 09:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-15 09:41 18,048 ----a-w C:\Windows\system32\drivers\lirsgt.sys
2008-04-10 08:31 --------- d-----w C:\ProgramData\Musicnotes
2008-04-06 10:09 --------- d-----w C:\Users\other\AppData\Roaming\FlashGet
2008-04-06 04:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-03-29 10:24 --------- d-----w C:\ProgramData\Apple Computer
2008-03-29 10:24 --------- d-----w C:\Program Files\iTunes
2008-03-29 10:24 --------- d-----w C:\Program Files\iPod
2008-03-28 18:27 --------- d-----w C:\Program Files\HP
2008-03-26 11:13 --------- d-----w C:\Program Files\Web Publish
2008-03-21 12:26 --------- d-----w C:\Users\mapcom\AppData\Roaming\Apple Computer
2008-03-21 12:20 --------- dc----w C:\Program Files\Bonjour
2008-03-21 12:19 19,522,352 ----a-w C:\Users\mapcom\SafariSetup.exe
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-01 04:31 374 ----a-w C:\Users\mapcom\AppData\Roaming\internaldb6334.dat
2008-02-01 04:28 555 ----a-w C:\Users\mapcom\AppData\Roaming\internaldb8467.dat
2008-02-01 04:28 18,432 ----a-w C:\Users\mapcom\AppData\Roaming\internaldb41.dat
2008-01-27 18:24 1,535,323 ----a-w C:\Users\mapcom\InstallWinUAE1440.exe
2008-01-27 18:23 566,156 ----a-w C:\Users\mapcom\WinEMU050.zip
2007-11-17 07:20 1,919,944 ----a-w C:\Users\Public\daemon410-x86.exe
2007-11-16 17:16 32 ----a-w C:\Users\All Users\ezsid.dat
2007-11-16 17:16 32 ----a-w C:\ProgramData\ezsid.dat
2007-10-31 01:25 174 --sha-w C:\Program Files\desktop.ini
2007-10-30 13:37 4,921,080 ----a-w C:\Users\mapcom\Opera_9.24_Eng_Setup.exe
2007-10-24 10:53 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-24 10:53 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-24 10:53 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:03 1232896]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 19:46 171464]
"Power Mixer"="C:\Program Files\Power Mixer\pwmixer.exe" [2007-10-25 01:30 368266]
"Steam"="D:\Program Files\Steam\Steam.exe" [2008-05-17 16:56 1271032]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 18:03 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-10-31 00:22 1006264]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 04:10 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 15:15 222208]
"RtHDVCpl"="RtHDVCpl.exe" [2007-05-25 12:21 4435968 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-05-25 12:21 1822720 C:\Windows\SkyTel.exe]
"Flashget"="E:\Program Files\FlashGet\FlashGet.exe" [2007-09-25 13:40 2007088]
"PWRISOVM.EXE"="E:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 05:35 200704]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]
"LWBMOUSE"="C:\Program Files\Browser Mouse\Browser Mouse\1.1\MOUSE32A.EXE" [2001-11-20 16:21 356352]
"MRT"="C:\Windows\system32\MRT.exe" [2008-05-10 03:05 16863864]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-05-02 22:46 13535776]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-05-02 22:46 92704]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{C1F0F422-9D01-404B-9B8B-92E5B12ECCD7}D:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= UDP:D:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"UDP Query User{D799CC55-9557-45A3-AC05-7C8A653C1D01}D:\\program files\\ubisoft\\ghost recon advanced warfighter\\graw.exe"= TCP:D:\program files\ubisoft\ghost recon advanced warfighter\graw.exe:GRAW
"TCP Query User{38B4676F-49C0-4A9B-B235-33B78A09F400}D:\\program files\\warcraft iii\\war3.exe"= UDP:D:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{0D6E0F69-96B0-41AC-BD74-5CABD3879B5D}D:\\program files\\warcraft iii\\war3.exe"= TCP:D:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{60F6B057-ED72-496B-A698-3578800755C2}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{7BAD24E5-9B26-42FE-ABF1-7531EA902E3A}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{92EA0A20-A549-4FE7-8E35-AF8F91B58F63}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{5BFCE862-D305-4921-9A80-E8EB718457DE}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{6EA0CA7C-0F15-4659-856C-5F8F460B9F1D}C:\\program files\\sopcast\\sopcast.exe"= UDP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"UDP Query User{6B8681E9-FE60-4353-8429-335B24CC93A0}C:\\program files\\sopcast\\sopcast.exe"= TCP:C:\program files\sopcast\sopcast.exe:SopCast Main Application
"TCP Query User{E6CC1040-442D-4AFC-82DC-AC381D55CA23}C:\\users\\mapcom\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= UDP:C:\users\mapcom\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"UDP Query User{B7EEAFC6-55BE-4349-A46C-00E57756EF07}C:\\users\\mapcom\\appdata\\roaming\\sopcast\\adv\\sopadver.exe"= TCP:C:\users\mapcom\appdata\roaming\sopcast\adv\sopadver.exe:sopadver.exe
"TCP Query User{0FA3A4DE-C759-43BE-AEBA-67A90021E968}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{9CC736C3-0E77-4C3E-B9F5-4D85C283E22D}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"{FF29A457-2B7A-4C5F-B18E-07491B5B1C83}"= UDP:C:\Windows\System32\lxdacoms.exe:Lexmark Communications System
"{68034C1F-4DB1-4F5B-915C-8132F8D3477B}"= TCP:C:\Windows\System32\lxdacoms.exe:Lexmark Communications System
"{0CFFC1DB-F01A-48D9-BCEB-F247B3EB88EE}"= UDP:C:\Windows\System32\spool\drivers\w32x86\3\lxdapswx.exe:Printer Status Window
"{36013C78-6B11-4B40-A03C-FE619830BD5D}"= TCP:C:\Windows\System32\spool\drivers\w32x86\3\lxdapswx.exe:Printer Status Window
"TCP Query User{0EB1F924-AB65-4257-9AEA-DA5C1A53B89B}E:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= UDP:E:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded
"UDP Query User{67833D44-606E-4331-A551-7D8787B8DBCC}E:\\program files\\ea games\\battlefield 2\\bf2_w32ded.exe"= TCP:E:\program files\ea games\battlefield 2\bf2_w32ded.exe:bf2_w32ded
"TCP Query User{08A8934D-BD45-43B8-B3C0-0398AE660964}E:\\program files\\flashget\\flashget.exe"= UDP:E:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{CC3CB6C9-72D7-4D08-9134-0B98AE23D187}E:\\program files\\flashget\\flashget.exe"= TCP:E:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{51815A19-A13F-4AB9-A6AA-459A3194F338}E:\\program files\\counter-strike\\hl.exe"= UDP:E:\program files\counter-strike\hl.exe:Half-Life Launcher
"UDP Query User{1C71B797-1008-4001-B666-5513BCBD8EA2}E:\\program files\\counter-strike\\hl.exe"= TCP:E:\program files\counter-strike\hl.exe:Half-Life Launcher
"{D9596F7E-DBDF-43C9-A733-ECB14CC1FF2A}"= UDP:E:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{3DBFD06C-5507-4A8A-B4E1-9BE8F7B7F6FD}"= TCP:E:\program files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{C8525CEC-136C-481A-8786-198A1835652B}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= UDP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"UDP Query User{B847698B-A588-444F-85BD-4160C0A025C9}C:\\program files\\nero\\nero 7\\nero home\\nerohome.exe"= TCP:C:\program files\nero\nero 7\nero home\nerohome.exe:Nero Home
"{7ADACE68-EA88-4434-91A0-AAAF7671FBF3}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{484ABF22-0379-47DB-9867-0A4AE1959EC3}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{E3523825-9DE1-4EAE-A1FA-9A29BDB1D4DD}C:\\program files\\ocean technology\\gg e-sports platform\\ggclient.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"TCP Query User{A79D87A9-54EA-4313-95A2-3AEF4B9041BD}C:\\program files\\ocean technologies & media\\gg e-sports platform\\ggclient.exe"= UDP:C:\program files\ocean technologies & media\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"UDP Query User{8ED9E951-2EE1-4B51-ADE4-858422818912}C:\\program files\\ocean technologies & media\\gg e-sports platform\\ggclient.exe"= TCP:C:\program files\ocean technologies & media\gg e-sports platform\ggclient.exe:GG E-Sports Platform Client
"TCP Query User{275D6493-0D65-4885-AD67-C8F6835AC0AD}C:\\users\\mapcom\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\mapcom\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{EE6D9D2D-0949-4058-9D2E-DEEE821623CF}C:\\users\\mapcom\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\mapcom\program files\utorrent\utorrent.exe:utorrent.exe
"TCP Query User{C84D47EB-C4FE-4784-B4E9-745E33819CF8}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= UDP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"UDP Query User{1E5C0EC8-94FE-4A25-826F-099179B0F9E5}C:\\program files\\ocean technology\\gg e-sports platform\\garena.exe"= TCP:C:\program files\ocean technology\gg e-sports platform\garena.exe:Garena
"TCP Query User{320F3805-A836-420D-9418-7CD23C27B420}C:\\program files\\ocean technologies & media\\gg e-sports platform\\garena.exe"= UDP:C:\program files\ocean technologies & media\gg e-sports platform\garena.exe:Garena
"UDP Query User{704EDCD3-1176-4851-A3D2-7ABF6CF31D1D}C:\\program files\\ocean technologies & media\\gg e-sports platform\\garena.exe"= TCP:C:\program files\ocean technologies & media\gg e-sports platform\garena.exe:Garena
"{C15E6927-9F24-4A7D-8CA6-1556C6F1287B}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D7B4046B-9B6B-4878-8E94-A6FF91B6AECE}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{26C0A18D-BEF5-42A1-9F69-497E4E9917D3}C:\\program files\\safari\\safari.exe"= UDP:C:\program files\safari\safari.exe:Safari Web Browser
"UDP Query User{B854CB1D-5CD2-4BEB-9E5F-688015CAC103}C:\\program files\\safari\\safari.exe"= TCP:C:\program files\safari\safari.exe:Safari Web Browser
"{DCBFADB8-01F3-48D0-865A-8F4D47A60376}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{BAA6E467-D33A-485A-961A-E245F67658A9}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{A59A3E85-23B7-4BAF-B088-EE99A988897F}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{A8DAC786-C28F-4D96-8902-E0234C5EA0A9}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{2A4D7D11-07FB-4876-9855-DC3DC0BC8869}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{43630760-F053-447E-8CE3-855CD16102DF}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{ADFA3347-BAFC-4616-8645-6C0D8DFA028C}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{52041B7C-E706-47A0-8869-AAECA2FC7919}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{C84B47B5-F99B-4A4B-BEFE-71837369F647}"= UDP:27349:Limewire
"{B8201A09-BBA2-4D13-A3A7-1D9FA2E24ACE}"= TCP:27349:Limewire
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 lxda_device;lxda_device;C:\Windows\system32\lxdacoms.exe [2007-03-21 12:28]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\Windows\system32\drivers\ScreamingBAudio.sys [2007-08-24 15:44]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-05-17 17:05]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\shell\AutoRun\command - G:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2cf91ef-1264-11dd-9c94-0019d19e044f}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MntDrCore.exe
\shell\Open\command - MntDrCore.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c272871b-81d3-11dc-ad47-0019d19e044f}]
\shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c272871e-81d3-11dc-ad47-0019d19e044f}]
\shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c2728728-81d3-11dc-ad47-0019d19e044f}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c272872b-81d3-11dc-ad47-0019d19e044f}]
\shell\AutoRun\command - H:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6888ba0-89e2-11dc-bb55-0019d19e044f}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6888ba8-89e2-11dc-bb55-0019d19e044f}]
\shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb5cf2d6-91c5-11dc-9cb7-0019d19e044f}]
\shell\AutoRun\command - L:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb5cf2db-91c5-11dc-9cb7-0019d19e044f}]
\shell\AutoRun\command - H:\LaunchU3.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-16 12:56:48 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-05-17 12:12:36 C:\Windows\Tasks\User_Feed_Synchronization-{313AAF3D-4AA9-4E28-AB3F-4FF236B64FA7}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-18 10:21:13
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-05-18 10:23:40
ComboFix-quarantined-files.txt 2008-05-18 04:52:37
Pre-Run: 5,208,297,472 bytes free
Post-Run: 5,295,341,568 bytes free
242 --- E O F --- 2008-05-17 03:27:46