ComboFix 08-06-20.4 - phylis 2008-06-28 4:03:53.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.157 [GMT -4:00]
Running from: C:\Users\phylis\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\mdm.exe
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.
2008-06-28 02:22 . 2008-06-28 02:22 <DIR> d-------- C:\Users\phylis\AppData\Roaming\Malwarebytes
2008-06-28 02:22 . 2008-06-28 02:22 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-06-28 02:22 . 2008-06-28 02:22 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-06-28 02:22 . 2008-06-28 02:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-28 02:22 . 2008-06-19 17:48 34,296 --a------ C:\Windows\System32\drivers\mbamcatchme.sys
2008-06-28 02:22 . 2008-06-19 17:47 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-06-28 01:49 . 2008-06-28 01:49 24,576 --a------ C:\Windows\System32\VundoFixSVC.exe
2008-06-28 01:30 . 2008-06-28 01:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-27 11:48 . 2008-06-27 12:04 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-06-27 11:48 . 2008-06-27 12:04 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-06-24 04:01 . 2008-06-24 04:01 <DIR> dr-h----- C:\Users\phylis\AppData\Roaming\SecuROM
2008-06-24 03:01 . 2008-06-27 14:28 <DIR> d-------- C:\Users\phylis\AppData\Roaming\uTorrent
2008-06-24 03:01 . 2008-06-24 03:01 <DIR> d-------- C:\Program Files\uTorrent
2008-06-20 12:39 . 2008-06-27 22:35 <DIR> d-------- C:\Users\phylis\AppData\Roaming\SPORE Creature Creator
2008-06-20 12:25 . 2008-06-20 12:25 107,888 --a------ C:\Windows\System32\CmdLineExt.dll
2008-06-20 12:18 . 2008-05-30 14:19 507,400 --a------ C:\Windows\System32\XAudio2_1.dll
2008-06-20 12:18 . 2008-05-30 14:17 65,032 --a------ C:\Windows\System32\XAPOFX1_0.dll
2008-06-20 12:16 . 2008-06-20 12:17 <DIR> d--h----- C:\Windows\msdownld.tmp
2008-06-20 12:13 . 2008-06-20 12:13 <DIR> dr------- C:\Windows\System32\config\systemprofile\Videos
2008-06-20 12:13 . 2008-06-20 12:13 <DIR> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-06-20 12:13 . 2008-06-20 12:13 <DIR> dr------- C:\Windows\System32\config\systemprofile\Saved Games
2008-06-20 12:13 . 2008-06-20 12:13 <DIR> dr------- C:\Windows\System32\config\systemprofile\Pictures
2008-06-20 12:13 . 2008-06-20 12:13 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-06-20 12:13 . 2008-06-20 12:13 <DIR> dr------- C:\Windows\System32\config\systemprofile\Links
2008-06-20 12:13 . 2008-06-20 12:13 <DIR> dr------- C:\Windows\System32\config\systemprofile\Downloads
2008-06-20 12:13 . 2008-06-20 12:13 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-06-20 12:13 . 2008-06-20 12:13 <DIR> d-------- C:\Users\All Users\Electronic Arts
2008-06-20 12:13 . 2008-06-20 12:13 <DIR> d-------- C:\ProgramData\Electronic Arts
2008-06-20 12:13 . 2008-06-20 12:41 3,456 --a------ C:\Windows\System32\ealregsnapshot1.reg
2008-06-20 12:11 . 2008-06-24 04:16 <DIR> d-------- C:\Program Files\Electronic Arts
2008-06-20 03:24 . 2008-06-20 03:24 <DIR> d-------- C:\Users\All Users\Yahoo! Companion
2008-06-20 03:24 . 2008-06-20 03:24 <DIR> d-------- C:\ProgramData\Yahoo! Companion
2008-06-19 05:39 . 2008-06-19 05:39 <DIR> d-------- C:\Windows\PCHEALTH
2008-06-18 16:11 . 2008-06-18 16:11 <DIR> d-------- C:\Users\phylis\AppData\Roaming\CVS
2008-06-16 01:13 . 2008-06-16 01:13 0 --ah----- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2008-06-14 15:37 . 2008-06-14 15:37 <DIR> d-------- C:\PerfLogs
2008-06-13 23:47 . 2008-06-28 03:26 16,384 --------- C:\Windows\System32\Ikeext.etl
2008-06-13 09:44 . 2008-01-19 03:35 9,847,296 --a------ C:\Windows\System32\NlsData000a.dll
2008-06-13 09:43 . 2008-01-19 02:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-06-13 09:42 . 2008-01-19 03:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-06-13 09:42 . 2008-01-19 03:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-06-13 09:42 . 2008-01-19 03:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-06-13 09:42 . 2008-01-19 03:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-06-13 09:42 . 2008-01-19 03:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-06-13 09:42 . 2008-01-19 03:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-06-13 09:42 . 2008-01-19 03:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-06-13 09:42 . 2008-01-19 03:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-06-13 09:42 . 2008-01-19 03:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-06-11 00:17 . 2008-04-26 04:08 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-11 00:17 . 2008-04-25 00:35 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-11 00:17 . 2008-05-09 21:33 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-11 00:16 . 2008-04-24 22:12 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-04 02:53 . 2008-06-19 05:39 <DIR> d-------- C:\Program Files\Windows Live
2008-06-04 02:53 . 2008-06-19 05:39 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-04 02:52 . 2008-06-19 05:37 <DIR> d-------- C:\Users\All Users\WLInstaller
2008-06-04 02:52 . 2008-06-19 05:37 <DIR> d-------- C:\ProgramData\WLInstaller
2008-06-02 21:33 . 2008-06-02 21:33 1,340 --a------ C:\logfile
2008-06-01 23:07 . 2008-06-01 23:07 <DIR> d-------- C:\Program Files\Common Files\Kodak
2008-06-01 23:06 . 2008-06-01 23:06 <DIR> d-------- C:\Program Files\Common Files\PX Storage Engine
2008-06-01 23:05 . 2008-06-01 23:09 <DIR> d-------- C:\Program Files\Kodak
2008-06-01 23:03 . 2008-06-01 23:14 <DIR> d-------- C:\Users\All Users\Kodak
2008-06-01 23:03 . 2008-06-01 23:14 <DIR> d-------- C:\ProgramData\Kodak
2008-06-01 20:46 . 2008-06-01 23:18 182,488,012 --a------ C:\Windows\MEMORY.DMP
2008-06-01 20:35 . 2008-06-01 20:35 <DIR> d-------- C:\Users\phylis\AppData\Roaming\Apple Computer
2008-06-01 20:33 . 2008-06-01 20:33 <DIR> d-------- C:\Program Files\Bonjour
2008-06-01 20:32 . 2008-06-20 12:42 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-06-01 20:32 . 2008-06-20 12:42 <DIR> d-------- C:\ProgramData\Apple Computer
2008-06-01 20:32 . 2008-06-01 20:33 <DIR> d-------- C:\Program Files\QuickTime
2008-06-01 20:32 . 2008-06-01 20:32 <DIR> d-------- C:\Program Files\Apple Software Update
2008-06-01 20:30 . 2008-06-01 20:30 <DIR> d-------- C:\Users\All Users\Apple
2008-06-01 20:30 . 2008-06-01 20:30 <DIR> d-------- C:\ProgramData\Apple
2008-06-01 20:30 . 2008-06-01 20:30 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-05-31 01:14 . 2008-06-26 16:33 <DIR> d-------- C:\Program Files\Full Tilt Poker
2008-05-28 18:45 . 2008-05-28 18:45 <DIR> d-------- C:\Users\phylis\AppData\Roaming\Yahoo!
2008-05-28 18:45 . 2008-05-28 18:46 <DIR> d-------- C:\Users\All Users\Yahoo!
2008-05-28 18:45 . 2008-05-28 18:46 <DIR> d-------- C:\ProgramData\Yahoo!
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 02:08 --------- d-----w C:\Program Files\Steam
2008-06-27 20:58 --------- d-----w C:\Program Files\PokerStars
2008-06-24 07:57 --------- d-----w C:\Program Files\EA GAMES
2008-06-20 16:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 16:14 --------- d-----w C:\ProgramData\Symantec
2008-06-17 15:22 --------- d-----w C:\ProgramData\CyberLink
2008-06-14 19:55 174 --sha-w C:\Program Files\desktop.ini
2008-06-14 19:43 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-14 19:43 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-14 19:43 --------- d-----w C:\Program Files\Windows Mail
2008-06-14 19:43 --------- d-----w C:\Program Files\Windows Defender
2008-06-14 19:43 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-14 19:43 --------- d-----w C:\Program Files\Windows Calendar
2008-06-14 19:08 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-06-14 19:08 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-06-13 08:48 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-06-13 08:46 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-06-10 15:59 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-30 18:18 238,088 ----a-w C:\Windows\System32\xactengine3_1.dll
2008-05-30 18:17 25,608 ----a-w C:\Windows\System32\X3DAudio1_4.dll
2008-05-30 18:11 467,984 ----a-w C:\Windows\System32\d3dx10_38.dll
2008-05-30 18:11 3,850,760 ----a-w C:\Windows\System32\D3DX9_38.dll
2008-05-30 18:11 1,491,992 ----a-w C:\Windows\System32\D3DCompiler_38.dll
2008-05-28 22:45 --------- d-----w C:\Program Files\Yahoo!
2008-05-26 05:09 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-05-25 13:32 988,216 ----a-w C:\Windows\System32\winload.exe
2008-05-25 13:32 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-05-25 13:32 615,992 ----a-w C:\Windows\System32\ci.dll
2008-05-25 13:32 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-05-25 13:32 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-05-25 13:32 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-05-25 13:32 378,368 ----a-w C:\Windows\System32\srcore.dll
2008-05-25 13:32 318,464 ----a-w C:\Windows\System32\rstrui.exe
2008-05-25 13:32 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-05-25 13:32 14,848 ----a-w C:\Windows\System32\srdelayed.exe
2008-05-23 22:15 --------- d-----w C:\Program Files\Norton Internet Security
2008-05-23 22:15 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-23 21:47 295,936 ----a-w C:\Windows\System32\gdi32.dll
2008-05-23 21:47 2,032,128 ----a-w C:\Windows\System32\win32k.sys
2008-05-23 21:42 --------- d-----w C:\Program Files\MSXML 4.0
2008-05-23 15:06 --------- d-----w C:\Users\phylis\AppData\Roaming\CyberLink
2008-05-23 01:24 --------- d-----w C:\Users\phylis\AppData\Roaming\Microsoft Web Folders
2008-05-23 01:08 --------- d-----w C:\Users\phylis\AppData\Roaming\Leadertech
2008-05-23 01:08 --------- d-----w C:\Users\phylis\AppData\Roaming\Acer
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 03:33 202240]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 03:33 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 05:07 4390912 C:\Windows\RtHDVCpl.exe]
"Acer Tour"="" []
"Acer Empowering Technology Monitor"="C:\Acer\Empowering Technology\SysMonitor.exe" [2007-01-24 13:27 319488]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-07 03:04 464168]
"PCMService"="C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe" [2007-01-13 00:24 151552]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 07:43 729088]
"Acer Product Registration"="C:\Program Files\Acer Registration\ACE1.exe" [2007-02-02 15:24 3383296]
"eRecoveryService"="" []
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-04-06 02:21 86016]
"C:\Windows\system32\V0230Cvw.dll"="C:\Windows\system32\RegSvr32.exe" [2006-11-02 05:45 14336]
"V0230Mon.exe"="C:\Windows\System32\V0230Mon.exe" [2006-07-19 13:00 36961]
C:\Users\phylis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Acer Product Registration.lnk - C:\Program Files\Acer Registration\ACE1.exe [2007-02-02 15:24:32 3383296]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 07:44:06 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 04:15:54 65588]
Symantec Fax Starter Edition Port.lnk - C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 17:51:52 45568]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.mkdmp3enc"= C:\Acer\EMPOWE~1\eMode\PCM\Kernel\Burner\MKDMP3Enc.ACM
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=C:\Windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\Windows\pss\Kodak EasyShare software.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Assist Launcher]
--a------ 2007-02-02 14:05 1261568 C:\Program Files\Acer Assist\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Tour Reminder]
--a------ 2007-02-15 21:39 151552 C:\Acer\AcerTour\Reminder.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apanel]
C:\ACERSW\config\NewSetApanel.cmd
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2006-11-21 00:44 107112 c:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-06 02:21 8429568 C:\Windows\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-06 02:21 81920 C:\Windows\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\osCheck]
--a------ 2006-11-21 00:42 22696 c:\Program Files\Norton Internet Security\osCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-05-23 18:35 1271032 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 03:38 1008184 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo!MessengerForVista]
--a------ 2008-04-29 15:39 204800 C:\Users\phylis\AppData\Local\Yahoo!\Messenger for Vista\Yahoo.Messenger.YmApp.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{BC054FCC-2510-455A-9F22-B698BAF4C2BB}"= UDP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{D0A4B255-598D-40CA-997D-FE4E91F01A6A}"= TCP:C:\Acer\Empowering Technology\eMode\PCM\PCMService.exe:CyberLink PowerCinema Resident Program
"{7835F1E2-A7ED-4371-A189-3B479016182B}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{51A5219B-569D-4B27-B89E-1DAAE5ADBB85}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{9F570F95-3271-4D47-85D9-3849E8B0A0AF}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{7D6341B9-3C79-48CB-A11C-188119E2552C}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{80F0826C-47B1-4D7D-9E55-29A0A5EB4166}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E34CB1A4-A515-4BFE-A3DE-FB883D37FF55}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B5285DD9-08D6-472A-9E44-6C34E6D5FDAF}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{07BD99B5-C748-44BF-B1D4-00EA3F99C1BE}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{920B8C9C-453D-4222-9C9A-F26465DE484F}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080623.001\IDSvix86.sys [2008-05-13 00:27]
R2 SBSDWSCService;SBSD Security Center Service;d:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-11-21 00:45]
R3 V0230Vfx;V0230Vfx;C:\Windows\system32\DRIVERS\V0230Vfx.sys [2006-03-23 13:00]
R3 V0230VID;Live! Cam Video IM Pro;C:\Windows\system32\DRIVERS\V0230VID.sys [2006-07-24 13:00]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-08 21:52]
S4 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-06-10 07:02]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-06-16 03:05:23 C:\Windows\Tasks\EasyShare Registration Task.job"
- C:\Windows\system32\rundll32.exeZC:\PROGRA~2\Kodak\EasyShareSetup\$REGIS~1\Registration_7.5.20.2.sxt _RegistrationOffer@16
"2008-06-28 00:04:57 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - phylis.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-28 04:06:41
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-28 4:08:16
ComboFix-quarantined-files.txt 2008-06-28 08:08:13
Pre-Run: 39,775,817,728 bytes free
Post-Run: 39,760,457,728 bytes free
266 --- E O F --- 2008-06-26 17:32:42