ComboFix 08-07-17.4 - Me and my angels 2 2008-07-19 23:00:47.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.234 [GMT -5:00]
Running from: C:\Users\Me and my angels 2\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Me and my angels 2\AppData\Roaming\.#
C:\Users\Me and my angels 2\AppData\Roaming\ezpinst.log
C:\Users\Me and my angels 2\AppData\Roaming\inst.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-20 to 2008-07-20 )))))))))))))))))))))))))))))))
.
2008-07-19 22:42 . 2008-07-18 19:15 36,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-19 22:41 . 2008-07-18 19:15 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-19 22:04 . 2008-07-19 22:06 <DIR> d-------- C:\Program Files\De Blob
2008-07-19 19:06 . 2008-07-19 19:06 <DIR> d-------- C:\Users\All Users\Winamp Toolbar
2008-07-19 19:06 . 2008-07-19 19:06 <DIR> d-------- C:\ProgramData\Winamp Toolbar
2008-07-19 19:06 . 2008-07-19 19:06 <DIR> d-------- C:\Program Files\Winamp Toolbar
2008-07-19 19:04 . 2008-07-19 19:43 <DIR> d-------- C:\Users\Me and my angels 2\AppData\Roaming\Winamp
2008-07-19 19:04 . 2008-07-19 19:07 <DIR> d-------- C:\Program Files\Winamp
2008-07-19 12:40 . 2008-07-19 12:40 <DIR> d-------- C:\Users\All Users\FreeDownloadManager.ORG
2008-07-19 12:40 . 2008-07-19 12:40 <DIR> d-------- C:\ProgramData\FreeDownloadManager.ORG
2008-07-19 11:50 . 2008-07-19 11:50 <DIR> d-------- C:\Users\Me and my angels 2\AppData\Roaming\Malwarebytes
2008-07-19 11:50 . 2008-07-19 11:50 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-19 11:50 . 2008-07-19 11:50 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-19 11:50 . 2008-07-19 22:42 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-18 10:46 . 2008-07-18 10:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-18 01:13 . 2008-07-18 01:13 <DIR> d-------- C:\Users\Me and my angels 2\AppData\Roaming\.clamwin
2008-07-18 01:13 . 2008-07-18 01:13 <DIR> d-------- C:\Users\All Users\.clamwin
2008-07-18 01:13 . 2008-07-18 01:13 <DIR> d-------- C:\ProgramData\.clamwin
2008-07-18 01:13 . 2008-07-18 01:13 <DIR> d-------- C:\Program Files\ClamWin
2008-07-17 14:12 . 2008-07-17 14:12 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-14 17:37 . 2008-01-19 02:33 2,623,488 --a------ C:\Windows\System32\SLsvc.exe
2008-07-14 17:36 . 2008-01-19 00:31 8,322,048 --a------ C:\Windows\System32\spwizimg.dll
2008-07-14 17:34 . 2008-01-18 22:12 3,662,296 --a------ C:\Windows\System32\locale.nls
2008-07-14 17:33 . 2008-01-19 02:35 3,173,376 --a------ C:\Windows\System32\netshell.dll
2008-07-14 17:32 . 2008-01-19 02:33 8,139,264 --a------ C:\Windows\System32\ssBranded.scr
2008-07-14 17:31 . 2008-01-19 02:33 2,515,968 --a------ C:\Windows\System32\accessibilitycpl.dll
2008-07-14 17:30 . 2008-01-19 02:35 3,072,000 --a------ C:\Windows\System32\networkmap.dll
2008-07-14 17:29 . 2008-01-19 02:34 6,103,040 --a------ C:\Windows\System32\chtbrkr.dll
2008-07-14 17:28 . 2008-01-19 01:06 8,147,456 --a------ C:\Windows\System32\wmploc.DLL
2008-07-14 17:27 . 2008-01-19 02:36 704,512 --a------ C:\Windows\System32\SmiEngine.dll
2008-07-14 17:27 . 2008-01-19 02:36 357,888 --a------ C:\Windows\System32\wbemcomn.dll
2008-07-14 17:27 . 2008-01-19 02:36 139,264 --a------ C:\Windows\System32\SmiInstaller.dll
2008-07-14 17:26 . 2008-01-19 02:34 305,152 --a------ C:\Windows\System32\msdelta.dll
2008-07-14 17:26 . 2008-01-19 02:34 258,560 --a------ C:\Windows\System32\dpx.dll
2008-07-14 17:26 . 2008-01-19 02:34 246,784 --a------ C:\Windows\System32\drvstore.dll
2008-07-14 17:26 . 2008-01-19 02:36 218,624 --a------ C:\Windows\System32\wdscore.dll
2008-07-14 17:26 . 2008-01-19 02:33 130,560 --a------ C:\Windows\System32\PkgMgr.exe
2008-07-14 17:26 . 2008-01-19 02:35 35,328 --a------ C:\Windows\System32\mspatcha.dll
2008-07-13 20:57 . 2008-07-19 13:22 <DIR> d-------- C:\Program Files\GameSpy Arcade
2008-07-13 20:01 . 2008-07-19 21:29 <DIR> d-------- C:\Program Files\PeerGuardian2
2008-07-13 16:18 . 2008-07-13 16:18 <DIR> d-------- C:\Windows\System32\Adobe
2008-07-13 02:04 . 2008-07-19 21:31 <DIR> d-------- C:\Users\Me and my angels 2\AppData\Roaming\Free Download Manager
2008-07-13 02:04 . 2008-07-19 12:40 <DIR> d-------- C:\Program Files\Free Download Manager
2008-06-30 10:59 . 2008-06-30 10:59 885,248 --a------ C:\Windows\System32\RacEngn.dll
2008-06-30 10:59 . 2008-06-30 10:59 9,127 --a------ C:\Windows\System32\RacUR.xml
2008-06-30 10:59 . 2008-06-30 10:59 153 --a------ C:\Windows\System32\RacUREx.xml
2008-06-30 10:54 . 2008-06-30 10:54 113,664 --a------ C:\Windows\System32\drivers\rmcast.sys
2008-06-30 10:54 . 2008-06-30 10:54 14,848 --a------ C:\Windows\System32\wshrm.dll
2008-06-30 10:53 . 2008-06-30 10:53 1,314,816 --a------ C:\Windows\System32\quartz.dll
2008-06-30 10:53 . 2008-06-30 10:53 428,544 --a------ C:\Windows\System32\EncDec.dll
2008-06-30 10:53 . 2008-06-30 10:53 293,376 --a------ C:\Windows\System32\psisdecd.dll
2008-06-30 10:53 . 2008-06-30 10:53 218,624 --a------ C:\Windows\System32\psisrndr.ax
2008-06-30 10:53 . 2008-06-30 10:53 80,896 --a------ C:\Windows\System32\MSNP.ax
2008-06-30 10:53 . 2008-06-30 10:53 69,632 --a------ C:\Windows\System32\Mpeg2Data.ax
2008-06-30 10:53 . 2008-06-30 10:53 57,856 --a------ C:\Windows\System32\MSDvbNP.ax
2008-06-30 10:49 . 2008-06-30 10:49 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-06-30 10:49 . 2008-06-30 10:49 826,880 --a------ C:\Windows\System32\wininet.dll
2008-06-29 22:12 . 2008-06-29 22:12 18 --a------ C:\Windows\gfact.ini
2008-06-29 22:11 . 2008-06-29 22:12 <DIR> d-------- C:\Program Files\bruce2
2008-06-29 19:16 . 2008-06-29 19:17 <DIR> d-------- C:\Users\Me and my angels 2\AppData\Roaming\Software Informer
2008-06-29 19:15 . 2008-06-29 20:30 <DIR> d-------- C:\Program Files\Software Informer
2008-06-29 18:59 . 2008-07-13 22:32 <DIR> d-------- C:\Program Files\Battlefield Browser
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 03:26 13,636 ----a-w C:\Users\Me and my angels 2\AppData\Roaming\nvModes.dat
2008-07-19 23:55 --------- d-----w C:\Program Files\Yahoo!
2008-07-19 23:55 --------- d-----w C:\Program Files\FLV Player
2008-07-19 23:41 --------- d-----w C:\ProgramData\Google Updater
2008-07-19 23:35 --------- d-----w C:\Program Files\Google
2008-07-19 23:32 --------- d-----w C:\Program Files\Java
2008-07-19 23:09 --------- d-----w C:\Program Files\Picasa2
2008-07-19 16:44 --------- d---a-w C:\Users\Me and my angels 2\AppData\Roaming\uTorrent
2008-07-18 05:57 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-07-17 06:24 --------- d-----w C:\ProgramData\Roxio
2008-07-17 01:49 --------- d---a-w C:\Users\Me and my angels 2\AppData\Roaming\Yahoo!
2008-07-17 01:49 --------- d-----w C:\ProgramData\Yahoo!
2008-07-15 13:40 174 --sha-w C:\Program Files\desktop.ini
2008-07-15 13:23 --------- d-----w C:\Program Files\Windows Sidebar
2008-07-15 13:23 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-07-15 13:23 --------- d-----w C:\Program Files\Windows Mail
2008-07-15 13:23 --------- d-----w C:\Program Files\Windows Journal
2008-07-15 13:23 --------- d-----w C:\Program Files\Windows Defender
2008-07-15 13:23 --------- d-----w C:\Program Files\Windows Collaboration
2008-07-15 13:23 --------- d-----w C:\Program Files\Windows Calendar
2008-07-15 01:16 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-07-14 18:46 --------- d---a-w C:\Users\Me and my angels 2\AppData\Roaming\dvdcss
2008-07-14 01:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-12 19:23 --------- d-----w C:\Program Files\Hewlett-Packard
2008-07-11 20:15 --------- d-----w C:\ProgramData\Microsoft Help
2008-06-29 04:19 --------- d-----w C:\ProgramData\DVD Shrink
2008-06-23 05:02 --------- d---a-w C:\Users\Me and my angels 2\AppData\Roaming\Roxio
2008-06-22 20:51 --------- d---a-w C:\ProgramData\TEMP
2008-06-22 18:53 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-15 03:45 --------- d-----w C:\Program Files\DAEMON Tools Pro
2008-06-11 03:04 --------- d-----w C:\ProgramData\Kaspersky Lab Setup Files
2008-06-10 21:13 --------- d---a-w C:\Users\Me and my angels 2\AppData\Roaming\InstallShield
2008-06-10 17:59 --------- d-----w C:\ProgramData\CyberLink
2008-06-10 17:12 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-10 17:09 540,672 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-10 17:09 458,752 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-06-10 17:09 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-06-10 17:09 2,153,984 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-06-10 17:09 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-05-30 16:14 --------- d-----w C:\Program Files\RADVideo
2008-05-25 16:16 --------- d-----w C:\ProgramData\River Past G5
2008-05-24 23:49 --------- d-----w C:\Users\Me and my angels 2\AppData\Roaming\River Past G5
2008-05-24 20:39 --------- d-----w C:\Users\Me and my angels 2\AppData\Roaming\iolo
2008-05-24 20:39 --------- d-----w C:\ProgramData\iolo
2008-05-06 19:15 47,360 ----a-w C:\Users\Me and my angels 2\AppData\Roaming\pcouffin.sys
2007-09-14 06:27 24,576 ----a-w C:\Users\Me and my angels 2\AppData\Roaming\PnkBstrK.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 02:33 1233920]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-07-02 05:29 220544]
"AGEIA PhysX SysTray"="C:\Program Files\AGEIA Technologies\bin\TrayIcon.exe" [2007-01-05 23:23 357928]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-10 22:56 218032]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [2008-05-20 17:27 2474031]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2007-06-02 15:59 1457152]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-29 01:57 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 02:05 1045800]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 13:42 70912]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"VirtualCloneDrive"="C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2006-04-29 08:21 94208]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 03:29 102400]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 21:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 10:14 270648]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-11-24 15:33 167936]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2008-01-19 02:33 227840]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-27 11:26 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-27 11:26 7770112]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-27 11:26 81920]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2008-06-14 14:13 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-07-19 18:32 29744]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-07-09 16:33 36352]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-23 16:48:32 113664]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_Dlls"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= divxa32.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-239065566-3441178637-797170251-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A25AAB0F-BDDE-4825-9006-2C81FA627C66}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{4F3AE1B6-54D9-48FE-931C-4084D9E8A7FE}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CB61196D-10EC-45E0-9300-02517F61BA83}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{29FE60EB-5341-4B90-973A-440A470ABC7B}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{5B33143C-8170-4085-A1CF-FB72BA0A2CD2}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{646D00DE-092A-4E5E-B686-196F2889CEBA}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{0C7C77B6-3E69-488C-9D2A-FC9231ACE37A}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{B7F8021A-0559-4835-A231-88DEEE195EEC}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"UDP Query User{F190FFC4-0D5F-48A9-A6FD-0FCB7D9642BF}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= TCP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"TCP Query User{2E98FD3D-7F29-4F99-8F51-2D9AEA97D397}C:\\program files\\ea games\\battlefield vietnam\\bfvietnam.exe"= UDP:C:\program files\ea games\battlefield vietnam\bfvietnam.exe:bfvietnam
"{95ECDD01-AB84-4195-A36C-29147C571235}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9E02C4F2-DF48-4ADA-B6DF-757714F01315}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{847B4D9A-56A3-49A5-9521-2D7585715908}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{90528E1E-A1FE-4A81-B793-12DCFBBD3662}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{090CF6CF-EE2B-41E5-8C78-4E27BDD9A0C7}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{6B57F522-FAAD-41A8-B1C1-953062BF9446}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{AB06BDE8-59B8-48EC-BE3A-F47C57907ABE}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{81A65DC1-77E6-4167-8E14-4B7FCA87FA72}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{EC58DC15-F7C5-434D-85D3-CDAD99FD9AC4}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{60DEC888-F219-4253-B879-9DCB9F49D1E6}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{69766FF7-C030-44B6-941A-342BD87A0965}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{6B858232-CDA8-4787-BC69-95686C88817A}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{964A17A2-B864-49C4-AE05-C970AF48F245}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D0E33B3D-1A5D-4264-A998-9D761F9F2B0E}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E4F8C58C-172C-4E9F-87BD-9C7CCBAA8251}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{0CA0798A-3E2C-4FD7-BEAB-7513E7519FE5}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{E93F0325-7515-4077-B660-9EE7BCB2A972}"= UDP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{67C4A776-378F-4425-83E9-A1EB7B41A638}"= TCP:C:\Program Files\Google\Google Talk\googletalk.exe:Google Talk
"{51E7B6F4-55CA-4777-A7D7-E38AFD3FD8DE}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{A388478B-6806-4365-ABDC-7F0B1B3C3663}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{00EF6E7F-E560-4770-862E-AD465E485EC7}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{08918F9A-BEAC-4B64-8C0D-47F08A965A43}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{5E298237-770A-4E31-8D9F-273ABC055F34}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\pb\PnkBstrB.exe:PnkBstrB
"{40A29172-F0DE-4101-95A4-CEA1E9046CC4}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\pb\PnkBstrB.exe:PnkBstrB
"{2443FB9C-0C3E-411C-B4A8-CA2474869633}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\pb\PunkBuster services,service installer.exe:PunkBuster services,service installer
"{97A0E64C-946F-4B98-A6FF-940323D822AD}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\pb\PunkBuster services,service installer.exe:PunkBuster services,service installer
"{BB3E4C49-CA8A-4B70-96B9-821FCD7DC28E}"= UDP:C:\Users\Me and my angels 2\Downloads\programs\utorrent.exe:µTorrent
"{44D71720-AE6C-414D-9B3D-6D18C12EA338}"= TCP:C:\Users\Me and my angels 2\Downloads\programs\utorrent.exe:µTorrent
"{A873608A-C131-4458-AD97-0E50FF1D2D5A}"= UDP:C:\Program Files\PeerGuardian2\pg2.exe:PeerGuardian
"{DEDF92E4-A432-4923-85C6-0A9A8C96B774}"= TCP:C:\Program Files\PeerGuardian2\pg2.exe:PeerGuardian
"{75587C85-D95F-4A86-BD41-5F431C150F4D}"= UDP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{141BDFE0-A0C3-4E9E-8FE7-2FF6146767E9}"= TCP:C:\Program Files\Mozilla Firefox\firefox.exe:Mozilla Firefox
"{BBB29F7F-E486-40BB-A7D2-2F890EF11DF2}"= UDP:C:\Users\Me and my angels 2\Documents\Downloads\programs\utorrent.exe:µTorrent
"{3AB68C21-BF85-4736-B72E-31C3767180B6}"= TCP:C:\Users\Me and my angels 2\Documents\Downloads\programs\utorrent.exe:µTorrent
"{BA84386F-D8FC-4B88-A84E-F4FCA3C04B8A}"= UDP:C:\Users\Me and my angels 2\Downloads\programs\utorrent.exe:µTorrent
"{1C4C5EBB-A46F-437F-8B90-ED32B4847E3C}"= TCP:C:\Users\Me and my angels 2\Downloads\programs\utorrent.exe:µTorrent
"{8D4E3FE1-D5E6-4942-BA45-31DB1670F355}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{20C424E2-6871-470B-901E-2D0E036B8402}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"TCP Query User{6793AAE9-560F-4AC2-A921-B7142C91E4BA}C:\\users\\me and my angels 2\\desktop\\utorrent.exe"= UDP:C:\users\me and my angels 2\desktop\utorrent.exe:utorrent.exe
"UDP Query User{EDAE37B9-BA9B-4CAB-A944-20EC3450D428}C:\\users\\me and my angels 2\\desktop\\utorrent.exe"= TCP:C:\users\me and my angels 2\desktop\utorrent.exe:utorrent.exe
"{9A29261D-687F-4668-A973-F6FB2495BA1D}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{729C1ED6-0E10-405D-9778-836B1A82F9E3}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"TCP Query User{A0C17AEA-87F1-41F3-AFB8-C1D02D0DD637}C:\\users\\me and my angels 2\\appdata\\local\\temp\\mrt852b.tmp\\stdrt.exe"= UDP:C:\users\me and my angels 2\appdata\local\temp\mrt852b.tmp\stdrt.exe:stdrt.exe
"UDP Query User{2374F97D-CD47-407D-BB80-9D88F6C47707}C:\\users\\me and my angels 2\\appdata\\local\\temp\\mrt852b.tmp\\stdrt.exe"= TCP:C:\users\me and my angels 2\appdata\local\temp\mrt852b.tmp\stdrt.exe:stdrt.exe
"{964FA9DD-191C-43ED-9260-BD03A6DF1555}"= UDP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"{DCA6DE48-B669-48A4-8E64-633AFF53B1F8}"= TCP:C:\Program Files\GameSpy Arcade\Aphex.exe:GameSpy Arcade
"TCP Query User{B814A61C-C96D-4AEE-8E3A-56DDBB653491}C:\\users\\me and my angels 2\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= UDP:C:\users\me and my angels 2\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
"UDP Query User{17A11D2A-3FED-40B0-886E-DFE46EE92895}C:\\users\\me and my angels 2\\appdata\\local\\temp\\wzse0.tmp\\symnrt.exe"= TCP:C:\users\me and my angels 2\appdata\local\temp\wzse0.tmp\symnrt.exe:symnrt.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"<NO NAME>"= :*:Enabled:Yahoo! Music Jukebox
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-03 05:10]
S3 GameConsoleService;GameConsoleService;C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe [2007-10-01 11:34]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-07-19 18:32]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\system32\drivers\mbamswissarmy.sys [2008-07-18 19:15]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 02:30]
S3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-10-18 19:09]
S3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-10-18 19:09]
S3 SSDefrag;SSDefrag;C:\Windows\system32\drivers\SSDefrag.sys [2008-02-18 12:27]
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-07-19 22:57:40 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Me and my angels 2.job"
- c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
"2008-07-20 04:29:29 C:\Windows\Tasks\User_Feed_Synchronization-{9F1A3FA5-4B9D-479B-95FE-7AF5F899F293}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-19 23:18:21
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-19 23:40:38
ComboFix-quarantined-files.txt 2008-07-20 04:40:20
Pre-Run: 18,618,028,032 bytes free
Post-Run: 16,811,032,576 bytes free
278 --- E O F --- 2008-07-19 22:48:17
Edited by _The_Nothing_, 20 July 2008 - 09:39 AM.