ComboFix 08-02-25.3 - Tuck 2008-02-26 13:48:55.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1139 [GMT -6:00]
Running from: C:\Users\Tuck\Desktop\ComboFix.exe
Command switches used :: C:\Users\Tuck\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Users\Tuck\AppData\Local\Temp\cbxvu.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-26 to 2008-02-26 )))))))))))))))))))))))))))))))
.
2008-02-25 12:17 . 2008-02-25 12:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-24 07:51 . 2008-02-24 07:51 <DIR> d-------- C:\VundoFix Backups
2008-02-15 18:18 . 2008-01-09 23:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 03:06 . 2008-02-13 03:06 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 03:06 . 2008-02-13 03:06 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 03:03 . 2008-02-13 03:03 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-11 17:42 . 2008-02-11 17:42 <DIR> d-------- C:\Program Files\PopCap Games
2008-02-10 15:35 . 2008-02-10 15:43 <DIR> d-------- C:\Users\Tuck\logitech
2008-02-10 15:35 . 2008-02-11 15:17 <DIR> d-------- C:\Users\Tuck\browser - logitech
2008-02-10 15:34 . 2008-02-10 15:34 <DIR> d-------- C:\Program Files\Logitech
2008-02-10 15:34 . 2008-02-10 15:35 <DIR> d-------- C:\Program Files\Common Files\Remote Control Software Common
2008-02-10 15:33 . 2008-02-10 15:33 <DIR> d-------- C:\Program Files\Common Files\Remote Control USB Driver
2008-02-08 14:24 . 2008-02-08 14:24 <DIR> d-------- C:\ProgramData\PopCap Games
2008-02-07 17:44 . 2008-02-07 17:44 <DIR> d-------- C:\Program Files\GameSpy
2008-02-07 17:42 . 2008-02-07 17:42 <DIR> d-------- C:\Windows\System32\URTTEMP
2008-02-07 17:41 . 2008-02-07 17:41 669,184 --a------ C:\Windows\System32\pbsvc.exe
2008-02-07 17:30 . 2008-02-07 17:30 <DIR> d-------- C:\Program Files\Electronic Arts
2008-02-05 16:27 . 2008-02-05 16:27 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-02-05 16:13 . 2008-02-05 16:13 <DIR> d-------- C:\ProgramData\LightScribe
2008-02-04 18:13 . 2008-02-04 18:13 331 --a------ C:\Windows\doom3.ini
2008-02-04 18:02 . 2008-02-04 18:12 <DIR> d-------- C:\Program Files\DOOM 3
2008-02-02 19:12 . 2008-02-02 19:12 <DIR> d-------- C:\Program Files\Sonic Foundry
2008-02-01 18:34 . 2008-02-01 18:34 <DIR> d-------- C:\Windows\Intelliremote
2008-02-01 18:34 . 2008-02-01 18:34 <DIR> d-------- C:\Program Files\Melloware
2008-02-01 18:14 . 2008-02-01 18:14 <DIR> d-------- C:\Users\Tuck\AppData\Roaming\Vectir
2008-02-01 17:55 . 2008-02-01 17:55 <DIR> d-------- C:\Users\Tuck\AppData\Roaming\CyberLink
2008-02-01 17:48 . 2008-02-01 17:48 87 -rah----- C:\Windows\ctfile.rfc
2008-02-01 15:59 . 2008-02-01 15:59 <DIR> dr------- C:\Windows\System32\config\systemprofile\Music
2008-01-30 15:55 . 2008-01-30 15:55 <DIR> d-------- C:\ProgramData\Creative Labs
2008-01-30 14:06 . 2007-07-19 18:14 3,727,720 --a------ C:\Windows\System32\d3dx9_35.dll
2008-01-30 14:06 . 2007-07-19 18:14 1,358,192 --a------ C:\Windows\System32\D3DCompiler_35.dll
2008-01-30 14:06 . 2007-07-19 18:14 444,776 --a------ C:\Windows\System32\d3dx10_35.dll
2008-01-29 20:34 . 2008-01-29 20:34 224,768 --a------ C:\Windows\System32\drivers\usbport.sys
2008-01-29 20:34 . 2008-01-29 20:34 192,000 --a------ C:\Windows\System32\drivers\usbhub.sys
2008-01-29 20:34 . 2008-01-29 20:34 73,216 --a------ C:\Windows\System32\drivers\usbccgp.sys
2008-01-29 20:34 . 2008-01-29 20:34 38,400 --a------ C:\Windows\System32\drivers\usbehci.sys
2008-01-29 20:34 . 2008-01-29 20:34 19,456 --a------ C:\Windows\System32\drivers\usbohci.sys
2008-01-29 20:34 . 2008-01-29 20:34 8,704 --a------ C:\Windows\System32\hcrstco.dll
2008-01-29 20:34 . 2008-01-29 20:34 8,704 --a------ C:\Windows\System32\hccoin.dll
2008-01-29 20:34 . 2008-01-29 20:34 5,888 --a------ C:\Windows\System32\drivers\usbd.sys
2008-01-27 20:44 . 2008-01-27 20:44 <DIR> d-------- C:\Windows\Downloaded Installations
2008-01-27 20:24 . 2008-01-27 20:24 <DIR> d-------- C:\Program Files\Ubisoft
2008-01-27 16:56 . 2007-06-20 20:46 266,088 --a------ C:\Windows\System32\xactengine2_8.dll
2008-01-27 16:56 . 2007-06-20 20:45 18,280 --a------ C:\Windows\System32\x3daudio1_2.dll
2008-01-27 12:19 . 2008-01-27 12:19 1,029,120 --a------ C:\Windows\System32\d3d10.dll
2008-01-27 12:19 . 2008-01-27 12:19 187,392 --a------ C:\Windows\System32\d3d10core.dll
2008-01-27 12:19 . 2008-01-27 12:19 167,936 --a------ C:\Windows\System32\dxgi.dll
2008-01-27 11:57 . 2008-01-27 11:57 621,568 --a------ C:\Windows\System32\drivers\dxgkrnl.sys
2008-01-27 11:57 . 2008-01-27 11:57 37,376 --a------ C:\Windows\System32\cdd.dll
2008-01-26 18:28 . 2008-01-26 18:28 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-01-26 18:27 . 2008-01-26 18:27 <DIR> d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-01-26 15:13 . 2008-02-01 16:55 1,080 --a------ C:\Windows\System32\settingsbkup.sfm
2008-01-26 15:13 . 2008-02-01 16:55 1,080 --a------ C:\Windows\System32\settings.sfm
2008-01-26 12:37 . 2008-01-26 12:38 4,019 --a------ C:\Windows\System32\PATCH.ERR
2008-01-26 11:26 . 2008-01-26 11:26 <DIR> d-------- C:\Program Files\Common Files\Creative Labs Shared
2008-01-26 11:22 . 2008-02-26 13:28 64,756 --a------ C:\Windows\System32\DVCState-{00000004-00000000-00000007-00001102-00000005-002C1102}.rfx
2008-01-26 11:22 . 2008-02-26 13:28 54,324 --a------ C:\Windows\System32\BMXStateBkp-{00000004-00000000-00000007-00001102-00000005-002C1102}.rfx
2008-01-26 11:22 . 2008-02-26 13:28 54,324 --a------ C:\Windows\System32\BMXState-{00000004-00000000-00000007-00001102-00000005-002C1102}.rfx
2008-01-26 11:18 . 2007-02-26 15:24 94,208 --a------ C:\Windows\System32\cttele32.dll
2008-01-26 11:16 . 2007-09-18 11:34 108,544 --a------ C:\Windows\System32\APOMngr.DLL
2008-01-26 11:16 . 2007-05-28 11:28 69,120 --a------ C:\Windows\System32\CmdRtr.DLL
2008-01-26 10:21 . 2007-05-27 21:57 1,732 --a------ C:\Windows\System32\drivers\nvphy.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k7
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k6
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k5
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k4
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k3
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k2
2008-02-26 19:28 64 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k1
2008-02-26 19:28 311,198 ----a-w C:\Windows\system32\drivers\kmxcfg.u2k0
2008-02-19 17:10 --------- d-----w C:\ProgramData\CA
2008-02-13 09:03 806,400 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-13 09:01 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-13 09:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 09:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 09:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-11 21:12 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-10 21:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-07 23:41 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-02-07 23:41 22,328 ----a-w C:\Users\Tuck\AppData\Roaming\PnkBstrK.sys
2008-02-07 23:41 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-02-07 23:39 --------- d-----w C:\ProgramData\Media Center Programs
2008-02-06 18:36 --------- d-----w C:\Users\Tuck\AppData\Roaming\Bioshock
2008-02-05 22:13 --------- d-----w C:\Users\Tuck\AppData\Roaming\Ahead
2008-02-01 23:56 --------- d-----w C:\Users\Tuck\AppData\Roaming\Creative
2008-02-01 23:55 --------- d-----w C:\ProgramData\Creative
2008-02-01 23:46 --------- d-----w C:\Program Files\Creative
2008-01-29 01:55 --------- d-----w C:\Program Files\THQ
2008-01-26 17:18 413,696 ----a-w C:\Windows\System32\wrap_oal.dll
2008-01-26 17:18 110,592 ----a-w C:\Windows\System32\OpenAL32.dll
2008-01-26 03:31 --------- d-----w C:\Users\Tuck\AppData\Roaming\Leadertech
2008-01-26 03:24 --------- d-----w C:\Program Files\Firaxis Games
2008-01-26 03:06 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
2008-01-26 02:42 --------- d-----w C:\Program Files\Activision
2008-01-25 18:57 --------- d-----w C:\Program Files\The Adventure Company
2008-01-25 02:58 56,048 ----a-w C:\Windows\BS_DEF.sys
2008-01-25 00:14 --------- d-----w C:\Program Files\ASUS
2008-01-25 00:12 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-24 20:42 --------- d-----w C:\ProgramData\Microsoft Help
2008-01-24 20:39 --------- d-----w C:\Program Files\Saitek
2008-01-24 02:37 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-01-24 02:36 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-24 02:36 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-24 01:57 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-24 01:52 --------- d-----w C:\ProgramData\Nero
2008-01-24 01:52 --------- d-----w C:\Program Files\Nero
2008-01-24 01:45 --------- d-----w C:\Program Files\Microsoft.NET
2008-01-24 01:45 --------- d-----w C:\Program Files\Microsoft Works
2008-01-24 01:27 174 --sha-w C:\Program Files\desktop.ini
2008-01-24 01:20 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-24 01:20 --------- d-----w C:\Program Files\Windows Mail
2008-01-24 01:20 --------- d-----w C:\Program Files\Windows Defender
2008-01-24 01:20 --------- d-----w C:\Program Files\Windows Calendar
2008-01-24 01:15 87,040 ----a-w C:\Windows\System32\msoert2.dll
2008-01-24 01:15 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2008-01-24 01:15 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2008-01-24 01:14 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2008-01-24 01:14 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2008-01-24 01:14 542,720 ----a-w C:\Windows\System32\sysmain.dll
2008-01-24 01:14 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2008-01-24 01:14 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2008-01-24 01:14 297,984 ----a-w C:\Windows\System32\wlansec.dll
2008-01-24 01:14 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2008-01-24 01:14 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2008-01-24 01:14 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2008-01-24 01:14 2,923,520 ----a-w C:\Windows\explorer.exe
2008-01-24 01:14 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-01-24 01:13 49,664 ----a-w C:\Windows\System32\csrsrv.dll
2008-01-24 01:13 376,320 ----a-w C:\Windows\System32\winsrv.dll
2008-01-24 01:11 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2008-01-24 01:11 7,680 ----a-w C:\Windows\System32\spwmp.dll
2008-01-24 01:11 414,208 ----a-w C:\Windows\System32\msscp.dll
2008-01-24 01:11 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2008-01-24 01:11 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2008-01-24 01:11 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2008-01-24 01:10 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2008-01-24 01:10 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2008-01-24 01:10 61,952 ----a-w C:\Windows\System32\cmifw.dll
2008-01-24 01:10 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2008-01-24 01:10 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2008-01-24 01:10 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2008-01-24 01:10 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2008-01-24 01:10 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2008-01-24 01:10 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2008-01-24 01:09 104,448 ----a-w C:\Windows\System32\DWWIN.EXE
2008-01-24 01:08 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2008-01-24 01:08 1,191,936 ----a-w C:\Windows\System32\msxml3.dll
2008-01-24 01:07 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2008-01-24 01:07 57,856 ----a-w C:\Windows\System32\SLUINotify.dll
2008-01-24 01:07 566,784 ----a-w C:\Windows\System32\SLCommDlg.dll
2008-01-24 01:07 39,936 ----a-w C:\Windows\System32\slcinst.dll
2008-01-24 01:07 351,232 ----a-w C:\Windows\System32\SLUI.exe
2008-01-24 01:07 33,280 ----a-w C:\Windows\System32\slwmi.dll
2008-01-24 01:07 268,288 ----a-w C:\Windows\System32\mcbuilder.exe
2008-01-24 01:07 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2008-01-24 01:07 223,232 ----a-w C:\Windows\System32\SLC.dll
2008-01-24 01:07 2,605,568 ----a-w C:\Windows\System32\SLsvc.exe
2008-01-24 01:07 186,368 ----a-w C:\Windows\System32\SLLUA.exe
2008-01-24 01:06 1,335,296 ----a-w C:\Windows\System32\msxml6.dll
2008-01-24 01:04 974,336 ----a-w C:\Windows\System32\crypt32.dll
2008-01-24 01:04 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2008-01-24 01:04 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-23 19:05 1232896]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 18:05 143360]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 19:25 81920]
"Vectir"="C:\Program Files\Vectir\Vectir.exe" [ ]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-01-24 12:32 2289664]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-01-23 19:12 1006264]
"UpdReg"="C:\Windows\UpdReg.EXE" [2000-05-11 01:00 90112]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:25 177416]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [2008-01-22 19:47 14088]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:42 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-02-19 11:10 1193224]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-02-19 11:10 173320]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 17:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 17:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 17:06 81920]
"CTXFIREG"="CTxfiReg.exe" [2007-10-25 21:52 43520 C:\Windows\System32\Ctxfireg.exe]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 15:40 155648]
"Profiler"="C:\Program Files\Saitek\Software\ProfilerU.exe" [2005-10-18 14:34 163840]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-11-03 11:09 126976]
"AsusStartupHelp"="C:\Program Files\ASUS\AASP\1.00.17\AsRunHelp.exe" [2006-11-14 00:25 363008]
"NVRaidService"="C:\Windows\system32\nvraidservice.exe" [2007-08-17 09:45 184864]
"CTHelper"="CTHELPER.EXE" [2007-10-25 21:56 19456 C:\Windows\System32\CtHelper.exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-10-25 21:56 19968 C:\Windows\System32\Ctxfihlp.exe]
"Module Loader"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 15:43 57344]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2007-07-23 15:43 57344]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
C:\Users\Tuck\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 2007-05-18 14:30 79368 C:\Windows\System32\UmxWNP.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6B3268F9-B204-48C9-8370-C2291B76B539}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{74E0DCFB-D9F3-41A7-BD88-0CB838B452E3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E89B5746-229C-4076-8987-4522599EA0B3}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{1906227C-5E30-4E23-890C-2ABAA7E5E957}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
"{6EF9EC3B-2BAD-4A82-B46A-FB54542D636D}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{4E1AC604-5D3A-4CB0-B34E-947EA2211414}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
"{019FE511-D2E9-444D-9F9A-E7F8AF3053EC}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3232B34F-5B8E-4AC4-A80B-DED2C962EF42}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{3AE00376-8541-421D-BE1C-E620762C6F7D}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{2CA6855C-4DE9-4EC8-80A9-527B122E25C0}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\Crysis.exe:Crysis_32
"{B0610D40-8CC1-43CC-BCE4-4B7F86537EF3}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
"{EFB5E87E-2AC9-4140-AE97-34BEFDFE83F6}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis\Bin32\CrysisDedicatedServer.exe:CrysisDedicatedServer_32
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"= C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
R0 KmxFw;KmxFw;C:\Windows\system32\DRIVERS\kmxfw.sys [2007-10-18 13:28]
R0 nvrd32;NVIDIA nForce RAID Driver;C:\Windows\system32\DRIVERS\nvrd32.sys [2007-07-03 00:37]
R1 KmxAgent;KmxAgent;C:\Windows\system32\DRIVERS\kmxagent.sys [2007-05-18 14:30]
R1 KmxFile;KmxFile;C:\Windows\system32\DRIVERS\KmxFile.sys [2007-05-18 14:30]
R1 KmxFilter;HIPS Core Filter Driver;C:\Windows\system32\DRIVERS\KmxFilter.sys [2007-10-18 09:46]
R2 KmxCF;KmxCF;C:\Windows\system32\DRIVERS\KmxCF.sys [2007-10-18 09:46]
R2 KmxSbx;KmxSbx;C:\Windows\system32\DRIVERS\KmxSbx.sys [2007-11-02 03:54]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-04 08:23]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 08:39]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 14:30]
R3 ha20x2k;Creative 20X HAL Driver;C:\Windows\system32\drivers\ha20x2k.sys [2007-10-25 23:33]
R3 KmxCfg;KmxCfg;C:\Windows\system32\DRIVERS\kmxcfg.sys [2007-09-12 11:02]
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-16 21:10]
S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" [2008-01-26 11:26]
S3 SaiH075C;SaiH075C;C:\Windows\system32\DRIVERS\SaiH075C.sys [2006-07-27 05:49]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-01-23 01:51:25 C:\Windows\Tasks\CAAntiSpywareScan_Daily as Tuck at 7 47 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2008-02-26 15:56:41 C:\Windows\Tasks\User_Feed_Synchronization-{17700B31-0CE2-4B28-A290-68D391725D1C}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 13:51:51
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-26 13:53:18
ComboFix2.txt 2008-02-25 20:53:11
.
2008-02-22 21:57:29 --- E O F ---