Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.275 [GMT -7:00]
Running from: C:\Documents and Settings\Raymond Pestalozzi\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Raymond Pestalozzi\Application Data\inst.exe
C:\Documents and Settings\Raymond Pestalozzi\Application Data\macromedia\Flash Player\#SharedObjects\LSVWLLD2\interclick.com
C:\Documents and Settings\Raymond Pestalozzi\Application Data\macromedia\Flash Player\#SharedObjects\LSVWLLD2\interclick.com\ud.sol
C:\Documents and Settings\Raymond Pestalozzi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Raymond Pestalozzi\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\WINDOWS\BMf34f0eac.txt
C:\WINDOWS\BMf34f0eac.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aaxoiati.dll
C:\WINDOWS\system32\afqgvu.dll
C:\WINDOWS\system32\bknhtpuf.dll
C:\WINDOWS\system32\ceLlnnpo.ini
C:\WINDOWS\system32\ceLlnnpo.ini2
C:\WINDOWS\system32\ceobtfwm.dll
C:\WINDOWS\system32\cfotjfgc.ini
C:\WINDOWS\system32\cfuesnde.dll
C:\WINDOWS\system32\cgfjtofc.dll
C:\WINDOWS\system32\cigwixff.ini
C:\WINDOWS\system32\cqxscjsi.dll
C:\WINDOWS\system32\cwnguu.dll
C:\WINDOWS\system32\dfmxve.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\ecjtxymw.dll
C:\WINDOWS\system32\ednseufc.ini
C:\WINDOWS\system32\ewqigh.dll
C:\WINDOWS\system32\ffygagck.dll
C:\WINDOWS\system32\fhgccput.dll
C:\WINDOWS\system32\hhOUFfhk.ini
C:\WINDOWS\system32\hhOUFfhk.ini2
C:\WINDOWS\system32\ihevyo.dll
C:\WINDOWS\system32\ishgirgr.dll
C:\WINDOWS\system32\jmyqjoov.ini
C:\WINDOWS\system32\jwjjgfve.ini
C:\WINDOWS\system32\jymloxpp.dll
C:\WINDOWS\system32\lmemmhjj.ini
C:\WINDOWS\system32\maelbttg.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\odhlfcxy.ini
C:\WINDOWS\system32\oskcembw.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pdocdpay.ini
C:\WINDOWS\system32\pgnjjffq.ini
C:\WINDOWS\system32\pXIRYJjl.ini
C:\WINDOWS\system32\pXIRYJjl.ini2
C:\WINDOWS\system32\qsYaHRqr.ini
C:\WINDOWS\system32\qsYaHRqr.ini2
C:\WINDOWS\system32\rnvdonsk.dll
C:\WINDOWS\system32\SAaayGgh.ini
C:\WINDOWS\system32\SAaayGgh.ini2
C:\WINDOWS\system32\sdrymiqn.dll
C:\WINDOWS\system32\tpbsfmdi.ini
C:\WINDOWS\system32\tupccghf.ini
C:\WINDOWS\system32\ukhmtraw.dll
C:\WINDOWS\system32\voojqymj.dll
C:\WINDOWS\system32\wfcprhiq.dll
C:\WINDOWS\system32\wiudxrhi.dll
C:\WINDOWS\system32\wmyxtjce.ini
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\system32\xksbplxk.dll
C:\WINDOWS\system32\ycpavyrm.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-07-26 to 2008-08-26 )))))))))))))))))))))))))))))))
.
2008-08-23 01:35 . 2008-08-23 01:35 <DIR> d-------- C:\Documents and Settings\Raymond Pestalozzi\Application Data\SUPERAntiSpyware.com
2008-08-23 01:35 . 2008-08-23 01:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-23 01:12 . 2008-08-23 01:19 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-22 19:04 . 2006-11-17 03:06 280 --a------ C:\WINDOWS\system32\epoPGPsdk.dll.sig
2008-08-22 19:03 . 2008-05-12 15:30 174,952 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-08-22 19:03 . 2008-05-12 15:30 72,936 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-08-22 19:03 . 2008-05-12 15:30 64,232 --a------ C:\WINDOWS\system32\drivers\mfeapfk.sys
2008-08-22 19:03 . 2008-05-12 15:30 52,104 --a------ C:\WINDOWS\system32\drivers\mfetdik.sys
2008-08-22 19:03 . 2008-05-12 15:30 33,960 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-08-22 19:01 . 2008-08-22 19:04 <DIR> d-------- C:\Program Files\McAfee
2008-08-22 19:01 . 2008-08-22 19:01 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-08-22 15:47 . 2008-08-22 15:47 102,916 --a------ C:\WINDOWS\system32\msxml71.dll
2008-08-21 12:53 . 2008-08-21 12:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SACore
2008-08-21 12:45 . 2008-08-22 15:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-08-15 15:37 . 2008-08-15 15:37 <DIR> d-------- C:\Program Files\Sophos
2008-08-15 15:34 . 2007-11-20 12:26 <DIR> d-------- C:\sav_install
2008-08-14 20:18 . 2008-08-14 20:18 <DIR> d-------- C:\Documents and Settings\Raymond Pestalozzi\Application Data\Research In Motion
2008-08-14 20:18 . 2008-08-22 19:03 256 --a------ C:\WINDOWS\system32\pool.bin
2008-08-14 20:17 . 2007-01-18 10:24 26,496 -ra------ C:\WINDOWS\system32\drivers\RimSerial.sys
2008-08-14 20:15 . 2008-08-14 20:15 <DIR> d-------- C:\Program Files\Common Files\Research In Motion
2008-08-14 20:15 . 2008-08-14 20:19 <DIR> d-------- C:\Documents and Settings\Raymond Pestalozzi\Application Data\Blackberry Desktop
2008-08-14 20:14 . 2008-08-14 20:14 <DIR> d-------- C:\Program Files\Research In Motion
2008-08-14 18:32 . 2008-08-14 18:32 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-08-14 12:15 . 2008-08-15 09:28 121 --a------ C:\WINDOWS\bdagent.INI
2008-08-14 11:59 . 2008-08-15 09:28 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-08-14 11:54 . 2008-08-14 11:55 <DIR> d-------- C:\Program Files\BitDefender
2008-08-14 11:47 . 2008-08-14 11:54 <DIR> d-------- C:\Program Files\Common Files\BitDefender
2008-08-14 09:37 . 2008-04-14 05:42 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-08-14 09:37 . 2008-04-14 05:42 1,306,624 --------- C:\WINDOWS\system32\dllcache\msxml6.dll
2008-08-14 09:37 . 2008-04-13 22:57 79,872 --------- C:\WINDOWS\system32\msxml6r.dll
2008-08-14 09:37 . 2008-04-13 22:57 79,872 --------- C:\WINDOWS\system32\dllcache\msxml6r.dll
2008-08-14 09:35 . 2008-08-14 09:35 <DIR> d-------- C:\WINDOWS\system32\en
2008-08-14 09:35 . 2008-08-14 09:35 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-14 09:23 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-08-14 09:23 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-08-14 09:20 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005722_.tmp
2008-08-07 14:49 . 2008-08-07 14:49 <DIR> d-------- C:\Program Files\Investintech.com Inc
2008-08-07 10:59 . 2008-08-07 11:00 <DIR> d-------- C:\Program Files\Samsung
2008-08-07 10:59 . 2005-08-17 08:46 93,872 --a------ C:\WINDOWS\system32\drivers\sscdmdm.sys
2008-08-07 10:59 . 2005-08-17 08:45 58,352 --a------ C:\WINDOWS\system32\drivers\sscdbus.sys
2008-08-07 10:59 . 2005-08-17 08:46 8,272 --a------ C:\WINDOWS\system32\drivers\sscdmdfl.sys
2008-08-07 10:59 . 2005-08-17 08:47 6,176 --a------ C:\WINDOWS\system32\drivers\sscdcmnt.sys
2008-08-07 10:59 . 2005-08-17 08:47 6,176 --a------ C:\WINDOWS\system32\drivers\sscdcm.sys
2008-08-07 10:59 . 2005-08-17 08:44 5,840 --a------ C:\WINDOWS\system32\drivers\sscdwhnt.sys
2008-08-07 10:59 . 2005-08-17 08:44 5,840 --a------ C:\WINDOWS\system32\drivers\sscdwh.sys
2008-07-27 17:41 . 2008-07-27 17:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-27 17:41 . 2008-07-27 17:41 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 00:43 --------- d-----w C:\Program Files\mIRC
2008-08-26 00:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-25 18:50 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\Skype
2008-08-25 17:31 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\skypePM
2008-08-23 08:23 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\uTorrent
2008-08-23 02:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-08-21 23:36 --------- d-----w C:\Program Files\TightVNC
2008-08-19 16:58 --------- d-----w C:\Program Files\Total Video Converter
2008-08-15 15:50 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\VanDyke
2008-08-07 18:22 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-07 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-26 02:05 --------- d-----w C:\Program Files\Passcape
2008-07-25 18:50 --------- d-----w C:\Program Files\CHEMIX School3_00
2008-07-24 22:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-24 19:47 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\AdobeUM
2008-07-24 18:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-17 17:24 --------- d-----w C:\Program Files\SWiSH Max2
2008-07-17 01:59 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-15 21:16 --------- d-----w C:\Program Files\SWiSHmax
2008-07-15 04:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-02 02:04 --------- d-----w C:\Program Files\Moyea
2008-07-02 01:53 --------- d-----w C:\Program Files\FLVPlay
2008-07-02 01:53 --------- d-----w C:\Program Files\Any FLV Player
2008-07-02 01:39 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\Moyea
2008-07-02 00:40 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-07-01 23:14 --------- d-----w C:\Program Files\MagicDisc
2008-06-28 00:09 --------- d-----w C:\Program Files\PowerISO
2008-06-28 00:05 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\InstallShield
2008-06-27 19:19 --------- d-----w C:\Documents and Settings\Raymond Pestalozzi\Application Data\Thinstall
2008-01-22 22:47 47,360 ----a-w C:\Documents and Settings\Raymond Pestalozzi\Application Data\pcouffin.sys
2008-01-14 20:59 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
1999-12-02 21:54 1,844 ----a-w C:\Program Files\license.txt
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 05:42 15360]
"%ProtectMyPC"="C:\Program Files\Internet Explorer\iexplore.exe" [2008-08-18 10:10 93184]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39 1289000]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-25 17:28 1576176]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-05-12 15:30 111952]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
PGPtray.exe.lnk - C:\WINDOWS\Installer\{65CEDFCC-9449-4E14-828D-959F77411F01}\Icon6560581611.exe [2006-08-25 14:28:58 55296]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "C:\Program Files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 15:57 86016]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-08-25 17:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Desktop Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Desktop Manager.lnk
backup=C:\WINDOWS\pss\Desktop Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk
backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Raymond Pestalozzi^Start Menu^Programs^Startup^MagicDisc.lnk]
path=C:\Documents and Settings\Raymond Pestalozzi\Start Menu\Programs\Startup\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Raymond Pestalozzi^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=C:\Documents and Settings\Raymond Pestalozzi\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2007-10-30 20:07 140568 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2007-10-30 20:11 909208 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMMGAG]
--a------ 2002-06-28 02:30 64000 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMONIT.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
--a------ 2006-11-17 13:39 136768 C:\Program Files\McAfee\Common Framework\UdaterUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 05:42 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-09-20 10:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2008-06-16 01:52 167936 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCTRAY]
--a------ 2002-07-15 03:20 491520 C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QCWLICON]
--a------ 2002-07-15 03:20 49152 C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-02-16 10:54 282624 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-04-23 17:45 22058792 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPTRAY]
--a------ 2002-06-28 02:30 48640 C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2007-10-30 20:06 2595616 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVT Scheduler Proxy]
--a------ 2007-08-01 12:07 540672 C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SUService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Adobe LM Service"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 PGPwded;PGPwded Storage Filter Service;C:\WINDOWS\system32\drivers\PGPwded.sys [2006-04-05 11:36]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-03-14 00:26]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2002-07-15 03:20]
R1 TPPWR;TPPWR;C:\WINDOWS\system32\drivers\Tppwr.sys [2002-06-28 02:30]
R2 PGPdisk;PGPdisk;C:\WINDOWS\system32\drivers\PGPdisk.sys [2006-04-05 11:39]
R2 PGPsdkDriver;PGPsdkDriver;C:\WINDOWS\system32\Drivers\PGPsdk.sys [2006-04-05 11:35]
R3 vdiskbus;Virtual Disk Bus;C:\WINDOWS\system32\DRIVERS\vdiskbus.sys [2005-01-13 10:06]
S3 ADPTEHCD;Adaptec USB 2.0 Enhanced Host Controller Driver;C:\WINDOWS\system32\DRIVERS\aehcd.sys [2004-04-21 03:21]
S3 APLMp50;APLMp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\APLMp50.sys []
S3 AUSBD_FilterService;Adaptec USB 2.0 Port Enumeration Driver;C:\WINDOWS\system32\DRIVERS\ausbd.sys [2004-04-21 03:21]
S3 CSNPD50;CSNPD50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\CSNPD50.sys []
S3 CSTDIDRV;CSTDIDRV;C:\WINDOWS\system32\Drivers\CSTDI50.sys []
S3 IMWEB51;High Rate Wireless LAN Mini-PCI LAN Driver;C:\WINDOWS\system32\DRIVERS\IMWEBN51.sys [2002-06-06 14:33]
S3 RayLink;Raytheon RayLink WireLess PCMCIA LAN Adapter Driver;C:\WINDOWS\system32\DRIVERS\wlandrv2.sys [2001-08-17 12:12]
S4 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2007-10-30 20:51]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ad7c2bd6-1df7-11dd-ba78-00096b13af8b}]
\Shell\AutoRun\command - D:\ONSPCLCK.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-26 C:\WINDOWS\Tasks\BMMTask.job
- C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2002-06-28 02:30]
.
- - - - ORPHANS REMOVED - - - -
BHO-{ca6d0b66-38ed-484c-b997-3386f9e4714c} - C:\WINDOWS\system32\danizu.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-%AntiMalware - C:\WINDOWS\system32\Service.exe
MSConfigStartUp-%AWinUpdate - C:\WINDOWS\wuauclt.vbs
MSConfigStartUp-Acrobat Assistant 7 - C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
MSConfigStartUp-BitTorrent - C:\Program Files\BitTorrent\bittorrent.exe
MSConfigStartUp-BMf34f0eac - C:\WINDOWS\system32\bknhtpuf.dll
MSConfigStartUp-f07c3d30 - C:\WINDOWS\system32\ecjtxymw.dll
MSConfigStartUp-PicoZip - C:\Program Files\PicoZip\PicoZipTray.exe
MSConfigStartUp-Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
MSConfigStartUp-Somefox - C:\DOCUME~1\RAYMON~1\LOCALS~1\Temp\C0.tmp.exe
MSConfigStartUp-updateMgr - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AdobeUpdateManager.exe
MSConfigStartUp-WinUpdate - C:\WINDOWS\wuauclt.vbs
MSConfigStartUp-Applications Driver - spc0.62.exe
MSConfigStartUp-Microsoft Updates - svshost.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Raymond Pestalozzi\Application Data\Mozilla\Firefox\Profiles\2vkrkzse.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava12.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava13.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava14.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJava32.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll
FF -: plugin - C:\Program Files\Java\jre1.5.0_11\bin\NPOJI610.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 18:51:02
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\PGPserv.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\PGP Corporation\PGP Desktop\PGPtray.exe
.
**************************************************************************
.
Completion time: 2008-08-25 18:58:15 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-26 01:57:59
Pre-Run: 15,081,947,136 bytes free
Post-Run: 14,952,992,768 bytes free
349