Rest of the results
ComboFix 09-06-16.05 - oakeyone 17/06/2009 18:14.3 - NTFSx86
Microsoft
Windows Vista
Home Premium 6.0.6001.1.1252.44.1033.18.3071.2086 [GMT 1:00]
Running from: c:\users\oakeyone\Desktop\Combo-Fix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
2009-06-17 17:16 . 2009-06-17 17:16 -------- d-----w- c:\users\oakeyone\AppData\Local\temp
2009-06-17 17:02 . 2009-06-17 17:02 -------- d-----w- c:\program files\VS Revo Group
2009-06-17 12:02 . 2009-06-17 12:02 -------- d-----w- c:\program files\Common Files\Scanner
2009-06-17 12:02 . 2009-06-17 12:04 -------- d-----w- c:\program files\CA Yahoo! Anti-Spy
2009-06-17 09:45 . 2009-02-12 09:35 38208 ----a-w- c:\users\oakeyone\AppData\Roaming\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe2009-06-17 09:45 . 2009-06-17 09:45 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-17 09:45 . 2009-06-17 09:45 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
2009-06-17 09:44 . 2009-06-17 11:23 -------- d-----w- c:\programdata\NOS
2009-06-17 09:44 . 2009-06-17 11:23 -------- d-----w- c:\program files\NOS
2009-06-17 09:30 . 2009-06-17 09:30 -------- d-----w- c:\program files\Java
2009-06-17 09:28 . 2009-06-17 09:30 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-06-17 08:22 . 2008-03-18 15:31 98304 ----a-w- c:\windows\RTKAUDIOSERVICE.EXE
2009-06-17 08:18 . 2009-06-17 08:18 -------- d-----w- c:\windows\system32\EventProviders
2009-06-17 08:17 . 2009-04-11 04:42 27648 ----a-w- c:\windows\system32\drivers\usbser.sys
2009-06-17 08:00 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-17 08:00 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-16 17:00 . 2009-06-17 16:04 -------- d-----w- c:\program files\Windows Live Safety Center
2009-06-16 16:58 . 2008-12-04 00:25 120832 ----a-w- c:\users\oakeyone\AppData\Roaming\Mozilla\Firefox\Profiles\tcyp9i9m.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-16 16:50 . 2009-06-16 16:50 -------- d-----w- c:\users\oakeyone\AppData\Local\Mozilla
2009-06-16 16:29 . 2009-06-16 16:29 -------- d-----w- c:\users\oakeyone\AppData\Local\Yahoo
2009-06-16 15:25 . 2009-06-16 15:25 -------- d-----w- c:\programdata\Yahoo!
2009-06-16 10:38 . 2009-06-16 10:38 -------- d-----w- c:\users\oakeyone\AppData\Roaming\Media Player Classic
2009-06-16 10:38 . 2009-01-21 10:38 158249 ----a-w- c:\windows\system32\Downlnvw.exe
2009-06-16 07:35 . 2009-06-16 07:35 -------- d-----w- c:\users\oakeyone\AppData\Local\Acer DVDivine
2009-06-16 07:34 . 2009-06-16 07:34 -------- d-----w- c:\users\oakeyone\AppData\Local\Acer DV Magician
2009-06-16 06:51 . 2009-06-16 06:51 -------- d-----w- c:\users\oakeyone\AppData\Roaming\dvdcss
2009-06-16 06:35 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-06-16 06:35 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-11 16:28 . 2009-04-21 11:55 2033152 ----a-w- c:\windows\system32\win32k.sys
2009-06-11 16:28 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-06-11 16:28 . 2009-04-23 12:43 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-05-29 09:35 . 2009-05-30 10:01 -------- d-----w- c:\users\oakeyone\AppData\Roaming\DivX
2009-05-29 09:31 . 2009-05-29 09:31 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-05-29 09:31 . 2009-06-12 11:10 -------- d-----w- c:\program files\DivX
2009-05-29 09:31 . 2009-06-12 11:10 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-26 17:40 . 2009-06-16 11:53 -------- d-----w- c:\users\oakeyone\AppData\Roaming\skypePM
2009-05-26 17:39 . 2009-06-16 14:53 -------- d-----w- c:\users\oakeyone\AppData\Roaming\Skype
2009-05-26 17:39 . 2009-05-26 17:39 -------- d-----w- c:\program files\Common Files\Skype
2009-05-26 17:39 . 2009-05-26 17:39 -------- d-----r- c:\program files\Skype
2009-05-26 17:39 . 2009-05-26 17:39 -------- d-----w- c:\programdata\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 17:12 . 2009-06-17 08:10 4838 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-06-17 17:07 . 2008-03-16 20:04 -------- d-----w- c:\programdata\McAfee
2009-06-17 17:07 . 2008-03-16 20:04 -------- d-----w- c:\program files\McAfee
2009-06-17 17:07 . 2009-02-21 19:26 -------- d-----w- c:\users\oakeyone\AppData\Roaming\DNA
2009-06-17 13:03 . 2009-02-21 19:27 -------- d-----w- c:\users\oakeyone\AppData\Roaming\BitTorrent
2009-06-17 09:46 . 2008-03-16 20:11 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-06-17 08:33 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-06-17 08:33 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-06-17 08:24 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-06-17 08:05 . 2009-02-07 12:37 101856 ----a-w- c:\users\oakeyone\AppData\Local\GDIPFONTCACHEV1.DAT
2009-06-17 07:58 . 2008-03-16 19:28 -------- d-----w- c:\programdata\Microsoft Help
2009-06-17 07:57 . 2008-03-16 19:29 -------- d-----w- c:\program files\Microsoft Works
2009-06-16 15:25 . 2009-02-07 12:52 -------- d-----w- c:\programdata\Yahoo! Companion
2009-06-16 15:25 . 2008-03-16 20:02 -------- d-----w- c:\program files\Yahoo!
2009-06-16 09:24 . 2008-03-16 19:45 -------- d-----w- c:\program files\Acer Arcade Live
2009-06-16 07:34 . 2009-04-11 14:13 -------- d-----w- c:\users\oakeyone\AppData\Roaming\CyberLink
2009-05-26 17:40 . 2009-05-26 17:40 56 ---ha-w- c:\programdata\ezsidmv.dat
2009-05-04 11:25 . 2009-05-03 16:51 -------- d-----w- c:\program files\Full Tilt Poker.Net
2009-05-04 11:25 . 2008-03-16 19:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-15 20:24 . 2009-04-15 20:24 90112 ----a-w- c:\windows\system32\dpl100.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.bbc.co.uk/mStart Page =
hxxp://en.uk.acer.yahoo.comTrusted Zone: microsoft.com\www
FF - ProfilePath - c:\users\oakeyone\AppData\Roaming\Mozilla\Firefox\Profiles\tcyp9i9m.default\
FF - prefs.js: browser.startup.homepage -
hxxp://www.bbc.co.uk/FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\users\oakeyone\Program Files\DNA\plugins\npbtdna.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-06-17 18:16
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(2664)
c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
Completion time: 2009-06-17 18:17
ComboFix-quarantined-files.txt 2009-06-17 17:17
Pre-Run: 236,770,017,280 bytes free
Post-Run: 236,680,642,560 bytes free
199 --- E O F --- 2009-06-17 08:22