here is the last part
c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 21:30 . 2009-04-22 16:29 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-20 00:37 . 2009-03-20 00:37 34062 ----a-w- c:\users\Allen P Butler\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
2009-03-19 20:32 . 2009-04-10 20:15 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-06-09 14:10 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-06-09 14:10 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8988-34A187E2698B}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-25 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-10 518488]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-04-24 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\Allen P Butler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B89089E0-93F3-4AAF-88BC-A77D8C0CE919}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6D8029B1-4EAB-4DD3-A2EE-20CE97784762}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{01805BF0-44B0-4852-82C2-4371FC760EB0}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{B0E7ADF8-5A75-41E5-A2CA-A5BF5D3E553D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5263EB6C-C32D-42ED-85BA-6ACF0EFA275E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4CA7B5A8-30FA-4D1A-93BF-9ADCC28BACEC}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9F854534-00F2-4FC6-9DCE-27D00FE51D06}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EA468C31-1C10-4FED-A10C-B6C3D4C56FE1}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{18CDF69B-2AC8-47E5-A6D8-4D581A618267}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{84964846-0ADE-4863-A648-CE7765AD75F2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D54D72DF-5B78-4592-A43B-CDB974B692CF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1B93D466-8C9E-4BED-B0A5-1AE708A1D28C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{23D3D96F-0199-4117-B0EA-CBD607B1B971}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{D15CC401-1941-4CD3-8FC4-372E82D6E8C7}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{341627A5-2511-40F1-B92F-C9CBA3FB8F27}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B91C10C5-1B9A-4D35-9732-9E90D4F38511}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8B135C10-D6A0-4945-AD4A-A7849EF03D08}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{ED5041E8-94B3-486F-902D-F83A8E0050EA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FCBD9011-3D9C-48FA-9D2D-09F245F2A080}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{35B970EE-824B-4B76-BB8A-0CF9C76DCA24}c:\\program files\\rhapsody\\rhapsody.exe"= UDP:c:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{FCAB759C-292B-4F1D-9A76-90A7BF7F4949}c:\\program files\\rhapsody\\rhapsody.exe"= TCP:c:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{A0ABA86B-A419-4DF6-8384-4B12113648F9}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8DDC40CF-B16C-4935-B6E9-F9AE5F7D5325}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B7041966-FC8A-4C76-9953-3A1B1EAD11C4}"= UDP:c:\program files\1stWORKS\pc2me\BIN\pc2me.exe:PC2Me
"{CB0C0261-2C62-41E1-9100-99E15A2579EA}"= TCP:c:\program files\1stWORKS\pc2me\BIN\pc2me.exe:PC2Me
"{31EB4B14-CEB6-48F5-8803-E029AFA1AA4A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E363862D-2F94-4457-B8E1-541DAB4D6344}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D3EA381E-E7AF-4B34-A545-708AA769B89D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{7049FAF1-FB1A-4A05-9B80-2291B9247CBF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7C6A9DCC-D8BC-42D6-AA89-78EF9D5E790E}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:Rosetta Stone Version 3 Application
"{F99D3905-0CC0-42AD-B05D-5282BA6BB6DB}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:Rosetta Stone Ltd Services
"{C4E6E488-17E7-4926-8391-36F96E97C7D1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8D3B9629-B68E-4BB9-9419-49AEBD6FD357}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.086\SymEFA.sys [6/7/2009 11:43 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.086\BHDrvx86.sys [6/7/2009 11:43 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.086\cchpx86.sys [6/7/2009 11:43 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys [6/8/2009 2:24 PM 292912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [6/7/2009 11:43 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/7/2009 11:43 AM 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.086\symndisv.sys [6/7/2009 11:43 AM 39984]
S0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/10/2009 2:25 PM 64160]
S2 gupdate1c9999199297b30;Google Update Service (gupdate1c9999199297b30);c:\program files\Google\Update\GoogleUpdate.exe [2/28/2009 6:44 AM 133104]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [4/19/2009 11:52 PM 28672]
.
Contents of the 'Scheduled Tasks' folder
2009-06-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:24]
2009-06-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-25 05:41]
2009-06-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 10:43]
2008-12-16 c:\windows\Tasks\HPCeeScheduleForAllen P Butler.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-24 21:23]
2009-06-10 c:\windows\Tasks\User_Feed_Synchronization-{A653F827-0705-42A6-AE63-EE9BB8493479}.job
- c:\windows\system32\msfeedssync.exe [2008-09-20 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 21:35
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-11 21:42
ComboFix-quarantined-files.txt 2009-06-11 01:42
Pre-Run: 15,902,486,528 bytes free
Post-Run: 15,975,706,624 bytes free
987 --- E O F --- 2009-06-10 07:09
c:\windows\Help\OEM\scripts\HC_TotalCareAdvisorUpdate.exe
2009-03-30 21:30 . 2009-04-22 16:29 17160 ----a-w- c:\windows\Help\OEM\scripts\HC_DanzkaDubraBIOSUpdate.exe
2009-03-20 00:37 . 2009-03-20 00:37 34062 ----a-w- c:\users\Allen P Butler\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
2009-03-19 20:32 . 2009-04-10 20:15 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 20:32 . 2009-03-19 20:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-06-09 14:10 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-06-09 14:10 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-8988-34A187E2698B}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-25 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-19 2153472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-31 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-31 151552]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-31 126976]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-13 827392]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-03-06 180224]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-10 518488]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2007-04-24 77824]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\users\Allen P Butler\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B89089E0-93F3-4AAF-88BC-A77D8C0CE919}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6D8029B1-4EAB-4DD3-A2EE-20CE97784762}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{01805BF0-44B0-4852-82C2-4371FC760EB0}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{B0E7ADF8-5A75-41E5-A2CA-A5BF5D3E553D}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{5263EB6C-C32D-42ED-85BA-6ACF0EFA275E}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4CA7B5A8-30FA-4D1A-93BF-9ADCC28BACEC}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9F854534-00F2-4FC6-9DCE-27D00FE51D06}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EA468C31-1C10-4FED-A10C-B6C3D4C56FE1}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{18CDF69B-2AC8-47E5-A6D8-4D581A618267}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{84964846-0ADE-4863-A648-CE7765AD75F2}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D54D72DF-5B78-4592-A43B-CDB974B692CF}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{1B93D466-8C9E-4BED-B0A5-1AE708A1D28C}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{23D3D96F-0199-4117-B0EA-CBD607B1B971}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{D15CC401-1941-4CD3-8FC4-372E82D6E8C7}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{341627A5-2511-40F1-B92F-C9CBA3FB8F27}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B91C10C5-1B9A-4D35-9732-9E90D4F38511}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8B135C10-D6A0-4945-AD4A-A7849EF03D08}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{ED5041E8-94B3-486F-902D-F83A8E0050EA}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{FCBD9011-3D9C-48FA-9D2D-09F245F2A080}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{35B970EE-824B-4B76-BB8A-0CF9C76DCA24}c:\\program files\\rhapsody\\rhapsody.exe"= UDP:c:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"UDP Query User{FCAB759C-292B-4F1D-9A76-90A7BF7F4949}c:\\program files\\rhapsody\\rhapsody.exe"= TCP:c:\program files\rhapsody\rhapsody.exe:RealNetworks Rhapsody
"{A0ABA86B-A419-4DF6-8384-4B12113648F9}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8DDC40CF-B16C-4935-B6E9-F9AE5F7D5325}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B7041966-FC8A-4C76-9953-3A1B1EAD11C4}"= UDP:c:\program files\1stWORKS\pc2me\BIN\pc2me.exe:PC2Me
"{CB0C0261-2C62-41E1-9100-99E15A2579EA}"= TCP:c:\program files\1stWORKS\pc2me\BIN\pc2me.exe:PC2Me
"{31EB4B14-CEB6-48F5-8803-E029AFA1AA4A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E363862D-2F94-4457-B8E1-541DAB4D6344}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D3EA381E-E7AF-4B34-A545-708AA769B89D}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{7049FAF1-FB1A-4A05-9B80-2291B9247CBF}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{7C6A9DCC-D8BC-42D6-AA89-78EF9D5E790E}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\RosettaStoneVersion3.exe:Rosetta Stone Version 3 Application
"{F99D3905-0CC0-42AD-B05D-5282BA6BB6DB}"= c:\program files\Rosetta Stone\Rosetta Stone Version 3\support\bin\win\RosettaStoneLtdServices.exe:Rosetta Stone Ltd Services
"{C4E6E488-17E7-4926-8391-36F96E97C7D1}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{8D3B9629-B68E-4BB9-9419-49AEBD6FD357}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\N360\0300000.086\SymEFA.sys [6/7/2009 11:43 AM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\N360\0300000.086\BHDrvx86.sys [6/7/2009 11:43 AM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\N360\0300000.086\cchpx86.sys [6/7/2009 11:43 AM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090604.001\IDSvix86.sys [6/8/2009 2:24 PM 292912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1005904]
R2 N360;Norton 360;c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe [6/7/2009 11:43 AM 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [6/7/2009 11:43 AM 101936]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\N360\0300000.086\symndisv.sys [6/7/2009 11:43 AM 39984]
S0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [6/10/2009 2:25 PM 64160]
S2 gupdate1c9999199297b30;Google Update Service (gupdate1c9999199297b30);c:\program files\Google\Update\GoogleUpdate.exe [2/28/2009 6:44 AM 133104]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [4/19/2009 11:52 PM 28672]
.
Contents of the 'Scheduled Tasks' folder
2009-06-10 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 18:24]
2009-06-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-11-25 05:41]
2009-06-10 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-28 10:43]
2008-12-16 c:\windows\Tasks\HPCeeScheduleForAllen P Butler.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-04-24 21:23]
2009-06-10 c:\windows\Tasks\User_Feed_Synchronization-{A653F827-0705-42A6-AE63-EE9BB8493479}.job
- c:\windows\system32\msfeedssync.exe [2008-09-20 07:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-10 21:35
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\3.0.0.134\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\3.0.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-11 21:42
ComboFix-quarantined-files.txt 2009-06-11 01:42
Pre-Run: 15,902,486,528 bytes free
Post-Run: 15,975,706,624 bytes free
987 --- E O F --- 2009-06-10 07:09