here we go!!
ComboFix 10-01-04.01 - Stu 05/01/2010 11:26:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3327.2923 [GMT 0:00]
Running from: c:\documents and settings\Stu\desktop\commy.exe
Command switches used :: /stepdel
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\InternetSecurity2010
c:\recycler\S-1-5-21-2863378544-2620313549-3492353547-500
c:\windows\system32\drivers\ohqeer.sys
c:\recycler\S-1-5-21-2863378544-2620313549-3492353547-500\desktop.ini
c:\recycler\S-1-5-21-2863378544-2620313549-3492353547-500\INFO2
C:\s
c:\windows\system32\15724.exe
c:\windows\system32\18467.exe
c:\windows\system32\19169.exe
c:\windows\system32\26500.exe
c:\windows\system32\6334.exe
c:\windows\system32\kbdsock.dll
c:\windows\system32\mshlps.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_ohqeer
-------\Service_ohqeer
((((((((((((((((((((((((( Files Created from 2009-12-05 to 2010-01-05 )))))))))))))))))))))))))))))))
.
2010-01-03 18:56 . 2010-01-03 18:56 -------- d-----w- c:\documents and settings\Stu\Application Data\e frontier
2010-01-03 18:38 . 2010-01-03 18:38 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-03 18:37 . 2010-01-03 18:51 -------- d-----w- c:\documents and settings\Stu\Application Data\DAEMON Tools Lite
2010-01-03 18:37 . 2010-01-03 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-01-03 18:15 . 2010-01-03 18:15 -------- d-----w- c:\documents and settings\Stu\Application Data\AdobeUM
2010-01-03 09:34 . 2010-01-03 12:18 -------- d-----w- c:\documents and settings\Stu\Local Settings\Application Data\yfpqrn
2010-01-02 22:44 . 2010-01-02 22:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-02 22:43 . 2010-01-02 22:43 -------- d-----w- c:\documents and settings\LocalService\Application Data\WTablet
2010-01-02 22:28 . 2010-01-02 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2010-01-02 22:27 . 2010-01-02 22:43 38784 ----a-w- c:\documents and settings\Stu\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe2010-01-02 22:21 . 2010-01-02 22:21 -------- d-----w- c:\program files\Adobe Media Player
2010-01-02 22:13 . 2010-01-02 22:13 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2010-01-02 19:02 . 2010-01-02 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-01-02 19:02 . 2010-01-04 18:56 -------- d-----w- c:\documents and settings\Stu\Application Data\Azureus
2010-01-02 18:53 . 2010-01-02 18:53 -------- d-----w- c:\documents and settings\Stu\Application Data\.BitTornado
2010-01-02 12:17 . 2010-01-02 12:17 -------- d-----w- c:\documents and settings\Stu\Local Settings\Application Data\Identities
2009-12-25 07:44 . 2009-12-25 07:44 -------- d-----w- c:\documents and settings\Stu\Application Data\Ambient Design
2009-12-25 07:28 . 2010-01-05 11:34 -------- d-----w- c:\documents and settings\Stu\Application Data\WTablet
2009-12-25 07:28 . 2009-12-25 07:28 -------- d-----w- c:\documents and settings\Stu\Application Data\WTouch
2009-12-25 07:28 . 2009-07-15 16:13 220968 ------w- c:\windows\system32\Touch_Tablet.dll
2009-12-25 07:28 . 2009-12-25 07:28 -------- d-----w- c:\program files\WTouch
2009-12-25 07:27 . 2007-02-16 00:11 11440 ----a-w- c:\windows\system32\drivers\WacomVKHid.sys
2009-12-25 07:27 . 2007-02-16 19:12 11312 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2009-12-25 07:27 . 2009-05-20 19:54 13736 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2009-12-25 07:27 . 2009-12-25 07:27 -------- d-----w- c:\windows\system32\WTablet
2009-12-25 07:27 . 2009-07-15 16:13 392488 ------w- c:\windows\system32\Pen_Tablet.dll
2009-12-25 07:27 . 2009-07-15 16:07 284672 ------w- c:\windows\system32\Wintab32.dll
2009-12-25 07:27 . 2009-07-15 16:13 4408616 ------w- c:\windows\system32\Pen_Tablet.exe
2009-12-25 07:27 . 2009-12-25 07:28 -------- d-----w- c:\program files\Tablet
2009-12-24 09:25 . 2010-01-02 22:17 -------- d-----w- c:\documents and settings\Stu\Local Settings\Application Data\Adobe
2009-12-23 23:26 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-23 23:22 . 2009-12-23 23:22 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-23 23:21 . 2009-12-23 23:21 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-23 19:04 . 2009-12-23 19:04 -------- d-----w- c:\program files\TeamSpeak 3 Client
2009-12-20 19:51 . 2009-12-20 19:52 -------- d-----w- c:\documents and settings\Stu\Application Data\Ventrilo
2009-12-20 13:30 . 2009-12-20 14:02 -------- d-----w- c:\documents and settings\Stu\Local Settings\Application Data\Deployment
2009-12-20 13:19 . 2009-12-20 13:19 -------- d-----r- C:\AHCache
2009-12-20 13:00 . 2009-12-20 13:00 -------- d-----w- c:\documents and settings\Stu\Application Data\CyberLink
2009-12-18 23:19 . 2009-12-18 23:19 -------- d-----w- c:\documents and settings\Stu\Local Settings\Application Data\Blizzard Entertainment
2009-12-18 21:37 . 2009-12-18 21:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment
2009-12-16 19:50 . 2009-12-23 23:21 -------- d-----w- c:\windows\system32\LogFiles
2009-12-15 23:00 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-12-15 23:00 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-12-15 22:40 . 2009-12-15 22:40 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2009-12-15 22:17 . 2009-12-15 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2009-12-15 22:04 . 2009-12-15 22:04 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2009-12-15 21:59 . 2009-12-15 21:59 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\nagasoft
2009-12-15 20:46 . 2008-04-13 18:45 26368 ----a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-15 20:45 . 2001-08-17 22:36 5632 ----a-w- c:\windows\system32\ptpusb.dll
2009-12-15 20:45 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-12-15 20:45 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2009-12-15 20:45 . 2008-04-14 00:12 159232 ----a-w- c:\windows\system32\ptpusd.dll
2009-12-15 19:39 . 2009-12-15 19:39 -------- d-----w- c:\windows\system32\nagasoft
2009-12-15 19:32 . 2009-12-15 19:32 1956528 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2009-12-15 19:32 . 2009-12-15 21:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-12-15 07:15 . 2009-11-02 20:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-12-15 07:15 . 2010-01-02 22:28 51816 ----a-w- c:\documents and settings\Stu\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-15 07:15 . 2009-12-15 07:15 -------- d-----w- c:\program files\Windows Defender
2009-12-15 07:11 . 2009-12-15 07:11 -------- d-sh--w- c:\documents and settings\Stu\PrivacIE
2009-12-15 03:16 . 2009-12-15 03:16 -------- d-sh--w- c:\documents and settings\Stu\IETldCache
2009-12-14 23:16 . 2009-10-29 07:45 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2009-12-14 23:16 . 2009-10-29 07:45 594432 ------w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-14 23:16 . 2009-10-29 07:45 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-14 23:16 . 2009-10-29 07:45 246272 ------w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-14 23:16 . 2009-10-29 07:45 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2009-12-14 23:16 . 2009-10-29 07:45 11069952 ------w- c:\windows\system32\dllcache\ieframe.dll
2009-12-14 23:16 . 2009-12-14 23:16 -------- d-----w- c:\windows\ie8updates
2009-12-14 23:15 . 2009-10-02 04:44 92160 ------w- c:\windows\system32\dllcache\iecompat.dll
2009-12-14 23:14 . 2009-12-14 23:15 -------- dc-h--w- c:\windows\ie8
2009-12-14 23:06 . 2010-01-05 11:33 -------- d-----w- c:\program files\Steam
2009-12-14 22:51 . 2009-12-14 22:51 -------- d-----w- c:\windows\system32\scripting
2009-12-14 22:51 . 2009-12-14 22:51 -------- d-----w- c:\windows\l2schemas
2009-12-14 22:51 . 2009-12-14 22:51 -------- d-----w- c:\windows\system32\en
2009-12-14 22:51 . 2009-12-14 22:51 -------- d-----w- c:\windows\system32\bits
2009-12-14 22:01 . 2009-12-16 23:58 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2009-12-14 21:59 . 2009-12-14 21:59 -------- d-----w- C:\passwords
2009-12-14 20:35 . 2009-12-14 22:48 -------- d-----w- c:\windows\ServicePackFiles
2009-12-14 20:33 . 2009-12-14 20:33 -------- d-----w- c:\program files\MSXML 4.0
2009-12-14 20:27 . 2009-12-14 20:27 -------- d-----w- c:\program files\AVG
2009-12-14 20:25 . 2009-12-14 20:25 -------- d--h--w- c:\windows\I386
2009-12-14 20:23 . 2009-12-14 20:23 -------- d-----w- C:\PNP
2009-12-14 20:20 . 2005-01-06 11:09 206 ----a-w- c:\windows\myClean.bat
2009-12-14 20:15 . 2009-12-14 22:34 -------- d-----w- C:\DRIVERS
2009-12-14 20:15 . 2009-12-14 19:44 -------- d-----w- C:\DIVTOOLS
2009-12-14 20:13 . 2009-12-14 19:44 -------- d-----w- C:\APPS
2009-12-14 20:08 . 2009-12-14 20:07 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-14 20:07 . 2009-12-14 20:07 152576 ----a-w- c:\documents and settings\Stu\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-14 20:07 . 2009-12-14 20:07 79488 ----a-w- c:\documents and settings\Stu\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-14 20:06 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-14 20:06 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\dllcache\bthport.sys
2009-12-14 20:04 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-12-14 20:03 . 2008-05-08 14:02 203136 ------w- c:\windows\system32\dllcache\rmcast.sys
2009-12-14 20:03 . 2008-10-24 11:21 455296 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-14 20:03 . 2008-12-11 10:57 333952 ------w- c:\windows\system32\dllcache\srv.sys
2009-12-14 20:03 . 2008-05-01 14:33 331776 ------w- c:\windows\system32\dllcache\msadce.dll
2009-12-14 20:02 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-12-14 20:02 . 2009-12-15 07:13 -------- d-----w- C:\security
2009-12-14 20:02 . 2008-04-11 19:04 691712 ------w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-14 20:01 . 2009-06-10 09:19 2066432 ------w- c:\windows\system32\dllcache\mstscax.dll
2009-12-14 20:00 . 2008-10-15 16:34 337408 ------w- c:\windows\system32\dllcache\netapi32.dll
2009-12-14 20:00 . 2009-07-31 04:35 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
2009-12-14 20:00 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-14 20:00 . 2008-04-21 12:08 215552 ------w- c:\windows\system32\dllcache\wordpad.exe
2009-12-14 19:58 . 2009-12-14 19:58 -------- d-sh--w- c:\documents and settings\Stu\UserData
2009-12-14 19:58 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-14 19:47 . 2010-01-05 11:34 -------- d-----w- c:\windows\system32\Lang
2009-12-14 19:46 . 2009-12-14 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Network Associates
2009-12-14 19:46 . 2009-12-14 19:46 -------- d-----w- c:\program files\McAfee
2009-12-14 19:45 . 2009-12-14 19:46 -------- d-----w- c:\program files\Microsoft Works
2009-12-14 19:45 . 2009-12-14 19:45 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PowerCinema
2009-12-14 19:45 . 2009-12-20 13:00 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-12-14 19:43 . 2009-12-14 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\QuickTime
2009-12-14 19:42 . 2009-12-14 19:42 -------- d-----w- c:\program files\Common Files\SureThing Shared
2009-12-14 19:42 . 2009-12-14 19:42 -------- d-----w- c:\program files\Sonic
2009-12-14 19:38 . 2009-12-14 20:07 -------- d-----w- c:\program files\Java
2009-12-14 19:38 . 2009-12-14 19:38 -------- d-----w- c:\program files\Common Files\Java
2009-12-14 19:38 . 2009-12-14 19:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142050}
2009-12-14 19:33 . 2009-12-14 19:33 -------- d-----w- c:\windows\nview
2009-12-14 19:33 . 2005-05-07 00:14 176128 ----a-w- c:\windows\system32\nvudisp.exe
2009-12-14 19:33 . 2005-05-07 01:28 176128 ----a-w- c:\windows\system32\NVUNINST.EXE
2009-12-14 19:33 . 2009-12-14 19:44 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-14 19:32 . 2009-12-14 19:32 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2009-12-14 19:31 . 2009-12-14 19:31 -------- d-----w- c:\windows\system32\URTTemp
2009-12-14 19:28 . 2008-04-14 00:11 7168 ----a-w- c:\windows\system32\hccoin.dll
2009-12-14 19:28 . 2008-04-13 18:45 30208 ----a-w- c:\windows\system32\drivers\usbehci.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 22:22 . 2009-12-14 19:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-02 22:01 . 2010-01-02 22:01 5 ----a-w- c:\windows\system32\CoLe.tmp
2009-12-20 13:27 . 2009-12-20 13:27 -------- d-----w- c:\program files\MSBuild
2009-12-20 13:27 . 2009-12-20 13:27 -------- d-----w- c:\program files\Reference Assemblies
2009-12-14 22:54 . 2004-08-11 12:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-14 21:58 . 2009-12-14 19:43 -------- d-----w- c:\program files\Common Files\AOL
2009-12-14 21:58 . 2009-12-14 19:43 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-12-14 20:12 . 2009-12-14 20:12 -------- d-----w- c:\documents and settings\Stu\Application Data\Malwarebytes
2009-12-14 20:12 . 2009-12-14 20:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-14 20:12 . 2009-12-14 20:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-14 20:12 . 2009-12-14 20:12 -------- d-----w- c:\program files\CCleaner
2009-12-14 19:44 . 2009-12-14 19:44 -------- d-----w- c:\program files\CyberLink
2009-12-14 19:44 . 2009-12-14 19:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-14 19:44 . 2009-12-14 19:57 -------- d-----w- c:\documents and settings\Stu\Application Data\You've Got Pictures Screensaver
2009-12-14 19:44 . 2009-12-14 19:44 -------- d-----w- c:\program files\Learn2.com
2009-12-14 19:44 . 2009-12-14 19:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\You've Got Pictures Screensaver
2009-12-14 19:44 . 2009-12-14 19:44 -------- d-----w- c:\program files\Viewpoint
2009-12-14 19:44 . 2009-12-14 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-12-14 19:44 . 2009-12-14 19:43 -------- d-----w- c:\program files\QuickTime
2009-12-14 19:43 . 2009-12-14 19:43 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-12-14 19:43 . 2009-12-14 19:43 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2009-12-14 19:43 . 2009-12-14 19:43 -------- d-----w- c:\program files\Common Files\Real
2009-12-14 19:43 . 2009-12-14 19:43 -------- d-----w- c:\program files\Real
2009-12-14 19:43 . 2009-12-14 19:43 335 ----a-w- c:\windows\nsreg.dat
2009-12-14 19:35 . 2009-12-14 19:35 -------- d-----w- c:\program files\Realtek
2009-12-03 16:14 . 2009-12-14 20:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-12-14 20:12 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 07:45 . 2004-08-11 12:29 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-11 12:29 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-11 12:28 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-03 23:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-11 12:29 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-11 12:29 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-11 12:29 79872 ----a-w- c:\windows\system32\raschap.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\Steam.exe" [2009-12-14 1217808]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-07 5562368]
"nwiz"="nwiz.exe" [2005-05-07 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-05-07 86016]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 14720000]
"PCMService"="c:\apps\Powercinema\PCMService.exe" [2005-01-28 110740]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-12-14 98304]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\APPS\\Powercinema\\PowerCinema.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"d:\\Program Files\\World of Warcraft\\Launcher.exe"=
"d:\\wow files for patching\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enGB-downloader.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead 2\\left4dead2.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\evil genius\\EvilGeniusLauncher.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\time gentlemen, please!\\TGP.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\time gentlemen, please!\\winsetup.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ben there, dan that!\\BTDT.exe"=
"c:\\Program Files\\Steam\\steamapps\\common\\ben there, dan that!\\winsetup.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [03/01/2010 18:38 691696]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [25/12/2009 07:27 4408616]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [25/12/2009 07:28 112936]
S0 eaecevi;eaecevi;c:\windows\system32\drivers\vaksst.sys --> c:\windows\system32\drivers\vaksst.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
vvdsvc REG_MULTI_SZ vvdsvc
.
Contents of the 'Scheduled Tasks' folder
2010-01-05 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.co.uk/uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-01-05 11:34
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.netdevice: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spfc.sys >>UNKNOWN [0x8AFDE938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba96cf28
\Driver\ACPI -> ACPI.sys @ 0xba674cb8
\Driver\atapi -> atapi.sys @ 0xba4e4b40
\Driver\iaStor -> iaStor.sys @ 0xba2c8b10
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8139 Family PCI Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba3bbbd4
PacketIndicateHandler -> NDIS.sys @ 0xba3c7a21
SendHandler -> NDIS.sys @ 0xba3bbd44
user & kernel MBR OK
malicious code @ sector 0x017499F03 !
PE file found in sector at 0x017499F19 !
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(576)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(556)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WTouch\WTouchUser.exe
c:\apps\Powercinema\Kernel\TV\CLCapSvc.exe
c:\apps\Powercinema\Kernel\TV\CLSched.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\program files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\WTablet\Pen_TabletUser.exe
.
**************************************************************************
.
Completion time: 2010-01-05 11:38:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-05 11:38
Pre-Run: 166,685,929,472 bytes free
Post-Run: 166,657,769,472 bytes free
- - End Of File - - 8A0DD2DBB996F56B40DDA0D61FFB12DF