ComboFix 08-02-25 - Cody 2008-02-24 14:14:42.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1110 [GMT -8:00]
Running from: C:\Users\Cody\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-25 to 2008-02-25 )))))))))))))))))))))))))))))))
.
2008-02-19 11:22 . 2008-02-19 11:22 <DIR> d-------- C:\Program Files\doubleTwist
2008-02-19 11:22 . 2008-02-19 11:22 563,712 --a------ C:\Windows\System32\Redemption.dll
2008-02-17 17:47 . 2008-02-17 17:47 <DIR> d-------- C:\Users\Cody\AppData\Roaming\Malwarebytes
2008-02-17 17:46 . 2008-02-17 17:46 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-02-17 17:46 . 2008-02-17 17:47 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-17 17:46 . 2008-02-17 17:46 <DIR> d-------- C:\PROGRA~3\Malwarebytes
2008-02-15 13:06 . 2008-02-15 13:06 <DIR> d-------- C:\Program Files\iPod
2008-02-15 13:05 . 2008-02-15 13:06 <DIR> d-------- C:\Program Files\iTunes
2008-02-15 13:03 . 2008-01-09 21:50 1,244,672 --a------ C:\Windows\System32\mcmde.dll
2008-02-13 13:15 . 2008-02-13 13:18 <DIR> d-------- C:\divx
2008-02-13 03:17 . 2008-02-13 03:17 194,560 --a------ C:\Windows\System32\WebClnt.dll
2008-02-13 03:17 . 2008-02-13 03:17 110,080 --a------ C:\Windows\System32\drivers\mrxdav.sys
2008-02-13 03:07 . 2008-02-13 03:07 3,504,696 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-02-13 03:07 . 2008-02-13 03:07 3,470,392 --a------ C:\Windows\System32\ntoskrnl.exe
2008-02-13 03:07 . 2008-02-13 03:07 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-02-13 03:07 . 2008-02-13 03:07 109,624 --a------ C:\Windows\System32\drivers\ataport.sys
2008-02-13 03:07 . 2008-02-13 03:07 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-02-13 03:07 . 2008-02-13 03:07 25,656 --a------ C:\Windows\System32\drivers\msahci.sys
2008-02-13 03:07 . 2008-02-13 03:07 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-02-13 03:07 . 2008-02-13 03:07 17,464 --a------ C:\Windows\System32\drivers\intelide.sys
2008-02-13 03:06 . 2008-02-13 03:06 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-13 03:06 . 2008-02-13 03:06 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-02-13 03:06 . 2008-02-13 03:06 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-02-13 03:06 . 2008-02-13 03:06 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-02-13 03:06 . 2008-02-13 03:06 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-02-13 03:06 . 2008-02-13 03:06 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-02-13 03:06 . 2008-02-13 03:06 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-02-13 03:03 . 2008-02-13 03:03 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-02-13 03:03 . 2008-02-13 03:03 824,832 --a------ C:\Windows\System32\wininet.dll
2008-02-08 14:15 . 2008-02-08 14:15 <DIR> d-------- C:\Program Files\Bonjour
2008-02-08 14:14 . 2008-02-08 14:15 <DIR> d-------- C:\Program Files\QuickTime
2008-02-07 23:48 . 2008-02-07 23:48 <DIR> d-------- C:\Windows\Sun
2008-02-07 23:39 . 2008-02-07 23:39 <DIR> d-------- C:\Program Files\EsetOnlineScanner
2008-02-02 20:08 . 2008-02-02 20:08 2,016,256 --a------ C:\Windows\System32\milcore.dll
2008-02-02 20:08 . 2008-02-02 20:08 39,936 --a------ C:\Windows\System32\dwmapi.dll
2008-02-02 20:07 . 2008-02-02 20:07 38,912 --a------ C:\Windows\System32\drivers\hidclass.sys
2008-02-02 20:07 . 2008-02-02 20:07 25,472 --a------ C:\Windows\System32\drivers\hidparse.sys
2008-02-02 20:07 . 2008-02-02 20:07 12,288 --a------ C:\Windows\System32\drivers\hidusb.sys
2008-02-02 20:00 . 2008-02-02 20:00 140,392 --a------ C:\Windows\System32\drivers\pci.sys
2008-02-02 20:00 . 2008-02-02 20:00 50,792 --a------ C:\Windows\System32\drivers\termdd.sys
2008-02-02 20:00 . 2008-02-02 20:00 50,280 --a------ C:\Windows\System32\drivers\volmgr.sys
2008-02-02 20:00 . 2008-02-02 20:00 28,776 --a------ C:\Windows\System32\drivers\mssmbios.sys
2008-02-02 20:00 . 2008-02-02 20:00 22,632 --a------ C:\Windows\System32\streamci.dll
2008-02-02 20:00 . 2008-02-02 20:00 13,928 --a------ C:\Windows\System32\drivers\msisadrv.sys
2008-02-02 20:00 . 2008-02-02 20:00 12,776 --a------ C:\Windows\System32\drivers\swenum.sys
2008-02-02 19:56 . 2008-02-02 19:56 0 -rahs---- C:\Windows\System32\drivers\103C_HP_cNB_Pavilion dv6000 (RN967UA#ABL)_Y5335KV_0U_QCNF6512HN7_E419857-DB1_4A_I30BB_SQuanta_V66.34_F.11_T061208_WV3-0_L409_M2038_J120_7Intel_86F6_91.67_#080202_N80861092;80864222_(RN967UA#ABL)_XMOBILE_CN10_Z.MRK
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\Windows\System32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\Windows\System32\QuickTime.qts
2008-01-28 17:53 . 2008-01-28 17:53 <DIR> d-------- C:\Users\Cody\AppData\Roaming\MessengerGadget
2008-01-27 16:05 . 2008-02-01 15:05 323,254,477 --a------ C:\Windows\MEMORY.DMP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-24 22:00 --------- d-----w C:\Users\Cody\AppData\Roaming\Azureus
2008-02-24 16:00 --------- d-----w C:\Users\Cody\AppData\Roaming\AVG7
2008-02-22 22:20 --------- d---a-w C:\PROGRA~3\TEMP
2008-02-22 01:31 --------- d-----w C:\Program Files\TagRename
2008-02-13 21:07 --------- d-----w C:\Program Files\dvdSanta
2008-02-13 11:06 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-13 11:06 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-13 11:06 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-13 11:06 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-13 11:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-13 11:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-13 11:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 01:21 --------- d-----w C:\Users\Cody\AppData\Roaming\mIRC
2008-02-07 23:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-05 00:47 --------- d-----w C:\Users\Cody\AppData\Roaming\Skype
2008-02-03 04:10 --------- d-----w C:\Users\Cody\AppData\Roaming\Hewlett-Packard
2008-02-03 03:56 0 --sha-r C:\Windows\system32\drivers\103C_HP_cNB_Pavilion dv6000 (RN967UA#ABL)_Y5335KV_0U_QCNF6512HN7_E419857-DB1_4A_I30BB_SQuanta_V66.34_F.11_T061208_WV3-0_L409_M2038_J120_7Intel_86F6_91.67_#080202_N80861092;80864222_(RN967UA#ABL)_XMOBILE_CN10_Z.MRK
2008-02-03 03:56 --------- d-----w C:\Program Files\Hewlett-Packard
2008-02-03 03:52 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-21 23:09 --------- d-----w C:\Program Files\Common Files\Totem Shared
2008-01-21 07:58 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-21 07:55 --------- d-----w C:\Program Files\Winamp
2008-01-16 21:53 --------- d-----w C:\Program Files\Spyware Doctor
2008-01-13 23:22 --------- d-----w C:\Users\Cody\AppData\Roaming\GrabIt
2008-01-13 23:12 --------- d-----w C:\Program Files\GrabIt
2008-01-10 20:21 --------- d-----w C:\Program Files\YoutubeGet
2008-01-10 09:57 --------- d-----w C:\Users\Cody\AppData\Roaming\Winamp
2008-01-09 08:05 --------- d-----w C:\Program Files\Trend Micro
2008-01-09 07:30 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 07:30 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 06:28 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2008-01-09 06:28 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2008-01-09 06:27 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2008-01-08 21:21 580,114 ----a-w C:\Windows\System32\x264vfw.dll
2008-01-08 21:21 --------- d-----w C:\Program Files\x264
2008-01-07 03:16 --------- d-----w C:\Program Files\mIRC
2008-01-05 23:44 --------- d-----w C:\Users\Cody\AppData\Roaming\Roxio
2008-01-05 22:54 --------- d-----w C:\Program Files\MumboJumbo
2008-01-05 22:54 --------- d-----w C:\PROGRA~3\MumboJumbo
2008-01-05 02:33 --------- d-----w C:\PROGRA~3\Microsoft Help
2008-01-05 01:53 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-03 20:12 74,240 ----a-w C:\Windows\system32\drivers\iksyssec.sys
2008-01-03 20:12 56,832 ----a-w C:\Windows\system32\drivers\iksysflt.sys
2008-01-03 20:08 --------- d-----w C:\Users\Cody\AppData\Roaming\PC Tools
2007-12-30 16:48 55,304 ----a-w C:\Windows\system32\drivers\avgwfp.sys
2007-12-30 09:25 --------- d-----w C:\Program Files\DVDlabPro2
2007-12-29 20:44 --------- d-----w C:\Program Files\TweakMASTER
2007-12-29 20:43 --------- d-----w C:\Program Files\Avi2Dvd
2007-12-29 20:38 --------- d-----w C:\Program Files\Sony
2007-12-29 20:24 --------- d-----w C:\PROGRA~3\avg7
2007-12-29 19:32 --------- d-----w C:\PROGRA~3\Grisoft
2007-12-26 01:36 --------- d-----w C:\Users\Cody\AppData\Roaming\muvee Technologies
2007-12-26 01:34 --------- d-----w C:\PROGRA~3\muvee Technologies
2007-12-26 00:42 --------- d-----w C:\Program Files\AviSynth 2.5
2007-12-25 22:21 --------- d-----w C:\Program Files\Common Files\Nero
2007-12-25 22:07 --------- d-----w C:\Program Files\Nero
2007-12-25 22:07 --------- d-----w C:\PROGRA~3\Nero
2007-12-12 11:10 1,327,104 ----a-w C:\Windows\System32\quartz.dll
2007-12-12 11:09 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
2007-12-12 11:09 223,232 ----a-w C:\Windows\System32\WMASF.DLL
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2007-12-04 01:33 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2007-12-04 01:33 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2007-12-04 01:33 682,496 ----a-w C:\Windows\System32\DivX.dll
2007-11-29 22:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2007-11-29 22:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2007-11-29 22:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2007-11-29 22:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2007-11-29 22:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2007-11-28 21:55 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2007-11-28 21:53 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2007-11-28 21:53 57,344 ----a-w C:\Windows\System32\dpv11.dll
2007-11-28 21:53 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2007-11-28 21:53 344,064 ----a-w C:\Windows\System32\dpus11.dll
2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu11.dll
2007-11-28 21:53 294,912 ----a-w C:\Windows\System32\dpu10.dll
2007-11-28 21:52 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2007-08-30 10:14 174 --sha-w C:\Program Files\desktop.ini
.
Code:
<pre>
----a-w 325,204 2006-12-22 04:56:28 C:\SWSetup\SP34746\WCAMC\FW_210_Silence Install .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-08 22:27 1232896]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-04-23 16:56 5674352]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 04:35 125440]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 15:15 221184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 04:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-21 21:05 1006264]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 09:58 159744]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 14:02 815104]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 11:39 46704]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 15:32 167936]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 08:56 317152]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 08:32 472800]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-02-26 17:54 131072]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-02-26 17:54 151552]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-02-26 17:54 126976]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-30 08:48 579072]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 01:45 222208]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-29 12:17 219136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-08-25 20:54 23090984 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-11-03 13:20 185632 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{0FFC45FC-30D5-404D-BB2F-4644DD7C5058}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{7470011F-1B79-4B18-9CAE-7FC9E86C34CC}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{9C8E356D-3BF4-4CA5-B395-15064F16FEC1}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{39711155-DA48-4198-AAF0-F6F2C35BC5F5}"= C:\Program Files\HP Connections\6811507\Program\HP Connections:HP Connections
"{979F5ED3-6EC3-4EF7-AA96-581262C05D5D}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{3A29DA65-BA4C-47C1-A495-EEB02BD2EF2C}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{BC342946-347B-42D6-8CC7-7259193C2D69}"= UDP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{4D73A558-AED2-4BE4-AE76-D57ABB923B7B}"= TCP:C:\Program Files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{35D05333-F505-4F47-947E-37E998BE6D7B}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D04AF63B-B5A0-41CE-AF5A-5B116A0A8660}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E9DCDED4-E43A-4719-B9C9-3B99135009C2}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
"{33A4A4C0-2E55-474A-9D39-2AE2DE36640F}"= UDP:C:\Program Files\WinRAR\WinRAR.exe:WinRAR
"{CF0CB864-DEF3-44E4-8E64-2F1A83F568BE}"= TCP:C:\Program Files\WinRAR\WinRAR.exe:WinRAR
"{231A0941-2F6B-4049-80B5-222CE4C37087}"= UDP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{9C208305-5499-4566-9DAE-5E2E00EA57DE}"= TCP:C:\Program Files\Grisoft\AVG7\avginet.exe:avginet.exe
"{62BD1DF3-9E0F-40E6-9F43-BFCDB913C884}"= UDP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{6BC08085-212E-4568-A23C-EC17E2B7B262}"= TCP:C:\Program Files\Grisoft\AVG7\avgamsvr.exe:avgamsvr.exe
"{16341D64-5514-4A58-8289-5F25398A5772}"= UDP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{90D1367C-25B6-4B60-8F4E-3E24F6ECC398}"= TCP:C:\Program Files\Grisoft\AVG7\avgcc.exe:avgcc.exe
"{AB32B559-B602-42FB-8357-0EB8D644F563}"= UDP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"{A2C2B91C-7D00-4C1B-9FE5-6D02EE75A052}"= TCP:C:\Program Files\Grisoft\AVG7\avgemc.exe:avgemc.exe
"TCP Query User{8A935855-27E8-42B2-A37A-CF8CE59AFF84}C:\program files\azureus\azureus.exe"= UDP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"UDP Query User{B3BE9242-3D92-4C87-ACC3-CA3CFC23DFE1}C:\program files\azureus\azureus.exe"= TCP:C:\program files\azureus\azureus.exe:Azureus|Desc=Azureus
"TCP Query User{9C803DED-7656-4DFC-90CF-C9814907982D}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"UDP Query User{0F8172CD-34E4-4D67-86B7-0E206DBA235F}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
"TCP Query User{4A87BD83-95A6-4F8A-8A9F-47FCB1B57879}C:\program files\skype\phone\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"UDP Query User{DDDD61D0-9241-41C3-9927-BACC88B693B0}C:\program files\skype\phone\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath |Desc=Skype. Take a deep breath
"TCP Query User{483C1F32-DF7D-47A4-A33D-EB018C3A5A67}C:\program files\mirc\mirc.exe"= UDP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
"UDP Query User{0ACF5EE8-2821-42E6-9B4E-9B98196514EA}C:\program files\mirc\mirc.exe"= TCP:C:\program files\mirc\mirc.exe:mIRC|Desc=mIRC
"{E659FC16-1999-45ED-A69B-57C0F84A6745}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{B2106032-B53C-460C-ABF1-0AAEB286537A}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{4ECC193F-E9F3-4DA0-B9D0-042B1F39F634}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{D78FA1B8-FA98-45FD-A14E-30F1679E4E12}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot []
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 01:39]
R3 AvgWFP;AVG7 Firewall Driver x86;C:\Windows\system32\Drivers\avgwfp.sys [2007-12-30 08:48]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-02-26 17:54]
R3 NETw3v32;Intel(R) PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-08 17:02]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2006-10-24 15:40]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D48g43BC-4266-43f0-B6ED-9D38C4202C7E}]
C:\Program Files\Common Files\mscd.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 22:15:24 C:\Windows\Tasks\User_Feed_Synchronization-{96677E4F-F3E8-4B68-8555-8AE741E93A45}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-25 14:22:52
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-25 14:24:04
.
2008-02-20 04:00:13 --- E O F ---