ComboFix 09-05-08.03 - Ryan 05/09/2009 5:40.2 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.894.347 [GMT -5:00]
Running from: c:\users\Ryan\Desktop\ComboFix.exe
FW: CA Personal Firewall 9.1.0.35 *disabled*
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\temp\tn3
.
((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
.
2009-05-09 02:32 . 2009-05-09 02:32 -------- d-----w c:\users\Ryan\AppData\Roaming\Malwarebytes
2009-05-09 02:32 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-09 02:32 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-09 02:32 . 2009-05-09 02:32 -------- d-----w c:\programdata\Malwarebytes
2009-05-09 02:32 . 2009-05-09 02:32 -------- d-----w c:\users\All Users\Malwarebytes
2009-05-09 02:32 . 2009-05-09 02:32 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-30 04:56 . 2009-04-30 05:02 -------- d-----w c:\users\Ryan\AppData\Roaming\Hamachi
2009-04-30 04:55 . 2009-04-30 04:55 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-19 02:46 . 2009-04-20 01:50 -------- d-----w c:\users\Ryan\Coupons
2009-04-19 01:48 . 2008-10-01 00:35 65536 ----a-w c:\windows\system32\camcodec.dll
2009-04-19 01:40 . 2009-04-19 01:40 -------- d-----w c:\program files\CamStudio
2009-04-15 00:23 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-04-15 00:23 . 2008-06-06 03:27 562176 ----a-w c:\windows\system32\msdtcprx.dll
2009-04-15 00:23 . 2008-06-06 03:27 38912 ----a-w c:\windows\system32\xolehlp.dll
2009-04-12 19:39 . 2002-12-10 07:20 102439 ----a-w c:\windows\system32\sipr3260.dll
2009-04-12 19:39 . 2006-09-29 17:24 217127 ----a-w c:\windows\system32\drv43260.dll
2009-04-12 19:39 . 2006-09-29 17:25 208935 ----a-w c:\windows\system32\drv33260.dll
2009-04-12 19:39 . 2006-09-29 17:26 176165 ----a-w c:\windows\system32\drv23260.dll
2009-04-12 19:39 . 2007-03-19 01:37 65602 ----a-w c:\windows\system32\cook3260.dll
2009-04-12 19:39 . 2006-05-12 00:21 626688 ----a-w c:\windows\system32\vp7vfw.dll
2009-04-12 19:39 . 2006-05-20 21:16 1184984 ----a-w c:\windows\system32\wvc1dmod.dll
2009-04-12 19:39 . 2009-04-12 19:39 -------- d-----w c:\program files\VSO
2009-04-10 08:51 . 2009-04-10 08:51 -------- d-----w c:\program files\WMPTagSupportExtender
2009-04-10 08:47 . 2009-04-10 08:47 -------- d-----w c:\program files\Ogg Codecs
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 02:17 . 2007-11-27 07:09 -------- d-----w c:\program files\BitLord
2009-05-07 16:31 . 2008-09-08 03:22 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-15 08:28 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-04-12 19:39 . 2006-11-02 10:25 51200 ----a-w c:\windows\inf\infpub.dat
2009-04-12 19:39 . 2006-11-02 10:25 143360 ----a-w c:\windows\inf\infstrng.dat
2009-04-12 19:39 . 2007-11-28 05:35 47360 ----a-w c:\users\Ryan\AppData\Roaming\pcouffin.sys
2009-04-03 20:51 . 2007-08-31 12:10 -------- d-----w c:\program files\Java
2009-03-17 03:38 . 2009-04-15 00:21 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 00:21 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-09 10:19 . 2008-12-16 09:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-03 04:46 . 2009-04-15 00:21 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-15 00:21 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-15 00:21 827392 ----a-w c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-15 00:21 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-15 00:21 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-15 00:21 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-15 00:21 78336 ----a-w c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-15 00:21 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-15 00:21 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-15 00:21 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-15 00:21 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-15 00:21 17408 ----a-w c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-15 00:21 26624 ----a-w c:\windows\system32\ieUnatt.exe
2009-02-26 19:27 . 2007-11-24 07:32 108248 ----a-w c:\users\Ryan\AppData\Local\GDIPFONTCACHEV1.DAT
2009-02-13 08:49 . 2009-04-15 00:21 72704 ----a-w c:\windows\system32\secur32.dll
2009-02-13 08:49 . 2009-04-15 00:21 1255936 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 03:10 . 2009-03-11 06:56 2033152 ----a-w c:\windows\system32\win32k.sys
2008-05-24 08:32 . 2006-11-02 12:48 174 --sha-w c:\program files\desktop.ini
2007-12-20 05:57 . 2007-12-20 05:39 72 --sh--w c:\windows\SE2814D68.tmp
2007-08-31 12:18 . 2007-08-31 12:12 8192 --sha-w c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-05-09_00.43.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-31 11:44 . 2009-05-09 10:40 46528 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:02 . 2009-05-09 10:40 57954 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-24 08:31 . 2009-05-09 10:40 9308 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1060344925-2780176758-1917801657-1000_UserData.bin
- 2009-05-09 00:42 . 2009-05-09 00:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-09 10:38 . 2009-05-09 10:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-05-09 10:38 . 2009-05-09 10:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-05-09 00:42 . 2009-05-09 00:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2008-02-22 54672]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-04-03 44168]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-04-17 9117696]
c:\users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{9C86FEAD-811F-4FF3-8721-EB157BFEF68A}"= c:\program files\HP\DVDPlay\DVDPlay.exe:_this_program_will_be_deleted
"{D65B3374-533C-4D90-BB24-15A6927E9EE6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{37775002-EA0C-4733-9624-CDEEAF341F41}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CF5E2A38-41CC-4BF8-AA57-97396D5BBC61}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{53C5FEA9-F35C-4662-9C20-C71829D85BF0}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B9240566-E56A-4F7D-AFCB-61EF15F38456}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2741757D-95B3-4596-A1E2-63CCE3761046}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"TCP Query User{3536B1B5-56B4-4020-9004-577A12F6B4FE}c:\\program files\\bitlord2\\bitlord.exe"= UDP:c:\program files\bitlord2\bitlord.exe:
"UDP Query User{441B2425-EC46-4892-B907-53AEADCFACE0}c:\\program files\\bitlord2\\bitlord.exe"= TCP:c:\program files\bitlord2\bitlord.exe:
"TCP Query User{0731591D-AA69-4FF6-86D7-255615836873}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{377F63FF-8C84-43A9-8956-5233E7DF1395}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{70FE5CB0-71CA-4E79-BA7A-3240893F8B12}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{799ABF85-372D-453D-BB3F-18707F003BA4}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{01C6D322-6D61-463E-83DB-38B9A98E82C6}"= UDP:465:Mail
"{E23C8140-18FA-4D5A-A4A8-CCE752C0CC78}"= UDP:c:\program files\Windows Mail\WinMail.exe:Windows Mail
"{235DD089-2ECB-40C7-BBC5-EB38009270C5}"= TCP:c:\program files\Windows Mail\WinMail.exe:Windows Mail
"{20465406-8411-47E5-AF89-B204DE3063EA}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{56AA1E21-769D-46F7-99E0-AB8316878394}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{02F3DD92-B915-451C-AE17-EBFA76CC0C53}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{FAB8CD17-D4CC-425D-A59D-54D5F5FBAB2A}c:\\program files\\bitlord\\bitlord.exe"= UDP:c:\program files\bitlord\bitlord.exe:BitLord
"UDP Query User{1CB4E6B4-05FE-4B72-ADCB-F6C9A277ABD3}c:\\program files\\bitlord\\bitlord.exe"= TCP:c:\program files\bitlord\bitlord.exe:BitLord
"TCP Query User{E4E66911-5990-4135-964E-2C88DAEA69B2}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{C2B29A37-309B-472E-901F-9F6CFC4FDCCC}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{5059CF4C-635F-4FEC-9698-CBD6B2A50F4A}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{D49DD4D4-FC57-4612-9535-551D9A9D3AD8}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{6BAE0F52-B1D2-426A-A762-FDF076A2991E}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{17657C76-C626-48D2-A385-662CBD354954}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{F15C73A3-8450-48F7-8B88-35BCF8ED28B5}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{53BF35D3-B30E-4238-931E-1AC495B7F2A9}"= c:\program files\HP\DVDPlay\DVDPlay.exe:DVD Play
"{5AEAF1ED-B3D9-436A-96FF-8B6E936DCB50}"= c:\program files\HP\DVDPlay\DPService.exe:DVD Play Resident Program
"TCP Query User{8CBCA77E-8EE4-40EF-B731-686A758CEC69}c:\\program files\\myspace\\im\\myspaceim.exe"= UDP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"UDP Query User{2A567ED7-D1B6-4ED4-9AC2-371D6081BCF3}c:\\program files\\myspace\\im\\myspaceim.exe"= TCP:c:\program files\myspace\im\myspaceim.exe:MySpace Instant Messenger
"{96209DCA-5217-440F-BAE1-533B2EFBC058}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{9E0793A1-1331-4B46-B137-EAC2A4A588A1}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{942C3071-C247-4E9A-A17F-E04D9F395228}"= Disabled:c:\program files\HP\DVDPlay\DVDPlay.exe:_this_program_will_be_deleted
"{72365225-E1C1-45B1-A9AA-139562AE0D62}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{7964AE64-162A-4EE3-B8DF-F27F50AA0B46}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9150287E-8E69-484A-9182-A8AE0E9D9B82}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{282AC7FE-B57B-47B7-8A7B-10435384DFAF}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"TCP Query User{B10828DB-1B3F-4597-8E44-30A2105E2E22}c:\\users\\ryan\\appdata\\local\\temp\\blizzard launcher temporary - e057b678\\launcher.exe"= UDP:c:\users\ryan\appdata\local\temp\blizzard launcher temporary - e057b678\launcher.exe:launcher.exe
"UDP Query User{6596A967-99CA-4642-BF6B-0F1C44035FF9}c:\\users\\ryan\\appdata\\local\\temp\\blizzard launcher temporary - e057b678\\launcher.exe"= TCP:c:\users\ryan\appdata\local\temp\blizzard launcher temporary - e057b678\launcher.exe:launcher.exe
"TCP Query User{4EFA302C-CAD8-4EBA-8203-E1E47FF03D43}c:\\users\\ryan\\desktop\\world of warcraft\\launcher.exe"= UDP:c:\users\ryan\desktop\world of warcraft\launcher.exe:launcher.exe
"UDP Query User{DE3EDF2E-8345-45D4-9B77-37298FACDF5E}c:\\users\\ryan\\desktop\\world of warcraft\\launcher.exe"= TCP:c:\users\ryan\desktop\world of warcraft\launcher.exe:launcher.exe
"TCP Query User{6294D9AA-4B4D-48FD-BAAC-56C0A862CBE0}c:\\users\\ryan\\desktop\\world of warcraft\\backgrounddownloader.exe"= UDP:c:\users\ryan\desktop\world of warcraft\backgrounddownloader.exe:backgrounddownloader.exe
"UDP Query User{FE8D1AC9-99EB-4DB8-AF49-17F8F6C237E1}c:\\users\\ryan\\desktop\\world of warcraft\\backgrounddownloader.exe"= TCP:c:\users\ryan\desktop\world of warcraft\backgrounddownloader.exe:backgrounddownloader.exe
"{7ADF827F-AF6D-4947-B151-51EDC1DA8A52}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2DF174C7-3D93-4CCB-B77E-5D156746F8E7}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B745A776-E328-43D9-B5B0-C8DA7FBD43EF}"= Disabled:UDP:c:\program files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"{9CC1770F-3783-40AC-ADA4-A0D482EF2B98}"= Disabled:TCP:c:\program files\Tunebite\TunebiteHelper.exe:TunebiteHelper
"TCP Query User{911B0E8A-58E1-4639-8AE5-EE58A844CDCF}c:\\program files\\world series of poker toc\\wsoptoc.exe"= Disabled:UDP:c:\program files\world series of poker toc\wsoptoc.exe:WSOPTOC
"UDP Query User{15A92E16-731F-4A28-9134-F2BD6BB5B369}c:\\program files\\world series of poker toc\\wsoptoc.exe"= Disabled:TCP:c:\program files\world series of poker toc\wsoptoc.exe:WSOPTOC
"{95FCD858-85F7-48BC-9B7A-E0833766A6CA}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe:Blizzard Downloader
"{2F136575-B2E0-4FE4-B642-2DEDFD1B1638}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.2.9056-to-3.0.3.9183-enUS-downloader.exe:Blizzard Downloader
"{2E20541B-5AA5-4F32-8CBB-FB0DB18E533B}"= UDP:3724:Blizzard Downloader: 3724
"{4C554C80-281A-44A5-9FF1-D6EE357DF8E0}"= UDP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe:Blizzard Downloader
"{248EE5F3-6300-40E6-B204-F769D068B556}"= TCP:c:\users\Public\Documents\Blizzard Entertainment\World of Warcraft\WoW-3.0.3.9183-to-3.0.8.9464-enUS-downloader.exe:Blizzard Downloader
"TCP Query User{A5C3A14C-F429-427B-9B63-74F01C63F632}c:\\program files\\hamachi\\hamachi.exe"= UDP:c:\program files\hamachi\hamachi.exe:Hamachi Client
"UDP Query User{8F8D7B64-4F71-41A5-BEEB-CCB3F0A99F6C}c:\\program files\\hamachi\\hamachi.exe"= TCP:c:\program files\hamachi\hamachi.exe:Hamachi Client
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
S3 US122;US122 Driver;c:\windows\System32\drivers\US122.sys [8/29/2008 1:57 AM 131968]
S3 US122DL;US122 Firmware Downloader;c:\windows\System32\drivers\US122DL.sys [8/29/2008 1:57 AM 18304]
S3 Us122WdmService;US122 Wdm Audio;c:\windows\System32\drivers\US122Wdm.sys [8/29/2008 1:57 AM 39168]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=Presario&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\kgobozax.default\
FF - prefs.js: browser.startup.homepage - hxxp://thottbot.com/
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-09 05:46
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-05-09 5:48
ComboFix-quarantined-files.txt 2009-05-09 10:47
ComboFix2.txt 2009-05-09 00:49
Pre-Run: 9,205,952,512 bytes free
Post-Run: 9,201,483,776 bytes free
233 --- E O F --- 2009-05-08 08:01