ComboFix 09-05-21.05 - Earny 22/05/2009 16:32.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.3070.1901 [GMT 1:00]
Running from: c:\users\Earny\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\acovcnt.exe
c:\windows\system32\UAClyimrqxixkitqcm.dll
c:\windows\system32\UACmexlmqitvrkrwlg.dll
c:\windows\system32\UACtonymqixgiuwaev.dll
c:\windows\system32\UACtupbnaxxwuvbqqi.dll
c:\windows\system32\UACuxtlemcejdeybqc.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_UACD.SYS
-------\Service_UACd.sys
((((((((((((((((((((((((( Files Created from 2009-04-22 to 2009-05-22 )))))))))))))))))))))))))))))))
.
2009-05-22 15:35 . 2009-05-22 15:37 -------- d-----w c:\users\Earny\AppData\Local\temp
2009-05-22 01:49 . 2009-05-22 01:49 -------- d-----w c:\program files\Channel4
2009-05-22 00:15 . 2009-05-06 18:06 4784464 ----a-w c:\programdata\Microsoft\Windows Defender\Definition Updates\{5504CF5B-7213-413E-BF2B-EB565D0FEF82}\mpengine.dll
2009-05-21 19:33 . 2009-05-21 19:33 -------- d-----w c:\users\Earny\AppData\Roaming\Malwarebytes
2009-05-21 19:33 . 2009-04-06 14:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-21 19:33 . 2009-04-06 14:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-21 19:33 . 2009-05-21 19:33 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-21 19:33 . 2009-05-21 19:33 -------- d-----w c:\programdata\Malwarebytes
2009-05-21 00:20 . 2009-05-21 00:20 -------- d-----w c:\program files\ERUNT
2009-05-20 23:56 . 2009-02-19 10:52 49152 ----a-w c:\users\Earny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syslogin.exe
2009-05-20 23:31 . 2009-05-21 23:09 -------- d-----w c:\windows\system32\Macromed
2009-05-20 23:25 . 2009-05-20 23:25 -------- d-----w C:\ATI
2009-05-20 23:19 . 2009-05-20 23:19 -------- d-----w c:\programdata\Channel4
2009-05-20 16:00 . 2009-05-20 16:00 -------- d-----w c:\programdata\Blizzard
2009-05-20 03:13 . 2008-10-22 01:22 2048 ----a-w c:\windows\system32\tzres.dll
2009-05-20 02:15 . 2008-06-20 01:14 97800 ----a-w c:\windows\system32\infocardapi.dll
2009-05-20 02:15 . 2008-06-20 01:14 105016 ----a-w c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-05-20 02:15 . 2008-06-20 01:14 43544 ----a-w c:\windows\system32\PresentationHostProxy.dll
2009-05-20 02:15 . 2008-06-20 01:14 11264 ----a-w c:\windows\system32\icardres.dll
2009-05-20 02:15 . 2008-06-20 01:14 622080 ----a-w c:\windows\system32\icardagt.exe
2009-05-20 02:15 . 2008-06-20 01:14 781344 ----a-w c:\windows\system32\PresentationNative_v0300.dll
2009-05-20 02:15 . 2008-06-20 01:14 326160 ----a-w c:\windows\system32\PresentationHost.exe
2009-05-20 02:08 . 2008-07-27 18:03 96760 ----a-w c:\windows\system32\dfshim.dll
2009-05-20 02:07 . 2008-07-27 18:03 282112 ----a-w c:\windows\system32\mscoree.dll
2009-05-20 02:07 . 2008-07-27 18:03 41984 ----a-w c:\windows\system32\netfxperf.dll
2009-05-20 02:07 . 2008-07-27 18:03 158720 ----a-w c:\windows\system32\mscorier.dll
2009-05-20 02:07 . 2008-07-27 18:03 83968 ----a-w c:\windows\system32\mscories.dll
2009-05-20 02:00 . 2008-10-21 05:25 1645568 ----a-w c:\windows\system32\connect.dll
2009-05-20 02:00 . 2008-11-27 04:43 268288 ----a-w c:\windows\system32\schannel.dll
2009-05-20 02:00 . 2008-12-06 04:42 376832 ----a-w c:\windows\system32\winhttp.dll
2009-05-20 02:00 . 2008-12-05 04:32 428544 ----a-w c:\windows\system32\EncDec.dll
2009-05-20 02:00 . 2008-12-05 04:32 293376 ----a-w c:\windows\system32\psisdecd.dll
2009-05-20 01:58 . 2008-06-23 01:59 996352 ----a-w c:\windows\system32\WMNetMgr.dll
2009-05-20 01:54 . 2008-09-10 03:40 1334272 ----a-w c:\windows\system32\msxml6.dll
2009-05-20 01:39 . 2008-10-16 21:09 51224 ----a-w c:\windows\system32\wuauclt.exe
2009-05-20 01:39 . 2008-10-16 21:09 43544 ----a-w c:\windows\system32\wups2.dll
2009-05-20 01:39 . 2008-10-16 21:13 1809944 ----a-w c:\windows\system32\wuaueng.dll
2009-05-20 01:39 . 2008-10-16 20:56 1524736 ----a-w c:\windows\system32\wucltux.dll
2009-05-20 01:39 . 2008-10-16 13:08 162064 ----a-w c:\windows\system32\wuwebv.dll
2009-05-20 01:39 . 2008-10-16 12:56 31232 ----a-w c:\windows\system32\wuapp.exe
2009-05-19 06:56 . 2009-05-19 06:56 -------- d-----w c:\program files\Alwil Software
2009-05-19 06:56 . 2008-02-23 04:38 170496 ----a-w c:\windows\system32\tcpipcfg.dll
2009-05-19 06:56 . 2008-02-23 02:41 22528 ----a-w c:\windows\system32\netiougc.exe
2009-05-19 06:55 . 2009-05-19 06:55 -------- d-----w c:\program files\Zone Labs
2009-05-19 06:54 . 2009-02-15 23:11 293528 ----a-w c:\windows\system32\drivers\vsdatant.sys
2009-05-19 06:52 . 2009-05-19 06:52 -------- d-----w c:\programdata\CheckPoint
2009-05-19 06:52 . 2009-05-20 23:55 -------- d-----w c:\windows\Internet Logs
2009-05-19 04:26 . 2009-05-22 15:31 -------- d-----w c:\users\Earny\AppData\Local\CurseClient
2009-05-19 04:26 . 2009-05-20 01:19 -------- d-----w c:\program files\Curse
2009-05-19 04:17 . 2009-05-19 05:10 -------- d-----w c:\windows\BDOSCAN8
2009-05-19 04:15 . 2009-05-19 04:15 -------- d-----w c:\users\Earny\AppData\Roaming\uTorrent
2009-05-18 17:22 . 2009-05-18 17:22 -------- d-----w c:\users\Earny\AppData\Roaming\Apple Computer
2009-05-18 13:42 . 2009-05-18 13:42 -------- d-----w c:\users\Earny\AppData\Roaming\DAEMON Tools
2009-05-18 13:42 . 2009-05-18 13:42 -------- d-----w c:\users\Earny\AppData\Roaming\ATI
2009-05-17 22:38 . 2009-05-17 22:38 -------- d-----w c:\users\Earny\AppData\Roaming\vlc
2009-05-17 22:34 . 2009-05-17 22:34 -------- d--h--w c:\windows\PIF
2009-05-17 02:04 . 2009-05-17 02:04 -------- d-----w C:\VundoFix Backups
2009-05-15 01:25 . 2009-05-15 01:25 -------- d-----w c:\users\Earny\Stuff
2009-05-13 16:54 . 2009-05-13 16:54 -------- d-----w c:\program files\Microsoft Silverlight
2009-05-13 14:05 . 2009-05-13 14:30 -------- d-----w c:\programdata\Spybot - Search & Destroy
2009-05-13 14:05 . 2009-05-13 14:05 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-09 07:07 . 2009-05-09 07:07 -------- d-----w c:\programdata\ATI
2009-05-09 03:51 . 2009-05-09 03:51 -------- d-----w c:\programdata\LightScribe
2009-05-09 02:42 . 2009-05-09 03:03 -------- d-----w c:\programdata\Apple Computer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 15:37 . 2008-09-17 15:44 -------- d-----w c:\program files\World of Warcraft
2009-05-22 15:35 . 2008-11-30 01:15 -------- d-----w c:\programdata\Kontiki
2009-05-22 15:35 . 2008-08-17 07:00 12 ----a-w c:\windows\bthservsdp.dat
2009-05-22 01:49 . 2008-11-30 01:15 -------- d-----w c:\program files\Kontiki
2009-05-21 04:10 . 2008-09-19 19:34 75064 ----a-w c:\windows\system32\PnkBstrA.exe
2009-05-20 23:48 . 2008-08-17 07:48 -------- d-----w c:\program files\ASUS
2009-05-20 23:45 . 2008-09-25 16:23 -------- d-----w c:\program files\Java
2009-05-20 23:43 . 2008-09-17 13:10 -------- d-----w c:\program files\Common Files\Apple
2009-05-20 15:34 . 2006-11-02 11:18 -------- d-----w c:\program files\Windows Mail
2009-05-19 23:56 . 2008-09-29 16:03 -------- d-----w c:\program files\EditPlus 3
2009-05-19 00:04 . 2009-04-08 01:10 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-17 22:48 . 2008-08-17 07:21 -------- d--h--w c:\program files\InstallShield Installation Information
2009-05-17 22:44 . 2008-09-25 16:24 -------- d-----w c:\program files\Sun
2009-05-17 22:19 . 2008-09-17 14:03 794 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-05-15 18:35 . 2008-11-11 11:46 680 ----a-w c:\users\Earny\AppData\Local\d3d9caps.dat
2009-05-09 18:14 . 2008-09-19 19:34 189072 ----a-w c:\windows\system32\PnkBstrB.exe
2009-05-09 02:35 . 2008-09-18 19:18 -------- d-----w c:\program files\Microsoft Money
2009-05-09 02:19 . 2008-09-19 19:15 -------- d-----w c:\program files\Activision
2009-04-14 22:56 . 2009-04-14 22:56 93 ----a-w c:\users\Earny\AppData\Local\fusioncache.dat
2009-04-14 15:49 . 2008-09-19 19:35 138920 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-09 14:45 . 2008-09-17 13:39 -------- d-----w c:\program files\Teamspeak2_RC2
2009-04-08 00:42 . 2009-04-08 00:42 -------- d-----w c:\program files\iTunes
2009-04-08 00:42 . 2009-04-08 00:42 -------- d-----w c:\program files\iPod
2009-04-08 00:40 . 2009-04-08 00:39 -------- d-----w c:\program files\QuickTime
2009-03-19 15:32 . 2009-04-08 00:42 23400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-17 03:38 . 2009-05-20 01:59 13824 ----a-w c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-05-20 01:59 24064 ----a-w c:\windows\system32\amxread.dll
2009-03-08 11:34 . 2009-05-20 03:06 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 11:34 . 2009-05-20 03:06 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 11:33 . 2009-05-20 03:06 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 11:33 . 2009-05-20 03:06 109056 ----a-w c:\windows\system32\iesysprep.dll
2009-03-08 11:33 . 2009-05-20 03:06 109568 ----a-w c:\windows\system32\PDMSetup.exe
2009-03-08 11:33 . 2009-05-20 03:06 132608 ----a-w c:\windows\system32\ieUnatt.exe
2009-03-08 11:33 . 2009-05-20 03:06 107520 ----a-w c:\windows\system32\RegisterIEPKEYs.exe
2009-03-08 11:33 . 2009-05-20 03:06 107008 ----a-w c:\windows\system32\SetIEInstalledDate.exe
2009-03-08 11:33 . 2009-05-20 03:06 103936 ----a-w c:\windows\system32\SetDepNx.exe
2009-03-08 11:33 . 2009-05-20 03:06 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 11:32 . 2009-05-20 03:06 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 11:32 . 2009-05-20 03:06 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 11:32 . 2009-05-20 03:06 66560 ----a-w c:\windows\system32\wextract.exe
2009-03-08 11:32 . 2009-05-20 03:06 169472 ----a-w c:\windows\system32\iexpress.exe
2009-03-08 11:31 . 2009-05-20 03:06 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 11:31 . 2009-05-20 03:06 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 11:31 . 2009-05-20 03:06 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 11:22 . 2009-05-20 03:06 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-03 04:46 . 2009-05-20 01:59 3599328 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-05-20 01:59 3547632 ----a-w c:\windows\system32\ntoskrnl.exe
2009-03-03 04:39 . 2009-05-20 01:59 183296 ----a-w c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-05-20 01:59 551424 ----a-w c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-05-20 01:59 26112 ----a-w c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-05-20 01:59 98304 ----a-w c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-05-20 01:59 54784 ----a-w c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-05-20 01:59 44032 ----a-w c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-05-20 01:59 666624 ----a-w c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-05-20 01:59 17408 ----a-w c:\windows\system32\iashost.exe
2009-02-25 17:57 . 2009-02-25 17:57 782664 ----a-w c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"CurseClient"="c:\program files\Curse\CurseClient.exe" [2009-05-14 1933312]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"4oD"="c:\program files\Kontiki\KHost.exe" [2007-04-23 1032640]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-01-15 4874240]
c:\users\Earny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
syslogin.exe [2009-2-19 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave2"= serwvdrv.dll
[HKLM\~\startupfolder\C:^Users^Earny^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^syslogin.exe]
path=c:\users\Earny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\syslogin.exe
backup=c:\windows\pss\syslogin.exe.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0"
"UpdatesDisableNotify"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{1BDE7BBC-5E9C-4650-B55E-811958EE200E}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{AB7AC61F-CFE2-48C8-9C62-23A625CD17A8}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{66CCC8C3-36AB-48BD-8AEC-48CFE2FBF0AC}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{E74FB934-D35F-40C5-91D0-DFC27278D318}"= UDP:d:\itunes\iTunes.exe:iTunes
"{C2D16726-EA00-42DC-823A-6C47A407C4E4}"= TCP:d:\itunes\iTunes.exe:iTunes
"TCP Query User{293E4FEB-121A-47FE-BFC9-606BC4507921}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{931637E1-F5F8-4774-AD85-A79715C90284}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III
"{C794C334-5228-4D61-B8EB-8424C61640F4}"= UDP:c:\windows\System32\PnkBstrA.exe

nkBstrA
"{D02CFD0D-9546-4E71-AC60-F6ED7D960EBE}"= TCP:c:\windows\System32\PnkBstrA.exe

nkBstrA
"{C4D6B579-4177-4567-BF67-FA1CA73C737C}"= UDP:c:\windows\System32\PnkBstrB.exe

nkBstrB
"{C8E1EC95-02A4-484F-B575-6882FCCC3825}"= TCP:c:\windows\System32\PnkBstrB.exe

nkBstrB
"{15C04CD5-4447-4F5A-B441-E944B4B967E2}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{01D80BBE-01A7-41D8-B83C-2EAE2405E1F9}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{2310B777-539D-4FFC-9178-22FE10C8D527}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{32F6A012-CA04-4336-98BF-0DC0FFF33C37}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"{4371EF34-597F-47C0-B3D8-2DE578050AE7}"= UDP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{1C2A060B-8437-4E67-832E-8D1C89119250}"= TCP:c:\program files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"TCP Query User{DE309774-F38D-4D42-A271-851974795E43}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{079C54BB-F961-4CBC-A05A-36B327B1CC5A}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{BFA0F3D2-7877-45E9-AA89-59D10A14CD63}c:\\program files\\napster\\napster.exe"= UDP:c:\program files\napster\napster.exe:Napster
"UDP Query User{8A3AC0DA-8D80-47B4-B3DB-C9E8B5DE328F}c:\\program files\\napster\\napster.exe"= TCP:c:\program files\napster\napster.exe:Napster
"TCP Query User{74157E5C-138D-44D4-B1D0-97EADB53084E}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{DB3E2E78-5897-43EB-8042-929E3C5A4F67}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{CB9AAD20-16B1-4793-99AC-5859D1B2B81D}d:\\warcraft iii\\war3.exe"= UDP:d:\warcraft iii\war3.exe:Warcraft III
"UDP Query User{7C69D0DF-1435-4EF6-876F-128B0FB5700E}d:\\warcraft iii\\war3.exe"= TCP:d:\warcraft iii\war3.exe:Warcraft III
"TCP Query User{4993A64F-E259-4266-A04F-72009CE48248}c:\\users\\earny\\downloads\\war europe downloader.exe"= UDP:c:\users\earny\downloads\war europe downloader.exe:war europe downloader.exe
"UDP Query User{2FC9CBBF-DBBE-4306-9870-E38C974E9C95}c:\\users\\earny\\downloads\\war europe downloader.exe"= TCP:c:\users\earny\downloads\war europe downloader.exe:war europe downloader.exe
"TCP Query User{69A53D3C-4E3E-42F3-843C-6511F479E4C1}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{BF771044-CE7C-46CF-B76A-8E6AA4A976B1}c:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:c:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"TCP Query User{E9AEA050-38D8-475E-A0C9-3F3B987E6828}c:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= UDP:c:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{586B4A60-69C8-42F8-9FE3-75E09FAAEFF8}c:\\program files\\java\\jdk1.6.0_06\\jre\\bin\\java.exe"= TCP:c:\program files\java\jdk1.6.0_06\jre\bin\java.exe:Java(TM) Platform SE binary
"{5B4610F9-F298-4937-AE9C-71FD6F090A97}"= UDP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"{6B6B4DB4-169E-41E2-BFB6-184861E2D016}"= TCP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"{AFC6F792-E62A-4FE4-9140-C9B25DD012E6}"= UDP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"{FEB03F2E-D108-428A-ABB3-F0CD4E37D761}"= TCP:c:\program files\Kontiki\KService.exe

elivery Manager Service
"{4C332CBD-2A7F-4640-9A7F-25BAC36C4999}"= UDP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{F29E82CD-A469-492B-972C-8972F3AA9809}"= TCP:c:\program files\Ventrilo\Ventrilo.exe:Ventrilo.exe
"{9268D6BF-6621-41DE-B3EC-9ADDAF05E29E}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{DD21C04E-9345-473A-AFB4-A34FF02290B1}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{15EAC5B7-99EB-4FB6-99E8-934EDB89507F}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{6E747CEA-643D-4C1F-9AD6-404D5BE6B179}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{13C72D14-18A5-4F87-81E1-882B79209FE9}c:\\program files\\world of warcraft\\repair.exe"= UDP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"UDP Query User{4E9C3C23-3F18-4BD9-9FB6-77DABF2E7E7C}c:\\program files\\world of warcraft\\repair.exe"= TCP:c:\program files\world of warcraft\repair.exe:Blizzard Repair Utility
"TCP Query User{37699DD7-7F0B-4431-85FA-846B3E65B7AA}c:\\program files\\world of warcraft\\launcher.exe"= UDP:c:\program files\world of warcraft\launcher.exe:Blizzard Launcher
"UDP Query User{D997D6EA-1AEF-4E8C-A951-0F20E739037A}c:\\program files\\world of warcraft\\launcher.exe"= TCP:c:\program files\world of warcraft\launcher.exe:Blizzard Launcher
"{755497A6-37F3-4B80-A520-F0FEB6433184}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{875468E4-A2A4-420B-9161-2266086F7CAC}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{6F7B41E9-0BB2-4D25-8C46-8F1A6811B41B}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{B4956736-7850-446A-BA79-D7BD77DC49B3}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{C420F031-277D-499C-A2DA-82D441BA1D2A}c:\\program files\\java\\jre6\\bin\\java.exe"= UDP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"UDP Query User{03B06624-8A8F-4F80-8E24-20E16A34F8FC}c:\\program files\\java\\jre6\\bin\\java.exe"= TCP:c:\program files\java\jre6\bin\java.exe:Java(TM) Platform SE binary
"{44823E84-D54B-4E8B-BEA4-0108EC7E50C5}"= UDP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{F5B09EF3-6F85-4ECE-A0A9-6C0CD62C956A}"= TCP:c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:Veoh Web Player
"{B45B961A-AE91-4002-BE61-5F4206387452}"= UDP:c:\program files\Spotify\spotify.exe:Spotify
"{39F7AEBC-BF78-4A89-8A49-070BE0DE8CE7}"= TCP:c:\program files\Spotify\spotify.exe:Spotify
"{ACFC1D67-CC16-4134-B3DF-9600FA8E0FCE}"= UDP:c:\program files\Curse\CurseClient.exe:Curse Client
"{8E021C60-9E7A-4E54-9F20-7779BF22573F}"= TCP:c:\program files\Curse\CurseClient.exe:Curse Client
S3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [17/08/2008 09:15 49664]
--- Other Services/Drivers In Memory ---
*Deregistered* - sptd
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{B4E30F61-16D9-11D3-85D1-005004229569} - {85E0B172-04FA-11D1-B7DA-00A0C90348D6} - c:\lotus\organize\bandobjs.dll
FF - ProfilePath - c:\users\Earny\AppData\Roaming\Mozilla\Firefox\Profiles\hiryjq62.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-05-22 16:37
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1255488582-3988647465-3781306417-1000\Software\SecuROM\License information*]
"datasecu"=hex:38,1e,8d,57,05,68,c9,4d,52,b2,3b,af,93,86,59,5c,05,43,0c,59,22,
80,e9,59,94,15,d2,89,37,99,c6,1b,4c,ca,bb,6b,43,4b,63,83,20,39,92,7d,34,68,\
"rkeysecu"=hex:e2,26,6d,94,9c,ba,ad,1d,64,79,70,1b,d8,19,de,23
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\
0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\ASUS\SmartLogon\sensorsrv.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\windows\System32\PnkBstrA.exe
c:\windows\System32\PnkBstrB.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\ehome\ehmsas.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-05-22 16:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-22 15:40
Pre-Run: 20,622,901,248 bytes free
Post-Run: 20,546,154,496 bytes free
311 --- E O F --- 2009-05-20 03:21