View Single Post

xroxis01 · 06-08-2008, 09:36 PM

ComboFix 08-06-07.3 - israel 2008-06-08 13:29:56.1 - NTFSx86
Running from: C:\Users\israel\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Users\israel\FAVORI~1\Online Security Test.url
C:\Users\israel\Favorites\Online Security Test.url
C:\Windows\install.exe
C:\Windows\system32\server.exe

.
((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-06-08 18:27 27,934 ----a-w C:\Users\israel\AppData\Roaming\nvModes.dat
2008-06-08 03:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-08 03:33 --------- d-----w C:\Program Files\Pyro Studios
2008-06-08 00:00 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-06-08 00:00 --------- d-----w C:\Program Files\Windows Mail
2008-06-08 00:00 --------- d-----w C:\Program Files\Windows Journal
2008-06-08 00:00 --------- d-----w C:\Program Files\Windows Collaboration
2008-06-07 23:59 --------- d-----w C:\Program Files\Windows Sidebar
2008-06-07 23:46 --------- d-----w C:\Program Files\Firefly Studios
2008-06-07 03:10 --------- d-----w C:\Users\israel\AppData\Roaming\LimeWire
2008-06-06 16:13 --------- d-----w C:\ProgramData\NVIDIA
2008-06-06 14:03 --------- d-----w C:\Program Files\DirectX
2008-06-06 14:02 --------- d-----w C:\Program Files\GameSpy Arcade
2008-06-06 13:52 --------- d-----w C:\Program Files\DreamCatcher
2008-06-03 16:50 --------- d-----w C:\Users\israel\AppData\Roaming\Skype
2008-06-03 14:44 --------- d-----w C:\Users\israel\AppData\Roaming\skypePM
2008-05-31 02:43 --------- d-----w C:\Program Files\The Guild 2 - Pirates of the European Seas
2008-05-31 00:55 737,280 ----a-w C:\Windows\iun6002.exe
2008-05-30 21:41 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-30 21:41 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-30 21:41 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-30 21:41 --------- d-----w C:\Program Files\Symantec
2008-05-29 02:06 --------- d-----w C:\Program Files\Google SketchUp Pro v6
2008-05-29 02:01 --------- d-----w C:\Program Files\Google
2008-05-26 01:25 --------- d-----w C:\Program Files\Sega
2008-05-25 20:26 --------- d-----w C:\Program Files\WMV9_VCM
2008-05-25 20:18 --------- d-----w C:\Program Files\Paradox Interactive
2008-05-25 20:00 --------- d-----w C:\Program Files\Enlight
2008-05-24 23:24 --------- d-----w C:\Program Files\Digital Reality
2008-05-24 17:22 --------- d-----w C:\Program Files\Common Files\Alias Shared
2008-05-24 17:19 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-24 17:17 6,656 ----a-w C:\Windows\System32\haspvdd.dll
2008-05-24 17:17 47,616 ----a-w C:\Windows\system32\drivers\Haspnt.sys
2008-05-24 17:06 --------- d-----w C:\Program Files\Autodesk
2008-05-23 00:08 --------- d-----w C:\Program Files\HD Publishing
2008-05-21 04:34 --------- d-----w C:\Users\israel\AppData\Roaming\U3
2008-05-20 20:52 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-18 16:23 --------- d-----w C:\Program Files\Ubisoft
2008-05-14 09:02 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-11 15:25 --------- d-----w C:\Program Files\Tilted Mill
2008-05-10 19:38 --------- d-----w C:\ProgramData\Roxio
2008-05-10 19:11 --------- d-----w C:\Users\israel\AppData\Roaming\Roxio
2008-05-10 19:10 --------- d-----w C:\ProgramData\Sonic
2008-05-08 22:15 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-05-08 21:52 --------- d-----w C:\Program Files\CAPCOM
2008-05-04 00:23 --------- d-----w C:\Program Files\Sierra
2008-05-02 23:41 --------- d-----w C:\Program Files\Valve
2008-05-02 01:57 --------- d-----w C:\Program Files\G2 Games
2008-04-30 23:59 --------- d-----w C:\Users\israel\AppData\Roaming\Ascaron Entertainment
2008-04-30 23:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-28 02:48 --------- d-----w C:\ProgramData\Office Genuine Advantage
2008-04-28 01:35 --------- d-----w C:\Users\israel\AppData\Roaming\Hamachi
2008-04-27 22:32 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
2008-04-25 17:45 --------- d-----w C:\Users\israel\AppData\Roaming\Yahoo!
2008-04-19 20:43 --------- d-----w C:\Program Files\HP
2008-04-16 20:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe
2008-04-15 04:08 --------- d-----w C:\Program Files\Sierra Wireless
2008-04-13 15:13 --------- d-----w C:\Users\israel\AppData\Roaming\Microsoft Games
2008-04-13 15:13 --------- d-----w C:\Program Files\Microsoft Games
2008-04-13 04:42 --------- d-----w C:\Program Files\Common Files\Microsoft Games
2008-04-08 20:48 --------- d-----w C:\Program Files\Common Files\Stardock
2008-02-19 01:07 22,328 ----a-w C:\Users\israel\AppData\Roaming\PnkBstrK.sys
2008-01-16 21:43 174 --sha-w C:\Program Files\desktop.ini
2008-01-15 18:20 32 ----a-w C:\Users\All Users\ezsid.dat
2008-01-15 18:20 32 ----a-w C:\ProgramData\ezsid.dat
2007-11-16 02:18 32 ----a-r C:\Users\All Users\hash.dat
2007-11-16 02:18 32 ----a-r C:\ProgramData\hash.dat
2008-01-01 08:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t
2008-01-01 08:20 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-01 08:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 16:23 1773568]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 06:35 125440]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 10:51 486856]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:36 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 19:11 176128]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 12:38 159744]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 14:18 472776]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 17:12 317128]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 03:45 222208]
"VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 15:46 709992]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560]
"NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-11-07 08:05 81920]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 01:05 217088]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-09-19 17:30 66816]
"LiveUpdate"="C:\Program Files\Byteswarm\LiveUpdate\LiveUpdate.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

C:\Users\israel\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\
VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-03-30 23:16:20 1738032]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"VIDC.XFR1"= xfcodec.dll
"SENTINEL"= snti386.dll

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Vongo Tray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk
backup=C:\Windows\pss\Vongo Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Users^israel^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^Registration Pacific Fighters.LNK]
path=C:\Users\israel\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\Registration Pacific Fighters.LNK
backup=C:\Windows\pss\Registration Pacific Fighters.LNKStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
--a------ 2007-09-25 02:10 2007088 C:\Program Files\FlashGet\FlashGet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-08 17:23 1232896 C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpo licy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile]
"EnableFirewall"= 0 (0x0)
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoServic e

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{DDB79537-BE1B-49D8-9E35-865252F6818E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{62DAD364-9054-4450-8B64-1E97F59A49D1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5BC58A37-88F1-48D7-8BE5-98236F326965}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{977244DC-0C6F-4602-9E5D-F53F4137696A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{05F6F3EF-B25C-4001-8372-FE26E6D1B328}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F238082B-3978-480D-B122-CF2A1C1231A2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{EF6B4B90-99A9-4157-AE5F-378C2E47661F}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{561861B9-BED7-4E15-B562-222587E5B7FB}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F595034B-4DBC-4FB2-9A78-37FFBBC9A4C4}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{EBA80CF1-1113-4E07-8805-23B0083B9A75}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{37820594-DF0B-4762-8FA7-1415511C082E}"= UDP:C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:GGclient
"{42F3F57B-F4BE-4971-A0AB-50039B97CD36}"= TCP:C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:GGclient
"{9B6FE405-469F-417F-BCFB-E1D42C276F46}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"{F8ED33F4-ACD5-437B-AE71-EF563DEC6E55}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne
"TCP Query User{3E46421D-6A95-4270-9052-C3899B72A5EB}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III
"UDP Query User{CE50B22F-DA01-4AA3-B1C0-D55668D1CE33}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III
"TCP Query User{BFEE0A96-3820-483F-ABC9-528A5117091F}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{F1266D73-C344-4116-BBCA-D72B4256CBC2}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{ED164799-46E2-4D2F-B186-52629182E812}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{C6A54AA4-489D-46BA-95B9-0F744CD03FE9}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{74B17CE7-A1B6-4E9E-90B0-A5EE4F700792}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{C8BEB066-F386-4611-89AE-13429FA0FFD7}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{EB72BFE1-9D78-4F49-BDFC-1F64671A4793}C:\\program files\\yahoo!\\messenger\\yserver.exe"= UDP:C:\program files\yahoo!\messenger\yserver.exe:YServer Module
"UDP Query User{B09DE644-3793-4589-999B-3BBC2407D683}C:\\program files\\yahoo!\\messenger\\yserver.exe"= TCP:C:\program files\yahoo!\messenger\yserver.exe:YServer Module
"{CD2EF920-6F3D-4471-B3AB-A4D1871F2D10}"= UDP:C:\Program Files\Triggersoft\Rose Online Evolution\ROSEonline.exe:RoseOnlineEvolution
"{20230657-756B-49FF-959B-6613E1FCF978}"= TCP:C:\Program Files\Triggersoft\Rose Online Evolution\ROSEonline.exe:RoseOnlineEvolution
"{D38396AD-BD9F-4707-8B80-72E10F2F3373}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{1062F8D8-7B4B-4715-91C7-E87672FD8A36}"= UDP:23497:BitComet 23497 TCP
"{E378CD50-ECD1-45EE-B876-7A5A3B688FE2}"= TCP:23497:BitComet 23497 UDP
"{434306EF-573F-4053-94D3-9B859BAAFCF0}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{FFF2211A-A005-42DC-A991-A73BE91EF3BF}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe
"{B0D48428-FC82-4B82-AEDF-89AEC4D9E647}"= UDP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{B7719218-6FA3-4A8A-8035-6C43DCDA126D}"= TCP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire
"{64C0AA84-D2C6-4AD7-B63D-530B6DD275BF}"= UDP:C:\Windows\System32\PnkBstrA.exe

nkBstrA
"{75507FD5-DB19-4296-9350-663501090966}"= TCP:C:\Windows\System32\PnkBstrA.exe

nkBstrA
"{AE322EB5-950D-46DA-9F9B-CBEA58D95E80}"= UDP:C:\Windows\System32\PnkBstrB.exe

nkBstrB
"{7C98D97D-69AF-452B-850B-C73306B4E816}"= TCP:C:\Windows\System32\PnkBstrB.exe

nkBstrB
"{4EFDCD52-8C35-43C7-922A-5FA2EBA9F4E2}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"{0ADDBD15-3B32-4DA2-99F6-CAAC0FA64685}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance
"TCP Query User{18D668E4-D74F-42BB-929F-148EAA3A0530}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"UDP Query User{08BBB106-4F6A-4395-9ADC-E57D8762BEAF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath
"TCP Query User{BF940B55-6CFF-46A0-89E7-174D32BADE80}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"UDP Query User{534D9E44-A786-4AC5-8817-F1DECB710725}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client
"{CE56FE85-94CE-4D18-AE97-F099ECE4CD77}"= UDP:C:\Program Files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals
"{171BBF28-0892-4A7C-B524-AD4795586EB2}"= TCP:C:\Program Files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|S vc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsd efs\20080221.003\IDSvix86.sys [2008-02-13 10:18]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMN DISV.SYS [2008-03-07 13:39]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1209c532-b666-11dc-99d8-00a0d5ffff85}]
\shell\AutoRun\command - I:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DC9D8B94-C759-CEAF-A401-BB3F3900CAC0}]
C:\Windows\system32\AVP.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-01-19 20:40:49 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-06-03 02:01:07 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - israel.job"
- c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK:
.
************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-08 13:36:49
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-06-08 13:39:38
ComboFix-quarantined-files.txt 2008-06-08 19:38:38

The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.

252 --- E O F --- 2008-06-06 10:59:25

06-08-2008, 09:36 PM	#3 (permalink)
xroxis01 Silver Member Join Date: Jan 2008 Posts: 130	ComboFix 08-06-07.3 - israel 2008-06-08 13:29:56.1 - NTFSx86 Running from: C:\Users\israel\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Users\israel\FAVORI~1\Online Security Test.url C:\Users\israel\Favorites\Online Security Test.url C:\Windows\install.exe C:\Windows\system32\server.exe . ((((((((((((((((((((((((( Files Created from 2008-05-08 to 2008-06-08 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2008-06-08 18:27 27,934 ----a-w C:\Users\israel\AppData\Roaming\nvModes.dat 2008-06-08 03:36 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-06-08 03:33 --------- d-----w C:\Program Files\Pyro Studios 2008-06-08 00:00 --------- d-----w C:\Program Files\Windows Photo Gallery 2008-06-08 00:00 --------- d-----w C:\Program Files\Windows Mail 2008-06-08 00:00 --------- d-----w C:\Program Files\Windows Journal 2008-06-08 00:00 --------- d-----w C:\Program Files\Windows Collaboration 2008-06-07 23:59 --------- d-----w C:\Program Files\Windows Sidebar 2008-06-07 23:46 --------- d-----w C:\Program Files\Firefly Studios 2008-06-07 03:10 --------- d-----w C:\Users\israel\AppData\Roaming\LimeWire 2008-06-06 16:13 --------- d-----w C:\ProgramData\NVIDIA 2008-06-06 14:03 --------- d-----w C:\Program Files\DirectX 2008-06-06 14:02 --------- d-----w C:\Program Files\GameSpy Arcade 2008-06-06 13:52 --------- d-----w C:\Program Files\DreamCatcher 2008-06-03 16:50 --------- d-----w C:\Users\israel\AppData\Roaming\Skype 2008-06-03 14:44 --------- d-----w C:\Users\israel\AppData\Roaming\skypePM 2008-05-31 02:43 --------- d-----w C:\Program Files\The Guild 2 - Pirates of the European Seas 2008-05-31 00:55 737,280 ----a-w C:\Windows\iun6002.exe 2008-05-30 21:41 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF 2008-05-30 21:41 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS 2008-05-30 21:41 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT 2008-05-30 21:41 --------- d-----w C:\Program Files\Symantec 2008-05-29 02:06 --------- d-----w C:\Program Files\Google SketchUp Pro v6 2008-05-29 02:01 --------- d-----w C:\Program Files\Google 2008-05-26 01:25 --------- d-----w C:\Program Files\Sega 2008-05-25 20:26 --------- d-----w C:\Program Files\WMV9_VCM 2008-05-25 20:18 --------- d-----w C:\Program Files\Paradox Interactive 2008-05-25 20:00 --------- d-----w C:\Program Files\Enlight 2008-05-24 23:24 --------- d-----w C:\Program Files\Digital Reality 2008-05-24 17:22 --------- d-----w C:\Program Files\Common Files\Alias Shared 2008-05-24 17:19 --------- d-----w C:\Program Files\Common Files\Autodesk Shared 2008-05-24 17:17 6,656 ----a-w C:\Windows\System32\haspvdd.dll 2008-05-24 17:17 47,616 ----a-w C:\Windows\system32\drivers\Haspnt.sys 2008-05-24 17:06 --------- d-----w C:\Program Files\Autodesk 2008-05-23 00:08 --------- d-----w C:\Program Files\HD Publishing 2008-05-21 04:34 --------- d-----w C:\Users\israel\AppData\Roaming\U3 2008-05-20 20:52 --------- d-----w C:\Program Files\Microsoft Silverlight 2008-05-18 16:23 --------- d-----w C:\Program Files\Ubisoft 2008-05-14 09:02 --------- d-----w C:\ProgramData\Microsoft Help 2008-05-11 15:25 --------- d-----w C:\Program Files\Tilted Mill 2008-05-10 19:38 --------- d-----w C:\ProgramData\Roxio 2008-05-10 19:11 --------- d-----w C:\Users\israel\AppData\Roaming\Roxio 2008-05-10 19:10 --------- d-----w C:\ProgramData\Sonic 2008-05-08 22:15 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll 2008-05-08 21:52 --------- d-----w C:\Program Files\CAPCOM 2008-05-04 00:23 --------- d-----w C:\Program Files\Sierra 2008-05-02 23:41 --------- d-----w C:\Program Files\Valve 2008-05-02 01:57 --------- d-----w C:\Program Files\G2 Games 2008-04-30 23:59 --------- d-----w C:\Users\israel\AppData\Roaming\Ascaron Entertainment 2008-04-30 23:55 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-28 02:48 --------- d-----w C:\ProgramData\Office Genuine Advantage 2008-04-28 01:35 --------- d-----w C:\Users\israel\AppData\Roaming\Hamachi 2008-04-27 22:32 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys 2008-04-25 17:45 --------- d-----w C:\Users\israel\AppData\Roaming\Yahoo! 2008-04-19 20:43 --------- d-----w C:\Program Files\HP 2008-04-16 20:25 29,952 ----a-w C:\Windows\Help\OEM\scripts\HPScript.exe 2008-04-15 04:08 --------- d-----w C:\Program Files\Sierra Wireless 2008-04-13 15:13 --------- d-----w C:\Users\israel\AppData\Roaming\Microsoft Games 2008-04-13 15:13 --------- d-----w C:\Program Files\Microsoft Games 2008-04-13 04:42 --------- d-----w C:\Program Files\Common Files\Microsoft Games 2008-04-08 20:48 --------- d-----w C:\Program Files\Common Files\Stardock 2008-02-19 01:07 22,328 ----a-w C:\Users\israel\AppData\Roaming\PnkBstrK.sys 2008-01-16 21:43 174 --sha-w C:\Program Files\desktop.ini 2008-01-15 18:20 32 ----a-w C:\Users\All Users\ezsid.dat 2008-01-15 18:20 32 ----a-w C:\ProgramData\ezsid.dat 2007-11-16 02:18 32 ----a-r C:\Users\All Users\hash.dat 2007-11-16 02:18 32 ----a-r C:\ProgramData\hash.dat 2008-01-01 08:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\History\History.IE5\index.da t 2008-01-01 08:20 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 2008-01-01 08:20 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Ro aming\Microsoft\Windows\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 16:23 1773568] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 06:35 125440] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-01-17 10:51 486856] "Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [2008-04-01 18:35 3587120] "Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 06:36 201728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 02:50 1021224] "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 05:59 115816] "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-04-23 19:11 176128] "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 12:38 159744] "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 14:18 472776] "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 17:12 317128] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 02:29 102400] "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 03:45 222208] "VX3000"="C:\Windows\vVX3000.exe" [2007-04-10 15:46 709992] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-11-07 08:05 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-11-07 08:05 8534560] "NvMediaCenter"="C:\Windows\system32\NvMcTray. dll" [2007-11-07 08:05 81920] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-01-20 01:05 217088] "HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840] "HP Health Check Scheduler"="c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-09-19 17:30 66816] "LiveUpdate"="C:\Program Files\Byteswarm\LiveUpdate\LiveUpdate.exe" [ ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce] "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ] C:\Users\israel\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\ VZAccess Manager.lnk - C:\Program Files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-03-30 23:16:20 1738032] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.YV12"= yv12vfw.dll "msacm.ac3filter"= ac3filter.acm "VIDC.XFR1"= xfcodec.dll "SENTINEL"= snti386.dll [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Vongo Tray.lnk] path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Vongo Tray.lnk backup=C:\Windows\pss\Vongo Tray.lnkCommon Startup [HKLM\~\startupfolder\C:^Users^israel^AppData^Roami ng^Microsoft^Windows^Start Menu^Programs^Startup^Registration Pacific Fighters.LNK] path=C:\Users\israel\AppData\Roaming\Microsoft\Win dows\Start Menu\Programs\Startup\Registration Pacific Fighters.LNK backup=C:\Windows\pss\Registration Pacific Fighters.LNKStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget] --a------ 2007-09-25 02:10 2007088 C:\Program Files\FlashGet\FlashGet.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar] --a------ 2008-01-08 17:23 1232896 C:\Program Files\Windows Sidebar\sidebar.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy] "<NO NAME>"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile] "EnableFirewall"= 0 (0x0) "<NO NAME>"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications] "<NO NAME>"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications\List] "<NO NAME>"= "C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe::enabled:VongoServic e [HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules] "{DDB79537-BE1B-49D8-9E35-865252F6818E}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{62DAD364-9054-4450-8B64-1E97F59A49D1}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{5BC58A37-88F1-48D7-8BE5-98236F326965}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play "{977244DC-0C6F-4602-9E5D-F53F4137696A}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program "{6B76B961-7BC3-47C4-B12A-42CF381A1E0A}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{05F6F3EF-B25C-4001-8372-FE26E6D1B328}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{097692B9-4521-4D1A-9F3E-8E0F924DCDB0}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{F238082B-3978-480D-B122-CF2A1C1231A2}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{C45F953C-C973-4D47-9B6F-8E3786D5C7A2}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{87A0D74F-F719-4D0B-9A9D-EDC91DA7E7E8}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl "{EF6B4B90-99A9-4157-AE5F-378C2E47661F}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{561861B9-BED7-4E15-B562-222587E5B7FB}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger "{F595034B-4DBC-4FB2-9A78-37FFBBC9A4C4}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{EBA80CF1-1113-4E07-8805-23B0083B9A75}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server "{37820594-DF0B-4762-8FA7-1415511C082E}"= UDP:C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:GGclient "{42F3F57B-F4BE-4971-A0AB-50039B97CD36}"= TCP:C:\Program Files\Ocean Technology\GG E-Sports Platform\GGclient.exe:GGclient "{9B6FE405-469F-417F-BCFB-E1D42C276F46}"= UDP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "{F8ED33F4-ACD5-437B-AE71-EF563DEC6E55}"= TCP:C:\Program Files\Warcraft III\Frozen Throne.exe:Warcraft III - The Frozen Throne "TCP Query User{3E46421D-6A95-4270-9052-C3899B72A5EB}C:\\program files\\warcraft iii\\war3.exe"= UDP:C:\program files\warcraft iii\war3.exe:Warcraft III "UDP Query User{CE50B22F-DA01-4AA3-B1C0-D55668D1CE33}C:\\program files\\warcraft iii\\war3.exe"= TCP:C:\program files\warcraft iii\war3.exe:Warcraft III "TCP Query User{BFEE0A96-3820-483F-ABC9-528A5117091F}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{F1266D73-C344-4116-BBCA-D72B4256CBC2}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "TCP Query User{ED164799-46E2-4D2F-B186-52629182E812}C:\\program files\\flashget\\flashget.exe"= UDP:C:\program files\flashget\flashget.exe:FlashGet "UDP Query User{C6A54AA4-489D-46BA-95B9-0F744CD03FE9}C:\\program files\\flashget\\flashget.exe"= TCP:C:\program files\flashget\flashget.exe:FlashGet "TCP Query User{74B17CE7-A1B6-4E9E-90B0-A5EE4F700792}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "UDP Query User{C8BEB066-F386-4611-89AE-13429FA0FFD7}C:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:C:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger "TCP Query User{EB72BFE1-9D78-4F49-BDFC-1F64671A4793}C:\\program files\\yahoo!\\messenger\\yserver.exe"= UDP:C:\program files\yahoo!\messenger\yserver.exe:YServer Module "UDP Query User{B09DE644-3793-4589-999B-3BBC2407D683}C:\\program files\\yahoo!\\messenger\\yserver.exe"= TCP:C:\program files\yahoo!\messenger\yserver.exe:YServer Module "{CD2EF920-6F3D-4471-B3AB-A4D1871F2D10}"= UDP:C:\Program Files\Triggersoft\Rose Online Evolution\ROSEonline.exe:RoseOnlineEvolution "{20230657-756B-49FF-959B-6613E1FCF978}"= TCP:C:\Program Files\Triggersoft\Rose Online Evolution\ROSEonline.exe:RoseOnlineEvolution "{D38396AD-BD9F-4707-8B80-72E10F2F3373}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone) "{1062F8D8-7B4B-4715-91C7-E87672FD8A36}"= UDP:23497:BitComet 23497 TCP "{E378CD50-ECD1-45EE-B876-7A5A3B688FE2}"= TCP:23497:BitComet 23497 UDP "{434306EF-573F-4053-94D3-9B859BAAFCF0}"= UDP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{FFF2211A-A005-42DC-A991-A73BE91EF3BF}"= TCP:C:\Program Files\Microsoft LifeCam\LifeExp.exe:LifeExp.exe "{B0D48428-FC82-4B82-AEDF-89AEC4D9E647}"= UDP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire "{B7719218-6FA3-4A8A-8035-6C43DCDA126D}"= TCP:C:\Program Files\Stardock Games\Sins of a Solar Empire\Sins of a Solar Empire.exe:Sins of a Solar Empire "{64C0AA84-D2C6-4AD7-B63D-530B6DD275BF}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA "{75507FD5-DB19-4296-9350-663501090966}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA "{AE322EB5-950D-46DA-9F9B-CBEA58D95E80}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB "{7C98D97D-69AF-452B-850B-C73306B4E816}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB "{4EFDCD52-8C35-43C7-922A-5FA2EBA9F4E2}"= UDP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "{0ADDBD15-3B32-4DA2-99F6-CAAC0FA64685}"= TCP:C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:GPGNet - Supreme Commander - Forged Alliance "TCP Query User{18D668E4-D74F-42BB-929F-148EAA3A0530}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "UDP Query User{08BBB106-4F6A-4395-9ADC-E57D8762BEAF}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype. Take a deep breath "TCP Query User{BF940B55-6CFF-46A0-89E7-174D32BADE80}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "UDP Query User{534D9E44-A786-4AC5-8817-F1DECB710725}C:\\program files\\veoh networks\\veoh\\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client "{CE56FE85-94CE-4D18-AE97-F099ECE4CD77}"= UDP:C:\Program Files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals "{171BBF28-0892-4A7C-B524-AD4795586EB2}"= TCP:C:\Program Files\Pollux Gamelabs\Lost Empire - Immortals\LostEmpire.exe:Lost Empire - Immortals [HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722\|UDP:%SystemRoot%\system32\svchost.exe\|S vc=DFSR:Allow inbound TCP traffic\| [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List] "C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe::Enabled:Earthlink R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsd efs\20080221.003\IDSvix86.sys [2008-02-13 10:18] R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 02:32] R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMN DISV.SYS [2008-03-07 13:39] [HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{1209c532-b666-11dc-99d8-00a0d5ffff85}] \shell\AutoRun\command - I:\LaunchU3.exe -a Newly Created Service - CATCHME Newly Created Service - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DC9D8B94-C759-CEAF-A401-BB3F3900CAC0}] C:\Windows\system32\AVP.exe . Contents of the 'Scheduled Tasks' folder "2008-01-19 20:40:49 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-06-03 02:01:07 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - israel.job" - c:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeB/TASK: . ************************************************ ******************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-06-08 13:36:49 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************** ********************** . Completion time: 2008-06-08 13:39:38 ComboFix-quarantined-files.txt 2008-06-08 19:38:38 The system cannot find message text for message number 0x2379 in the message file for Application. The system cannot find message text for message number 0x2379 in the message file for Application. 252 --- E O F --- 2008-06-06 10:59:25 __________________ HELLO