ComboFix 08-05-21.3 - Tyler 2008-05-22 21:12:38.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.1091 [GMT -5:00]
Running from: C:\Users\Tyler\Desktop\ComboFix.exe
Command switches used :: C:\Users\Tyler\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\Users\Tyler\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Low\Content.IE5\G405NZK2\Codec[1].exe
C:\Users\Tyler\Desktop\Music\britt nicole christian.wm
C:\Users\Tyler\Desktop\Music\christian new song.wm
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\133a5dd9-3b41978a
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\133a5dd9-3b41978a.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1c9688d9-2483a06f
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\1c9688d9-2483a06f.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2150bb59-550e72e4
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2150bb59-550e72e4.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\24987ad9-6600b86a
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\24987ad9-6600b86a.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2512c659-3b531a6a
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2512c659-3b531a6a.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2937aad9-433cd50b
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\2937aad9-433cd50b.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\32a66b99-4398d92a
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\32a66b99-4398d92a.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4dc99a99-23557120
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\4dc99a99-23557120.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\58ec1b19-4b2be965
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\58ec1b19-4b2be965.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\641bf559-2025e443
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\641bf559-2025e443.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6595f3d9-42d56617
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6595f3d9-42d56617.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\66887fd9-6092c65c
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\66887fd9-6092c65c.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\68512d19-6820537d
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\68512d19-6820537d.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6b1ba4d9-5f808e52
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\6b1ba4d9-5f808e52.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\75625499-6fc6e55c
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\75625499-6fc6e55c.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7816a459-56c6fd92
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7816a459-56c6fd92.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7d06c359-2917a259
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\7d06c359-2917a259.idx
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\9180419-541c9f77
C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\9180419-541c9f77.idx
C:\Users\Tyler\Desktop\Music\britt nicole christian.wm
C:\Users\Tyler\Desktop\Music\christian new song.wm
.
((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.
2008-05-22 19:30 . 2008-05-22 19:30 <DIR> d-------- C:\Windows\System32\Kaspersky Lab
2008-05-21 13:44 . 2008-05-21 13:44 <DIR> d-------- C:\Deckard
2008-05-21 13:31 . 2008-05-21 13:31 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-29 20:29 . 2008-04-29 20:29 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-04-28 20:25 . 2008-04-28 20:25 54,156 --ah----- C:\Windows\QTFont.qfn
2008-04-28 20:25 . 2008-04-28 20:25 1,409 --a------ C:\Windows\QTFont.for
2008-04-28 20:24 . 2008-04-28 20:24 <DIR> d-------- C:\Program Files\iTunes
2008-04-28 20:24 . 2008-04-28 20:24 <DIR> d-------- C:\Program Files\iPod
2008-04-28 20:23 . 2008-04-28 20:23 <DIR> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-21 22:03 --------- d--h--w C:\Program Files\Xp.dll
2008-05-21 20:37 --------- d-----w C:\Program Files\Common Files\Steam
2008-05-21 20:35 --------- d-----w C:\ProgramData\Microsoft Help
2008-05-21 20:35 --------- d-----w C:\Program Files\Steam
2008-05-21 20:35 --------- d-----w C:\Program Files\Microsoft.NET
2008-05-21 20:35 --------- d-----w C:\Program Files\Microsoft Visual Studio 9.0
2008-05-21 20:35 --------- d-----w C:\Program Files\Microsoft SDKs
2008-05-21 02:36 --------- d-----w C:\Users\Tyler\AppData\Roaming\LimeWire
2008-05-15 02:01 --------- d-----w C:\Program Files\Windows Mail
2008-05-09 03:07 --------- d-----w C:\Users\Tyler\AppData\Roaming\Xfire
2008-05-09 00:39 --------- d-----w C:\ProgramData\Roxio
2008-05-03 22:21 --------- d-----w C:\ProgramData\Xfire
2008-05-02 20:20 --------- d-----w C:\Users\Tyler\AppData\Roaming\Netscape
2008-04-29 01:22 --------- d-----w C:\Program Files\Xfire
2008-04-29 01:18 --------- d-----w C:\Program Files\Apple Software Update
2008-04-25 01:10 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
2008-04-25 01:10 107,832 ----a-w C:\Windows\System32\PnkBstrB.exe
2008-04-24 00:24 --------- d-----w C:\Program Files\LimeWire
2008-04-22 22:29 41,296 ----a-w C:\Windows\System32\xfcodec.dll
2008-04-04 21:18 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-01 20:53 --------- d-----w C:\Program Files\Java
2008-03-25 01:08 --------- d-----w C:\Users\Tyler\AppData\Roaming\Apple Computer
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-12-15 18:43 22,328 ----a-w C:\Users\Tyler\AppData\Roaming\PnkBstrK.sys
2007-10-18 16:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-10-18 16:57 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-10-18 16:57 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@2008-05-22_17.45.17.44 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-22 22:37:27 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-23 02:05:28 16,384 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-22 22:37:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-05-23 02:05:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-22 22:37:27 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-23 02:05:28 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-05-24 17:27:16 213,048 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\Windows\System32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 07:35 125440]
"Aim6"="" []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="sttray.exe" [2006-11-22 17:56 303104 C:\Windows\sttray.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 13:39 151552]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"CCUTRAYICON"="C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe" [2006-11-18 08:01 182744]
"NMSSupport"="C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" [2006-09-26 11:56 423424]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2006-11-17 16:19 17920]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 18:06 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 18:06 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 18:06 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-04-04 16:18:22 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiSpywareOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{B9E139EF-18C8-4BBF-8BD2-BB7BA513B654}C:\\program files\\steam\\steamapps\\rook1e187\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\rook1e187\counter-strike source\hl2.exe:hl2
"UDP Query User{CEAF316A-8AE9-47F9-882C-C4B57950C075}C:\\program files\\steam\\steamapps\\rook1e187\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\rook1e187\counter-strike source\hl2.exe:hl2
"TCP Query User{DFBE3C95-529D-42EF-86C6-554F5EC39B97}C:\\stubinstaller.exe"= UDP:C:\stubinstaller.exe:LimeWire swarmed installer
"UDP Query User{C0B9A083-54FA-4B26-B6FA-BE748EB13DB5}C:\\stubinstaller.exe"= TCP:C:\stubinstaller.exe:LimeWire swarmed installer
"{3E740467-702F-4387-BE5E-3CE2A3DA7F2E}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{418A232D-7399-4E3F-A85D-27D8D255D341}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{5CD46747-6DB8-4151-B03C-46444049C005}C:\\program files\\steam\\steamapps\\rook1e187\\day of defeat source\\hl2.exe"= UDP:C:\program files\steam\steamapps\rook1e187\day of defeat source\hl2.exe:hl2
"UDP Query User{C72CF9DC-417C-48A4-9075-6AFD0180EE9E}C:\\program files\\steam\\steamapps\\rook1e187\\day of defeat source\\hl2.exe"= TCP:C:\program files\steam\steamapps\rook1e187\day of defeat source\hl2.exe:hl2
"TCP Query User{32358895-52E9-4F75-8E2C-E10DA7234C9B}F:\\limewire\\limewire.exe"= UDP:F:\limewire\limewire.exe:LimeWire
"UDP Query User{49D29B54-A337-4737-9B06-287C4A1705D0}F:\\limewire\\limewire.exe"= TCP:F:\limewire\limewire.exe:LimeWire
"TCP Query User{EE692F81-38A2-4C04-B4C1-F219075D8505}F:\\limewire\\limewire.exe"= UDP:F:\limewire\limewire.exe:LimeWire
"UDP Query User{CD81DA4F-FE0F-4224-81D6-550EE5C96B3D}F:\\limewire\\limewire.exe"= TCP:F:\limewire\limewire.exe:LimeWire
"TCP Query User{0B5E59A2-D33E-48A0-8864-115A34CA72AC}C:\\program files\\limewire\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire\limewire.exe:LimeWire
"UDP Query User{0F58D1A9-6363-406D-9E91-3E44C532FCC6}C:\\program files\\limewire\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire\limewire.exe:LimeWire
"TCP Query User{53F8C1EF-AD60-4CE2-B19E-6087BE86C115}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{2F9B4EE4-38D0-41EC-B1C1-F08910DF09BF}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{5F034622-E032-4EA0-BD90-610A6DCA08AA}C:\\program files\\steam\\steamapps\\rook1e187\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\rook1e187\counter-strike source\hl2.exe:hl2
"UDP Query User{97BA7B17-AD8C-4113-B076-DE32532A34D8}C:\\program files\\steam\\steamapps\\rook1e187\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\rook1e187\counter-strike source\hl2.exe:hl2
"TCP Query User{22E1B6D8-BADD-4D89-9493-CE95922BD638}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{AA974D7F-A9EA-4AC2-83B9-035F7A60D351}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"TCP Query User{8509752B-818A-4FA7-A0DD-D8934921CAE4}C:\\program files\\sierra\\fear\\fpupdate.exe"= UDP:C:\program files\sierra\fear\fpupdate.exe:fpupdate
"UDP Query User{2423F475-211E-4F47-8F74-563D96260099}C:\\program files\\sierra\\fear\\fpupdate.exe"= TCP:C:\program files\sierra\fear\fpupdate.exe:fpupdate
"{48FA4154-F9DC-435D-AEB7-CEB8E48772FA}"= UDP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{D2C98ED6-00EF-41AF-A4E4-D3C21E3DF57F}"= TCP:C:\Program Files\Sierra\FEAR\FEAR.exe:FEAR
"{079AAF2B-E21F-4AE9-B2A7-31A456DABA2D}"= UDP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR
"{3E230DF8-3327-4283-98B9-5F8CA7C664F9}"= TCP:C:\Program Files\Sierra\FEAR\FEARMP.exe:FEAR
"{5298E1D1-CF83-441F-AD3E-E9F155EBA619}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7ADD2367-5AF7-41F8-B9CC-E41FB92B3D7F}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{A3A48124-A60F-4CD3-BC15-E652B6FF4357}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{A54DB489-EC65-446F-BEBF-FBCA2D7A6F60}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{1C62CC12-7362-4184-A058-80D7A1FF1F70}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{D885F771-F227-4F3A-935F-6042DEB8F854}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{68E37EA9-924B-4B81-8BAD-5C17234B6C56}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{4AE4B788-15EA-4ADA-82B8-047C82B9E543}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{DEAB5B83-79EF-4E9C-98A4-602E6711E9F8}C:\\program files\\steam\\steam.exe"= UDP:C:\program files\steam\steam.exe:Steam
"UDP Query User{C80AB3F4-6EE7-4F0E-B361-F7109B0CA599}C:\\program files\\steam\\steam.exe"= TCP:C:\program files\steam\steam.exe:Steam
"{984C377B-9F1C-4263-9BDA-E2C280238953}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{86BFD9EA-587E-4A25-BC09-107156DFC959}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{1E974F1B-8C4D-458F-B22E-A8E1B5C1B41E}C:\\program files\\quake iii arena\\quake3.exe"= UDP:C:\program files\quake iii arena\quake3.exe:quake3
"UDP Query User{85A6FEFC-9B3B-43CE-A9F2-C8FBB57AAB85}C:\\program files\\quake iii arena\\quake3.exe"= TCP:C:\program files\quake iii arena\quake3.exe:quake3
"{C7202D9F-220C-4E33-B25D-8448166B52E6}"= UDP:C:\Windows\System32\PnkBstrA.exe
nkBstrA
"{6626D656-6D35-451F-BF3C-8731C3768257}"= TCP:C:\Windows\System32\PnkBstrA.exe
nkBstrA
"{EC277F65-0891-4D46-B12C-78FB65E5223E}"= UDP:C:\Windows\System32\PnkBstrB.exe
nkBstrB
"{40D7C23D-8D45-4D2A-896B-7B0978BF90F1}"= TCP:C:\Windows\System32\PnkBstrB.exe
nkBstrB
"TCP Query User{FACA8DB4-D9AD-4CFC-9FC2-78A461A6FF78}C:\\program files\\xfire\\xfire.exe"= UDP:C:\program files\xfire\xfire.exe:Xfire
"UDP Query User{5B02CE08-5A43-45FE-A6EF-EA3C1BEBC82E}C:\\program files\\xfire\\xfire.exe"= TCP:C:\program files\xfire\xfire.exe:Xfire
"{549B1026-B444-4CE0-92C9-40F651F9A89D}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{4CCF127F-043F-4081-A150-329F3549542D}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
"{59939B6C-77F6-4E00-A7DC-42EB3AB2E5DC}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0CE8094E-6D56-4811-AA37-682745859025}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
R1 DLARTL_M;DLARTL_M;C:\Windows\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
R2 DQLWinService;DQLWinService;"C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" [2006-10-29 10:03]
R2 nmsgopro;GoProto Protocol Driver for NMS;C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 17:37]
R2 nmsunidr;UniDriver for NMS;C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 16:49]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 16:38]
R3 IntelDH;IntelDH Driver;C:\Windows\system32\Drivers\IntelDH.sys [2007-02-27 03:45]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 02:36]
S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-03-14 17:37]
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-22 20:25:31 C:\Windows\Tasks\User_Feed_Synchronization-{994D8E60-F973-4E28-9A5B-727AAA16D1B1}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-05-22 21:14:00
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-22 21:15:14
ComboFix-quarantined-files.txt 2008-05-23 02:15:08
ComboFix2.txt 2008-05-23 00:27:00
ComboFix3.txt 2008-05-22 22:46:29
Pre-Run: 135,746,232,320 bytes free
Post-Run: 135,719,915,520 bytes free
232 --- E O F --- 2008-05-21 20:46:34