ComboFix 08-08-19.06 - THE GLADIATOR 08/21/2008 14:32:43.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1256.1.1033.18.806 [GMT 3:00]
Running from: C:\Users\THE GLADIATOR\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\THE GLADIATOR\AppData\Roaming\.#
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@1250@2472158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@1250@2472168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@12E0@3D2158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@12E0@3D2168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@148C@2012158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@148C@2012168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@14B0@2702158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@14B0@2702168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@1568@2752158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@1568@2752168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@157C@2B2158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@157C@2B2168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@7CC@392158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@7CC@392168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@91C@27D2158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@91C@27D2168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@998@2462158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@998@2462168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@E48@2742158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@E48@2742168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@F2C@3D2158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@F2C@3D2168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@F88@25E2158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@F88@25E2168.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@FB8@2902158.###
C:\Users\THE GLADIATOR\AppData\Roaming\.#\MBX@FB8@2902168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@1250@2472158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@1250@2472168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@12E0@3D2158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@12E0@3D2168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@148C@2012158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@148C@2012168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@14B0@2702158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@14B0@2702168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@1568@2752158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@1568@2752168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@157C@2B2158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@157C@2B2168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@7CC@392158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@7CC@392168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@91C@27D2158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@91C@27D2168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@998@2462158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@998@2462168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@E48@2742158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@E48@2742168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@F2C@3D2158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@F2C@3D2168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@F88@25E2158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@F88@25E2168.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@FB8@2902158.###
C:\Users\THEGLA~1\AppData\Roaming\.#\MBX@FB8@2902168.###
C:\Windows\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-07-21 to 2008-08-21 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 11:37 --------- dc----w C:\Users\THEGLA~1\AppData\Roaming\DMCache
2008-08-21 11:37 --------- dc----w C:\Users\THE GLADIATOR\AppData\Roaming\DMCache
2008-08-21 11:26 --------- dc----w C:\Users\THEGLA~1\AppData\Roaming\Skype
2008-08-21 11:26 --------- dc----w C:\Users\THE GLADIATOR\AppData\Roaming\Skype
2008-08-21 11:03 --------- dc----w C:\Users\THEGLA~1\AppData\Roaming\Avira
2008-08-21 11:03 --------- dc----w C:\Users\THE GLADIATOR\AppData\Roaming\Avira
2008-08-21 10:47 --------- dc----w C:\Program Files\Avira
2008-08-21 10:47 --------- dc----w C:\PROGRA~2\Avira
2008-08-21 10:22 --------- dc----w C:\Program Files\Debugging Tools for Windows
2008-08-20 20:21 --------- dc----w C:\Program Files\Folder Lock
2008-08-20 11:41 --------- dc----w C:\Users\THEGLA~1\AppData\Roaming\XnView
2008-08-20 11:41 --------- dc----w C:\Users\THE GLADIATOR\AppData\Roaming\XnView
2008-08-20 11:34 307,968 -c--a-w C:\Windows\System32\TuneUpDefragService.exe
2008-08-20 11:34 --------- dc----w C:\Program Files\TuneUp Utilities 2008
2008-08-20 11:33 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-20 11:22 --------- dc----w C:\Program Files\Diskeeper Corporation
2008-08-20 08:25 --------- dc----w C:\Program Files\Acer Inc
2008-08-20 05:05 --------- dc----w C:\Program Files\ONSPEED
2008-08-20 05:04 262,144 ----a-w C:\NTUSER.DAT
2008-08-20 03:20 --------- dc----w C:\Program Files\The KMPlayer
2008-08-20 00:26 --------- dc--a-w C:\PROGRA~2\TEMP
2008-08-19 15:37 53,248 -c--a-w C:\Windows\System32\gui_resource.dll
2008-08-19 15:37 53,248 -c--a-w C:\Windows\gui_resource.dll
2008-08-18 22:47 --------- dc----w C:\Program Files\Microsoft Silverlight
2008-08-18 09:29 --------- dc----w C:\Program Files\Windows Sidebar
2008-08-18 09:29 --------- dc----w C:\Program Files\Windows Photo Gallery
2008-08-18 09:29 --------- dc----w C:\Program Files\Windows Mail
2008-08-18 09:29 --------- dc----w C:\Program Files\Windows Journal
2008-08-18 09:29 --------- dc----w C:\Program Files\Windows Defender
2008-08-18 09:29 --------- dc----w C:\Program Files\Windows Calendar
2008-08-18 09:29 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-16 22:35 --------- dc----w C:\Program Files\Mozilla Thunderbird
2008-08-16 17:44 --------- dc----w C:\Program Files\Microsoft Works
2008-08-16 17:38 --------- dc----w C:\Users\THEGLA~1\AppData\Roaming\IDM
2008-08-16 17:38 --------- dc----w C:\Users\THE GLADIATOR\AppData\Roaming\IDM
2008-08-16 05:55 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-08-14 17:41 --------- dc----w C:\PROGRA~2\Microsoft Help
2008-08-09 22:58 --------- dc----w C:\Program Files\ESET
2008-08-09 22:58 --------- dc----w C:\PROGRA~2\ESET
2008-08-09 22:00 --------- dc----w C:\Program Files\Sun
2008-08-09 21:56 --------- dc----w C:\Program Files\Java
2008-08-09 06:10 --------- dc----w C:\PROGRA~2\Megaupload
2008-08-09 06:10 --------- dc----w C:\PROGRA~2\EmailNotifier
2008-08-08 05:11 --------- dc----w C:\PROGRA~2\Yahoo! Companion
2008-08-07 23:20 --------- dc----w C:\Program Files\Yahoo!
2008-07-24 02:39 0 -c--a-w C:\Users\THEGLA~1\AppData\Roaming\wklnhst.dat
2008-07-24 02:39 0 -c--a-w C:\Users\THE GLADIATOR\AppData\Roaming\wklnhst.dat
2008-07-24 01:05 --------- dc----w C:\Program Files\Launch Manager
2008-07-18 10:29 --------- dc----w C:\Users\THEGLA~1\AppData\Roaming\Intel
2008-07-18 10:29 --------- dc----w C:\Users\THE GLADIATOR\AppData\Roaming\Intel
2008-07-18 07:05 --------- dc----w C:\Program Files\Cisco
2008-07-18 07:02 --------- dc----w C:\Program Files\Intel
2008-07-16 22:24 236,275,569 ----a-w C:\Windows\DUMP470d.tmp
2008-07-16 07:21 --------- dc----w C:\Windows\system32\config\systemprofile\AppData\Roaming\TuneUp Software
2008-07-16 01:32 2,048 -c--a-w C:\Windows\System32\tzres.dll
2008-07-15 09:11 --------- dc----w C:\Users\THEGLA~1\AppData\Roaming\TuneUp Software
2008-07-15 09:11 --------- dc----w C:\Users\THE GLADIATOR\AppData\Roaming\TuneUp Software
2008-07-15 09:10 --------- dc----w C:\PROGRA~2\TuneUp Software
2008-07-15 08:05 --------- dc----w C:\Program Files\Internet Download Manager
2008-07-04 20:54 --------- dc----w C:\Program Files\AxBx
2008-07-04 14:27 --------- dc----w C:\Program Files\Flock
2008-07-04 13:58 --------- dc----w C:\Program Files\WinASO
2008-07-04 11:54 --------- dc----w C:\Program Files\Windows Live Safety Center
2008-07-03 17:42 --------- dc----w C:\Users\THEGLA~1\AppData\Roaming\Systweak
2008-07-03 17:42 --------- dc----w C:\Users\THE GLADIATOR\AppData\Roaming\Systweak
2008-07-03 07:07 --------- dc----w C:\Users\THEGLA~1\AppData\Roaming\XnView(757)
2008-07-03 07:07 --------- dc----w C:\Users\THE GLADIATOR\AppData\Roaming\XnView(757)
2008-07-03 06:16 --------- dc----w C:\Program Files\CyberLink
2008-07-03 06:15 --------- dc----w C:\Program Files\Sony Ericsson
2008-06-27 04:15 827,392 -c--a-w C:\Windows\System32\wininet.dll
2008-06-26 03:29 801,280 -c--a-w C:\Windows\System32\NaturalLanguage6.dll
2008-06-26 01:45 2,644,480 -c--a-w C:\Windows\System32\NlsLexicons0009.dll
2008-06-26 01:45 12,240,896 -c--a-w C:\Windows\System32\NlsLexicons0007.dll
2008-06-25 13:55 --------- dc----w C:\PROGRA~2\Avanquest Bluetooth SDK
2008-06-25 13:03 --------- dc----w C:\Program Files\K-Lite Codec Pack
2008-06-19 03:31 361,984 -c--a-w C:\Windows\System32\IPSECSVC.DLL
2008-06-17 02:14 73,216 -c--a-w C:\Windows\ST6UNST.EXE
2008-06-17 02:14 172,032 -c----w C:\Windows\Setup1.exe
2008-06-12 05:28 541,696 -c--a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-07 16:56 1,419,232 -c----w C:\Windows\System32\wdfcoinstaller01005.dll
2008-06-03 08:59 35,363 -c----w C:\Windows\System32\windrvNT.sys
2008-05-30 11:19 507,400 -c----w C:\Windows\System32\XAudio2_1.dll
2008-05-30 11:18 238,088 -c----w C:\Windows\System32\xactengine3_1.dll
2008-05-30 11:17 65,032 -c----w C:\Windows\System32\XAPOFX1_0.dll
2008-05-30 11:17 25,608 -c----w C:\Windows\System32\X3DAudio1_4.dll
2008-05-30 11:11 467,984 -c----w C:\Windows\System32\d3dx10_38.dll
2008-05-30 11:11 3,850,760 -c----w C:\Windows\System32\D3DX9_38.dll
2008-05-30 11:11 1,491,992 -c----w C:\Windows\System32\D3DCompiler_38.dll
2008-05-27 05:21 1,582,592 -c--a-w C:\Windows\System32\tquery.dll
2008-05-27 05:21 1,418,240 -c--a-w C:\Windows\System32\mssrch.dll
2008-05-27 05:17 87,552 -c--a-w C:\Windows\System32\SearchFilterHost.exe
2008-05-27 05:17 87,552 -c--a-w C:\Windows\System32\mssitlb.dll
2008-05-27 05:17 754,176 -c--a-w C:\Windows\System32\propsys.dll
2008-05-27 05:17 60,416 -c--a-w C:\Windows\System32\msscntrs.dll
2008-05-27 05:17 6,103,040 -c--a-w C:\Windows\System32\chtbrkr.dll
2008-05-27 05:17 34,816 -c--a-w C:\Windows\System32\msscb.dll
2008-05-27 05:17 32,768 -c--a-w C:\Windows\System32\mssprxy.dll
2008-05-27 05:17 313,344 -c--a-w C:\Windows\System32\thawbrkr.dll
2008-05-27 05:17 301,568 -c--a-w C:\Windows\System32\srchadmin.dll
2008-05-27 05:17 194,560 -c--a-w C:\Windows\System32\offfilt.dll
2008-01-21 17:16 16,384 -csha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-21 17:16 32,768 -csha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\.IE5\index.dat
2008-01-21 17:16 16,384 -csha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\s\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [11/29/2007 07:25 PM 5724184]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [07/15/2008 01:47 AM 2606512]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [01/18/2008 11:33 PM 1233920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [06/13/2007 04:50 AM 174872]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [03/10/2007 05:03 AM 857648]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE" [06/29/2007 06:16 AM 707080]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM 144784]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [03/09/2007 11:09 AM 63712]
"avgnt"="C:\Program Files\Avira\Avira Premium Security Suite\avgnt.exe" [06/12/2008 02:28 PM 266497]
C:\PROGRA~2\MICROS~1\Windows\STARTM~1\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-03-29 13:11:50 719664]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ONSPEED.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ONSPEED.lnk
backup=C:\Windows\pss\ONSPEED.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Acer Assist Launcher"=C:\Program Files\Acer Assist\launcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1999879657-4263014229-4113685941-1001]
"EnableNotificationsRef"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1999879657-4263014229-4113685941-1002]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{83597560-5BBB-4C7F-8A45-AECC026FA21A}"= C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe:Acer Arcade Deluxe
"{3821FF1D-10EB-4D65-95D8-9529B20B1868}"= C:\Program Files\Acer Arcade Deluxe\DVDivine\DVDivine.exe
VDivine
"{7CF68F0B-6091-425B-98C2-93B3980D2017}"= C:\Program Files\Acer Arcade Deluxe\VideoMagician\VideoMagician.exe:VideoMagician
"{8C23332C-F8E2-41B5-9F8A-4D567C921B62}"= C:\Program Files\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe:HomeMedia
"{B6983636-26F2-4B95-A24F-9563C6C8B3D5}"= C:\Program Files\Acer Arcade Deluxe\DV Wizard\DV Wizard.exe
V Wizard
"{C031BE91-5B0F-42C6-A7C5-EF2D50A24930}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PlayMovie.exe
lay Movie
"{CFDAC590-211F-4A60-80E2-A55AC011C362}"= C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe
lay Movie Resident Program
"TCP Query User{6F9126D8-6897-4A17-B38A-230BE28B77F5}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe
2P service of Orbit Downloader
"UDP Query User{1502EE95-E831-4C61-BB5F-98141ADA45E4}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe
2P service of Orbit Downloader
"TCP Query User{9A1C62E5-C7E6-40E9-A1AC-6AD40B880025}C:\\program files\\avant browser\\avant.exe"= UDP:C:\program files\avant browser\avant.exe:Avant Browser
"UDP Query User{CACE99DB-7BDA-4C7C-BD42-02754C990B84}C:\\program files\\avant browser\\avant.exe"= TCP:C:\program files\avant browser\avant.exe:Avant Browser
"TCP Query User{E08B7A58-BB89-49E2-A68B-388DC915A342}C:\\program files\\orbitdownloader\\orbitnet.exe"= UDP:C:\program files\orbitdownloader\orbitnet.exe
2P service of Orbit Downloader
"UDP Query User{7470707E-507F-4185-8EAF-5C8D743E5044}C:\\program files\\orbitdownloader\\orbitnet.exe"= TCP:C:\program files\orbitdownloader\orbitnet.exe
2P service of Orbit Downloader
"TCP Query User{3328089A-1FCA-4ED8-B739-EB84F1321F5E}C:\\program files\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare\bearshare.exe:BearShare
"UDP Query User{D5AE5DE2-E969-438A-A1B8-8F13F33FF3BF}C:\\program files\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare\bearshare.exe:BearShare
"TCP Query User{79135742-080E-40AB-B2AF-22717C850BB8}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{B242831C-9EC8-4418-9416-5595EA8EF224}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{82541913-9022-4339-929F-3CAC57DB3AF8}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= UDP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"UDP Query User{72F2AD00-5DF2-46C8-904D-752B89895F50}C:\\program files\\bearshare applications\\bearshare\\bearshare.exe"= TCP:C:\program files\bearshare applications\bearshare\bearshare.exe:BearShare
"TCP Query User{62BE0C35-9842-43E3-8D8B-60EDFD9C468B}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{996A440C-884A-4D6A-99A7-167C86DE2C7A}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"TCP Query User{F07EEA8F-1BB7-47BE-B4D9-FE3D09D7DB48}C:\\program files\\ares\\ares.exe"= UDP:C:\program files\ares\ares.exe:Ares p2p for windows
"UDP Query User{DC945F5E-A058-4BBA-BB0B-213CF6665AEB}C:\\program files\\ares\\ares.exe"= TCP:C:\program files\ares\ares.exe:Ares p2p for windows
"{A1FD02B7-84B1-4563-9C62-8CA9D9C916E9}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{513345DE-7A4D-4192-960F-1F695B1ECB30}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{5F8F253C-A22F-4DE8-ABBA-6F89C9020708}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{4297AF5D-937A-4CC6-8AEF-CD5451376C6E}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{AA3CA7DD-1590-4C08-9DEF-2D6E0DF06F8A}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{022A5AEB-DD40-4BF6-AD98-223CBB1BF0AE}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{26AFAF9A-016D-4C5B-9015-396273584F83}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{98EF3DBD-0978-4CA0-BC00-330BE8F97D6A}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{C65444B6-2293-49EC-B112-6508A6A9BDA9}C:\\program files\\avant browser\\avant.exe"= UDP:C:\program files\avant browser\avant.exe:Avant Browser
"UDP Query User{F71AA86B-10B7-4E36-854B-D137A356ACCA}C:\\program files\\avant browser\\avant.exe"= TCP:C:\program files\avant browser\avant.exe:Avant Browser
"{5E3E94F7-FB18-4D53-B1B7-AA558B282740}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BDE17428-4B1D-4265-BFFA-3069124A504D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{2407C0E0-CED6-42D3-A337-5BCD8648A465}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{65F007C6-A34B-4E09-B215-144E4F0252D5}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"{BFCAAC66-5EF4-4E8B-B500-ABBB944F19E8}"= Disabled:UDP:C:\Program Files\NetSupport School\client32.exe:NetSupport Client
"{352839C1-600B-4CA8-AF69-587BDE68569A}"= Disabled:TCP:C:\Program Files\NetSupport School\client32.exe:NetSupport Client
"{6FE9E4D3-A31E-44B1-A6D1-F66CA0B7B6BD}"= Disabled:UDP:C:\Program Files\NetSupport School\PCINSSUI.EXE:NetSupport Tutor
"{B0A867A0-9EF9-4EF1-A185-F5CB2177F46C}"= Disabled:TCP:C:\Program Files\NetSupport School\PCINSSUI.EXE:NetSupport Tutor
"{752EE3D0-05F3-46A6-BE40-A3F1220F575E}"= Disabled:UDP:C:\Program Files\NetSupport School\pcinsscd.exe:NetSupport Group Leader
"{1F161F5A-A98B-4F1D-8FE0-5DA0D173CFBD}"= Disabled:TCP:C:\Program Files\NetSupport School\pcinsscd.exe:NetSupport Group Leader
"{3949BC5F-B73B-427B-98B8-3C3458E21E8B}"= Disabled:UDP:C:\Program Files\NetSupport School\pcijoin.exe:NetSupport Join Class
"{BAE2C98D-ABB0-4D75-85CF-CD566558C1CD}"= Disabled:TCP:C:\Program Files\NetSupport School\pcijoin.exe:NetSupport Join Class
"{3C739D32-2C9E-475F-9D67-957EE046B473}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{C2B67D2D-BA95-4F5F-B50D-807FD9EEC06B}"= TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"TCP Query User{2F48E7E7-77A7-4DCB-A6CC-594DBD58FECC}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= UDP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"UDP Query User{7796D39F-914B-49FB-A802-C77977048373}C:\\program files\\camfrog\\camfrog video chat\\camfrog video chat.exe"= TCP:C:\program files\camfrog\camfrog video chat\camfrog video chat.exe:Camfrog Client Module
"TCP Query User{128ABFE9-4042-4763-8EB9-0569EF788A12}C:\\program files\\skype\\phone\\skype.exe"= UDP:C:\program files\skype\phone\skype.exe:Skype
"UDP Query User{B3A220FB-F11E-49CD-9D97-14BEAD23317D}C:\\program files\\skype\\phone\\skype.exe"= TCP:C:\program files\skype\phone\skype.exe:Skype
"TCP Query User{263DE8DA-B646-4C5C-8B15-7993758C43DD}C:\\program files\\internet download manager\\idman.exe"= UDP:C:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
"UDP Query User{55E6890D-35EF-4872-BEA5-50E7363F9E19}C:\\program files\\internet download manager\\idman.exe"= TCP:C:\program files\internet download manager\idman.exe:Internet Download Manager (IDM)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IEPro\\MiniDM.exe"= C:\Program Files\IEPro\MiniDM.exe:*:Enabled:MiniDM
R1 avfwot;avfwot;C:\Windows\system32\DRIVERS\avfwot.sys [05/07/2008 02:20 PM]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [04/19/2008 07:05 PM]
R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};C:\Program Files\Acer Arcade Deluxe\Play Movie\
000.fcl [11/03/2006 02:51 AM]
R2 AntiVirFirewallService;Avira Premium Security Suite Firewall;C:\Program Files\Avira\Avira Premium Security Suite\avfwsvc.exe [05/16/2008 10:19 AM]
R2 AntiVirMailService;Avira Premium Security Suite MailGuard;C:\Program Files\Avira\Avira Premium Security Suite\avmailc.exe [07/11/2008 12:23 PM]
R2 antivirwebservice;Avira Premium Security Suite WebGuard;C:\Program Files\Avira\Avira Premium Security Suite\AVWEBGRD.EXE [06/12/2008 02:59 PM]
R2 AVEService;Avira Premium Security Suite MailGuard helper service;C:\Program Files\Avira\Avira Premium Security Suite\avesvc.exe [05/09/2008 01:22 PM]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [01/18/2008 11:33 PM]
R3 avfwim;AvFw Packet Filter Miniport;C:\Windows\system32\DRIVERS\avfwim.sys [05/07/2008 10:51 AM]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [01/18/2008 08:25 PM]
R3 tapvpn;TAP VPN Adapter;C:\Windows\system32\DRIVERS\tapvpn.sys [12/16/2006 11:37 PM]
R3 winbondcir;Winbond IR Transceiver;C:\Windows\system32\DRIVERS\winbondcir.sys [03/28/2007 05:51 PM]
S3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [03/30/2007 03:46 AM]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [02/27/2007 02:20 PM]
S3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [02/27/2007 02:20 PM]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\system32\DRIVERS\ggflt.sys [06/07/2008 07:56 PM]
S3 sea1bus;Sony Ericsson Device 0A1 driver (WDM);C:\Windows\system32\DRIVERS\sea1bus.sys [01/04/2007 02:01 PM]
S3 sea1mdfl;Sony Ericsson Device 0A1 USB WMC Modem Filter;C:\Windows\system32\DRIVERS\sea1mdfl.sys [01/04/2007 02:01 PM]
S3 sea1mdm;Sony Ericsson Device 0A1 USB WMC Modem Driver;C:\Windows\system32\DRIVERS\sea1mdm.sys [01/04/2007 02:01 PM]
S3 sea1mgmt;Sony Ericsson Device 0A1 USB WMC Device Management Drivers (WDM);C:\Windows\system32\DRIVERS\sea1mgmt.sys [01/04/2007 02:01 PM]
S3 sea1nd5;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (NDIS);C:\Windows\system32\DRIVERS\sea1nd5.sys [01/04/2007 02:01 PM]
S3 sea1obex;Sony Ericsson Device 0A1 USB WMC OBEX Interface;C:\Windows\system32\DRIVERS\sea1obex.sys [01/04/2007 02:01 PM]
S3 sea1unic;Sony Ericsson Device 0A1 USB Ethernet Emulation SEMCA1 (WDM);C:\Windows\system32\DRIVERS\sea1unic.sys [01/04/2007 02:01 PM]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [08/20/2008 02:34 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
*Newly Created Service* - AVFWOT
*Newly Created Service* - AVGNTFLT
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\THEGLA~1\AppData\Roaming\Mozilla\Firefox\Profiles\9k2qc1nq.default\
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
.
------- File Associations (Beta) -------
.
txtfile=C:\WINDOWS\notepad.exe %1
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
Rootkit scan 2008-08-21 14:37:39
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 08/21/2008 14:38:59
ComboFix-quarantined-files.txt 2008-08-21 11:38:54
Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 48,421,126,144 bytes free
335 --- E O F --- 2008-08-20 18:12:16
