here it is...
ComboFix 09-06-05.02 - Michael 06/05/2009 13:35.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2046.986 [GMT -5:00]
Running from: c:\users\Michael\Desktop\ComboFix.exe
FW: Norton AntiVirus *enabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Michael\AppData\Roaming\inst.exe
c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 0.Wdf
c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
c:\windows\system32\Drivers\sptd.sys
D:\Desktop.ini
.
((((((((((((((((((((((((( Files Created from 2009-05-05 to 2009-06-05 )))))))))))))))))))))))))))))))
.
2009-06-05 18:46 . 2009-06-05 18:46 -------- d-sh--w- \$RECYCLE.BIN
2009-06-05 18:42 . 2009-06-05 18:42 -------- d-----w- C:\temp
2009-06-05 18:33 . 2009-06-05 18:33 -------- d-----w- \Qoobox
2009-06-05 17:15 . 2009-03-09 16:06 89104 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\NAVENG.SYS
2009-06-05 17:15 . 2009-03-09 16:06 876144 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\NAVEX15.SYS
2009-06-05 17:15 . 2009-03-09 16:06 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\NAVENG32.DLL
2009-06-05 17:15 . 2009-03-09 16:06 1181040 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\NAVEX32A.DLL
2009-06-05 17:15 . 2009-03-09 16:06 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\EECTRL.SYS
2009-06-05 17:15 . 2009-03-09 16:06 259368 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\ECMSVR32.DLL
2009-06-05 17:15 . 2009-03-09 16:06 101936 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\ERASER.SYS
2009-06-05 17:15 . 2009-03-09 16:06 2414128 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\2009060 5.003\CCERASER.DLL
2009-06-03 23:49 . 2009-06-05 03:09 -------- d-----w- c:\users\Michael\AppData\Local\Apple Computer
2009-06-03 19:58 . 2009-06-03 19:58 -------- d-----w- c:\program files\ESET
2009-06-03 19:24 . 2009-06-03 19:24 -------- d-----w- c:\users\Michael\AppData\Local\Apple
2009-06-02 23:00 . 2009-06-02 23:00 -------- d-----w- c:\users\Michael\AppData\Local\Adobe
2009-06-02 21:47 . 2009-06-02 21:47 -------- d-----w- c:\users\Michael\AppData\Local\AOL OCP
2009-06-02 21:47 . 2009-06-02 21:47 -------- d-----w- c:\users\Michael\AppData\Local\AOL
2009-06-02 21:32 . 2009-05-26 18:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 21:32 . 2009-05-26 18:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 21:32 . 2009-06-02 21:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 01:57 . 2009-06-02 01:58 -------- d-----w- c:\program files\QuickTime
2009-05-29 18:42 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\Scxpx86.dll
2009-05-29 18:42 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSXpx86.sys
2009-05-29 18:42 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSvix86.sys
2009-05-29 18:42 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSxpx86.dll
2009-05-29 18:42 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSviA64.sys
2009-05-27 16:09 . 2009-05-27 16:10 65294248 ----a-w- c:\programdata\Sling Media\AutoUpdateFiles\D367SLingPlayer.exe
2009-05-26 17:44 . 2009-05-26 17:44 -------- d-----w- c:\program files\HandBrake
2009-05-24 19:30 . 2009-05-24 19:30 -------- d-----w- c:\program files\Nimbuzz
2009-05-23 20:30 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513. 001\Scxpx86.dll
2009-05-23 20:30 . 2009-01-29 21:50 276344 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513. 001\IDSXpx86.sys
2009-05-23 20:30 . 2009-01-29 21:50 292912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513. 001\IDSvix86.sys
2009-05-23 20:30 . 2009-01-29 21:50 447864 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513. 001\IDSxpx86.dll
2009-05-23 20:30 . 2009-01-29 21:50 396848 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513. 001\IDSviA64.sys
2009-05-23 20:29 . 2009-05-23 20:29 738120 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-05-15 23:43 . 2009-05-15 23:43 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Brow se\NetTVResources.dll
2009-05-15 08:51 . 2009-05-24 03:54 156672 ----a-w- c:\windows\system32\rmc_fixasf.exe
2009-05-15 08:51 . 2009-05-24 03:53 237568 ----a-w- c:\windows\system32\rmc_rtspdl.dll
2009-05-15 08:50 . 2009-05-24 03:53 323584 ----a-w- c:\windows\system32\AUDIOGENIE2.DLL
2009-05-15 08:49 . 2009-05-15 08:49 -------- d-----w- c:\windows\Replay Media Catcher
2009-05-15 08:48 . 2009-05-26 06:00 -------- d-----w- c:\program files\Replay Media Catcher
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-06-05 18:44 . 2007-08-23 21:40 2459627520 --sha-w- \pagefile.sys
2009-06-05 18:43 . 2007-08-23 21:47 1660 ----a-w- c:\windows\bthservsdp.dat
2009-06-05 17:15 . 2009-04-16 03:55 28029 ----a-w- c:\programdata\nvModes.dat
2009-06-03 05:35 . 2008-06-26 02:21 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-06-02 23:28 . 2007-09-01 17:18 -------- d-----w- c:\program files\PowerISO
2009-05-26 18:56 . 2008-11-13 06:23 -------- d-----w- c:\users\Michael\AppData\Roaming\Skype
2009-05-26 18:56 . 2008-11-13 06:24 -------- d-----w- c:\users\Michael\AppData\Roaming\skypePM
2009-05-16 12:50 . 2008-06-26 02:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-15 09:28 . 2007-08-31 22:01 -------- d-----w- c:\users\Michael\AppData\Roaming\uTorrent
2009-05-15 08:07 . 2007-06-19 10:53 -------- d-----w- c:\programdata\Microsoft Help
2009-05-15 08:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-04-30 23:15 . 2007-09-02 19:08 -------- d-----w- c:\users\Michael\AppData\Roaming\Canon
2009-04-27 20:21 . 2009-02-28 01:41 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-04-27 20:05 . 2009-05-01 19:47 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-04-27 20:05 . 2009-04-27 20:05 64160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-04-16 17:08 . 2008-02-16 19:01 -------- d-----w- c:\programdata\NVIDIA
2009-04-11 05:34 . 2007-08-30 22:34 28029 ----a-w- c:\users\Michael\AppData\Roaming\nvModes.dat
2009-04-08 00:14 . 2009-04-08 00:14 -------- d-----w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 00:14 . 2009-04-08 00:14 -------- d-----w- c:\program files\iTunes
2009-04-08 00:14 . 2009-04-08 00:14 -------- d-----w- c:\program files\iPod
2009-04-08 00:14 . 2007-09-01 05:13 -------- d-----w- c:\program files\Common Files\Apple
2009-04-08 00:07 . 2009-04-08 00:07 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-03-19 21:32 . 2009-04-08 00:14 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-19 21:32 . 2009-03-19 21:32 23400 ----a-w- c:\programdata\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86\GEARAspiWDM.sys
2009-03-18 18:59 . 2008-10-09 23:56 124464 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-17 03:38 . 2009-04-15 19:35 13824 ----a-w- c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-15 19:35 24064 ----a-w- c:\windows\system32\amxread.dll
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Sc xpx86.dll
2009-03-09 19:53 . 2009-03-09 19:53 69664 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\64\lbd.sys
2009-03-09 19:53 . 2009-03-09 19:53 274792 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\64\AAWDriverTool.exe
2009-03-09 19:52 . 2009-03-09 19:52 73064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\update\Drivers\32\AAWDriverTool.exe
2009-03-09 10:19 . 2008-12-10 05:03 410984 ----a-w- c:\windows\system32\deploytk.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 1773568]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Google Update"="c:\users\Michael\AppData\Local\Google\Upd ate\GoogleUpdate.exe" [2008-12-03 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 174872]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-02-13 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-09-19 66816]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"CognizanceTS"="c:\progra~1\BIOSCR~1\VeriSoft\Bin\ ASTSVCC.dll" [2003-12-22 17920]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe" [2005-09-19 163840]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-03-12 517768]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-29 518488]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-04 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-12-04 92704]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-03-09 4390912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\APSHook.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]
Notification Packages REG_MULTI_SZ scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Wind ows^Start Menu^Programs^Startup^Clean Access Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Clean Access Agent.lnk
backup=c:\windows\pss\Clean Access Agent.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^Users^Michael^AppData^Roam ing^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\Michael\AppData\Roaming\Microsoft\Wi ndows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\DomainProfile\AuthorizedApplications\List]
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\FirewallRules]
"{FD8CC398-C3F7-41BE-98A5-C6A62BB10958}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{13C9E86B-54AE-4A87-A2EF-44ED2B50EF5F}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{220513BC-B2BE-4FA0-BAC9-60F5F7F74726}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{5A90CF99-4F43-41A7-BD63-833D156B1E88}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{95383F02-9BF8-4FFB-9917-671A202B8E80}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CD4068D7-B5D6-4E40-BF0F-A5E33A97304B}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{94F144FD-51FF-47FC-9888-47B9EB6EBB2C}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{D4E92348-BAF7-45C0-8F15-C60F4331067A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F03EBEA6-16B0-45AC-BFB6-B06BA544D646}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{463360B5-9168-4A8C-99C2-D408F72A831A}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{BD401096-17CE-4EC9-9875-511E1990B5D5}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{0972E767-D1E9-4BA6-B974-B2FFE93F6FE0}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FD63C072-B217-426F-94EB-29EB595F8FFC}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{CB3BDBCE-808B-47DC-8684-8147FB149A47}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{E9B38C58-9667-4192-85AE-9B34C2DBDAB9}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent
"{B1897D15-107E-4F7B-B33B-96605761AC75}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{200F605A-7E89-41AD-83BF-934E46A7EB4D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{DD98F6BE-E108-44A1-B251-95D8C6301204}c:\\program files\\airport\\apagent.exe"= UDP:c:\program files\airport\apagent.exe:AirPort Base Station Agent
"UDP Query User{706EF837-1DEF-45D2-9346-6F4E79DFE800}c:\\program files\\airport\\apagent.exe"= TCP:c:\program files\airport\apagent.exe:AirPort Base Station Agent
"TCP Query User{A55E98F4-4492-4327-AA54-B86562560AF4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{A4485829-CDF8-4582-BFE1-F39B11A815FA}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{05801DED-9433-4EBA-B9CA-8A3DCCBB4BEF}"= UDP:990:LocalSubnet:LocalSubnet|IF={D25E9E4A-D581-4C0C-99CB-3AF6D9AB32DB}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{ED1171C8-6749-424A-9FFB-298B3136AFC5}"= UDP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{6382BFE2-70C7-4CFF-9A59-07ADA808FDB6}"= TCP:c:\program files\Ruckus Player\Ruckus.exe:Ruckus
"{37A7B586-DF66-4DF4-917E-B07185AFFD5E}"= UDP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:Tu nebiteHelper
"{E2BF2A6E-34D6-4A7B-B8D3-0D30A3A4736E}"= TCP:c:\program files\RapidSolution\Tunebite\TunebiteHelper.exe:Tu nebiteHelper
"TCP Query User{1D6D180D-598E-4CAF-9486-2C1CC04B2113}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{E9ADA256-24FD-4560-AE03-6A586244BF9F}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"{010BCB0B-AE69-4C9E-B3D2-CDC20FA4C1BF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B6325566-44E6-4BAD-8DAC-B67796009F7B}"= UDP:990:LocalSubnet:LocalSubnet|IF={D25E9E4A-D581-4C0C-99CB-3AF6D9AB32DB}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{24778982-55AB-4A7B-93F7-98E9805F6E9F}"= UDP:990:LocalSubnet:LocalSubnet|IF={D25E9E4A-D581-4C0C-99CB-3AF6D9AB32DB}|%SystemRoot%\system32\svchost.exe|Sv c=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{7D21A26D-7A12-4A8E-BA3C-25E05060B3E9}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DA3245CD-BF63-4C26-961C-231FEB0C064D}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{A6470E6C-4038-4CCD-8D1E-1451809B2C9C}c:\\program files\\tightvnc\\winvnc.exe"= UDP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"UDP Query User{0699C4D7-89C3-4F2A-9CFD-4FB06A34F92C}c:\\program files\\tightvnc\\winvnc.exe"= TCP:c:\program files\tightvnc\winvnc.exe:TightVNC Win32 Server
"{BCC29B56-97B5-45E7-85B3-BA4ECE214E95}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{9DA5012B-D02A-4F25-AB0C-0AAFCFDFEEBD}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{DE8F5931-1F41-4BB7-9858-6B1F6347F3CA}"= TCP:5353:Bonjour
"{48C1AD69-E6C9-4E78-A53C-6C09DD7B793C}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{0783FAB5-5D18-470E-AC40-F8B7F6E4C625}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"TCP Query User{8F226577-F2AF-40C6-A865-F6EEC71C0332}c:\\program files\\simplify media\\simplifypeer.exe"= UDP:c:\program files\simplify media\simplifypeer.exe:Simplify Media Peer
"UDP Query User{0A3B8CA2-6374-4703-A1EF-620BE925FED1}c:\\program files\\simplify media\\simplifypeer.exe"= TCP:c:\program files\simplify media\simplifypeer.exe:Simplify Media Peer
"TCP Query User{BD2E5D62-2B36-4934-92EB-E1BE990C3912}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= UDP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
"UDP Query User{CBB8F3E7-2120-48BF-937E-3C3E7DD3DB92}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= TCP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
"TCP Query User{80F5BFCE-8F4C-4353-8FDA-1205CB78BE7F}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{D96F7C76-4633-469D-B104-91C85FE171E3}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{BCCFC918-BD9C-49EE-8C48-1A63AD087A6E}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{D89E8887-B961-4ACE-9B29-C75F813718B3}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{3C8159B2-6309-4AC3-B67B-2B69515F09C5}c:\\program files\\simplify media\\simplifymedia.exe"= UDP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
"UDP Query User{8BFBBB26-4FDF-47A7-90ED-75E0BAD6857A}c:\\program files\\simplify media\\simplifymedia.exe"= TCP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
"TCP Query User{CF08D22A-9228-44FB-AB54-5CA4106E6738}c:\\program files\\simplify media\\simplifymedia.exe"= UDP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
"UDP Query User{E50D691B-D21B-40D0-B5FC-AA82FBF52DB9}c:\\program files\\simplify media\\simplifymedia.exe"= TCP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
"{2C5CB0FE-FDDE-45EE-B58C-1B455CE330C1}"= UDP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
"{F1EB1D76-60E3-4C50-819E-0F9A66787DE1}"= TCP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
"TCP Query User{C0D91D49-C911-4F92-AC7E-265232D2EE99}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{B8F11B35-B502-49A8-A5F1-2A10330019BD}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"{4C8D07BE-99F3-49CD-A30F-171E0A5554EC}"= c:\program files\Skype\Phone\Skype.exe:Skype
"TCP Query User{DE214E1F-FAEC-41AE-A6C7-732D561D63BD}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= UDP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
"UDP Query User{E4E3BCE8-6B63-4A82-8B11-A2C629432AF9}c:\\program files\\iphone tunnel suite\\itunnel\\itunnel.exe"= TCP:c:\program files\iphone tunnel suite\itunnel\itunnel.exe:iTunnel
"{E2B11B59-7939-4613-8975-354DA7913B7D}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C0EDF424-8067-498D-BA67-E4E79BCDE5B0}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"TCP Query User{0F56AB9A-E420-462C-BBBC-734370338519}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= UDP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB
"UDP Query User{7337BC20-E3CD-47B5-AA43-8239254D5B77}c:\\program files\\matlab\\r2007b\\bin\\win32\\matlab.exe"= TCP:c:\program files\matlab\r2007b\bin\win32\matlab.exe:MATLAB
"TCP Query User{65CCA60B-5168-49B9-B233-83A98D615416}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{AD0B321E-9F71-4804-87A3-8559C3B7F4AD}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"TCP Query User{1472E0E6-301F-468D-B5D2-08F6288F17D6}c:\\program files\\sling media\\slingplayer\\slingplayer.exe"= UDP:c:\program files\sling media\slingplayer\slingplayer.exe:SlingPlayer
"UDP Query User{8F4E85A3-71AE-44DE-9B01-0424764F1990}c:\\program files\\sling media\\slingplayer\\slingplayer.exe"= TCP:c:\program files\sling media\slingplayer\slingplayer.exe:SlingPlayer
"{08D0B160-91D4-46B0-86E3-9C40862D5C96}"= UDP:c:\program files\AirPort\APAgent.exe:AirPort
"{AC9B5F0E-FCAB-4A3A-97BF-F1856EF6E275}"= TCP:c:\program files\AirPort\APAgent.exe:AirPort
"{80A107E3-51F1-408C-B862-29A4B2C27FCB}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{FB143D37-10D5-4F30-A6F3-F3C0497B6175}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{C4CE9C36-8623-45CB-ACD9-E5F9F445531F}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{6B308980-7D10-4608-9BD3-2664AA4357F9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{5FE55DCD-B762-4705-94C2-79BBFD542BB3}"= UDP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
"{2F6E19EA-4758-419D-BFBA-E63E7E6AFE02}"= TCP:c:\program files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe:Roxio Upnp Service
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= c:\program files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [5/1/2009 2:47 PM 64160]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1005000 .086\SymEFA.sys [3/18/2009 1:59 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1005000.086 \BHDrvx86.sys [3/18/2009 1:59 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1005000.0 86\cchpx86.sys [3/18/2009 1:59 PM 482352]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090528. 001\IDSvix86.sys [5/29/2009 1:42 PM 292912]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [5/29/2008 6:33 PM 21504]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [5/29/2008 6:33 PM 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 4:34 PM 1005904]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [3/18/2009 1:59 PM 115560]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [6/25/2008 9:21 PM 1153368]
R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [3/10/2009 12:09 AM 93960]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [10/23/2007 9:56 PM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/25/2009 9:17 PM 101936]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [11/17/2008 3:40 PM 3668480]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1005000.086 \symndisv.sys [3/18/2009 1:59 PM 39984]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
Cognizance REG_MULTI_SZ ASBroker ASChannel
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
2009-05-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 19:47]
2009-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-427839270-3882261659-512520142-1000.job
- c:\users\Michael\AppData\Local\Google\Update\Googl eUpdate.exe [2008-12-03 00:40]
2009-05-15 c:\windows\Tasks\HPCeeScheduleForMichael.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-06-19 21:23]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MtdAcqu - c:\program files\Creative\MediaSource5\MtdAcqu.exe
HKCU-Run-Aim6 - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
SafeBoot-procexp90.Sys
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig?hl=en%5C
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion &pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\P rofiles\r1ny888h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl. dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Michael\AppData\Local\Google\Update\1.2.1 45.5\npGoogleOneClick8.dll
FF - plugin: c:\users\Michael\AppData\Roaming\Mozilla\Firefox\P rofiles\r1ny888h.default\extensions\moveplayer@mov enetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07051001.dll
.
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-05 13:47
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N orton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-427839270-3882261659-512520142-1000\Software\Microsoft\Windows\CurrentVersion\She ll Extensions\Approved\{471EB9A8-9996-E246-71E2-203FD5233EC0}*]
"nafmceappfakpnedgkkgpbdfigka"=hex:6a,61,6c,6a,62, 70,69,65,6e,6f,70,66,67,61,
66,70,6e,6a,62,69,00,7f
"gbhgkgpidfbgjfhkjgdbfehffmfljnanbclcindaedbhlf"=h ex:6c,61,6c,6c,61,6d,6f,6e,
6f,6c,62,6d,65,70,6a,68,6b,68,61,65,69,6d,66,69,00 ,00
"bbngajeapfbpapifemahjbkjckodancbehpj"=hex:6e,61,6 c,6a,64,70,6a,6b,62,63,6c,63,
62,63,6e,68,68,62,6f,66,66,6c,70,6c,63,66,67,6d,00 ,83
"oapmiacohdnkmgfncmecimkahjfokd"=hex:6a,61,6c,6a,6 2,70,69,65,6e,6f,70,66,67,61,
66,70,6e,6a,62,69,00,7f
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(804)
c:\program files\Bioscrypt\VeriSoft\bin\ASWLNPkg.dll
c:\program files\Bioscrypt\VeriSoft\bin\ItMsg.dll
- - - - - - - > 'Explorer.exe'(4396)
c:\windows\system32\APSHook.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Easy Media Creator 8\Drag to Disc\Shellex.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
c:\program files\TightVNC\WinVNC.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Bioscrypt\VeriSoft\Bin\asghost.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\rundll32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\servicing\TrustedInstaller.exe
.
************************************************** ************************
.
Completion time: 2009-06-05 13:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-05 18:57
Pre-Run: 31,950,675,968 bytes free
Post-Run: 31,923,666,944 bytes free
387 --- E O F --- 2009-05-15 08:07
Reply With Quote