ComboFix 09-07-14.08 - PhilS 07/19/2009 0:43.3.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2814.1746 [GMT -7:00]
Running from: c:\users\PhilS\Desktop\ComboFix.exe
Command switches used :: c:\users\PhilS\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FILE ::
"c:\windows\Tasks\RegCure Program Check.job"
"c:\windows\Tasks\RegCure Startup.job"
"c:\windows\Tasks\RegCure.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\RegCure
c:\program files\RegCure\0_days.htm
c:\program files\RegCure\1_days.htm
c:\program files\RegCure\15_days.htm
c:\program files\RegCure\2_days.htm
c:\program files\RegCure\30_days.htm
c:\program files\RegCure\5_days.htm
c:\program files\RegCure\Animated-Bar.gif
c:\program files\RegCure\AutoUpdate.dll
c:\program files\RegCure\Backup\RegCureBak_July_14_09_01_39_51.bak
c:\program files\RegCure\Backup\RegCureBak_July_14_09_01_39_51.reg
c:\program files\RegCure\Backup\RegCureBak_July_14_09_01_39_51\Sample Music.lnk
c:\program files\RegCure\Backup\RegCureBak_July_14_09_01_39_51\Sample Videos.lnk
c:\program files\RegCure\Backup\RegCureBak_July_14_09_09_45_18.reg
c:\program files\RegCure\Backup\RegCureBak_July_16_09_02_29_39.bak
c:\program files\RegCure\Backup\RegCureBak_July_16_09_02_29_39.reg
c:\program files\RegCure\Backup\RegCureBak_July_16_09_02_29_39\Recently Changed.lnk
c:\program files\RegCure\blue_duo.jpg
c:\program files\RegCure\buttonfill.jpg
c:\program files\RegCure\buttonfill_expire.jpg
c:\program files\RegCure\buttonfill_mo.jpg
c:\program files\RegCure\buttonfill_mo_expire.jpg
c:\program files\RegCure\BuyNags.htm
c:\program files\RegCure\center_gradient.jpg
c:\program files\RegCure\container_content_bkimg.gif
c:\program files\RegCure\container_content_leftimg.gif
c:\program files\RegCure\container_content_rightimg.gif
c:\program files\RegCure\contentwrapper.gif
c:\program files\RegCure\email.htm
c:\program files\RegCure\expire.css
c:\program files\RegCure\footerbar.gif
c:\program files\RegCure\green_duo.jpg
c:\program files\RegCure\help.chm
c:\program files\RegCure\info_bubble.jpg
c:\program files\RegCure\left_gradient.jpg
c:\program files\RegCure\logo.jpg
c:\program files\RegCure\Logs\Regcure-14-07-09-01-39-53.zip
c:\program files\RegCure\Logs\Regcure-14-07-09-09-45-19.zip
c:\program files\RegCure\Logs\Regcure-16-07-09-02-29-39.zip
c:\program files\RegCure\Logs\SystemInfo.zip
c:\program files\RegCure\LogSettings.xml
c:\program files\RegCure\main.css
c:\program files\RegCure\main_nag.css
c:\program files\RegCure\main_showstats.css
c:\program files\RegCure\package_titlebar_bkimg.jpg
c:\program files\RegCure\process-animation.gif
c:\program files\RegCure\RegCure.exe
c:\program files\RegCure\regcure.gif
c:\program files\RegCure\right_gradient.jpg
c:\program files\RegCure\settings.xml
c:\program files\RegCure\showstats.htm
c:\program files\RegCure\small_vbxregcure.jpg
c:\program files\RegCure\special_offer.jpg
c:\program files\RegCure\special_offer_nag.jpg
c:\program files\RegCure\subtitlebar.gif
c:\program files\RegCure\tile_titlebar.jpg
c:\program files\RegCure\Tip1.html
c:\program files\RegCure\Tip10.html
c:\program files\RegCure\Tip11.html
c:\program files\RegCure\Tip12.html
c:\program files\RegCure\Tip13.html
c:\program files\RegCure\Tip14.html
c:\program files\RegCure\Tip15.html
c:\program files\RegCure\Tip2.html
c:\program files\RegCure\Tip3.html
c:\program files\RegCure\Tip4.html
c:\program files\RegCure\Tip5.html
c:\program files\RegCure\Tip6.html
c:\program files\RegCure\Tip7.html
c:\program files\RegCure\Tip8.html
c:\program files\RegCure\Tip9.html
c:\program files\RegCure\titlebar_left.jpg
c:\program files\RegCure\titlebar_right.jpg
c:\program files\RegCure\tp.css
c:\program files\RegCure\TrialPay.htm
c:\program files\RegCure\underline.gif
c:\program files\RegCure\uninst.exe
c:\program files\RegCure\zlibwapi.dll
c:\windows\Tasks\RegCure Program Check.job
c:\windows\Tasks\RegCure Startup.job
c:\windows\Tasks\RegCure.job
.
((((((((((((((((((((((((( Files Created from 2009-06-19 to 2009-07-19 )))))))))))))))))))))))))))))))
.
2009-07-19 07:52 . 2009-07-19 07:55 -------- d-----w- c:\users\PhilS\AppData\Local\temp
2009-07-19 07:38 . 2009-07-19 07:38 -------- d-----w- c:\programdata\McAfee
2009-07-15 21:01 . 2009-07-15 21:01 -------- d-----w- c:\program files\Trend Micro
2009-07-15 08:51 . 2009-07-15 08:51 -------- d-----w- c:\users\PhilS\AppData\Roaming\Malwarebytes
2009-07-15 08:51 . 2009-07-13 20:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-15 08:51 . 2009-07-15 08:51 -------- d-----w- c:\programdata\Malwarebytes
2009-07-15 08:51 . 2009-07-15 08:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-15 08:51 . 2009-07-13 20:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-14 20:11 . 2009-06-15 14:53 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-07-14 20:11 . 2009-06-15 14:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-07-14 20:11 . 2009-06-15 12:42 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-07-14 20:11 . 2009-06-15 14:52 23552 ----a-w- c:\windows\system32\lpk.dll
2009-07-14 20:11 . 2009-06-15 14:51 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-07-14 17:06 . 2009-07-14 17:06 -------- d-----w- c:\programdata\Cached Installations
2009-07-14 17:00 . 2009-07-14 17:00 -------- d-----w- c:\programdata\Downloaded Installations
2009-07-13 17:41 . 2009-07-16 00:48 117760 ----a-w- c:\users\PhilS\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-13 17:41 . 2009-07-13 17:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-13 17:40 . 2009-07-13 17:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-13 17:40 . 2009-07-13 17:40 -------- d-----w- c:\users\PhilS\AppData\Roaming\SUPERAntiSpyware.com
2009-07-13 17:39 . 2009-07-13 17:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-10 23:43 . 2009-07-10 23:43 -------- d-----w- c:\users\PhilS\AppData\Roaming\funkitron
2009-07-09 09:08 . 2009-07-09 09:08 -------- d-----w- c:\users\PhilS\AppData\Roaming\iWin
2009-07-04 21:05 . 2009-07-04 21:06 -------- d-----w- c:\windows\system32\ca-ES
2009-07-04 21:05 . 2009-07-04 21:06 -------- d-----w- c:\windows\system32\eu-ES
2009-07-04 21:05 . 2009-07-04 21:06 -------- d-----w- c:\windows\system32\vi-VN
2009-07-04 19:40 . 2009-07-04 19:40 -------- d-----w- c:\windows\system32\EventProviders
2009-07-04 19:36 . 2009-04-11 06:28 289792 ----a-w- c:\windows\system32\spinstall.exe
2009-07-04 19:35 . 2009-04-11 06:28 71680 ----a-w- c:\windows\system32\propdefs.dll
2009-07-04 19:34 . 2009-04-11 06:28 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2009-07-04 19:33 . 2009-04-11 06:28 140288 ----a-w- c:\windows\system32\wpcsvc.dll
2009-07-04 19:32 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-07-04 19:32 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-07-04 19:32 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-07-04 19:32 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-07-04 19:32 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-07-04 19:32 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-07-04 19:32 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-07-04 19:32 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-07-04 19:32 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-07-04 19:32 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-07-04 19:32 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-06-25 08:20 . 2009-06-25 08:24 -------- d-----w- c:\program files\SystemRequirementsLab
2009-06-25 08:20 . 2009-06-25 08:21 -------- d-----w- c:\users\PhilS\AppData\Roaming\SystemRequirementsLab
2009-06-25 08:20 . 2009-06-25 08:20 290816 ----a-w- c:\users\PhilS\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_4.dll
2009-06-25 08:20 . 2009-06-25 08:20 290816 ----a-w- c:\users\PhilS\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_3.dll
2009-06-25 08:20 . 2009-06-25 08:20 290816 ----a-w- c:\users\PhilS\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_2.dll
2009-06-25 08:20 . 2009-06-25 08:20 290816 ----a-w- c:\users\PhilS\AppData\Roaming\SystemRequirementsLab\SRLProxy_nvd_1.dll
2009-06-22 10:42 . 2009-06-24 11:14 -------- d-----w- c:\users\PhilS\AppData\Roaming\dvdcss
2009-06-21 21:50 . 2009-06-05 11:33 68640 ----a-w- c:\windows\unTMV.exe
2009-06-21 21:50 . 2009-06-21 21:50 -------- d-----w- c:\program files\SoftMaker Viewer
2009-06-19 19:58 . 2009-06-19 19:58 -------- d-----w- c:\users\PhilS\AppData\Roaming\Recordpad
2009-06-19 11:32 . 2009-06-19 11:33 -------- d-----w- c:\programdata\NCH Swift Sound
2009-06-19 11:32 . 2009-06-19 11:33 -------- d-----w- c:\users\PhilS\AppData\Roaming\NCH Swift Sound
2009-06-19 11:32 . 2009-06-19 11:32 -------- d-----w- c:\program files\NCH Software
2009-06-19 11:31 . 2009-06-27 03:50 -------- d-----w- c:\program files\NCH Swift Sound
2009-06-19 11:28 . 2009-06-19 11:28 -------- d-----w- c:\programdata\FreeRIP
2009-06-19 11:28 . 2009-06-19 11:28 -------- d-----w- c:\program files\FreeRIP3
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-19 07:54 . 2008-12-26 00:31 -------- d-----w- c:\program files\Spyware Doctor
2009-07-19 00:35 . 2008-12-26 00:22 27839 ----a-w- c:\programdata\nvModes.dat
2009-07-15 06:38 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-15 00:12 . 2008-12-26 00:25 1092 ----a-w- c:\users\PhilS\AppData\Roaming\wklnhst.dat
2009-07-14 17:11 . 2008-12-26 00:31 -------- d-----w- c:\program files\Common Files\PC Tools
2009-07-14 17:07 . 2008-12-30 00:43 -------- d-----w- c:\users\PhilS\AppData\Roaming\uTorrent
2009-07-14 08:56 . 2008-12-26 07:54 74432 ----a-w- c:\users\PhilS\AppData\Local\GDIPFONTCACHEV1.DAT
2009-07-11 11:16 . 2008-08-04 17:19 -------- d-----w- c:\programdata\WildTangent
2009-07-04 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-07-04 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-04 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-07-04 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-07-04 21:06 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-04 21:05 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-04 19:58 . 2008-11-06 03:37 -------- d-----w- c:\programdata\NVIDIA
2009-07-04 19:47 . 2006-11-02 12:37 37665 ----a-w- c:\windows\Fonts\GlobalUserInterface.CompositeFont
2009-06-30 22:36 . 2009-07-12 05:36 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryReplaceNew.exe
2009-06-30 22:10 . 2009-07-12 05:36 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryNoTravel.exe
2009-06-30 22:03 . 2009-07-12 05:36 18696 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryAccessories.exe
2009-06-30 19:44 . 2009-07-12 05:36 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryWeakNew.exe
2009-06-27 01:36 . 2009-07-12 05:36 18184 ----a-w- c:\windows\Help\OEM\scripts\HC_BatteryUpgrade.exe
2009-06-21 08:52 . 2009-06-18 10:22 -------- d-----w- c:\users\PhilS\AppData\Roaming\vlc
2009-06-18 10:21 . 2009-06-18 10:21 -------- d-----w- c:\program files\VideoLAN
2009-06-18 10:15 . 2009-06-18 10:13 -------- d-----w- c:\program files\GPL MPEG Decoder
2009-06-13 10:03 . 2008-08-04 17:50 -------- d-----w- c:\program files\Microsoft Works
2009-06-07 06:27 . 2009-01-09 00:06 -------- d-----w- c:\program files\DivX
2009-06-07 06:23 . 2009-06-07 06:23 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-06-07 05:54 . 2009-04-08 05:13 -------- d-----w- c:\users\PhilS\AppData\Roaming\DivX
2009-05-09 05:50 . 2009-06-12 14:11 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-09 05:34 . 2009-06-12 14:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-05-01 21:02 . 2009-05-01 21:02 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-05-01 21:02 . 2009-05-01 21:02 823296 ----a-w- c:\windows\system32\divx_xx07.dll
2009-05-01 21:02 . 2009-05-01 21:02 815104 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-05-01 21:02 . 2009-05-01 21:02 811008 ----a-w- c:\windows\system32\divx_xx16.dll
2009-05-01 21:02 . 2009-05-01 21:02 802816 ----a-w- c:\windows\system32\divx_xx11.dll
2009-05-01 21:02 . 2009-05-01 21:02 685056 ----a-w- c:\windows\system32\DivX.dll
2009-04-23 12:15 . 2009-06-12 14:11 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:14 . 2009-06-12 14:12 623616 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:39 . 2009-06-12 14:12 2034688 ----a-w- c:\windows\system32\win32k.sys
2009-06-12 10:19 . 2009-01-06 23:26 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-08-04 15:03 . 2008-08-04 15:03 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.
((((((((((((((((((((((((((((( SnapShot@2009-07-19_02.00.53 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-02 13:05 . 2009-07-19 07:34 79512 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-26 07:42 . 2009-07-19 01:58 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-12-26 07:42 . 2009-07-19 07:54 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-12-26 07:42 . 2009-07-19 01:58 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-26 07:42 . 2009-07-19 07:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-12-26 07:42 . 2009-07-19 07:54 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-12-26 07:42 . 2009-07-19 01:58 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-19 07:53 . 2009-07-19 07:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-19 01:58 . 2009-07-19 01:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-19 01:58 . 2009-07-19 01:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-19 07:53 . 2009-07-19 07:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-26 04:27 . 2009-07-19 07:05 254518 c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2006-11-02 10:33 . 2009-07-19 07:38 595684 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-18 20:03 595684 c:\windows\System32\perfh009.dat
+ 2006-11-02 10:33 . 2009-07-19 07:38 101350 c:\windows\System32\perfc009.dat
- 2006-11-02 10:33 . 2009-07-18 20:03 101350 c:\windows\System32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):d7,86,ac,d9,ec,fc,c9,01
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{053E5549-ECD5-4FE4-8DB9-641DFB10CF77}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{C1BAABB6-21B7-49B7-91E1-E455B4B6BC44}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{C55EE582-4D18-4465-B67C-01CCBFDC83AC}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{B2DD7404-A6FC-40B9-8308-6C878692A3C9}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{61163C9B-D9DA-4470-B24F-3F12B829515A}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{5FFDBBF0-35FB-4F2D-9936-1E5CA81749AD}c:\\program files\\aim6\\aim6.exe"= UDP:c:\program files\aim6\aim6.exe:AIM
"UDP Query User{557017AC-78EB-4FEF-B5BA-785EC157B329}c:\\program files\\aim6\\aim6.exe"= TCP:c:\program files\aim6\aim6.exe:AIM
"TCP Query User{C02004D7-C5DA-4F5A-9748-7C6D34C4B495}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{F9002FAE-E853-4411-9606-D546AA53E040}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{C584877B-5ED8-4DE5-AF02-3B55F5AEF3FD}"= Disabled:UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1AFE8673-5972-4C8A-BC15-0B44CC879F75}"= Disabled:TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7D94000C-BBBC-44EB-BCCA-577F962A31C6}"= Disabled:UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{17ECCB8F-DF6F-416B-884A-F0B83C4C6A41}"= Disabled:TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [3/29/2009 5:30 PM 130936]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMon.sys [3/29/2009 5:32 PM 51488]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSysMon.sys [3/29/2009 5:32 PM 39200]
R1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [3/29/2009 5:30 PM 159600]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\SMINST\BLService.exe [8/4/2008 11:43 AM 361808]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [12/25/2008 5:31 PM 348752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [5/9/2008 12:17 PM 43040]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [3/29/2009 5:30 PM 64392]
R3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNetMon.sys [3/29/2009 5:32 PM 33056]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service --> c:\program files\Spyware Doctor\TFEngine\TFService.exe service [?]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [8/4/2008 10:15 AM 193840]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-07-18 c:\windows\Tasks\HPCeeScheduleForPhilS.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
2009-07-19 c:\windows\Tasks\User_Feed_Synchronization-{9051D44C-782E-4E8D-B571-01D8B4400FEE}.job
- c:\windows\system32\msfeedssync.exe [2009-04-06 11:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.aol.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
LSP: c:\program files\Common Files\PC Tools\LSP\PCTLsp.dll
FF - ProfilePath - c:\users\PhilS\AppData\Roaming\Mozilla\Firefox\Profiles\r2or64x5.default\
FF - prefs.js: browser.startup.homepage - hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-07-19 00:54
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\users\PhilS\AppData\Local\Temp\catchme.dll 53248 bytes executable
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1140)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
- - - - - - - > 'lsass.exe'(660)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
- - - - - - - > 'Explorer.exe'(2912)
c:\program files\Spyware Doctor\TFEngine\TFWAH.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\System32\drivers\XAudio.exe
c:\program files\Spyware Doctor\TFEngine\TFService.exe
c:\program files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2009-07-19 1:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-19 08:03
ComboFix2.txt 2009-07-19 02:10
ComboFix3.txt 2009-07-17 10:37
Pre-Run: 73,999,659,008 bytes free
Post-Run: 74,679,185,408 bytes free
356 --- E O F --- 2009-07-15 06:38