Something strange happened when I ran combofix,it ran for over 2 hours before I went to work so I just left it running,it seems it found quite a few problems.When I got home from work there was a logfile on the screen and my computer is running very slowly.I am going to post the logfile and reboot and run hijackthis after the reboot.
ComboFix 08-07-24.6 - Jeff 2008-07-25 12:40:08.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2554 [GMT -5:00]
Running from: C:\Users\Jeff\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\system32\drivers\Phibtn.exe
C:\Windows\system32\drivers\Tray900.exe
.
((((((((((((((((((((((((( Files Created from 2008-06-25 to 2008-07-25 )))))))))))))))))))))))))))))))
.
2008-07-22 03:31 . 2008-07-22 03:31 <DIR> d-------- C:\Deckard
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Users\Jeff\AppData\Roaming\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-07-22 02:22 . 2008-07-22 02:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 02:22 . 2008-07-20 20:21 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-07-22 02:22 . 2008-07-20 20:21 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-07-16 00:01 . 2008-07-16 00:01 <DIR> d-------- C:\Users\All Users\Apple Computer
2008-07-16 00:01 . 2008-07-16 00:01 <DIR> d-------- C:\ProgramData\Apple Computer
2008-07-16 00:01 . 2008-07-16 00:02 <DIR> d-------- C:\Program Files\QuickTime
2008-07-12 22:42 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-12 22:42 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-12 22:42 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
2008-07-08 15:29 . 2008-07-08 15:29 <DIR> d-------- C:\Windows\SQL9_KB948109_ENU
2008-07-08 13:42 . 2008-04-26 03:25 3,600,952 --a------ C:\Windows\System32\ntkrnlpa.exe
2008-07-08 13:42 . 2008-04-11 22:32 784,896 --a------ C:\Windows\System32\rpcrt4.dll
2008-06-26 05:46 . 2008-06-26 05:46 <DIR> d-------- C:\Program Files\Total Video Converter
2008-06-26 05:46 . 2000-05-22 22:58 608,448 --a------ C:\Windows\System32\comctl32.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 17:45 --------- d-----w C:\ProgramData\Google Updater
2008-07-20 08:53 --------- d-----w C:\Users\Jeff\AppData\Roaming\uTorrent
2008-07-15 11:06 --------- d-----w C:\Program Files\Microsoft.NET
2008-07-13 03:45 --------- d-----w C:\ProgramData\Microsoft Help
2008-07-08 20:29 --------- d-----w C:\Program Files\Windows Mail
2008-07-08 20:29 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-25 06:53 --------- d-----w C:\Program Files\DivX
2008-06-24 08:21 2,834 ----a-w C:\Users\Jeff\AppData\Roaming\SAS7_000.DAT
2008-06-19 08:42 --------- d-----w C:\Users\Jeff\AppData\Roaming\CyberLink
2008-06-19 07:18 --------- d-----w C:\Users\Jeff\AppData\Roaming\dvdcss
2008-06-15 22:05 --------- d-----w C:\ProgramData\Nero
2008-06-15 22:05 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-15 21:58 --------- d-----w C:\Program Files\Common Files\Steam
2008-06-15 21:56 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-15 21:40 --------- d-----w C:\Program Files\Common Files\SnapStream
2008-06-15 21:40 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-06-15 09:28 --------- d-----w C:\Program Files\SiSoftware
2008-06-15 09:15 --------- d---a-w C:\ProgramData\TEMP
2008-06-14 08:56 --------- d-----w C:\Users\Jeff\AppData\Roaming\Move Networks
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-05-30 23:22 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-05-30 23:22 815,104 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-05-30 23:22 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-05-30 23:22 683,520 ----a-w C:\Windows\System32\DivX.dll
2008-05-30 23:22 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-05-30 23:22 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-05-30 23:22 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-05-30 23:22 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-05-30 23:22 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-05-28 09:20 --------- d-----w C:\Program Files\Common Files\LogiShrd
2008-05-28 09:19 --------- d-----w C:\ProgramData\LogiShrd
2008-05-28 09:19 --------- d-----w C:\Program Files\Logitech
2008-05-22 22:22 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-05-22 22:22 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-05-22 22:20 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-05-22 22:20 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-05-22 22:19 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-05-22 22:19 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-05-22 22:19 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-05-22 22:18 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-05-10 03:35 564,736 ----a-w C:\Windows\System32\emdmgmt.dll
2008-05-08 21:59 90,112 ----a-w C:\Windows\System32\wshext.dll
2008-05-08 21:59 430,080 ----a-w C:\Windows\System32\vbscript.dll
2008-05-08 21:59 180,224 ----a-w C:\Windows\System32\scrobj.dll
2008-05-08 21:59 172,032 ----a-w C:\Windows\System32\scrrun.dll
2008-05-08 21:59 155,648 ----a-w C:\Windows\System32\wscript.exe
2008-05-08 21:58 135,168 ----a-w C:\Windows\System32\cscript.exe
2008-04-26 08:25 3,549,240 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-04-26 08:08 1,314,816 ----a-w C:\Windows\System32\quartz.dll
2008-04-25 04:35 826,880 ----a-w C:\Windows\System32\wininet.dll
2008-03-26 13:08 174 --sha-w C:\Program Files\desktop.ini
2008-03-15 14:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-03-15 14:10 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-03-15 14:10 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"EasyLinkAdvisor"="C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe" [2007-03-15 19:16 454784]
"ISUSPM Startup"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2005-08-11 16:30 249856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"auditadmin"="C:\windows\options\auditadmin.cmd" [2007-04-05 19:58 476]
"BigFix"="c:\program files\Bigfix\bigfix.exe" [2006-11-16 18:04 2348584]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-10-01 08:08 949376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2008-01-19 02:33 227840]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-18 20:55 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-18 20:55 8530464]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-18 20:55 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"LogitechCommunicationsManager"="C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Program Files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"RtHDVCpl"="RtHDVCpl.exe" [2007-01-18 16:46 4349952 C:\Windows\RtHDVCpl.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]
C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 05:45:42 101784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-03-25 19:56:27 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-12-29 23:31:09 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= C:\PROGRA~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"VIDC.NSVI"= NSVIDEO.DLL
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\Windows\pss\Google Updater.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
--a------ 2007-03-19 10:20 259624 C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2007-05-25 12:16 42032 C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 22:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPPDetect]
--a------ 2004-03-16 14:49 40960 C:\Program Files\NewSoft\Presto! VideoWorks 6\IPP4Detect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 19:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SansaDispatch]
--a------ 2007-10-22 12:52 75584 C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 10:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-01-15 12:52 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{D9016ED6-7E6A-4733-9451-4B947E3B4DBE}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B849EBEF-F8BF-47D5-AE84-FFDF2619C5E3}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5DF82768-3AD3-42C3-890B-67FFB6087F6F}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:Beyond TV Registration Service
"{8D45B4C1-774C-44AB-99F5-03FCBCB867D1}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVRegistrationService.exe:Beyond TV Registration Service
"{777120E9-BB54-458B-82AB-841A3EB7FB7D}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:Beyond TV Library Service
"{9B099D0E-B636-47C0-9E0D-95CF0469060F}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVLibraryService.exe:Beyond TV Library Service
"{8023A7CE-BB5D-4536-90CF-8EF6B8C8B41D}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:Beyond TV Network Service
"{5BBF1454-DDB2-4DFD-97D1-4A7ADB187C2C}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVNetworkService.exe:Beyond TV Network Service
"{CF2228F7-FF8C-4EA0-AC79-05EDC8493784}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:Beyond TV Recording Engine
"{915A84C2-0551-4E71-80D7-1FCB0ECE91D5}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVRecordingEngine.exe:Beyond TV Recording Engine
"{E8D2CCF1-0928-4037-9751-46C22A32EADC}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:Beyond TV Guide Data Loader
"{226F141E-F1D1-4575-885B-BF478BB4DB80}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVGuideDataLoader.exe:Beyond TV Guide Data Loader
"{AA4C1154-3C8B-4603-9B65-4862763BAC67}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:Beyond TV Settings Service
"{8DB49E7C-5F22-459F-A177-22A8088BF304}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVSettingsService.exe:Beyond TV Settings Service
"{2DC4135F-AD50-46C4-B41F-17C3DD747C51}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:Beyond TV Task Manager Service
"{3119FF8A-2B25-48C0-85A9-087FDEE547C8}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVTaskManagerService.exe:Beyond TV Task Manager Service
"{4B9FFAEE-C62F-4542-909B-14B85AD48E04}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:Beyond TV ViewScape
"{D707EE12-5C6C-440E-AA88-00FBF416BAC8}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVD3DShell.exe:Beyond TV ViewScape
"{3DE595B0-F6A2-4C9E-9DAD-21A657341822}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:Beyond TV Setup Wizard
"{189DF32D-B5C3-45CD-9817-EFB04270C016}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\SetupWizard.exe:Beyond TV Setup Wizard
"TCP Query User{CBD6BDBD-44BB-4F7A-94A7-75BF7385F2C0}C:\\program files\\world of warcraft\\wow-2.2.0-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0-enus-downloader.exe:Blizzard Downloader
"UDP Query User{F11CE85A-96BE-4CD1-9683-B3690EB1F28A}C:\\program files\\world of warcraft\\wow-2.2.0-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0-enus-downloader.exe:Blizzard Downloader
"TCP Query User{AB74DB35-565A-44BA-A990-ED7C09A86A82}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"UDP Query User{6D98AC01-E756-487C-ADF5-92620DF73489}C:\\program files\\world of warcraft\\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.0.7272-to-2.2.2.7318-enus-downloader.exe:Blizzard Downloader
"TCP Query User{042043E3-3F1F-4490-8F0E-710AA396C1C1}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{FC47FCBA-3798-4052-A345-1B6B4ED62570}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent
"TCP Query User{8A752FFF-F0CE-40A5-B9FB-B75E694BD64C}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"UDP Query User{761E2616-B5B5-4991-851A-D0A16F2A2AF7}C:\\program files\\world of warcraft\\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.2.7318-to-2.2.3.7359-enus-downloader.exe:Blizzard Downloader
"{3F8DBF73-452C-495E-A32B-6A37B8D379A0}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{F4084399-4C7C-4A6A-A50A-8ED8C53221CA}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
"{46C0492C-5087-4B5F-960C-72AE499A60E0}"= UDP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"{0FA74659-9970-4A6A-9FB2-4FE12FDC6E6C}"= TCP:C:\Program Files\Unreal Tournament 3 Demo\Binaries\UT3Demo.exe:Unreal Tournament 3 Demo
"TCP Query User{739789E4-4AD8-44C8-B313-B6556C16A9A2}C:\\program files\\shades of truth\\underlight.exe"= UDP:C:\program files\shades of truth\underlight.exe:P-Lyra
"UDP Query User{D966E2C2-018E-45FB-B2A4-BF88FF9C8893}C:\\program files\\shades of truth\\underlight.exe"= TCP:C:\program files\shades of truth\underlight.exe:P-Lyra
"TCP Query User{5838DC9E-F0EF-4EB5-812A-C28A73F7985D}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= UDP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"UDP Query User{7C563B76-CBC8-4272-B9DD-44770B56244F}C:\\program files\\common files\\nero\\nero web\\setupx.exe"= TCP:C:\program files\common files\nero\nero web\setupx.exe:Nero Installer
"TCP Query User{F5DFC06C-43B6-467A-83C8-13101C202104}C:\\users\\jeff\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= UDP:C:\users\jeff\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"UDP Query User{3DDB5C3A-CF7D-4BFF-8E2B-1F4B1B3323F6}C:\\users\\jeff\\appdata\\local\\temp\\onlineupdate8\\setupxu.exe"= TCP:C:\users\jeff\appdata\local\temp\onlineupdate8\setupxu.exe:setupxu.exe
"TCP Query User{A396B86C-019C-4DBF-894D-5256C36D0794}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= UDP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"UDP Query User{B40BE65D-8913-43CD-9905-F97E444E43B1}C:\\program files\\world of warcraft\\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe"= TCP:C:\program files\world of warcraft\wow-2.2.3.7359-to-2.3.0.7561-enus-downloader.exe:Blizzard Downloader
"TCP Query User{B40F5858-707B-457C-83C8-D7C3358C336C}C:\\program files\\limewire\\limewire.exe"= UDP:C:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{99A8B560-063C-4731-9551-81DBEFA6C07C}C:\\program files\\limewire\\limewire.exe"= TCP:C:\program files\limewire\limewire.exe:LimeWire
"{464184D5-4886-4399-A83E-23F4407D173B}"= UDP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{8F34C19E-081E-4538-9A27-48140C769DE2}"= TCP:C:\Program Files\Common Files\aol\acs\AOLDial.exe:AOL Connectivity Service Dialer
"{001796E6-5BC5-4BEB-9671-C71B89C9ECCE}"= UDP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{F40C2A12-3865-412C-968D-FD3F618CCB2F}"= TCP:C:\Program Files\Common Files\aol\acs\AOLacsd.exe:AOL Connectivity Service
"{1C7BD611-8ECA-422F-A7BC-1BB70E0A68CA}"= UDP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{0023D449-D9B6-4252-8F38-F24A5468D9B7}"= TCP:C:\Program Files\AOL 9.0a\waol.exe:AOL
"{ABFF9636-F8E3-4E20-A498-0D888A77D5E5}"= UDP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{5E11565F-D08D-464D-878C-01B905986E1F}"= TCP:C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:AOL TopSpeed
"{1A34A367-E1F2-4F14-898F-47A17B189F40}"= UDP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{C1E987EA-6BFF-48A5-8F33-01EF09DE182F}"= TCP:C:\Program Files\Common Files\aol\Loader\aolload.exe:AOL Loader
"{36E84982-0C4C-47BE-BC5C-369FBCD22943}"= UDP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{E5928EC5-59F7-431C-B004-93C786DED980}"= TCP:C:\Program Files\Common Files\aol\System Information\sinf.exe:AOL System Information
"{3F128E8C-76C1-4777-848D-9E04B629D438}"= UDP:C:\Program Files\AOL 9.0b\waol.exe:AOL
"{1DF66FF6-541C-45B8-B808-7C07F750E258}"= TCP:C:\Program Files\AOL 9.0b\waol.exe:AOL
"{BC2C87A8-DD05-49CF-9F96-B4E5E33256BA}"= UDP:C:\Program Files\Common Files\aol\1199566442\ee\aolsoftware.exe:AOL Shared Components
"{D0E8E484-E01A-4E3E-85F8-ADC9B6B0336B}"= TCP:C:\Program Files\Common Files\aol\1199566442\ee\aolsoftware.exe:AOL Shared Components
"{38198640-A2AD-464B-AB44-BF0AEC0BFC9C}"= UDP:C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe:AOL Shared Components
"{D2C1036C-8765-4195-9A38-151AA42CD2AD}"= TCP:C:\Program Files\Common Files\aol\1199568448\ee\aolsoftware.exe:AOL Shared Components
"{51A3F9F5-26F1-4D38-838E-A999A224829E}"= UDP:C:\Program Files\AOL 9.1\waol.exe:AOL
"{04766688-1A24-4B23-896E-A93221CFDFC2}"= TCP:C:\Program Files\AOL 9.1\waol.exe:AOL
"TCP Query User{DCF7E62A-8574-497E-A898-94B59FABD5FD}C:\\users\\jeff\\program files\\utorrent\\utorrent.exe"= UDP:C:\users\jeff\program files\utorrent\utorrent.exe:utorrent.exe
"UDP Query User{1A545066-588A-4FBB-AFCE-40F3FBA3446D}C:\\users\\jeff\\program files\\utorrent\\utorrent.exe"= TCP:C:\users\jeff\program files\utorrent\utorrent.exe:utorrent.exe
"{CD3A12C0-0983-48E0-AA1E-08DF6A173C03}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{26886B81-95CD-4DA6-B7C2-78DE0DC64DFA}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{204CDFC4-4328-4276-92CB-DEDDB5D6683C}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{A7B5323B-EB80-490C-80BE-04BD997B06EA}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C14AAE9C-412E-4A50-9F59-443D121A32E9}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{C34DE1C0-2859-4C47-B693-2148EA0D623A}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{826F8499-49EF-401C-9BD3-A5E0DB4B9C97}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{2D9BCDD3-7344-4CBA-9DD2-82D85F1ECA06}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{65DCB432-5C13-4D87-949C-654E878BB3BE}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{B83BF5C1-E82C-4E6C-BCF4-83FB91341630}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{E578A938-E364-4870-B631-140D4E426A67}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{D6CDD40E-72D7-4372-8E49-B6FA399EA6E2}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{BED51DCB-521F-4BB4-8435-52F7ABD59C11}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{B3411FE4-D09C-42F7-847E-090677D38247}"= UDP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"{1B470EA0-99DD-4D2C-805B-BF280980CC94}"= TCP:C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:Logitech Desktop Messenger
"TCP Query User{A0C410C7-F5C2-45E4-B792-2F4ADA510A73}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= UDP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"UDP Query User{F6D479C4-1A04-4127-A60A-022A838EA18C}C:\\program files\\logitech\\desktop messenger\\8876480\\program\\logitechdesktopmessenger.exe"= TCP:C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe:Logitech Desktop Messenger
"{8842ED0A-4911-4742-9720-6A76C3D5FB6E}"= UDP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"{B9886591-77E7-4E58-A306-F34CD7A25843}"= TCP:C:\Program Files\Flagship Studios\Hellgate London\Launcher.exe:Hellgate: London
"TCP Query User{EE57C978-7A91-4CEB-98CA-BA09181F9C42}C:\\users\\jeff\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= UDP:C:\users\jeff\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"UDP Query User{4158E73A-0103-4098-85C5-8FB6F5837274}C:\\users\\jeff\\appdata\\local\\yahoo!\\messenger for vista\\yahoo.messenger.ymapp.exe"= TCP:C:\users\jeff\appdata\local\yahoo!\messenger for vista\yahoo.messenger.ymapp.exe:yahoo.messenger.ymapp.exe
"TCP Query User{DEE29D52-2C70-4724-BE77-522247FCD489}C:\\program files\\oovoo\\oovoo.exe"= UDP:C:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{B7761C7F-717B-41F7-BF9B-060B9233CCB9}C:\\program files\\oovoo\\oovoo.exe"= TCP:C:\program files\oovoo\oovoo.exe:ooVoo
"{4888903E-B6B1-40E5-95D3-A68F99D3ACAB}"= Disabled:UDP:443:ooVoo TCP port 443
"{8F1132E3-1BA4-4659-B17B-7F7979094AC0}"= Disabled:TCP:443:ooVoo UDP port 443
"{16455A28-1DDB-4F19-AF78-9166A4EC843B}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{1C937F7F-7A08-4C76-82AD-3EEE697C6362}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{C165B523-4A89-48A1-820E-EA752A37D4EA}"= Disabled:TCP:37675:ooVoo UDP port 37675
"{66E86256-E406-4D8B-A412-DAD1FC3F63D2}"= UDP:C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:TV Notifier Service
"{E8FB135C-D536-4CD8-B219-5E9BF7A0C8C2}"= TCP:C:\Program Files\SnapStream Media\Beyond TV\BTVNotifierService.exe:TV Notifier Service
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"= C:\Program Files\NCsoft\Exteel\System\Exteel.exe:*:Enabled:Exteel
S3 camdrv41;Philips SPC 900NC PC Camera;C:\Windows\system32\DRIVERS\camdrv41.sys [2007-05-04 09:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKCU-Run-Power2GoExpress - (no file)
HKLM-Run-PhiBtn - C:\Windows\System32\Drivers\PhiBtn.exe
HKLM-Run-TrayMin900 - C:\Windows\System32\Drivers\Tray900.exe
HKLM-Run-Fax Machine - (no file)
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
MSConfigStartUp-NapsterShell - C:\Program Files\Napster\napster.exe
MSConfigStartUp-NBKeyScan - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-NeroFilterCheck - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page =
hxxp://www.smunet.net/R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-US\local\search.html
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 -: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
O18 -: Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} -
hxxp://www.srtest.com/srl_bin/sysreqlab3.cabC:\Windows\Downloaded Program Files\SysReqLab3.osd
C:\Windows\Downloaded Program Files\sysreqlab3.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-07-25 13:51:56
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-25 14:49:46
ComboFix-quarantined-files.txt 2008-07-25 19:47:54
Pre-Run: 275,481,206,784 bytes free
Post-Run: 277,558,374,400 bytes free
300 --- E O F --- 2008-07-24 07:31:14