| I was online April 1st downloading different software. One in particular being mobile phone tool & all of a sudden a bunch of icons popped up on my desktop & I lost all of my bittorrent movie files that were on my desktop..The folder only shows an SND icon now..Heres my combo fix file..Please help determine if I can recover these files & also if theres virus that caused this to happen. I've done a system restore, didn't work.
ComboFix 08-04-03.3 - reddsofine 2008-04-03 18:09:15.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.330 [GMT -4:00]
Running from: C:\Users\reddsofine\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Users\reddsofine\AppData\Roaming\inst.exe
C:\Users\reddsofine\AppData\Roaming\macromedia\Flash Player\#SharedObjects\HZSAM879\www.broadcaster.com
C:\Users\reddsofine\AppData\Roaming\macromedia\Flash Player\#SharedObjects\HZSAM879\www.broadcaster.com\played_list.sol
C:\Users\reddsofine\AppData\Roaming\macromedia\Flash Player\#SharedObjects\HZSAM879\www.broadcaster.com\video_queue.sol
C:\Users\reddsofine\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Users\reddsofine\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Windows\WINDOWS
D:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-03-03 to 2008-04-03 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 21:52 --------- d-----w C:\Program Files\Trend Micro
2008-04-03 20:58 --------- d-----w C:\Program Files\McAfee
2008-04-03 17:29 --------- d-----w C:\Users\reddsofine\AppData\Roaming\SiteAdvisor
2008-04-03 02:44 --------- d-----w C:\Program Files\Smart PC Solutions
2008-04-03 02:39 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-03 02:39 --------- d-----w C:\Users\reddsofine\AppData\Roaming\Smart PC Solutions
2008-04-03 02:38 --------- d-----w C:\ProgramData\BVRP Software
2008-04-03 02:22 --------- d---a-w C:\ProgramData\TEMP
2008-04-03 00:52 --------- d-----w C:\Users\reddsofine\AppData\Roaming\Corel
2008-04-02 22:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-04-02 14:25 --------- d-----w C:\Program Files\GetData
2008-04-02 14:19 --------- d-----w C:\ProgramData\Symantec
2008-04-02 03:10 --------- d-----w C:\Users\reddsofine\AppData\Roaming\BitTorrent
2008-04-01 23:45 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-01 21:25 --------- d-----w C:\Program Files\Kyocera Wireless Corporation
2008-04-01 21:02 --------- d-----w C:\Program Files\KWCX
2008-04-01 20:53 --------- d-----w C:\Users\reddsofine\AppData\Roaming\Vso
2008-04-01 00:57 --------- d-----w C:\Users\reddsofine\AppData\Roaming\LimeWire
2008-03-31 20:44 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-31 02:47 --------- d-----w C:\Program Files\There
2008-03-25 01:15 274,339 ----a-w C:\Windows\DJ Music Mixer Uninstaller.exe
2008-03-25 01:15 --------- d-----w C:\Program Files\DJ Music Mixer
2008-03-24 23:27 --------- d-----w C:\ProgramData\Trymedia
2008-03-24 23:23 --------- d-----w C:\Users\reddsofine\AppData\Roaming\teamspeak2
2008-03-23 19:06 47,360 ----a-w C:\Users\reddsofine\AppData\Roaming\pcouffin.sys
2008-03-23 15:42 --------- d-----w C:\Program Files\vso
2008-03-23 00:08 --------- d-----w C:\Program Files\SiteAdvisor
2008-03-22 23:53 --------- d-----w C:\ProgramData\McAfee
2008-03-22 22:43 --------- d-----w C:\ProgramData\SiteAdvisor
2008-03-22 22:39 --------- d-----w C:\Users\reddsofine\AppData\Roaming\Yahoo!
2008-03-20 17:43 3,346 ---h--w C:\Windows\System32\v1EA3040D398139.dll
2008-03-20 16:40 3,580 ----a-w C:\Program Files\INSTALL.LOG
2008-03-20 16:40 --------- d-----w C:\Program Files\Acoustica Beatcraft
2008-03-20 16:39 --------- d-----w C:\Program Files\Acoustica Shared Effects
2008-03-18 19:24 --------- d-----w C:\ProgramData\Microsoft Help
2008-03-18 16:50 --------- d-----w C:\ProgramData\MAGIX
2008-03-18 16:50 --------- d-----w C:\Program Files\MAGIX
2008-03-18 16:50 --------- d-----w C:\Program Files\Common Files\MAGIX Shared
2008-03-18 15:50 --------- d-----w C:\Program Files\NCH Swift Sound
2008-03-18 15:24 --------- d-----w C:\Users\reddsofine\AppData\Roaming\NCH Swift Sound
2008-03-18 15:24 --------- d-----w C:\ProgramData\NCH Swift Sound
2008-03-16 04:25 --------- d-----w C:\ProgramData\Spybot - Search & Destroy
2008-03-15 17:26 --------- d-----w C:\Users\reddsofine\AppData\Roaming\CopyToDvd
2008-03-14 06:38 --------- d-----w C:\Program Files\Windows Mail
2008-03-06 00:05 --------- d-----w C:\Program Files\Fx Joiner
2008-03-05 02:39 --------- d-----w C:\Program Files\Total Video2DVD Author
2008-02-21 21:40 --------- d-----w C:\Program Files\Mozilla ActiveX Control v1.7.12
2008-02-21 15:29 --------- d-----w C:\ProgramData\WORDsearch
2008-02-21 15:29 --------- d-----w C:\Program Files\Common Files\WORDsearch
2008-02-21 15:29 --------- d-----w C:\Program Files\Bible Explorer 4
2008-02-19 14:57 47,360 ----a-w C:\Windows\system32\drivers\pcouffin.sys
2008-02-18 04:09 --------- d-----w C:\Program Files\IEPro
2008-02-15 00:56 --------- d-----w C:\Program Files\Smallvideosoft
2008-02-15 00:50 --------- d-----w C:\Users\reddsofine\AppData\Roaming\FMZilla
2008-02-15 00:23 --------- d-----w C:\Program Files\Free Music Zilla
2008-02-15 00:16 --------- d-----w C:\Users\reddsofine\AppData\Roaming\MiniDm
2008-02-15 00:13 --------- d-----w C:\Program Files\Byrne Consultancy Limited
2008-02-14 08:16 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-14 08:16 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-14 08:13 943,800 ----a-w C:\Windows\System32\winload.exe
2008-02-14 08:13 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-14 08:13 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-14 08:13 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-14 08:13 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-14 08:13 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-14 08:13 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-14 08:13 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-14 08:09 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-14 08:09 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-14 08:09 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-14 08:09 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-14 08:09 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-14 08:09 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-14 08:09 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-14 08:09 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-14 08:09 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2008-02-14 08:09 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-14 08:09 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-14 08:09 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-14 08:08 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-14 08:08 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-14 08:08 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-14 08:08 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-14 08:08 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-14 08:08 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-14 08:04 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-14 08:04 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-14 08:04 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-14 08:04 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-13 00:17 --------- d-----w C:\Program Files\AskPBar
2008-02-13 00:09 --------- d-----w C:\Program Files\Focus CD Cover Maker
2008-02-13 00:09 --------- d-----w C:\Program Files\All Sound Recorder XP 210
2008-02-12 17:29 --------- d-----w C:\Users\reddsofine\AppData\Roaming\RipIt4Me
2008-02-12 17:28 --------- d-----w C:\Program Files\DVD Decrypter
2008-02-12 00:46 --------- d-----w C:\Users\reddsofine\AppData\Roaming\DNA
2008-02-11 20:33 --------- d-----w C:\Program Files\isoHunt
2008-02-11 20:32 --------- d-----w C:\Program Files\Conduit
2008-02-11 18:06 --------- d-----w C:\Program Files\BitTorrent
2008-02-11 18:05 --------- d-----w C:\Program Files\DNA
2008-02-11 00:49 --------- d-----w C:\Users\reddsofine\AppData\Roaming\MozillaControl
2007-09-06 23:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2007-09-06 23:28 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2007-09-06 23:28 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
2008-01-28 14:47 1555480 --a------ C:\Program Files\isoHunt\tbisoH.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= "C:\Program Files\isoHunt\tbisoH.dll" [2008-01-28 14:47 1555480]
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{A6E4A4EB-D169-4E99-8988-250FCBAFE767}"= C:\Program Files\isoHunt\tbisoH.dll [2008-01-28 14:47 1555480]
[HKEY_CLASSES_ROOT\clsid\{a6e4a4eb-d169-4e99-8988-250fcbafe767}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-08-30 17:43 4670704]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 17:46 1460560]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 05:45 222208]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2006-12-11 22:02 98304]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2006-12-11 22:03 106496]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 01:58 815104]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 02:34 634880]
"Corel Photo Downloader"="C:\Program Files\Corel\Corel Snapfire\Corel Photo Downloader.exe" [2006-10-31 12:10 478800]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-04 02:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6253\SiteAdv.exe" [2006-10-18 12:14 35928]
"McENUI"="C:\PROGRA~1\McAfee\MHN\McENUI.exe" [2007-11-30 05:42 1164576]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"SSDPSRV"="C:\Windows\system32\ssdpsrv.exe" [2002-03-25 19:51 57104]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-08-13 20:04 5562368]
C:\Users\reddsofine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Giggles.lnk - C:\Program Files\OracleOfDelphi\Giggles\giggles.exe [2004-09-12 15:47:12 2050048]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office\Office\FINDFAST.EXE [1997-08-19 111376]
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=C:\Windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\Windows\pss\ymetray.lnk.CommonStartup
backupExtension=.CommonStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
-ra------ 2007-03-01 10:37 2321600 C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2007-04-27 17:17 50736 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoConnect]
--a------ 2005-05-26 09:53 28672 C:\Users\reddsofine\AppData\Local\Temp\{04E70ADA-7B6B-45BB-B1D3-69C1294DC072}\{49C090F0-4D03-4DD2-87BA-BF6AA53B9735}\AutoConnect.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belkin WLAN]
--a------ 2005-03-10 11:19 962671 C:\Windows\system32\bcmwltry.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigFix]
--a------ 2006-11-16 19:04 2348584 c:\program files\Bigfix\bigfix.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2007-03-15 08:33 240640 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2006-09-29 15:39 151552 C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICSDCLT]
C:\Windows\C:\Windows\system32\icsdclt.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcagent_exe]
--a------ 2007-08-04 02:33 582992 C:\Program Files\McAfee.com\Agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NapsterShell]
--a------ 2006-09-06 15:12 323216 C:\Program Files\Napster\napster.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2006-12-11 22:02 81920 C:\Windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SiteAdvisor]
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UolRegToolbar]
C:\Program Files\NetZero\exec.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2007-06-08 10:16 1006264 C:\Program Files\Windows Defender\MSASCui.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2675444864-2698062990-1563062361-1000]
"EnableNotificationsRef"=dword:00000002
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2675444864-2698062990-1563062361-500]
"EnableNotificationsRef"=dword:00000002
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4AC49C3E-2393-4F25-9CFC-E1EFFC6F71CC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{78ECE16D-6083-46A5-A64F-359E057533C4}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{263BE072-D27F-4C72-84C7-54A2334B1A24}"= UDP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{F79445F3-13FE-485B-8E23-BEA155844E44}"= TCP:C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{24207AEA-2E08-4FBF-BC63-2FA017350A28}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{BA546C4C-42C5-47FB-9B95-F4FED961B28B}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{002C662E-410C-4D5F-8855-087A39B1E483}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{1D12A3A6-3632-4086-81A4-8DDFBF2A0F07}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{8E20DAFB-E8BC-427A-9183-ADAC15A1DEE9}"= UDP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{8A2824F5-FC13-4C11-A4F8-25831083A0B9}"= TCP:C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:Yahoo! Music Jukebox
"{E47B7AB3-731E-48C3-B25B-86D144AD6195}"= UDP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{31618E6B-A1E5-4F44-ACCB-0A2B664EEAF7}"= TCP:C:\Program Files\Morpheus\Morpheus.exe:Morpheus
"{D9F254FA-F76E-4F05-99E0-7646813255E7}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{ED54D1FA-85C6-4112-8DFD-8C90D278C153}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{3EF21584-586D-4E55-9C47-B1E7A644B883}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{2F37720E-4FE6-40A7-BF43-29C185F3E01D}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{9B51B9A6-894F-44E7-85CE-0E53710A5718}"= UDP:94:VRS Recording System Web Control Panel
"{269C1308-6B6B-4BD7-860C-B6C715BEEDB2}"= UDP:81:Axon Web Server
"{19D688C9-F402-40D3-AF7B-6DBBA4E08CCC}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DE86309A-E55A-4D6C-9D65-89A46BB1B861}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{8D23F645-1703-4368-9DA6-0702161E8509}"= UDP:C:\Program Files\DNA\btdna.exe:DNA
"{A09E8DED-3424-4231-AE67-AEDEB4F3BA79}"= TCP:C:\Program Files\DNA\btdna.exe:DNA
"{DDFCBD28-575D-48E1-BF1E-A289A9DE3DCC}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{133F1DE5-E8A2-4268-8D9A-FA1830DB37E6}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{3031794B-9DBC-4BDA-B1D4-0AD4F00DF366}C:\\program files\\free music zilla\\fmzilla.exe"= UDP:C:\program files\free music zilla\fmzilla.exe:FMZilla Module
"UDP Query User{0326F263-7354-4CAC-90BF-C50E57B5C1D9}C:\\program files\\free music zilla\\fmzilla.exe"= TCP:C:\program files\free music zilla\fmzilla.exe:FMZilla Module
"TCP Query User{30FC3C63-FF25-4A69-AB3B-B1EFB9878E3E}C:\\program files\\paltalk messenger\\paltalk.exe"= UDP:C:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"UDP Query User{3EDE6D2C-60F3-40BD-9831-980977DB01E4}C:\\program files\\paltalk messenger\\paltalk.exe"= TCP:C:\program files\paltalk messenger\paltalk.exe:PaltalkScene
"TCP Query User{AC4D7D36-2CBC-46FE-8563-BC1665EAA253}C:\\program files\\dvd2one v2\\dvd2one2.exe"= UDP:C:\program files\dvd2one v2\dvd2one2.exe:dvd2one2
"UDP Query User{986D03DE-E669-4756-9E9B-D69F2D7BC5A5}C:\\program files\\dvd2one v2\\dvd2one2.exe"= TCP:C:\program files\dvd2one v2\dvd2one2.exe:dvd2one2
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DefaultOutboundAction"= 0 (0x0)
"DefaultInboundAction"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"= C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2007-08-31 17:46]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-11 22:49]
R3 RTL8187;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187.sys [2007-01-30 09:03]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x86.sys [2006-11-02 03:30]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 14:18]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe" [2007-08-21 13:00]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 03:30]
.
Contents of the 'Scheduled Tasks' folder
"2007-08-05 14:12:04 C:\Windows\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2007-08-05 14:12:05 C:\Windows\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
"2008-04-02 22:00:25 C:\Windows\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-04-03 18:14:42 Windows 6.0.6000 NTFS scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-04-03 18:17:22
ComboFix-quarantined-files.txt 2008-04-03 22:17:17
The system cannot find message text for message number 0x2379 in the message file for Application.
The system cannot find message text for message number 0x2379 in the message file for Application.
.
2008-03-21 20:30:14 --- E O F ---
| 
|