1. "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
  2. "c:\\Program Files\\mIRC\\mirc.exe"=
  3. "c:\\Program Files\\uTorrent\\uTorrent.exe"=
  4. "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
  5. "c:\\Program Files\\SopCast\\SopCast.exe"=
  6. "c:\\Program Files\\Acer\\Acer VCM\\VC.exe"=
  7. "c:\\Program Files\\iTunes\\iTunes.exe"=
  8. "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
  9.  
  10. [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  11. "8085:TCP"= 8085:TCP:PidorkiLimited
  12.  
  13. R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 5:35 AM 237568]
  14. R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 3:35 AM 45056]
  15. R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [9/2/2009 12:02 PM 145152]
  16. S2 afcunt;Handler Shell History Decoder GDI+;c:\windows\system32\svchost.exe -k trmsvcs [8/1/2009 3:34 AM 14336]
  17. S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 4:48 AM 1684736]
  18. S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?]
  19. S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?]
  20.  
  21. --- Other Services/Drivers In Memory ---
  22.  
  23. *NewlyCreated* - MBAMSWISSARMY
  24. *Deregistered* - MBAMSwissArmy
  25.  
  26. [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
  27. trmsvcs REG_MULTI_SZ afcunt
  28. .
  29. Contents of the 'Scheduled Tasks' folder
  30.  
  31. 2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job
  32. - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
  33. .
  34. .
  35. ------- Supplementary Scan -------
  36. .
  37. uStart Page = hxxp://www.google.com/
  38. mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12093015l0384wu95w4752658q
  39. IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
  40. IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
  41. .
  42. - - - - ORPHANS REMOVED - - - -
  43.  
  44. WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
  45. SafeBoot-mcmscsvc
  46. SafeBoot-MCODS
  47.  
  48.  
  49.  
  50. **************************************************************************
  51.  
  52. catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  53. Rootkit scan 2010-04-19 00:49
  54. Windows 5.1.2600 Service Pack 3 NTFS
  55.  
  56. scanning hidden processes ...
  57.  
  58. scanning hidden autostart entries ...
  59.  
  60. scanning hidden files ...
  61.  
  62. scan completed successfully
  63. hidden files: 0
  64.  
  65. **************************************************************************
  66. .
  67. Completion time: 2010-04-19 00:51:41
  68. ComboFix-quarantined-files.txt 2010-04-19 04:51
  69.  
  70. Pre-Run: 130,276,950,016 bytes free
  71. Post-Run: 131,012,751,360 bytes free
  72.  
  73. - - End Of File - - 1CFD81D4F2315D5EF18048133C1ECADB