"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\mIRC\\mirc.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\SopCast\\adv\\SopAdver.exe"= "c:\\Program Files\\SopCast\\SopCast.exe"= "c:\\Program Files\\Acer\\Acer VCM\\VC.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "8085:TCP"= 8085:TCP:PidorkiLimited R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [8/1/2009 5:35 AM 237568] R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [8/1/2009 3:35 AM 45056] R3 M3000Srv;WebCam Driver;c:\windows\system32\drivers\M3000KNT.sys [9/2/2009 12:02 PM 145152] S2 afcunt;Handler Shell History Decoder GDI+;c:\windows\system32\svchost.exe -k trmsvcs [8/1/2009 3:34 AM 14336] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [8/1/2009 4:48 AM 1684736] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys --> c:\windows\system32\Drivers\RTS5121.sys [?] S3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys --> c:\windows\system32\DRIVERS\Rts516xIR.sys [?] --- Other Services/Drivers In Memory --- *NewlyCreated* - MBAMSWISSARMY *Deregistered* - MBAMSwissArmy [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] trmsvcs REG_MULTI_SZ afcunt . Contents of the 'Scheduled Tasks' folder 2010-04-17 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_one&r=0xph12093015l0384wu95w4752658q IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-04-19 00:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2010-04-19 00:51:41 ComboFix-quarantined-files.txt 2010-04-19 04:51 Pre-Run: 130,276,950,016 bytes free Post-Run: 131,012,751,360 bytes free - - End Of File - - 1CFD81D4F2315D5EF18048133C1ECADB