Ran combo fix.
This is log after it ran
ComboFix 08-06-10.5 - darren 2008-06-12 13:29:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1391 [GMT 1:00]
Running from: C:\Documents and Settings\darren\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\azip32.dll
C:\WINDOWS\system32\comctlw32u.dll
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\dzgtactx.dll
C:\WINDOWS\system32\FTPx.dll
C:\WINDOWS\system32\MabryObj.dll
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-05-12 to 2008-06-12 )))))))))))))))))))))))))))))))
.
2008-06-12 12:24 . 2008-06-12 12:24 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-12 12:14 . 2008-06-12 13:12 <DIR> d-------- C:\SDFix
2008-06-12 09:03 . 2008-06-12 09:03 <DIR> d-------- C:\Program Files\CCleaner
2008-06-12 00:53 . 2008-06-12 03:41 <DIR> d-------- C:\Documents and Settings\darren\.housecall6.6
2008-06-12 00:52 . 2008-06-12 00:57 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-06-10 22:47 . 2008-05-07 06:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-10 22:46 . 2008-04-14 13:30 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-10 22:46 . 2008-05-08 15:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-10 18:25 . 2008-06-10 18:25 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-06-10 16:36 . 2008-06-10 16:37 <DIR> d-------- C:\Program Files\RivaTuner v2.09
2008-06-10 16:34 . 2008-05-14 23:43 186,349 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-06-10 15:20 . 2008-06-10 15:20 <DIR> d-------- C:\Fraps
2008-06-10 15:20 . 2008-06-10 17:52 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 14:43 . 2008-06-10 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-10 13:39 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-06-10 13:39 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-06-10 13:39 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-06-10 13:39 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-06-10 13:39 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-06-10 13:39 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-06-10 13:39 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-06-10 13:38 . 2008-06-10 13:38 <DIR> d-------- C:\WINDOWS\Logs
2008-06-10 13:31 . 2008-05-08 15:54 446,464 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-06-10 13:31 . 2008-05-14 23:43 446,464 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-06-10 13:31 . 2008-05-02 22:46 181,895 --a------ C:\WINDOWS\system32\nvdsp.chm
2008-06-10 13:31 . 2008-06-12 13:37 181,232 --a------ C:\WINDOWS\system32\nvapps.xml
2008-06-10 13:31 . 2008-05-02 22:46 116,384 --a------ C:\WINDOWS\system32\nv3d.chm
2008-06-10 13:31 . 2008-05-02 22:46 54,988 --a------ C:\WINDOWS\system32\nvmob.chm
2008-06-10 13:31 . 2008-05-14 23:43 18,070 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-06-09 14:05 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-06-09 14:05 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-06-09 14:05 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-06-09 14:05 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-06-09 14:05 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-06-09 14:05 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-06-09 14:05 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-06-09 14:05 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-06-09 14:05 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-06-09 14:05 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-06-09 01:48 . 2008-06-09 01:52 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-06-08 19:19 . 2008-06-10 13:31 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-08 12:05 . 2008-06-08 12:06 <DIR> d-------- C:\Program Files\MyAffiliateFinder
2008-06-02 12:20 . 2008-06-02 12:20 60 --a------ C:\WINDOWS\WININIT.INI
2008-06-02 11:38 . 2004-08-03 23:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-02 11:28 . 2008-06-02 11:28 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-02 11:28 . 2008-06-02 11:28 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-02 11:28 . 2008-06-02 11:28 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-02 11:27 . 2008-06-02 11:29 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-02 11:12 . 2008-04-14 01:11 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-01 22:21 . 2008-06-02 14:50 <DIR> d-------- C:\Program Files\SENuke
2008-06-01 22:21 . 2006-10-26 22:17 765,736 --a------ C:\WINDOWS\system32\MSWORD.OLB
2008-06-01 22:15 . 2008-06-08 21:24 <DIR> d-------- C:\Program Files\PromoSoft
2008-05-30 11:46 . 2008-05-30 11:46 1,277,495 --a------ C:\WINDOWS\XSitePro2 ClipArt Uninstaller.exe
2008-05-30 00:32 . 2008-05-31 11:06 1,408,361 --a------ C:\WINDOWS\XSitePro2 Uninstaller.exe
2008-05-28 12:42 . 2008-05-28 12:42 5,632 --a------ C:\WINDOWS\system32\cocpyinf.dll
2008-05-27 20:52 . 2008-05-27 20:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SimCity Societies
2008-05-27 15:57 . 2008-05-27 15:57 <DIR> d-------- C:\Documents and Settings\darren\pad
2008-05-27 15:27 . 2008-05-27 15:27 <DIR> d-------- C:\Program Files\Backlink Submitter
2008-05-27 15:06 . 2008-05-27 15:06 40 --a------ C:\WINDOWS\instantarticlesubmitter.ini
2008-05-27 15:05 . 2008-05-27 15:05 <DIR> d-------- C:\Program Files\Instant Affiliate Submitter
2008-05-27 15:05 . 2008-05-27 15:05 <DIR> d-------- C:\Documents and Settings\darren\Application Data\Software Defender
2008-05-27 15:05 . 2008-05-27 15:06 65 --a------ C:\WINDOWS\instantaffiliatesubmitter.ini
2008-05-27 14:58 . 2008-05-27 14:59 <DIR> d-------- C:\Program Files\PPC Accelerator
2008-05-26 03:08 . 2008-05-26 03:08 103 --a------ C:\WINDOWS\pro.INI
2008-05-26 03:00 . 2008-05-26 03:08 <DIR> d-------- C:\Program Files\Teleport Pro
2008-05-25 09:13 . 2008-05-25 09:13 <DIR> d-------- C:\Program Files\EdwinSoft
2008-05-22 03:26 . 2008-05-22 03:26 <DIR> d-------- C:\Program Files\Lexwatt Solutions
2008-05-22 03:23 . 2008-05-22 03:23 <DIR> d-------- C:\Program Files\Turbo Tube
2008-05-21 19:41 . 2008-05-21 19:41 362 --a------ C:\WINDOWS\CompetitionDominator.INI
2008-05-21 19:40 . 2008-05-21 19:41 <DIR> d-------- C:\Program Files\CompetitionDominator
2008-05-21 15:23 . 2008-05-31 11:05 <DIR> d-------- C:\Program Files\XSitePro2
2008-05-19 15:04 . 2008-05-19 15:04 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2008-05-19 15:04 . 2007-09-07 14:55 27,672 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2008-05-19 15:04 . 2007-09-07 14:55 12,744 --a------ C:\WINDOWS\system32\drivers\Entech64.sys
2008-05-19 15:04 . 2007-09-07 14:55 6,173 --a------ C:\WINDOWS\system32\drivers\Entech.vxd
2008-05-19 15:04 . 2001-11-19 20:05 3,972 --a------ C:\WINDOWS\system32\drivers\PciBus.sys
2008-05-19 08:02 . 2008-05-19 08:02 <DIR> d-------- C:\Documents and Settings\darren\Application Data\Nero
2008-05-19 07:59 . 2008-05-19 08:00 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-05-19 07:59 . 2008-05-19 07:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-05-18 17:53 . 2008-05-18 17:53 <DIR> d-------- C:\Documents and Settings\darren\Application Data\Roxio
2008-05-18 17:52 . 2008-05-20 13:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Napster
2008-05-18 14:20 . 2008-05-18 14:22 <DIR> d-------- C:\Program Files\Domain Suggestion Tool
2008-05-17 04:00 . 2008-05-17 04:00 <DIR> d-------- C:\Program Files\Smart PC Solutions
2008-05-17 04:00 . 2008-05-17 04:00 <DIR> d-------- C:\Documents and Settings\darren\Application Data\Smart PC Solutions
2008-05-17 03:58 . 2008-05-17 03:58 <DIR> d-------- C:\Program Files\IBP 10
2008-05-17 03:58 . 2008-06-09 11:49 <DIR> d-------- C:\Documents and Settings\darren\Application Data\IBP
2008-05-16 19:01 . 2008-05-17 17:05 <DIR> d-------- C:\Program Files\Wp Soft
2008-05-14 11:32 . 2008-05-14 11:32 <DIR> d-------- C:\Program Files\VLS Media
2008-05-13 00:55 . 2008-05-13 00:55 <DIR> d-------- C:\Program Files\Pcsx2_0.9.4
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-12 12:38 --------- d-----w C:\Documents and Settings\darren\Application Data\tor
2008-06-12 12:36 7,479,961 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2008-06-12 12:35 716,840 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-12 12:35 57,551,904 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-12 12:20 --------- d-----w C:\Documents and Settings\darren\Application Data\Vidalia
2008-06-12 10:48 --------- d-----w C:\Program Files\Trillian
2008-06-11 23:24 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-11 02:10 --------- d-----w C:\Program Files\PeerGuardian2
2008-06-10 17:28 3,471,872 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-06-10 14:24 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-10 14:22 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-09 09:08 --------- d-----w C:\Program Files\The Logo Creator v5
2008-06-09 07:26 --------- d-----w C:\Documents and Settings\darren\Application Data\uTorrent
2008-06-09 00:50 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-04 02:51 76,855 ----a-w C:\Program Files\dasdasdasd.txt
2008-06-03 22:27 --------- d-----w C:\Program Files\DROPS Full
2008-06-03 11:55 --------- d-----w C:\Program Files\The Logo Creator v4
2008-06-02 15:51 --------- d-----w C:\Program Files\Keywords Raptor
2008-06-01 23:13 --------- d-----w C:\Program Files\SEO Elite 4
2008-05-27 02:19 --------- d-----w C:\Program Files\RSS Submit
2008-05-25 08:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-05-20 10:46 --------- d-----w C:\Program Files\WordFlood 2.0
2008-05-20 10:46 --------- d-----w C:\Program Files\WebPosition 4
2008-05-20 10:46 --------- d-----w C:\Program Files\Replay Media Catcher
2008-05-20 10:46 --------- d-----w C:\Program Files\MagicRecovery Pro DEMO
2008-05-20 10:46 --------- d-----w C:\Program Files\FriendBlasterPro
2008-05-20 10:46 --------- d-----w C:\Program Files\EmailMarketingDirector
2008-05-20 10:46 --------- d-----w C:\Program Files\A1Monitor
2008-05-20 10:37 --------- d-----w C:\Documents and Settings\darren\Application Data\BitTorrent DNA
2008-05-20 10:37 --------- d-----w C:\Documents and Settings\darren\Application Data\BitTorrent
2008-05-20 10:37 --------- d-----w C:\Documents and Settings\darren\Application Data\Azureus
2008-05-19 14:06 86,016 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-05-19 06:59 --------- d-----w C:\Program Files\Nero
2008-05-18 21:22 --------- d-----w C:\Program Files\Affiliate Elite
2008-05-18 21:16 --------- d-----w C:\Program Files\Common Files\Ahead
2008-05-16 12:30 --------- d-----w C:\Program Files\Swf2Avi
2008-05-11 00:15 --------- d-----w C:\Program Files\XShan Corporation
2008-05-11 00:15 --------- d-----w C:\Documents and Settings\darren\Application Data\XShan
2008-05-10 23:50 --------- d-----w C:\Program Files\Keyword Elite
2008-05-10 18:28 --------- d-----w C:\Program Files\Instant PopOver
2008-05-10 18:03 --------- d-----w C:\Program Files\WordTracker Miner
2008-05-09 23:29 --------- d-----w C:\Program Files\Keyword Utilities
2008-05-08 23:01 640,512 ----a-w C:\WINDOWS\Internet Logs\xDB28F.tmp
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-02 21:46 768,544 ----a-w C:\WINDOWS\system32\nvcplui.exe
2008-05-02 21:46 313,888 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2008-05-01 23:06 286,720 ----a-w C:\WINDOWS\iun507.exe
2008-05-01 11:17 --------- d-----w C:\Program Files\Network Traffic Generator and Monitor
2008-05-01 11:12 --------- d-----w C:\Documents and Settings\darren\Application Data\CyberInstaller Studio 2008
2008-05-01 08:59 --------- d-----w C:\Program Files\Presell Robot
2008-04-30 23:18 --------- d-----w C:\Program Files\Macromedia
2008-04-30 23:18 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-04-26 12:30 2,825,728 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-04-26 12:30 1,006,592 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-04-23 22:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ubisoft
2008-04-23 08:46 --------- d-----w C:\Program Files\Democracy2
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-22 13:43 2,808,320 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-04-22 09:58 2,807,808 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-04-21 23:20 --------- d-----w C:\Program Files\CommentKahuna
2008-04-21 18:35 --------- d-----w C:\Program Files\Registry Genius
2008-04-21 18:29 --------- d-----w C:\Program Files\MimarSinan Visual Split Studio 6
2008-04-21 18:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\MimarSinan
2008-04-17 10:17 2,756,096 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-04-16 16:15 2,789,376 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-04-16 11:10 --------- d-----w C:\Documents and Settings\darren\Application Data\Sierra
2008-04-16 10:35 --------- d-----w C:\Documents and Settings\darren\Application Data\Sports Interactive
2008-04-15 21:46 --------- d--h--w C:\Program Files\FX Uninstall Information
2008-04-14 21:47 --------- d-----w C:\Program Files\Ad Word Analyzer
2008-04-14 12:30 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-04-14 04:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 04:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 04:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 40,840 ----a-w C:\WINDOWS\system32\drivers\termdd.sys
2008-04-14 00:13 21,896 ----a-w C:\WINDOWS\system32\drivers\tdtcp.sys
2008-04-14 00:13 139,656 ----a-w C:\WINDOWS\system32\drivers\rdpwd.sys
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:13 12,040 ----a-w C:\WINDOWS\system32\drivers\tdpipe.sys
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:28 175,744 ----a-w C:\WINDOWS\system32\drivers\rdbss.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 19:21 162,816 ----a-w C:\WINDOWS\system32\drivers\netbt.sys
2008-04-13 19:20 91,520 ----a-w C:\WINDOWS\system32\drivers\ndiswan.sys
2008-04-13 19:20 361,344 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-04-13 19:20 182,656 ----a-w C:\WINDOWS\system32\drivers\ndis.sys
2008-04-13 19:19 75,264 ----a-w C:\WINDOWS\system32\drivers\ipsec.sys
2008-04-13 19:19 51,328 ----a-w C:\WINDOWS\system32\drivers\rasl2tp.sys
2008-04-13 19:19 48,384 ----a-w C:\WINDOWS\system32\drivers\raspptp.sys
2008-04-13 19:19 146,048 ----a-w C:\WINDOWS\system32\drivers\portcls.sys
2008-04-13 19:19 138,112 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2006-05-03 09:06 163,328 --sh--r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe" [2007-08-26 07:02 11852288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 01:12 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 14:39 1289000]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-14 00:11 919016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-14 23:43 13533184]
"nwiz"="nwiz.exe" [2008-05-14 23:43 1630208 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-14 23:43 86016]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 01:12 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"MSVideo"= CSvidcap.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GammaTray.lnk
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^darren^Start Menu^Programs^Startup^Rapidown.lnk]
backup=C:\WINDOWS\pss\Rapidown.lnkStartup
path=C:\Documents and Settings\darren\Start Menu\Programs\Startup\Rapidown.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer]
-r------- 2007-03-21 09:23 1953792 C:\WINDOWS\system32\xRaidSetup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-01-11 19:54 623992 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
G:\utils\photoshop\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced Tools Check]
C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2007-10-27 11:52 286016 C:\Program Files\BitTorrent_DNA\dna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 01:12 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-12-12 10:46 19456 C:\WINDOWS\system32\CtHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-12-12 10:46 20480 C:\WINDOWS\system32\Ctxfihlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 15:16 171464 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup]
--a------ 2007-03-20 14:36 36864 C:\WINDOWS\RaidTool\xInsIDE.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2008-04-14 01:12 1695232 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2008-05-14 23:43 1630208 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-03-21 07:49 16126464 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmartPatrol]
--a------ 2005-06-03 06:57 1151488 C:\PROGRA~1\AddWeb8\SmartPatrol.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Warning]
C:\PROGRA~1\SYMNET~1\SNDWarn.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-04 23:39 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VolPanel]
--------- 2006-04-05 18:19 122880 C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"A1Monitor931075154"=2 (0x2)
"MDM"=2 (0x2)
"Creative Service for CDROM Access"=2 (0x2)
"TS Poster"=3 (0x3)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\IBP 10\\IBP.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R2 acedrv10;acedrv10;C:\WINDOWS\system32\drivers\acedrv10.sys [2007-07-24 08:45]
R2 acehlp10;acehlp10;C:\WINDOWS\system32\drivers\acehlp10.sys [2007-07-11 09:20]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ []
R2 pgsql-8.3;PostgreSQL Database Server 8.3;"C:\Documents and Settings\darren\GungHo Technologies\Trackback Spider\pgsql\bin\pg_ctl.exe" runservice -w -N "pgsql-8.3" -D "C:\Documents and Settings\darren\GungHo Technologies\Trackback Spider\database\" []
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2008-02-24 14:27]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2006-12-19 08:36]
S2 NVR0FLASHDev;NVR0FLASHDev;C:\WINDOWS\nvflash.sys []
S4 A1Monitor931075154;A1Monitor931075154;C:\Program Files\A1Monitor\VMonitor.EXE []
S4 TS Poster;Trackback Poster;"C:\Program Files\Trackback Spider\Poster Service.exe" []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45752744-6aaa-11dc-8738-806d6172696f}]
\Shell\AutoRun\command - T:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{464a43bc-7a71-11dc-8903-806d6172696f}]
\Shell\AutoRun\command - H:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68c0fee5-6aa0-11dc-bc71-806d6172696f}]
\Shell\AutoRun\command - H:\Autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-12 01:59:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-09-26 01:59:22 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-12 13:37:17
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\WINDOWS\system32\ZoneLabs\avsys\ScanningProcess.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\darren\GungHo Technologies\Trackback Spider\pgsql\bin\pg_ctl.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Documents and Settings\darren\GungHo Technologies\Trackback Spider\pgsql\bin\postgres.exe
C:\Program Files\Vidalia Bundle\Tor\tor.exe
C:\Program Files\Zone Labs\ZoneAlarm\MailFrontier\mantispm.exe
C:\Documents and Settings\darren\GungHo Technologies\Trackback Spider\pgsql\bin\postgres.exe
C:\Documents and Settings\darren\GungHo Technologies\Trackback Spider\pgsql\bin\postgres.exe
C:\Documents and Settings\darren\GungHo Technologies\Trackback Spider\pgsql\bin\postgres.exe
C:\Documents and Settings\darren\GungHo Technologies\Trackback Spider\pgsql\bin\postgres.exe
.
**************************************************************************
.
Completion time: 2008-06-12 13:43:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-12 12:43:44
Pre-Run: 7,626,993,664 bytes free
Post-Run: 8,413,831,168 bytes free
402 --- E O F --- 2008-06-12 02:51:12
Hard drive still accessing all the time.
Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
