Thanks for your help. Here is the combofix log:
ComboFix 08-07-13.6 - john 2008-07-13 20:26:54.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1481 [GMT -5:00]
Running from: C:\Documents and Settings\john\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users.WINDOWS\Documents\My Videos\Desktop.ini
C:\Documents and Settings\john\My Documents\My Videos\Desktop.ini
C:\WINDOWS\system32\fafgavmd.dll
C:\WINDOWS\system32\gxiens.dll
C:\WINDOWS\system32\nalajc.dll
C:\WINDOWS\system32\nnhbofqa.dll
.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.
2008-07-13 13:42 . 2008-07-13 13:42 <DIR> d-------- C:\WINDOWS\Sun
2008-07-13 13:42 . 2008-07-13 20:24 <DIR> d-------- C:\Documents and Settings\john\.housecall6.6
2008-07-13 13:42 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-07-11 13:17 . 2008-07-11 13:17 156 --a------ C:\WINDOWS\Twunk001.MTX
2008-07-11 13:17 . 2008-07-11 13:17 2 --a------ C:\WINDOWS\Twain001.Mtx
2008-07-11 13:17 . 2008-07-11 13:17 0 --a------ C:\WINDOWS\Twunk002.MTX
2008-07-10 22:55 . 2008-07-10 22:55 77,920 --a------ C:\WINDOWS\SYSTEM32\GDIPFONTCACHEV1.DAT
2008-07-10 22:35 . 2004-08-04 07:00 4,224 --a------ C:\WINDOWS\SYSTEM32\beep.sys
2008-07-08 21:21 . 2008-07-08 21:21 <DIR> d-------- C:\Documents and Settings\john\Application Data\Earthsim
2008-07-08 07:45 . 2008-07-08 07:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\SlySoft
2008-07-08 07:44 . 2008-07-08 07:44 0 ---hs---- C:\WINDOWS\SB6511B5C.tmp
2008-07-05 00:28 . 2008-07-05 00:28 <DIR> d-------- C:\Documents and Settings\john\Application Data\Bitstream
2008-07-05 00:26 . 2008-07-05 00:26 <DIR> d-------- C:\Program Files\Corel
2008-07-05 00:23 . 2008-07-05 00:23 82,594 --a------ C:\WINDOWS\ATMREG.ATM
2008-07-05 00:19 . 2008-07-05 00:19 <DIR> d-------- C:\PSFONTS
2008-07-05 00:19 . 2008-07-05 00:19 <DIR> d-------- C:\Program Files\Adobe Type Manager
2008-07-05 00:19 . 2000-05-24 15:20 15,360 --a------ C:\WINDOWS\SYSTEM32\ATMsrvc.exe
2008-07-04 14:37 . 2008-07-04 14:37 <DIR> d-------- C:\Documents and Settings\john\Application Data\PushSyncData
2008-07-04 14:37 . 2008-07-04 14:37 <DIR> d-------- C:\Documents and Settings\john\Application Data\AutoSync for Yahoo
2008-07-04 14:30 . 2008-07-04 14:30 <DIR> d-------- C:\Program Files\Common Files\Intellisync
2008-07-04 13:38 . 2008-07-04 14:33 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-07-04 13:37 . 2008-07-04 13:37 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2008-07-04 13:37 . 2008-07-04 13:37 <DIR> d-------- C:\Program Files\Cisco Systems
2008-07-04 13:37 . 2007-01-31 13:45 127,376 --a------ C:\WINDOWS\SYSTEM32\drivers\dne2000.sys
2008-07-04 13:37 . 2007-01-31 13:45 101,904 --a------ C:\WINDOWS\SYSTEM32\dneinobj.dll
2008-07-04 13:37 . 2008-07-04 13:38 1,594 --a------ C:\WINDOWS\VPNInstall.MIF
2008-07-02 21:26 . 2008-07-13 11:38 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-07-02 19:39 . 2008-07-02 19:39 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-07-01 22:35 . 2008-07-01 22:37 <DIR> d-------- C:\Program Files\Common Files\Nero2
2008-07-01 22:09 . 2008-07-01 22:10 <DIR> d-------- C:\WINDOWS\SYSTEM32\Adobe
2008-06-28 14:38 . 2001-05-31 08:45 36,864 --a------ C:\WINDOWS\SYSTEM32\PalmDevC.dll
2008-06-28 14:19 . 1999-02-06 21:12 2,563,072 --a------ C:\WINDOWS\SYSTEM32\iplA6.dll
2008-06-28 14:19 . 1999-02-06 21:12 2,454,528 --a------ C:\WINDOWS\SYSTEM32\iplM6.dll
2008-06-28 14:19 . 1999-02-06 21:12 2,363,392 --a------ C:\WINDOWS\SYSTEM32\iplM5.dll
2008-06-28 14:19 . 1999-02-06 21:12 2,250,752 --a------ C:\WINDOWS\SYSTEM32\iplP6.dll
2008-06-28 14:19 . 1999-02-06 21:12 2,206,208 --a------ C:\WINDOWS\SYSTEM32\iplPX.dll
2008-06-28 14:19 . 1999-02-06 21:12 2,153,984 --a------ C:\WINDOWS\SYSTEM32\iplP5.dll
2008-06-28 14:19 . 1999-02-06 21:11 69,120 --a------ C:\WINDOWS\SYSTEM32\ipl.dll
2008-06-28 14:19 . 1998-06-17 18:08 53,248 --a------ C:\WINDOWS\SYSTEM32\MFC42LOC.DLL
2008-06-28 14:19 . 1999-02-02 15:59 19,968 --a------ C:\WINDOWS\SYSTEM32\Cpuinf32.dll
2008-06-26 07:46 . 2008-06-26 07:46 <DIR> d-------- C:\Program Files\NextUp-ScanSoft
2008-06-24 22:15 . 2008-06-24 22:20 <DIR> d-------- C:\Program Files\No-IP
2008-06-21 11:12 . 2008-06-21 11:12 <DIR> d-------- C:\Documents and Settings\Maggie\Application Data\Nero
2008-06-21 08:54 . 2008-06-21 08:54 <DIR> d-------- C:\Documents and Settings\Rose.BATCRAY\Application Data\ThumbsPlus
2008-06-20 17:05 . 2008-06-20 17:17 <DIR> d-------- C:\DVDVolume
2008-06-18 13:16 . 2008-02-28 13:26 1,414,440 --a------ C:\WINDOWS\SYSTEM32\ShellManager310E2D762.dll
2008-06-18 13:16 . 2008-02-28 13:01 774,144 --a------ C:\WINDOWS\SYSTEM32\NEROINSTAEC43759.DB
2008-06-18 13:15 . 2008-06-18 13:15 0 --a------ C:\WINDOWS\Irremote.ini
2008-06-15 23:19 . 2008-06-15 23:19 <DIR> d-------- C:\Program Files\NeroInstall.bak
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 01:25 --------- d-----w C:\Program Files\Chameleon Clock
2008-07-14 00:00 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SiteAdvisor
2008-07-13 18:42 --------- d-----w C:\Program Files\Java
2008-07-13 16:42 --------- d-----w C:\Documents and Settings\john\Application Data\Azureus
2008-07-13 04:18 --------- d-----w C:\Program Files\Thumbs7
2008-07-12 22:02 --------- d-----w C:\Program Files\Folder Lock
2008-07-11 04:32 --------- d-----w C:\Program Files\DirectUpdate
2008-07-10 13:06 --------- d-----w C:\Program Files\Winamp
2008-07-10 13:00 --------- d-----w C:\Documents and Settings\john\Application Data\Winamp
2008-07-10 12:56 --------- d-----w C:\Program Files\NewsRover
2008-07-10 12:39 --------- d-----w C:\Program Files\SHOUTcast
2008-07-09 02:22 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-07-09 02:22 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Earthsim
2008-07-09 02:12 --------- d-----w C:\Program Files\Nero
2008-07-08 12:34 --------- d-----w C:\Program Files\SuperCat
2008-07-08 12:34 --------- d-----w C:\Program Files\CloneDVD
2008-07-04 19:30 --------- d-----w C:\Program Files\Yahoo!
2008-07-03 11:45 --------- d-----w C:\Documents and Settings\john\Application Data\dvdcss
2008-07-03 00:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Nero
2008-07-03 00:04 --------- d-----w C:\Documents and Settings\john\Application Data\Nero
2008-07-01 23:43 --------- d-----w C:\Program Files\Azureus
2008-06-28 19:42 --------- d-----w C:\Program Files\ISCLIE
2008-06-28 19:38 --------- d-----w C:\Program Files\Sony Handheld
2008-06-28 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 19:19 --------- d-----w C:\Program Files\Sony
2008-06-20 20:48 --------- d-----w C:\Program Files\DVDlabPro2
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\SYSTEM32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-19 00:05 --------- d-----w C:\Program Files\PC Doc Pro
2008-06-14 03:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Minnetonka Audio Software
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 00:46 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-06-07 14:53 102,400 ----a-w C:\WINDOWS\Winamp Now Playing.scr
2008-06-06 17:09 --------- d-----w C:\Program Files\Cat Daddy Games
2008-06-05 12:35 --------- d-----w C:\Program Files\Google
2008-06-05 12:12 --------- d-----w C:\Program Files\Seagate
2008-06-05 12:11 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 12:10 --------- d-----w C:\Program Files\CallStation
2008-06-05 00:06 625,152 ----a-w C:\WINDOWS\SYSTEM32\mp3tsshx.dll
2008-06-01 16:11 --------- d-----w C:\Documents and Settings\john\Application Data\SuperNZB
2008-06-01 06:28 --------- d-----w C:\Program Files\SuperNZB
2008-05-31 17:34 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-05-31 17:34 --------- d-----w C:\Documents and Settings\john\Application Data\Malwarebytes
2008-05-31 17:34 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-05-31 03:48 --------- d-----w C:\Documents and Settings\john\Application Data\RateMyScreensaver
2008-05-30 23:40 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Lavasoft
2008-05-30 23:39 --------- d-----w C:\Program Files\Lavasoft
2008-05-30 06:06 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-05-30 06:06 15,864 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-05-30 02:51 --------- d-----w C:\Program Files\CleanUp!
2008-05-29 12:44 --------- d-----w C:\Documents and Settings\john\Application Data\SiteAdvisor
2008-05-28 12:23 --------- d-----w C:\Documents and Settings\Administrator.BATCRAY\Application Data\Helios
2008-05-28 01:41 --------- d-----w C:\Documents and Settings\john\Application Data\ArcSoft
2008-05-27 03:40 --------- d-----w C:\Program Files\MagicDisc
2008-05-25 20:20 21,840 ----atw C:\WINDOWS\SYSTEM32\SIntfNT.dll
2008-05-25 20:20 17,212 ----atw C:\WINDOWS\SYSTEM32\SIntf32.dll
2008-05-25 20:20 12,067 ----atw C:\WINDOWS\SYSTEM32\SIntf16.dll
2008-05-25 20:02 --------- d-----w C:\Program Files\FaxTalk Communicator
2008-05-24 15:30 --------- d-----w C:\Program Files\SiteAdvisor
2008-05-23 12:17 --------- d-----w C:\Program Files\Quicken
2008-05-23 12:15 --------- d-----w C:\Program Files\Common Files\AnswerWorks 5.0
2008-05-22 12:29 --------- d-----w C:\Program Files\Winamp Remote
2008-05-22 03:34 --------- d-----w C:\Documents and Settings\john\Application Data\Sony Corporation
2008-05-18 15:07 --------- d-----w C:\Documents and Settings\Rose.BATCRAY\Application Data\Nero
2008-05-17 05:14 35,363 ----a-w C:\WINDOWS\SYSTEM32\windrvNT.sys
2008-05-17 03:29 --------- d-----w C:\Program Files\MagicISO
2008-05-16 11:20 --------- d-----w C:\Program Files\Audio Caller ID
2008-05-16 11:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Impulse Technology
2008-05-16 11:20 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\GrebleSoft
2008-05-16 03:29 --------- d-----w C:\Documents and Settings\john\Application Data\Audio Caller ID
2008-05-14 03:21 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\SYSTEM32\quartz.dll
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\SYSTEM32\wininet.dll
2008-04-18 12:32 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2008-02-14 12:07 984,576 ----a-w C:\Documents and Settings\john\Application Data\kernel33.dll
2008-01-10 02:45 53,884,718 ----a-w C:\Program Files\NewsRover.rar
2006-11-28 09:07 271 --sh--w C:\Program Files\desktop.ini
2006-11-28 09:07 21,952 ---ha-w C:\Program Files\folder.htt
.
((((((((((((((((((((((((((((( snapshot_2008-07-11_ 0.20.17.25 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 05:14:17 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-13 18:31:44 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-11 05:14:45 202,248 ----a-w C:\WINDOWS\SYSTEM32\inetsrv\MetaBase.bin
+ 2008-07-13 18:32:13 202,259 ----a-w C:\WINDOWS\SYSTEM32\inetsrv\MetaBase.bin
+ 2008-06-10 06:21:01 135,168 ----a-w C:\WINDOWS\SYSTEM32\java.exe
+ 2008-06-10 06:21:04 135,168 ----a-w C:\WINDOWS\SYSTEM32\javaw.exe
+ 2008-06-10 07:32:34 139,264 ----a-w C:\WINDOWS\SYSTEM32\javaws.exe
+ 2008-07-13 18:32:07 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_51c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTZDetec.exe"="C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe" [2007-12-18 15:20 401408]
"CallStation"="C:\Program Files\CallStation\CStation.exe" [2007-12-10 16:00 1335296]
"HomeAlarm"="C:\Program Files\Chameleon Clock\ChamClock.exe" [2004-09-24 18:06 845312]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2008-02-28 18:07 132392]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-02 21:54 160592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"VirtualDesk"="C:\Program Files\TweakNow PowerPack 2006\VirDesk.exe" [2007-01-11 14:13 1885184]
"00Hotkeys"="C:\Program Files\Qliner Hotkeys\HotKeys.exe" [2006-12-01 19:13 45056]
"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2004-08-24 09:31 1331200]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2007-07-26 20:57 36640]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-09-20 16:50 1404928]
"Acrobat Assistant 8.0"="D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-03-29 22:14 624248]
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.E XE" [2007-03-20 17:40 1884160]
"HPHUPD06"="C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-06 23:53 49152]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-02-12 14:38 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 16:18 241664]
"CallControl 4.5"="C:\Program Files\FaxTalk Communicator\FTCtrl32.exe" [2004-03-23 15:43 123904]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-04-28 17:14 570664]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [2006-09-28 14:21 57344]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"MBMon"="CTMBHA.DLL" [2004-08-24 09:56 1344596 C:\WINDOWS\SYSTEM32\CTMBHA.DLL]
C:\Documents and Settings\john.BRUCEWAYNE\Start Menu\Programs\Startup\
Dragon NaturallySpeaking.lnk - C:\Program Files\ScanSoft\NaturallySpeaking8\Program\natspeak.exe [2005-04-04 09:37:50 1994752]
Hotkeys.lnk - C:\WINNT\Installer\{C1D1E3E7-0A50-426D-8FAD-64112F6C7184}\_4d064db7.exe [2006-12-04 00:35:16 25214]
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE [2007-01-12 09:14:27 299008]
Yankee Clipper III.lnk - C:\Program Files\YCIII\YankClip.exe [2006-12-04 17:20:11 1368064]
C:\Documents and Settings\john\Start Menu\Programs\Startup\
Yankee Clipper III.lnk - C:\Program Files\YCIII\YankClip.exe [2006-12-04 17:20:11 1368064]
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HotSync Manager.lnk - C:\Program Files\Sony Handheld\HOTSYNC.EXE [2007-01-12 09:14:27 299008]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\digital imaging\bin\hpqtra08.exe [2004-05-28 23:31:38 241664]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\digital imaging\bin\hpqthb08.exe [2004-05-29 00:06:36 53248]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-04-18 07:32:33 67128]
Sony PDA USB Switcher.lnk - C:\Program Files\Sony Handheld\USBSwt.exe [2007-01-12 09:14:33 57344]
VPN Client.lnk - C:\WINDOWS\Installer\{CCBAA1F7-E5E1-48B2-9ED9-A79C6A37CE78}\Icon3E5562ED7.ico [2008-07-04 13:38:14 6144]
Yahoo! Autosync.lnk - C:\Program Files\Yahoo!\Yahoo! Autosync\AutosyncForYahoo.exe [2007-08-21 14:28:52 391680]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"MaxRecentDocs"= 11 (0xb)
"NoStartMenuMFUprogramsList"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\SYSTEM32\\mmc.exe"=
"C:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Winamp\\winamp.exe"=
"C:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Xlight\\xlight.exe"=
"C:\\Program Files\\NetCID\\NetCID.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"C:\\Program Files\\Common Files\\Nero\\Nero Web\\SetupX.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-to-Peer Grouping
"3540:UDP"= 3540:UDP:Peer Name Resolution Protocol (PNRP)
"9000:TCP"= 9000:TCP:Seizures In Stereo Stream TCP
"9000:UDP"= 9000:UDP:Seizures In Stereo Stream UDP
"8181:TCP"= 8181:TCP:RocketGirlz.net TCP
"8181:UDP"= 8181:UDP:RocketGirlz.net UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9090:TCP"= 9090:TCP:SquareHolePress TCP
"9090:UDP"= 9090:UDP:SquareHolePress UDP
"5151:TCP"= 5151:TCP:AjaxAmp TCP
"5151:UDP"= 5151:UDP:AjaxAmp UDP
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Icmp Settings]
"AllowInboundEchoRequest"= 1 (0x1)
R2 SRTSERVERDAEMON;Titan FTP Server Daemon;C:\WINDOWS\SYSTEM32\srxTitan.exe [2007-12-09 22:03]
R3 Dot4Usb HPH09;Dot4Usb HPH09;C:\WINDOWS\system32\drivers\hphius09.sys [2006-01-13 01:46]
S1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys []
S3 CTSFSYN;Creative SoundFont Synth;C:\WINDOWS\system32\drivers\ctsfsyn.sys [2004-08-24 10:03]
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-04 07:00]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 00:01]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountp oints2\P]
\Shell\AutoRun\command - P:\setup.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-25 11:38:17 C:\WINDOWS\Tasks\20080226_221800_john.job"
- C:\Program Files\Nero\Nero8\Nero BackItUp\BackItUp.exe
"2008-07-13 23:47:03 C:\WINDOWS\Tasks\HP Usg Daily FY04.job"
- C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-07-13 20:30:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
Completion time: 2008-07-13 20:31:53
ComboFix-quarantined-files.txt 2008-07-14 01:31:50
ComboFix2.txt 2008-07-11 05:20:41
ComboFix3.txt 2008-05-31 16:25:02
ComboFix4.txt 2008-05-31 02:19:18
Pre-Run: 20,203,913,216 bytes free
Post-Run: 20,233,965,568 bytes free
290 --- E O F --- 2008-07-08 23:27:17
Welcome to Tech Support Guy! Read our Welcome Guide or take a minute to watch the video below!
Malware Removal & HijackThis Logs 
Search 
