ComboFix 08-04-20.2 - Midori 2008-04-21 20:45:07.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.202 [GMT -3:00]
Running from: C:\Documents and Settings\Midori\Desktop\ComboFix.exe
 * Created a new restore point

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\WINDOWS\system32\autorun.ini
C:\WINDOWS\system32\f3PSSavr.scr
D:\Autorun.inf
F:\Autorun.inf

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NwSapAgent


(((((((((((((((((((((((((   Files Created from 2008-03-22 to 2008-04-22  )))))))))))))))))))))))))))))))
.

2008-04-21 20:36 . 2008-04-21 20:36	<DIR>	d--------	C:\_OTMoveIt
2008-04-21 18:04 . 2008-04-21 18:04	8,192	--a------	C:\graph.grf
2008-04-21 14:40 . 2008-04-21 14:40	<DIR>	d--hs----	C:\FOUND.022
2008-04-19 14:29 . 2008-04-19 14:29	<DIR>	d--------	C:\Documents and Settings\Scoot\Application Data\MySpace
2008-04-19 09:51 . 2002-06-10 00:09	38,912	--a------	C:\WINDOWS\system32\RASPPPOE.DLL
2008-04-19 09:51 . 2002-06-10 00:09	34,304	--a------	C:\WINDOWS\system32\RASPPPOE.EXE
2008-04-19 09:51 . 2002-06-10 00:09	31,232	--a------	C:\WINDOWS\system32\drivers\RMSPPPOE.SYS
2008-04-19 00:42 . 2007-04-21 16:36	4,956	--a------	C:\xp_drive_association_fix.reg
2008-04-18 18:02 . 2004-08-04 00:56	116,224	--a------	C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-04-18 18:02 . 2001-08-17 22:37	99,865	--a------	C:\WINDOWS\system32\dllcache\xlog.exe
2008-04-18 18:02 . 2001-08-17 22:37	27,648	--a------	C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-04-18 18:02 . 2001-08-17 22:36	23,040	--a------	C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-04-18 18:02 . 2001-08-17 22:36	17,408	--a------	C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-04-18 18:02 . 2001-08-17 22:37	4,608	--a------	C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-04-18 18:01 . 2001-08-17 13:28	771,581	--a------	C:\WINDOWS\system32\dllcache\winacisa.sys
2008-04-18 18:01 . 2004-08-03 22:31	154,624	--a------	C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-04-18 18:01 . 2001-08-17 22:36	87,040	--a------	C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-04-18 18:01 . 2001-08-17 22:36	53,760	--a------	C:\WINDOWS\system32\dllcache\wiamsmud.dll
2008-04-18 18:01 . 2001-08-17 12:12	34,890	--a------	C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-04-18 18:01 . 2004-08-03 22:29	19,455	--a------	C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-04-18 18:01 . 2001-08-17 12:11	16,970	--a------	C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-04-18 18:01 . 2004-08-03 22:29	12,063	--a------	C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-04-18 18:01 . 2004-08-03 23:07	8,832	--a------	C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-04-18 18:01 . 2004-08-04 00:56	8,192	--a------	C:\WINDOWS\system32\dllcache\wshirda.dll
2008-04-18 17:59 . 2001-08-17 13:28	794,654	--a------	C:\WINDOWS\system32\dllcache\usr1801.sys
2008-04-18 17:58 . 2001-08-17 22:36	525,568	--a------	C:\WINDOWS\system32\dllcache\tridxp.dll
2008-04-18 17:57 . 2001-08-17 14:56	440,576	--a------	C:\WINDOWS\system32\dllcache\tridkb.dll
2008-04-18 17:56 . 2001-08-17 14:56	172,768	--a------	C:\WINDOWS\system32\dllcache\t2r4disp.dll
2008-04-18 17:55 . 2001-08-17 12:18	285,760	--a------	C:\WINDOWS\system32\dllcache\stlnata.sys
2008-04-18 17:54 . 2004-08-04 05:00	404,990	--a------	C:\WINDOWS\system32\dllcache\slntamr.sys
2008-04-18 17:53 . 2001-08-17 22:36	386,560	--a------	C:\WINDOWS\system32\dllcache\sgiul50.dll
2008-04-18 17:52 . 2001-08-17 22:36	495,616	--a------	C:\WINDOWS\system32\dllcache\sblfx.dll
2008-04-18 17:51 . 2004-08-04 00:56	397,056	--a------	C:\WINDOWS\system32\dllcache\s3gnb.dll
2008-04-18 17:50 . 2001-08-17 13:28	899,146	--a------	C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-04-18 17:49 . 2004-08-04 00:56	259,328	--a------	C:\WINDOWS\system32\dllcache\perm3dd.dll
2008-04-18 17:48 . 2001-08-17 14:05	351,616	--a------	C:\WINDOWS\system32\dllcache\ovcodek2.sys
2008-04-18 17:47 . 2004-08-04 00:56	4,274,816	--a------	C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-04-18 17:46 . 2004-08-04 00:56	1,737,856	--a------	C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-04-18 17:45 . 2001-08-17 12:50	320,384	--a------	C:\WINDOWS\system32\dllcache\mgaum.sys
2008-04-18 17:44 . 2001-08-17 13:28	802,683	--a------	C:\WINDOWS\system32\dllcache\ltsm.sys
2008-04-18 17:43 . 2001-08-17 22:36	242,176	--a------	C:\WINDOWS\system32\dllcache\kdsusd.dll
2008-04-18 17:42 . 2001-08-17 22:36	372,824	--a------	C:\WINDOWS\system32\dllcache\iconf32.dll
2008-04-18 17:41 . 2004-08-04 05:00	1,041,536	--a------	C:\WINDOWS\system32\dllcache\hsfdpsp2.sys
2008-04-18 17:40 . 2001-08-17 13:28	907,456	--a------	C:\WINDOWS\system32\dllcache\hcf_msft.sys
2008-04-18 17:39 . 2001-08-17 14:56	1,733,120	--a------	C:\WINDOWS\system32\dllcache\g400d.dll
2008-04-18 17:38 . 2001-08-17 12:17	629,952	--a------	C:\WINDOWS\system32\dllcache\eqn.sys
2008-04-18 17:37 . 2001-08-17 13:28	634,134	--a------	C:\WINDOWS\system32\dllcache\el656ct5.sys
2008-04-18 17:36 . 2001-08-17 12:14	952,007	--a------	C:\WINDOWS\system32\dllcache\diwan.sys
2008-04-18 17:35 . 2001-08-17 12:13	980,034	--a------	C:\WINDOWS\system32\dllcache\cicap.sys
2008-04-18 17:34 . 2001-08-17 13:28	871,388	--a------	C:\WINDOWS\system32\dllcache\bcmdm.sys
2008-04-18 17:33 . 2004-08-04 00:56	1,888,992	--a------	C:\WINDOWS\system32\dllcache\ati3duag.dll
2008-04-18 17:32 . 2001-08-17 13:28	762,780	--a------	C:\WINDOWS\system32\dllcache\3cwmcru.sys
2008-04-18 17:27 . 2001-08-17 14:56	66,048	--a------	C:\WINDOWS\system32\dllcache\s3legacy.dll
2008-04-15 01:54 . 2002-11-12 11:01	748,544	--a------	C:\WINDOWS\system32\drivers\alcaudsl.sys
2008-04-15 01:54 . 2002-11-12 11:01	36,048	--a------	C:\WINDOWS\system32\drivers\alcan5ln.sys
2008-04-15 01:54 . 2002-11-12 11:01	5,607	--a------	C:\WINDOWS\system32\stci.dll
2008-04-15 01:54 . 2002-11-12 11:01	5,312	--a------	C:\WINDOWS\system32\drivers\alcawh.sys
2008-04-15 01:54 . 2002-11-12 11:01	4,000	--a------	C:\WINDOWS\system32\drivers\alcacr.sys
2008-04-15 01:53 . 2008-04-15 01:53	<DIR>	d--------	C:\Program Files\Programador de Modem
2008-04-10 15:06 . 2008-04-10 15:07	50	--a------	C:\WINDOWS\cdplayer.ini
2008-04-10 11:04 . 2008-04-10 11:04	<DIR>	d--hs----	C:\FOUND.021
2008-03-27 12:03 . 2008-03-27 12:03	<DIR>	d--hs----	C:\FOUND.020
2008-03-25 19:27 . 2008-03-25 19:27	<DIR>	d--hs----	C:\FOUND.019
2008-03-24 21:28 . 2008-03-24 21:28	<DIR>	d--------	C:\Documents and Settings\Scoot\Phone Browser
2008-03-24 19:57 . 2008-03-24 19:57	<DIR>	d--hs----	C:\FOUND.018
2008-03-23 14:15 . 2008-03-23 14:15	<DIR>	d--hs----	C:\FOUND.017
2008-03-22 15:03 . 2008-03-22 15:03	<DIR>	d--hs----	C:\FOUND.016

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 09:47	1,845,248	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47	1,845,248	----a-w	C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-16 21:26	---------	d-----w	C:\Program Files\Microsoft.NET
2008-03-08 16:30	---------	d-----w	C:\Documents and Settings\Scoot\Application Data\T-DSL SpeedManager
2008-03-07 21:28	---------	d-----w	C:\Documents and Settings\Midori\Application Data\T-DSL SpeedManager
2008-03-07 21:28	---------	d-----w	C:\Documents and Settings\All Users\Application Data\T-DSL SpeedManager
2008-03-03 16:02	---------	d-----w	C:\Documents and Settings\Scoot\Application Data\Ahead
2008-03-01 21:36	3,591,680	----a-w	C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55	70,656	----a-w	C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55	625,664	----a-w	C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-22 10:00	13,824	------w	C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32	45,568	----a-w	C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32	148,992	----a-w	C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44	161,792	----a-w	C:\WINDOWS\system32\dllcache\ieakui.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Back Me Up!]
@=

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 17:32 8699904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-07 23:44 98394]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-07 23:43 688218]
"SoundMan"="SOUNDMAN.EXE" [2005-02-23 18:13 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-07 19:50 88363 C:\WINDOWS\AGRSMMSG.exe]
"SiSPower"="SiSPower.dll" [2005-02-25 19:35 49152 C:\WINDOWS\system32\SiSPower.dll]
"SiS Windows KeyHook"="C:\WINDOWS\system32\keyhook.exe" [2005-03-04 13:13 32768]
"PCMService"="C:\Program Files\Arcade\PCMService.exe" [2005-03-09 18:59 49152]
"LManager"="C:\Program Files\Launch Manager\QtZgAcer.EXE" [2005-10-12 15:16 315392]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 16:54 385024]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [ ]
"RegistryMechanic"="" []
"CreativeTaskScheduler"="C:\Program Files\Creative\Shared Files\CTSched.exe" [2006-01-09 05:43 53340]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00 132496]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-17 21:37 579584]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 13:50 155648]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10 271360]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-18 03:37 219136]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-01 17:32 8699904]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 10:17 1241088]

C:\Documents and Settings\Midori\Start Menu\Programs\Startup\
Memeo Launcher.lnk - C:\Documents and Settings\Midori\Application Data\Microsoft\Installer\{A494DB30-07BB-4D2A-A0BF-C60EC2593731}\_ABB6D16E06554E04B5B5D9DD97EFB09A.exe [2007-09-04 16:31:33 208896]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-01-04 16:52:52 331776]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-05-29 21:39:24 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"VIDC.DVSD"= pdvcodec.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"C:\\Program Files\\eMule\\Incoming\\eMule_PRO_Ultra3_0.48a_new\\emule.exe"=
"C:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\Mozilla Firefox\\FIREFOX.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-03-04 16:37]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R3 RMSPPPOE;WAN Miniport (PPP over Ethernet Protocol);C:\WINDOWS\system32\DRIVERS\RMSPPPOE.SYS [2002-06-10 00:09]
R3 SISNICXP;SiS PCI Fast Ethernet Adapter Driver for NDIS51;C:\WINDOWS\system32\DRIVERS\sisnicxp.sys [2004-11-05 01:43]
S3 alcan5ln;Alcatel SpeedTouch(tm) USB ADSL RFC1483 Networking Driver (NDIS);C:\WINDOWS\system32\DRIVERS\alcan5ln.sys [2002-11-12 11:01]
S3 V0260VID;Live! Cam Vista IM;C:\WINDOWS\system32\DRIVERS\V0260Vid.sys [2006-04-01 18:16]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - vt6e.cmd
\Shell\explore\Command - vt6e.cmd
\Shell\open\Command - vt6e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - vt6e.cmd
\Shell\explore\Command - vt6e.cmd
\Shell\open\Command - vt6e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\ab.cmd
\Shell\explore\Command - F:\ab.cmd
\Shell\open\Command - F:\ab.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{90503e52-dafd-11dc-9f74-00163615edfb}]
\Shell\AutoRun\command - G:\vt6e.cmd
\Shell\explore\Command - G:\vt6e.cmd
\Shell\open\Command - G:\vt6e.cmd

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4a727b5-db5c-11dc-9f77-00163615edfb}]
\Shell\AutoRun\command - vt6e.cmd
\Shell\explore\Command - vt6e.cmd
\Shell\open\Command - vt6e.cmd

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-21 21:03:54
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\ACER\EMANAGER\ANBMSERV.EXE
C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE SUPPORT\BIN\APPLEMOBILEDEVICESERVICE.EXE
C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGAMSVR.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGUPSVC.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGEMC.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SYSTEM32\RUNDLL32.EXE
C:\PROGRAM FILES\GRISOFT\AVG7\AVGCC.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tanagra\Memeo\MemeoBackup.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-04-21 21:06:33 - machine was rebooted
ComboFix-quarantined-files.txt  2008-04-22 00:06:24

Pre-Run: 4,708,302,848 bytes free
Post-Run: 4,678,909,952 bytes free

230	--- E O F ---	2008-04-19 17:58:34