ComboFix 08-07-07.3 - Brian & Janine 2008-07-09 12:26:55.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.1252.1.1033.18.192 [GMT -4:00]
Running from: C:\Documents and Settings\Brian & Janine\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brian & Janine\Desktop\CFScript.txt
 * Created a new restore point

FILE ::
C:\Documents and Settings\Brian & Janine\services.exe
C:\Program Files\Del.js
C:\Program Files\temp01
C:\WINDOWS\BMbf3d4839.xml
C:\WINDOWS\Fonts\services.exe
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Brian & Janine\services.exe
C:\Program Files\Del.js
C:\Program Files\temp01
C:\Temp\syschk3
C:\Temp\syschk3\tdirp5.log
C:\WINDOWS\BMbf3d4839.xml
C:\WINDOWS\Fonts\services.exe
C:\WINDOWS\ORUN32.EXE
C:\WINDOWS\system32\CMMGR32.EXE
C:\WINDOWS\system32\drivers\core.cache(2).dsk
C:\WINDOWS\system32\drivers\core.cache(3).dsk
C:\WINDOWS\system32\drivers\core.cache(4).dsk
C:\WINDOWS\system32\drivers\core.cache(5).dsk

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_USBEHCII
-------\Service_usbehcii


(((((((((((((((((((((((((   Files Created from 2008-06-09 to 2008-07-09  )))))))))))))))))))))))))))))))
.

2008-07-06 15:06 . 2008-06-19 17:24	28,544	--a------	C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-02 19:12 . 2008-07-08 18:15	<DIR>	d--h-----	C:\$AVG8.VAULT$
2008-07-02 18:43 . 2008-07-09 07:35	<DIR>	d--------	C:\WINDOWS\system32\drivers\Avg
2008-07-02 18:43 . 2008-07-02 18:43	<DIR>	d--------	C:\Program Files\AVG
2008-07-02 18:43 . 2008-07-02 20:31	<DIR>	d--------	C:\Documents and Settings\Brian & Janine\Application Data\AVGTOOLBAR
2008-07-02 18:43 . 2008-07-02 18:43	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\avg8
2008-07-02 18:43 . 2008-07-02 18:51	96,520	--a------	C:\WINDOWS\system32\drivers\avgldx86.sys
2008-07-02 18:43 . 2008-07-02 18:51	76,040	--a------	C:\WINDOWS\system32\drivers\avgtdix.sys
2008-07-02 18:43 . 2008-07-02 18:51	10,520	--a------	C:\WINDOWS\system32\avgrsstx.dll
2008-07-02 18:41 . 2008-07-02 18:44	8,192	--a------	C:\Documents and Settings\Owner
2008-07-01 21:00 . 2008-07-01 21:00	<DIR>	d--------	C:\Documents and Settings\Brian & Janine\Application Data\Malwarebytes
2008-07-01 19:48 . 2008-07-01 19:48	<DIR>	d--------	C:\WINDOWS\ERUNT
2008-07-01 19:14 . 2008-07-01 19:14	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-06-30 20:01 . 2008-06-30 20:01	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-06-30 07:48 . 2008-06-30 07:48	<DIR>	d--------	C:\Program Files\Trend Micro
2008-06-29 16:13 . 2008-07-06 15:06	<DIR>	d--------	C:\Program Files\Panda Security
2008-06-29 00:07 . 2008-06-29 00:07	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-28 21:52 . 2008-06-28 21:52	<DIR>	d--h-----	C:\WINDOWS\PIF
2008-06-28 20:34 . 2008-06-28 20:34	<DIR>	d--------	C:\Documents and Settings\Brian & Janine\Application Data\Antispyware
2008-06-28 20:12 . 2008-06-28 20:11	102,664	--a------	C:\WINDOWS\system32\drivers\tmcomm.sys
2008-06-28 13:54 . 2008-07-09 12:27	<DIR>	d--------	C:\Temp
2008-06-26 16:37 . 2008-06-26 16:37	<DIR>	d--------	C:\Documents and Settings\Brian & Janine\Application Data\Snapfish
2008-06-20 13:41 . 2008-06-20 13:41	245,248	-----c---	C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-14 10:47 . 2008-06-14 10:47	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\MumboJumbo
2008-06-14 10:36 . 2008-06-14 10:36	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Astar Games
2008-06-10 18:47 . 2008-06-10 18:47	<DIR>	d--------	C:\Documents and Settings\Brian & Janine\Application Data\Gogii Games
2008-06-10 18:47 . 2008-06-10 18:47	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Gogii Games
2008-06-10 17:30 . 2008-06-13 09:10	272,128	-----c---	C:\WINDOWS\system32\dllcache\bthport.sys

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-08 21:35	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-08 21:25	---------	d-----w	C:\Program Files\Top Ten Solitaire
2008-07-08 00:52	---------	d-----w	C:\Program Files\Graffiti Studio 2.0
2008-07-04 19:11	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-07-04 19:10	---------	d-----w	C:\Program Files\PCPitstop
2008-06-30 02:11	---------	d-----w	C:\Documents and Settings\Brian & Janine\Application Data\Uniblue
2008-06-29 19:57	---------	d-----w	C:\Program Files\GameHouse
2008-06-29 19:10	---------	d--h--r	C:\Documents and Settings\Brian & Janine\Application Data\yahoo!
2008-06-29 19:10	---------	d-----w	C:\Documents and Settings\Brian & Janine\Application Data\iWin
2008-06-29 04:07	---------	d-----w	C:\Program Files\Common Files\Download Manager
2008-06-29 01:37	---------	d-----w	C:\Program Files\Windows Media Connect 2
2008-06-25 18:58	---------	d-----w	C:\Documents and Settings\Brian & Janine\Application Data\GameHouse
2008-06-21 01:15	---------	d-----w	C:\Documents and Settings\Brian & Janine\Application Data\cerasus.media
2008-06-20 10:45	360,320	----a-w	C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44	138,368	----a-w	C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52	225,920	----a-w	C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 13:10	272,128	------w	C:\WINDOWS\system32\drivers\bthport.sys
2008-06-10 23:12	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Flood Light Games
2008-06-04 01:54	---------	d-----w	C:\Program Files\iTunes
2008-06-04 01:53	---------	d-----w	C:\Program Files\iPod
2008-05-25 18:58	---------	d-----w	C:\Documents and Settings\Brian & Janine\Application Data\MysteryStudio
2008-05-11 01:49	---------	d-----w	C:\Documents and Settings\All Users\Application Data\MonteCristo
2008-05-09 18:33	---------	d-----w	C:\Program Files\MSN Messenger
2008-05-09 01:31	---------	d-----w	C:\Documents and Settings\Brian & Janine\Application Data\Restorer
2008-05-09 01:26	---------	d-----w	C:\Documents and Settings\Brian & Janine\Application Data\Sudden Games
2007-07-28 09:06	135	----a-w	C:\Program Files\page.html
2007-01-20 13:31	774,144	----a-w	C:\Program Files\RngInterstitial.dll
.

(((((((((((((((((((((((((((((   snapshot@2008-07-08_21.00.15.09   )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-16 12:08:32	100,352	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\6to4svc.dll
+ 2008-06-20 10:44:08	138,368	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\afd.sys
+ 2008-06-20 17:36:11	147,968	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\dnsapi.dll
+ 2008-06-20 17:36:11	245,248	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\mswsock.dll
+ 2008-06-20 10:44:42	360,960	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
+ 2008-06-20 09:32:39	225,920	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip6.sys
+ 2008-06-20 11:40:08	138,496	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\afd.sys
+ 2008-06-20 17:46:57	147,968	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\dnsapi.dll
+ 2008-06-20 17:46:57	245,248	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\mswsock.dll
+ 2008-06-20 11:51:12	361,600	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
+ 2008-06-20 11:08:27	225,856	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip6.sys
+ 2008-06-20 11:48:03	138,496	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
+ 2008-06-20 17:43:05	147,968	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\dnsapi.dll
+ 2008-06-20 17:43:05	245,248	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\mswsock.dll
+ 2008-06-20 11:59:02	361,600	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
+ 2008-06-20 11:16:44	225,856	----a-w	C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip6.sys
+ 2007-11-30 12:39:22	17,272	----a-w	C:\WINDOWS\$hf_mig$\KB951748\spmsg.dll
+ 2007-11-30 12:39:22	231,288	----a-w	C:\WINDOWS\$hf_mig$\KB951748\spuninst.exe
+ 2007-11-30 12:39:22	26,488	----a-w	C:\WINDOWS\$hf_mig$\KB951748\update\spcustom.dll
+ 2007-11-30 12:39:18	755,576	----a-w	C:\WINDOWS\$hf_mig$\KB951748\update\update.exe
+ 2007-11-30 12:39:19	382,840	----a-w	C:\WINDOWS\$hf_mig$\KB951748\update\updspapi.dll
- 2008-07-09 00:38:25	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
+ 2008-07-09 16:37:41	2,048	--s-a-w	C:\WINDOWS\bootstat.dat
- 2004-08-04 06:14:14	138,496	-c--a-w	C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-06-20 10:44:38	138,368	-c--a-w	C:\WINDOWS\system32\dllcache\afd.sys
- 2008-02-20 05:32:43	148,992	-c----w	C:\WINDOWS\system32\dllcache\dnsapi.dll
+ 2008-06-20 17:41:10	148,992	-c--a-w	C:\WINDOWS\system32\dllcache\dnsapi.dll
- 2007-10-30 17:20:55	360,064	-c----w	C:\WINDOWS\system32\dllcache\tcpip.sys
+ 2008-06-20 10:45:13	360,320	-c--a-w	C:\WINDOWS\system32\dllcache\tcpip.sys
- 2006-08-16 09:37:30	225,664	-c----w	C:\WINDOWS\system32\dllcache\tcpip6.sys
+ 2008-06-20 09:52:06	225,920	-c--a-w	C:\WINDOWS\system32\dllcache\tcpip6.sys
- 2008-02-20 05:32:43	148,992	----a-w	C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:41:10	148,992	----a-w	C:\WINDOWS\system32\dnsapi.dll
- 2004-08-04 07:56:44	245,248	----a-w	C:\WINDOWS\system32\mswsock.dll
+ 2008-06-20 17:41:10	245,248	----a-w	C:\WINDOWS\system32\mswsock.dll
- 2007-11-30 11:18:51	17,272	------w	C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22	17,272	------w	C:\WINDOWS\system32\spmsg.dll
- 2008-07-09 00:39:46	40,960	----a-w	C:\WINDOWS\Temp\rtdrvmon.exe
+ 2008-07-09 16:38:37	40,960	----a-w	C:\WINDOWS\TEMP\rtdrvmon.exe
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-06-15 19:52 185896]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 03:56 158208]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-02 18:51 1232152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-07 03:33 8720384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 03:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X74-X75]
--a------ 2002-10-14 15:09 57344 C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
--a------ 2007-12-07 03:33 8720384 C:\Program Files\MySpace\IM\MySpaceIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OWS Setup CmdLine]
--a------ 2004-08-04 03:56 188480 C:\Program Files\Common Files\Microsoft Shared\web server extensions\40\bin\cfgwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2002-11-12 13:02 28672 C:\WINDOWS\system32\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 04:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USRpdA]
--a------ 2001-08-18 08:00 77891 C:\WINDOWS\system32\usrmlnka.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 22:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"COM+ Messages"=2 (0x2)
"TapiSrv"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"ose"=3 (0x3)
"MDM"=2 (0x2)
"iPod Service"=3 (0x3)
"OWSTimer"=3 (0x3)
"cmdService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\msncall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-07-02 18:51]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-02 18:51]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-02 18:51]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-07-02 18:51]
R3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 16:28]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-09 07:00:16 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job"
- C:\Program Files\Antispyware\Antispyware.exe
- C:\Program Files\Antispyware
"2008-07-09 03:55:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-09 12:38:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 


**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Completion time: 2008-07-09 12:57:44 - machine was rebooted
ComboFix-quarantined-files.txt  2008-07-09 16:56:23
ComboFix2.txt  2008-07-09 01:03:12

Pre-Run: 19,246,366,720 bytes free
Post-Run: 19,233,087,488 bytes free

240	--- E O F ---	2008-07-09 07:08:24