[watty147]

I posted a topic about IE popping up although i use firefox, pop ups like sky poker or wlliam hill bookies and other products.
I just got the hijack this thing so bare with me, ill post the both files i got told to get in notepad, hopefully ill get some answers on this annoying problem.



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:11:22, on 14/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\WATTY\Application Data\Mozilla\Profiles\default\a2tmrnbw.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\WATTY\Application Data\Mozilla\Profiles\default\a2tmrnbw.slt\prefs.js)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.9.24.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by123fd.bay12...es/MsnPUpld.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8101 bytes



UNINSTALL LIST:


Adobe Flash Player Plugin
Adobe Reader 8.1.1
Adobe Shockwave Player
America's Army
AVG 7.5
BitComet 0.96
Cool Edit Pro 2.1
DivX Content Uploader
DivX Web Player
File Shredder 2.0
Firebird SQL Server - MAGIX Edition 2.0.0.1 (UK)
FL Studio v7.0
Game Vindicator
Google Earth
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hitman 2 Silent Assassin
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915800)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP Photosmart 330,380,420,470,7800,8000,8200 Series
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 2
Java™ 6 Update 3
MAGIX Music Maker Basic Edition 12.1.0.3 (UK)
Microsoft .NET Framework 2.0
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Mozilla Firefox (2.0.0.11)
MSN
MSXML 4.0 SP2 (KB936181)
Mustek 1200 UB Plus v2.0
Nero 7 Ultra Edition
Netscape (7.1)
Netscape Navigator (9.0.0.1)
Next Generation Visualisations
NVIDIA Drivers
ParetoLogic Anti-Spyware
PeerGuardian 2.0
Pop-Up Stopper Free Edition
RealPlayer
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Simsoc Web Soccer - Match Viewer
Skype™ 3.5
SopCast 2.0.4
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Text-To-Speech-Runtime
Total Video Converter 3.10
Ulead GIF Animator 5
Ulead Photo Express 3.0 SE
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
VideoLAN VLC media player 0.8.6d
Windows Defender
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinRAR archiver
Xfire (remove only)
XpertVision 5.3
Xvid 1.1.3 final uninstall
Yahoo! Anti-Spy
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
ZDaemon (remove only)
ZoneAlarm Pro

[Advertisements]

I seen something called "combo fix also on here in IE pop up related topics, i took the liberty of doing a log.





ComboFix 08-01-14.4 - Watty 2008-01-14 14:06:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.504 [GMT 0:00]
Running from: C:\Documents and Settings\Watty\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 14:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 12:15 . 2008-01-14 12:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-14 12:00 . 2008-01-14 12:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 12:00 . 2008-01-14 12:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 12:00 . 2008-01-14 12:00 <DIR> d-------- C:\Documents and Settings\Watty\Application Data\SUPERAntiSpyware.com
2008-01-14 12:00 . 2008-01-14 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-13 22:10 . 2008-01-13 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-01-13 21:18 . 2008-01-13 21:18 <DIR> d-------- C:\Program Files\Panicware
2008-01-13 20:46 . 2008-01-14 14:10 167,545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-13 20:46 . 2008-01-13 20:46 86,144 --a------ C:\WINDOWS\system32\drivers\hidusbb.sys
2008-01-12 02:01 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-01-12 02:00 . 2008-01-12 02:00 <DIR> d-------- C:\Program Files\Steinberg
2008-01-12 02:00 . 2008-01-12 02:00 <DIR> d-------- C:\Program Files\Image-Line
2008-01-12 02:00 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-01-12 01:58 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-11 18:44 . 2008-01-11 18:44 <DIR> d-------- C:\Documents and Settings\Watty\Application Data\VideoEgg
2008-01-08 00:42 . 2008-01-08 00:42 268 --ah----- C:\sqmdata01.sqm
2008-01-08 00:42 . 2008-01-08 00:42 244 --ah----- C:\sqmnoopt01.sqm
2008-01-07 14:47 . 2008-01-08 17:06 9,531 --a------ C:\World.jpg
2008-01-05 22:18 . 2008-01-05 22:18 <DIR> d-------- C:\Program Files\DivX
2008-01-05 10:24 . 2008-01-05 10:24 <DIR> d-------- C:\Program Files\America's Army Server Manager
2008-01-04 11:14 . 2007-10-10 23:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-04 11:14 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-04 11:14 . 2007-07-01 03:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-04 11:14 . 2007-10-10 23:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-04 11:14 . 2007-10-10 23:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-04 11:14 . 2007-10-10 23:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-04 11:14 . 2007-10-10 23:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-04 11:14 . 2007-10-10 23:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-04 11:14 . 2007-10-10 10:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-02 01:35 . 2008-01-02 01:35 <DIR> d-------- C:\Program Files\Eidos Interactive
2007-12-31 13:59 . 2008-01-05 21:15 558 --a------ C:\WINDOWS\DFC.INI
2007-12-31 13:53 . 2007-12-31 13:56 <DIR> d-------- C:\WINDOWS\NV16722712.TMP
2007-12-31 13:53 . 2007-07-23 02:51 123,602 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-12-31 13:51 . 2007-12-31 14:48 127,254 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-31 13:50 . 2007-12-31 13:55 <DIR> d-------- C:\WINDOWS\nview
2007-12-31 13:50 . 2007-12-31 13:50 <DIR> d-------- C:\Program Files\XpertVision
2007-12-31 13:50 . 2007-07-23 02:51 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-12-31 13:50 . 2007-07-23 02:51 17,463 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-31 13:50 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2007-12-18 13:31 . 2007-12-18 13:35 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2007-12-16 19:12 . 2007-12-16 19:23 440 --a------ C:\WINDOWS\BeatBox.INI
2007-12-16 03:01 . 2007-12-16 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-15 00:02 . 2008-01-12 23:38 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-14 20:30 . 2007-12-14 20:30 <DIR> d-------- C:\Program Files\Mustek 1200 UB Plus
2007-12-14 20:30 . 2002-04-15 15:38 196,608 --a------ C:\WINDOWS\system32\SBMiniDrv.dll
2007-12-14 20:30 . 2000-06-01 13:41 176,128 --a------ C:\WINDOWS\system32\PuzzSaver.scr
2007-12-14 20:30 . 2000-06-01 13:40 172,032 --a------ C:\WINDOWS\system32\SpotSaver.scr
2007-12-14 20:30 . 1999-12-26 17:05 135,168 --a------ C:\WINDOWS\system32\ParaSaver.scr
2007-12-14 20:30 . 2003-05-13 17:32 118,784 --a------ C:\WINDOWS\system32\MKCoInstaller.dll
2007-12-14 20:30 . 2000-10-24 18:09 19,552 --a------ C:\WINDOWS\system32\SBusd.dll
2007-12-14 20:30 . 2003-02-18 09:38 17,504 --a------ C:\WINDOWS\system32\drivers\gt680x.sys
2007-12-14 20:30 . 2001-11-29 14:47 8,192 --a------ C:\WINDOWS\system32\drivers\SBfw.usb
2007-12-14 19:59 . 2007-12-14 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-14 18:27 . 2007-12-14 18:27 0 --a------ C:\WINDOWS\WATCH.INI
2007-12-14 18:19 . 2007-12-14 20:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-14 17:53 . 2007-12-14 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2007-12-14 17:53 . 2003-04-18 16:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-12-14 17:53 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-12-14 17:51 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-12-14 17:51 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-14 17:49 . 2007-12-14 17:52 <DIR> d-------- C:\Program Files\MAGIX
2007-12-14 17:48 . 2007-12-14 17:52 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-12-14 17:48 . 2007-04-17 17:05 667,648 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-12-14 17:48 . 2007-12-14 17:52 5,937 --a------ C:\WINDOWS\mgxoschk.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 11:08 3,001,344 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-01-14 11:08 2,308,608 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-01-14 11:08 --------- d-----w C:\Program Files\PeerGuardian2
2008-01-14 00:04 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-14 00:04 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-13 21:43 3,722,240 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-01-13 21:43 2,283,520 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-01-13 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-13 12:08 --------- d-----w C:\Documents and Settings\Watty\Application Data\Xfire
2008-01-13 12:07 --------- d-s---w C:\Program Files\Xfire
2008-01-11 22:48 --------- d-----w C:\Documents and Settings\Watty\Application Data\AVG7
2008-01-09 13:29 --------- d-----w C:\Program Files\coolpro2
2008-01-05 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 21:30 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-01-05 21:29 4,027,392 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-01-05 21:28 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-01-05 21:28 4,027,392 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-01-05 21:24 4,027,392 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-01-05 21:24 3,010,560 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-01-05 19:17 4,026,880 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-01-05 10:24 --------- d-----w C:\Program Files\America's Army
2008-01-05 10:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 13:50 3,954,688 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-01-03 13:50 3,895,808 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-01-02 15:52 5,263,275 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-18 09:00 3,859,456 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-12-18 09:00 2,834,944 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-12-16 21:03 3,852,800 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-12-16 21:03 3,244,544 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-12-16 17:00 --------- d-----w C:\Documents and Settings\Watty\Application Data\Ahead
2007-12-14 20:17 3,830,784 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-12-14 20:17 3,198,976 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-12-14 18:19 --------- d-----w C:\Program Files\Nero
2007-12-13 23:42 3,760,640 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-12-13 23:42 115,200 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2007-12-13 23:37 3,765,248 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-12-13 23:37 2,810,368 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-12-13 12:06 3,757,056 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-12-13 12:06 3,092,992 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-12-13 00:17 --------- d-----w C:\Program Files\File Shredder
2007-12-10 20:21 3,607,552 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-12-10 20:21 3,367,424 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-12-04 17:28 --------- d-----w C:\Program Files\VideoLAN
2007-12-04 14:30 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-04 14:30 --------- d-----w C:\Program Files\Common Files\Real
2007-12-04 13:48 136,334 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_04_13_40_22_small.dmp.zip
2007-12-03 01:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 01:12 --------- d-----w C:\Program Files\Game Vindicator
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-28 22:25 --------- d-----w C:\Program Files\ZDaemon
2007-11-28 21:46 --------- d-----w C:\Program Files\BitComet
2007-11-28 19:54 --------- d-----w C:\Program Files\SopCast
2007-11-27 17:29 --------- d-----w C:\Program Files\Total Video Converter
2007-11-27 17:29 --------- d-----w C:\Program Files\MSN Messenger
2007-11-27 17:29 --------- d-----w C:\Program Files\BitLord
2007-11-27 17:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-27 17:28 --------- d-----w C:\Program Files\Windows Live
2007-11-27 17:28 --------- d-----w C:\Program Files\Netscape
2007-11-27 17:28 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-27 17:27 --------- d-----w C:\Program Files\Windows Desktop Search
2007-11-27 17:26 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-27 17:26 --------- d-----w C:\Documents and Settings\Watty\Application Data\Skype
2007-11-27 17:25 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-27 17:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-27 17:24 --------- d-----w C:\Program Files\swLaunch
2007-11-27 17:24 --------- d-----w C:\Program Files\Skype
2007-11-27 17:24 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-27 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-11-27 17:20 --------- d-----w C:\Program Files\Windows Defender
2007-11-27 17:19 --------- d--h--r C:\Documents and Settings\Watty\Application Data\yahoo!
2007-11-27 17:19 --------- d-----w C:\Program Files\Xvid
2007-11-27 17:19 --------- d-----w C:\Program Files\Common Files\Scanner
2007-11-27 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-27 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-26 21:36 3,407,360 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-11-26 21:36 195,072 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-11-26 21:17 3,390,464 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-11-26 19:36 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-21 11:23 --------- d-----w C:\Program Files\GoAA
2007-11-14 14:07 --------- d-----w C:\Program Files\Ulead Systems
2007-11-13 17:54 2,824,704 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-11-09 19:02 3,225,600 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-11-09 19:02 1,978,368 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-11-07 10:34 3,207,680 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-11-07 09:41 20,481 ----a-w C:\WINDOWS\system32\SystemHook.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 22:29 20,481 ----a-w C:\WINDOWS\system32\SystemsHook.dll
2007-11-06 09:30 3,159,552 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-11-06 09:30 2,025,472 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-11-03 20:40 3,155,968 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-11-03 20:40 2,072,064 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-10-30 00:23 271,360 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 01:40 3,073,024 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-10-29 01:40 2,706,432 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-26 16:03 95,440 ----a-w C:\WINDOWS\NSUninst.exe
2007-10-26 16:03 95,440 ----a-w C:\WINDOWS\GREUninstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 01:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 01:46 135168]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:15 579072]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 22:38 968696]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 01:47 131072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 02:51 8466432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 16:47 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 22:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 17:35 49152 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-04 14:30 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

R1 hidusbb;hidusbb;C:\WINDOWS\system32\drivers\hidusbb.sys [2008-01-13 20:46]
R3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-07-20 06:20]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 12:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-01-14 14:13:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-13 22:10:53 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 14:13:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 14:15:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 14:15:06
.
2008-01-09 15:02:14 --- E O F ---

[watty147]

I seen something called "combo fix also on here in IE pop up related topics, i took the liberty of doing a log.





ComboFix 08-01-14.4 - Watty 2008-01-14 14:06:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.504 [GMT 0:00]
Running from: C:\Documents and Settings\Watty\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete

.
((((((((((((((((((((((((( Files Created from 2007-12-14 to 2008-01-14 )))))))))))))))))))))))))))))))
.

2008-01-14 14:05 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-14 12:15 . 2008-01-14 12:15 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-14 12:00 . 2008-01-14 12:17 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-14 12:00 . 2008-01-14 12:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-14 12:00 . 2008-01-14 12:00 <DIR> d-------- C:\Documents and Settings\Watty\Application Data\SUPERAntiSpyware.com
2008-01-14 12:00 . 2008-01-14 12:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-13 22:10 . 2008-01-13 22:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2008-01-13 21:18 . 2008-01-13 21:18 <DIR> d-------- C:\Program Files\Panicware
2008-01-13 20:46 . 2008-01-14 14:10 167,545 --------- C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-13 20:46 . 2008-01-13 20:46 86,144 --a------ C:\WINDOWS\system32\drivers\hidusbb.sys
2008-01-12 02:01 . 2006-06-20 10:56 225,280 --a------ C:\WINDOWS\system32\rewire.dll
2008-01-12 02:00 . 2008-01-12 02:00 <DIR> d-------- C:\Program Files\Steinberg
2008-01-12 02:00 . 2008-01-12 02:00 <DIR> d-------- C:\Program Files\Image-Line
2008-01-12 02:00 . 2002-07-08 00:14 1,294,336 --a------ C:\WINDOWS\system32\vorbis.acm
2008-01-12 01:58 . 2003-06-20 13:28 1,777,664 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-11 18:44 . 2008-01-11 18:44 <DIR> d-------- C:\Documents and Settings\Watty\Application Data\VideoEgg
2008-01-08 00:42 . 2008-01-08 00:42 268 --ah----- C:\sqmdata01.sqm
2008-01-08 00:42 . 2008-01-08 00:42 244 --ah----- C:\sqmnoopt01.sqm
2008-01-07 14:47 . 2008-01-08 17:06 9,531 --a------ C:\World.jpg
2008-01-05 22:18 . 2008-01-05 22:18 <DIR> d-------- C:\Program Files\DivX
2008-01-05 10:24 . 2008-01-05 10:24 <DIR> d-------- C:\Program Files\America's Army Server Manager
2008-01-04 11:14 . 2007-10-10 23:55 6,065,664 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-01-04 11:14 . 2007-07-01 03:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-01-04 11:14 . 2007-07-01 03:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-01-04 11:14 . 2007-10-10 23:55 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-01-04 11:14 . 2007-10-10 23:55 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-01-04 11:14 . 2007-10-10 23:55 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-01-04 11:14 . 2007-10-10 23:55 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-01-04 11:14 . 2007-10-10 23:55 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-01-04 11:14 . 2007-10-10 10:59 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-01-02 01:35 . 2008-01-02 01:35 <DIR> d-------- C:\Program Files\Eidos Interactive
2007-12-31 13:59 . 2008-01-05 21:15 558 --a------ C:\WINDOWS\DFC.INI
2007-12-31 13:53 . 2007-12-31 13:56 <DIR> d-------- C:\WINDOWS\NV16722712.TMP
2007-12-31 13:53 . 2007-07-23 02:51 123,602 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-12-31 13:51 . 2007-12-31 14:48 127,254 --a------ C:\WINDOWS\system32\nvapps.xml
2007-12-31 13:50 . 2007-12-31 13:55 <DIR> d-------- C:\WINDOWS\nview
2007-12-31 13:50 . 2007-12-31 13:50 <DIR> d-------- C:\Program Files\XpertVision
2007-12-31 13:50 . 2007-07-23 02:51 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-12-31 13:50 . 2007-07-23 02:51 17,463 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-12-31 13:50 . 2007-03-16 10:11 12,256 --a------ C:\WINDOWS\system32\drivers\TBPanel.sys
2007-12-18 13:31 . 2007-12-18 13:35 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI
2007-12-16 19:12 . 2007-12-16 19:23 440 --a------ C:\WINDOWS\BeatBox.INI
2007-12-16 03:01 . 2007-12-16 03:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-12-15 00:02 . 2008-01-12 23:38 116 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-14 20:30 . 2007-12-14 20:30 <DIR> d-------- C:\Program Files\Mustek 1200 UB Plus
2007-12-14 20:30 . 2002-04-15 15:38 196,608 --a------ C:\WINDOWS\system32\SBMiniDrv.dll
2007-12-14 20:30 . 2000-06-01 13:41 176,128 --a------ C:\WINDOWS\system32\PuzzSaver.scr
2007-12-14 20:30 . 2000-06-01 13:40 172,032 --a------ C:\WINDOWS\system32\SpotSaver.scr
2007-12-14 20:30 . 1999-12-26 17:05 135,168 --a------ C:\WINDOWS\system32\ParaSaver.scr
2007-12-14 20:30 . 2003-05-13 17:32 118,784 --a------ C:\WINDOWS\system32\MKCoInstaller.dll
2007-12-14 20:30 . 2000-10-24 18:09 19,552 --a------ C:\WINDOWS\system32\SBusd.dll
2007-12-14 20:30 . 2003-02-18 09:38 17,504 --a------ C:\WINDOWS\system32\drivers\gt680x.sys
2007-12-14 20:30 . 2001-11-29 14:47 8,192 --a------ C:\WINDOWS\system32\drivers\SBfw.usb
2007-12-14 19:59 . 2007-12-14 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-12-14 18:27 . 2007-12-14 18:27 0 --a------ C:\WINDOWS\WATCH.INI
2007-12-14 18:19 . 2007-12-14 20:00 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-12-14 17:53 . 2007-12-14 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX
2007-12-14 17:53 . 2003-04-18 16:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll
2007-12-14 17:53 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2007-12-14 17:51 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2007-12-14 17:51 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2007-12-14 17:49 . 2007-12-14 17:52 <DIR> d-------- C:\Program Files\MAGIX
2007-12-14 17:48 . 2007-12-14 17:52 <DIR> d-------- C:\WINDOWS\system32\MAGIX
2007-12-14 17:48 . 2007-04-17 17:05 667,648 --a------ C:\WINDOWS\system32\mgxoschk.dll
2007-12-14 17:48 . 2007-12-14 17:52 5,937 --a------ C:\WINDOWS\mgxoschk.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 11:08 3,001,344 ----a-w C:\WINDOWS\Internet Logs\xDB2B.tmp
2008-01-14 11:08 2,308,608 ----a-w C:\WINDOWS\Internet Logs\xDB2C.tmp
2008-01-14 11:08 --------- d-----w C:\Program Files\PeerGuardian2
2008-01-14 00:04 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-01-14 00:04 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-01-13 21:43 3,722,240 ----a-w C:\WINDOWS\Internet Logs\xDB29.tmp
2008-01-13 21:43 2,283,520 ----a-w C:\WINDOWS\Internet Logs\xDB2A.tmp
2008-01-13 21:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 17:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-13 12:08 --------- d-----w C:\Documents and Settings\Watty\Application Data\Xfire
2008-01-13 12:07 --------- d-s---w C:\Program Files\Xfire
2008-01-11 22:48 --------- d-----w C:\Documents and Settings\Watty\Application Data\AVG7
2008-01-09 13:29 --------- d-----w C:\Program Files\coolpro2
2008-01-05 21:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-05 21:30 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB26.tmp
2008-01-05 21:29 4,027,392 ----a-w C:\WINDOWS\Internet Logs\xDB27.tmp
2008-01-05 21:28 47,104 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-01-05 21:28 4,027,392 ----a-w C:\WINDOWS\Internet Logs\xDB25.tmp
2008-01-05 21:24 4,027,392 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-01-05 21:24 3,010,560 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-01-05 19:17 4,026,880 ----a-w C:\WINDOWS\Internet Logs\xDB28.tmp
2008-01-05 10:24 --------- d-----w C:\Program Files\America's Army
2008-01-05 10:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-03 13:50 3,954,688 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-01-03 13:50 3,895,808 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-01-02 15:52 5,263,275 ----a-w C:\WINDOWS\Internet Logs\tvDebug.zip
2007-12-18 09:00 3,859,456 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2007-12-18 09:00 2,834,944 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2007-12-16 21:03 3,852,800 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2007-12-16 21:03 3,244,544 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2007-12-16 17:00 --------- d-----w C:\Documents and Settings\Watty\Application Data\Ahead
2007-12-14 20:17 3,830,784 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2007-12-14 20:17 3,198,976 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2007-12-14 18:19 --------- d-----w C:\Program Files\Nero
2007-12-13 23:42 3,760,640 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2007-12-13 23:42 115,200 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2007-12-13 23:37 3,765,248 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2007-12-13 23:37 2,810,368 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2007-12-13 12:06 3,757,056 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2007-12-13 12:06 3,092,992 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2007-12-13 00:17 --------- d-----w C:\Program Files\File Shredder
2007-12-10 20:21 3,607,552 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2007-12-10 20:21 3,367,424 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2007-12-04 17:28 --------- d-----w C:\Program Files\VideoLAN
2007-12-04 14:30 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-04 14:30 --------- d-----w C:\Program Files\Common Files\Real
2007-12-04 13:48 136,334 ----a-w C:\WINDOWS\Internet Logs\vsmon_2nd_2007_12_04_13_40_22_small.dmp.zip
2007-12-03 01:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-03 01:12 --------- d-----w C:\Program Files\Game Vindicator
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-28 22:25 --------- d-----w C:\Program Files\ZDaemon
2007-11-28 21:46 --------- d-----w C:\Program Files\BitComet
2007-11-28 19:54 --------- d-----w C:\Program Files\SopCast
2007-11-27 17:29 --------- d-----w C:\Program Files\Total Video Converter
2007-11-27 17:29 --------- d-----w C:\Program Files\MSN Messenger
2007-11-27 17:29 --------- d-----w C:\Program Files\BitLord
2007-11-27 17:28 --------- d-----w C:\Program Files\Windows Live Safety Center
2007-11-27 17:28 --------- d-----w C:\Program Files\Windows Live
2007-11-27 17:28 --------- d-----w C:\Program Files\Netscape
2007-11-27 17:28 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-27 17:27 --------- d-----w C:\Program Files\Windows Desktop Search
2007-11-27 17:26 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-27 17:26 --------- d-----w C:\Documents and Settings\Watty\Application Data\Skype
2007-11-27 17:25 --------- d-----w C:\Program Files\GameSpy Arcade
2007-11-27 17:24 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-27 17:24 --------- d-----w C:\Program Files\swLaunch
2007-11-27 17:24 --------- d-----w C:\Program Files\Skype
2007-11-27 17:24 --------- d-----w C:\Program Files\Common Files\Skype
2007-11-27 17:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2007-11-27 17:20 --------- d-----w C:\Program Files\Windows Defender
2007-11-27 17:19 --------- d--h--r C:\Documents and Settings\Watty\Application Data\yahoo!
2007-11-27 17:19 --------- d-----w C:\Program Files\Xvid
2007-11-27 17:19 --------- d-----w C:\Program Files\Common Files\Scanner
2007-11-27 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-27 17:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2007-11-26 21:36 3,407,360 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2007-11-26 21:36 195,072 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2007-11-26 21:17 3,390,464 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2007-11-26 19:36 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-21 11:23 --------- d-----w C:\Program Files\GoAA
2007-11-14 14:07 --------- d-----w C:\Program Files\Ulead Systems
2007-11-13 17:54 2,824,704 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2007-11-09 19:02 3,225,600 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2007-11-09 19:02 1,978,368 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2007-11-07 10:34 3,207,680 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2007-11-07 09:41 20,481 ----a-w C:\WINDOWS\system32\SystemHook.dll
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-06 22:29 20,481 ----a-w C:\WINDOWS\system32\SystemsHook.dll
2007-11-06 09:30 3,159,552 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2007-11-06 09:30 2,025,472 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2007-11-03 20:40 3,155,968 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-11-03 20:40 2,072,064 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-10-30 00:23 271,360 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 01:40 3,073,024 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-10-29 01:40 2,706,432 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-10-27 17:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-26 16:03 95,440 ----a-w C:\WINDOWS\NSUninst.exe
2007-10-26 16:03 95,440 ----a-w C:\WINDOWS\GREUninstall.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 11:10 536576]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 15:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-02-27 11:39 1310720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 01:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 01:46 135168]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-21 15:15 579072]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2006-08-23 22:38 968696]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 01:47 131072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-23 02:51 8466432]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 16:47 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-02-27 11:39 282624 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=C:\WINDOWS\pss\Watch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 19:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 22:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 17:35 49152 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 16:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 00:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-04 14:30 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

R1 hidusbb;hidusbb;C:\WINDOWS\system32\drivers\hidusbb.sys [2008-01-13 20:46]
R3 n558;N558 Bluetooth USB Filter Driver;C:\WINDOWS\system32\Drivers\n558.sys [2007-07-20 06:20]
S3 BTNetFilter;Bluetooth Network Filter;C:\WINDOWS\system32\drivers\BTNetFilter.sys [2004-12-16 15:32]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 15:18]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-14 12:00:00 C:\WINDOWS\Tasks\HPpromotions journeysoftware.job"
- C:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe
"2008-01-14 14:13:55 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-01-13 22:10:53 C:\WINDOWS\Tasks\Pareto UNS.job"
- C:\Program Files\Common Files\ParetoLogic\UUS\UUS.dll\Pareto_Update.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-14 14:13:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-14 14:15:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-14 14:15:06
.
2008-01-09 15:02:14 --- E O F ---