i also just ran a combo fix so heres an updated log of that and HJT
combofix
ComboFix 08-03-27.2 - John 2008-03-28 20:40:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.63 [GMT -7:00]
Running from: E:\torrents\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
TimedOut: progfile.dat
-- Script messages for sUBs --
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -Eisf temp00
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wanpacket.dll
C:\WINDOWS\system32\wpcap.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_npf
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-29 )))))))))))))))))))))))))))))))
.
2008-03-27 20:45 . 2008-03-27 20:45 244 --ah----- C:\sqmnoopt06.sqm
2008-03-27 20:45 . 2008-03-27 20:45 232 --ah----- C:\sqmdata06.sqm
2008-03-27 17:11 . 2008-03-27 17:11 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-27 17:11 . 2008-03-27 17:11 <DIR> d-------- C:\Documents and Settings\John\Application Data\Malwarebytes
2008-03-27 17:11 . 2008-03-27 17:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-27 16:23 . 2008-03-27 16:48 <DIR> d-------- C:\VundoFix Backups
2008-03-27 14:17 . 2008-03-27 14:17 244 --ah----- C:\sqmnoopt05.sqm
2008-03-27 14:17 . 2008-03-27 14:17 232 --ah----- C:\sqmdata05.sqm
2008-03-27 06:17 . 2008-03-27 06:17 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-03-27 04:32 . 2008-03-27 04:32 244 --ah----- C:\sqmnoopt04.sqm
2008-03-27 04:32 . 2008-03-27 04:32 232 --ah----- C:\sqmdata04.sqm
2008-03-27 03:38 . 2008-03-27 03:38 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-27 03:38 . 2008-03-27 06:18 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-03-27 03:38 . 2008-03-27 06:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-26 17:56 . 2008-03-26 17:55 38,400 -r-hs---- C:\WINDOWS\msn.com
2008-03-25 14:35 . 2008-03-25 14:35 <DIR> d-------- C:\Logs
2008-03-24 13:21 . 2008-03-27 06:18 <DIR> d-------- C:\Documents and Settings\John\Application Data\Winamp
2008-03-22 01:27 . 2008-03-22 01:27 25 --a------ C:\WINDOWS\cdplayer.ini
2008-03-22 01:25 . 2008-03-22 01:25 <DIR> d-------- C:\Program Files\Real
2008-03-22 01:25 . 2008-03-27 05:42 <DIR> d-------- C:\Program Files\Common Files\Real
2008-03-22 01:24 . 2008-03-27 06:17 <DIR> d-------- C:\Program Files\RichFX
2008-03-22 01:14 . 2008-03-27 06:17 <DIR> d-------- C:\Program Files\Matroska Pack
2008-03-21 18:10 . 2008-03-21 18:10 <DIR> d-------- C:\Documents and Settings\John\Application Data\Leadertech
2008-03-13 19:25 . 2008-03-13 19:25 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-03-13 19:25 . 2008-03-13 19:25 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_motmodem_01005.Wdf
2008-03-13 19:21 . 2008-03-13 19:21 <DIR> d-------- C:\Program Files\Common Files\Motorola Shared
2008-03-13 19:21 . 2006-11-13 14:45 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-03-13 19:21 . 2007-02-27 14:31 21,504 --a------ C:\WINDOWS\system32\drivers\motmodem.sys
2008-03-13 19:12 . 2008-03-13 19:16 <DIR> d-------- C:\Program Files\Avanquest update
2008-03-13 19:12 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-03-13 19:12 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-03-13 18:58 . 2008-03-13 19:23 <DIR> d-------- C:\Program Files\Motorola Phone Tools
2008-03-13 18:58 . 2008-03-13 19:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-03-13 18:58 . 2008-03-13 19:11 92,064 --a------ C:\Documents and Settings\John\mqdmmdm.sys
2008-03-13 18:58 . 2008-03-13 19:11 79,328 --a------ C:\Documents and Settings\John\mqdmserd.sys
2008-03-13 18:58 . 2008-03-13 19:11 66,656 --a------ C:\Documents and Settings\John\mqdmbus.sys
2008-03-13 18:58 . 2008-03-13 19:11 25,600 --a------ C:\Documents and Settings\John\usbsermptxp.sys
2008-03-13 18:58 . 2008-03-13 19:11 22,768 --a------ C:\Documents and Settings\John\usbsermpt.sys
2008-03-13 18:58 . 2008-03-13 19:11 9,232 --a------ C:\Documents and Settings\John\mqdmmdfl.sys
2008-03-13 18:58 . 2008-03-13 19:11 6,208 --a------ C:\Documents and Settings\John\mqdmcmnt.sys
2008-03-13 18:58 . 2008-03-13 19:11 5,936 --a------ C:\Documents and Settings\John\mqdmwhnt.sys
2008-03-13 18:58 . 2008-03-13 19:11 4,048 --a------ C:\Documents and Settings\John\mqdmcr.sys
2008-03-07 17:06 . 2008-03-07 17:06 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-03-06 16:17 . 2008-03-06 16:17 <DIR> d-------- C:\WINDOWS\nview
2008-03-06 16:17 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-03-06 16:17 . 2007-12-05 02:41 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-03-06 16:17 . 2008-03-22 20:58 163,353 --a------ C:\WINDOWS\system32\nvapps.xml
2008-03-06 16:17 . 2007-12-05 02:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-03-06 16:16 . 2008-03-06 16:16 <DIR> d-------- C:\NVIDIA
2008-03-04 16:25 . 1980-03-28 15:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-04 16:25 . 2008-03-04 16:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-04 16:24 . 2008-03-04 16:24 <DIR> d-------- C:\Program Files\iPod
2008-03-02 23:42 . 2008-03-02 23:42 <DIR> d-------- C:\Program Files\BearShare Applications
2008-03-02 17:20 . 2008-03-02 17:20 <DIR> d-------- C:\Program Files\Common Files\INCA Shared
2008-02-29 12:48 . 2006-05-01 13:15 483,328 --a------ C:\WINDOWS\system32\actskn45.ocx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-29 03:37 --------- d-----w C:\Documents and Settings\John\Application Data\Skype
2008-03-28 23:07 --------- d-----w C:\Documents and Settings\John\Application Data\skypePM
2008-03-27 23:48 --------- d-----w C:\Program Files\FlashFXP
2008-03-27 13:18 --------- d-----w C:\Program Files\Winamp
2008-03-27 13:18 --------- d-----w C:\Documents and Settings\John\Application Data\Azureus
2008-03-22 00:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 00:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-20 08:00 --------- d-----w C:\Program Files\mIRC
2008-03-19 05:14 --------- d-----w C:\Program Files\Azureus
2008-03-15 00:00 --------- d-----w C:\Documents and Settings\John\Application Data\ATI
2008-03-04 23:23 --------- d-----w C:\Program Files\QuickTime
2008-03-04 21:29 --------- d-----w C:\Program Files\Warcraft III
2008-03-03 06:47 --------- d-----w C:\Program Files\BearShare
2008-02-26 11:50 --------- d-----w C:\Program Files\Disney
2008-02-18 17:46 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-02-18 17:42 --------- d-----w C:\Program Files\Skype
2008-02-18 17:42 --------- d-----w C:\Program Files\Common Files\Skype
2008-02-18 17:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-02-05 01:25 --------- d-----w C:\Program Files\DivX
2007-10-05 09:09 22,328 ----a-w C:\Documents and Settings\John\Application Data\PnkBstrK.sys
2003-06-20 11:05 24,752 ----a-w C:\WINDOWS\inf\hidclass.sys
2001-02-06 17:11 16,384 ----a-w C:\WINDOWS\inf\kbcam.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{93344865-74BD-4873-BE65-56539D41A65C}"= "C:\WINDOWS\Downloaded Program Files\Earn2Life.dll" [2007-05-14 18:18 303104]
[HKEY_CLASSES_ROOT\clsid\{93344865-74bd-4873-be65-56539d41a65c}]
[HKEY_CLASSES_ROOT\Earn2Life.LeadBar.1]
[HKEY_CLASSES_ROOT\TypeLib\{92F9C4A2-C2A5-41f6-9829-49B8C6FF0709}]
[HKEY_CLASSES_ROOT\Earn2Life.LeadBar]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 18:07 15360]
"Steam"="c:\program files\steam\steam.exe" [1980-03-27 17:00 1271032]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 09:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-02-01 18:22 21898024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CmPCIaudio"="CMICNFG3.CPL" []
"SiSRaid"="C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe" [2004-12-22 18:32 892928]
"SoundMan"="SOUNDMAN.EXE" [2005-11-10 23:07 90112 C:\WINDOWS\soundman.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 06:00 79224]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 15:08 57344 C:\WINDOWS\system32\ico.exe]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 18:05 81920]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"AtiPTA"="atiptaxx.exe" [2006-02-21 17:05 344064 C:\WINDOWS\system32\atiptaxx.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-06-16 06:03 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 06:03 81920]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="E:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-22 01:25 185896]
"Windows live Messenger"="msn.com" [2008-03-26 17:55 38400 C:\WINDOWS\msn.com]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 18:34 5419008]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2007-01-19 04:12:21 483412]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\World of Warcraft\\WoW-1.12.0-enUS-downloader.exe"=
"E:\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"E:\\World of Warcraft\\WoW-2.0.3-enUS-downloader.exe"=
"E:\\World of Warcraft\\WoW-2.0.3.6299-to-2.0.5.6320-enUS-downloader.exe"=
"C:\\Program Files\\Steam\\steamapps\\kainen_darklord\\day of defeat\\hl.exe"=
"E:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"E:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"C:\\Program Files\\Steam\\steamapps\\kainen_darklord\\half-life\\hl.exe"=
"E:\\Program Files\\Starcraft\\StarCraft.exe"=
"C:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"E:\\World of Warcraft\\WoW-2.0.8.6403-to-2.0.10.6448-enUS-downloader.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"E:\\World of Warcraft\\WoW-2.0.10.6448-to-2.0.12.6546-enUS-downloader.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"E:\\Program Files\\SecondLife\\SecondLife.exe"=
"C:\\Program Files\\Sierra Online\\FreeStyle Street Basketball™\\FreeStyle.exe"=
"E:\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Documents and Settings\\John\\My Documents\\pol_6\\pol_6.2\\Pokemon Online.exe"=
"C:\\Documents and Settings\\John\\My Documents\\vbalink180b0\\VisualBoyAdvance.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\NEXON\\MapleStory\\Patcher.exe"=
"C:\\Program Files\\Steam\\steamapps\\kainen_darklord\\dark messiah might and magic multi-player\\mm.exe"=
"C:\\Program Files\\Steam\\steamapps\\kainen_darklord\\half-life 2 deathmatch\\hl2.exe"=
"C:\\Program Files\\Steam\\steamapps\\nirvana1_8_7\\half-life 2 deathmatch\\hl2.exe"=
"E:\\ijji\\ENGLISH\\Gunbound Revolution\\GunBound.gme"=
"C:\\Program Files\\FlashFXP\\FlashFXP.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\XBC\\XBC_NS.exe"=
"E:\\Program Files\\XLink Kai Evolution VII\\kaiLaunch.exe"=
"E:\\Program Files\\XLink Kai Evolution VII\\kaiEngine.exe"=
"E:\\2_[PC Game] Worms World Party\\Worms World Party\\WWP\\WWP.EXE"=
"E:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Doomsday\\Bin\\Doomsday.exe"=
"C:\\Program Files\\NEXON\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\EA GAMES\\American McGee's Alice\\alice.exe"=
"C:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"C:\\Program Files\\Steam\\steamapps\\kainen_darklord\\counter-strike\\hl.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Steam\\steamapps\\nirvana1_8_7\\day of defeat\\hl.exe"=
"C:\\Program Files\\Steam\\steamapps\\nirvana1_8_7\\counter-strike source\\hl2.exe"=
"C:\\ijji\\ENGLISH\\u_gbound.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\ijji\\ENGLISH\\U_KwonHoOnline\\KwonHoClient.exe"=
"C:\\Program Files\\Steam\\steamapps\\nirvana1_8_7\\half-life\\hl.exe"=
"E:\\Program Files\\Orb Networks\\Orb\\bin\\Orb.exe"=
"E:\\Program Files\\Orb Networks\\Orb\\bin\\OrbTray.exe"=
"E:\\Program Files\\Orb Networks\\Orb\\bin\\OrbStreamerClient.exe"=
"C:\\Program Files\\Codemasters\\RF Online\\RF.exe"=
"E:\\Program Files\\Armagetron Advanced\\armagetronad.exe"=
"E:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"E:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"E:\\NeverwinterNights\\NWN\\nwmain.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:warcraft 3
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 atitray;atitray;C:\Program Files\Radeon Omega Drivers\v3.8.252\ATI Tray Tools\atitray.sys [2006-02-28 13:55]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2004-11-14 13:01]
R2 X4HSX32;X4HSX32;C:\Program Files\GameTap\bin\Release\X4HSX32.Sys [2008-03-16 15:04]
S3 aintelpp;aintelpp;C:\DOCUME~1\John\LOCALS~1\Temp\aintelpp.sys []
S3 AR5523;NETGEAR WG111T USB2.0 Wireless Card Service;C:\WINDOWS\system32\DRIVERS\wg11tnd5.sys [2004-10-15 11:41]
S3 AsiSRaid;AsiSRaid;C:\DOCUME~1\John\LOCALS~1\Temp\AsiSRaid.sys []
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;C:\WINDOWS\system32\Drivers\ATHFMWDL.sys [2004-10-14 19:24]
S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\John\LOCALS~1\Temp\cdrmkaun.sys []
S3 dalim154;dalim154;C:\DOCUME~1\John\LOCALS~1\Temp\dalim154.sys []
S3 DCamUSBDXGTech;Dual-Mode DSC (Video Camera);C:\WINDOWS\system32\Drivers\GT891x1.SYS [2001-12-11 21:27]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\DNINDIS5.SYS [2003-07-24 13:10]
S3 fi8042pr;fi8042pr;C:\DOCUME~1\John\LOCALS~1\Temp\fi8042pr.sys []
S3 frndismp;frndismp;C:\DOCUME~1\John\LOCALS~1\Temp\frndismp.sys []
S3 GT890x;Dual-Mode DSC (Still Camera);C:\WINDOWS\system32\Drivers\GT890x.SYS [2001-07-05 11:13]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-08-28 23:54]
S3 KBCAM;JamC@m USB service;C:\WINDOWS\system32\Drivers\KBCAM.sys [2001-02-06 10:11]
S3 knwlnksp;knwlnksp;C:\DOCUME~1\John\LOCALS~1\Temp\knwlnksp.sys []
S3 ldxgthk;ldxgthk;C:\DOCUME~1\John\LOCALS~1\Temp\ldxgthk.sys []
S3 nrdpdr;nrdpdr;C:\DOCUME~1\John\LOCALS~1\Temp\nrdpdr.sys []
S3 onikedrv;onikedrv;C:\DOCUME~1\John\LOCALS~1\Temp\onikedrv.sys []
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2004-09-22 11:16]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv []
S3 QCCDECOD;QCCDECOD;C:\DOCUME~1\John\LOCALS~1\Temp\QCCDECOD.sys []
S3 qpciidex;qpciidex;C:\DOCUME~1\John\LOCALS~1\Temp\qpciidex.sys []
S3 rsffp_sd;rsffp_sd;C:\DOCUME~1\John\LOCALS~1\Temp\rsffp_sd.sys []
S3 SetupNTGLM7X;SetupNTGLM7X;D:\NTGLM7X.sys []
S3 wprocess;wprocess;C:\DOCUME~1\John\LOCALS~1\Temp\wprocess.sys []
S3 yaec;yaec;C:\DOCUME~1\John\LOCALS~1\Temp\yaec.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-03-25 05:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-28 20:49:01
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-03-28 20:54:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-29 03:54:39
Pre-Run: 31,870,726,144 bytes free
Post-Run: 31,785,828,352 bytes free
.
2008-02-13 02:30:53 --- E O F ---
HJT
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:57:47 PM, on 3/28/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ICO.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\FSRremoS.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
E:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\program files\steam\steam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\explorer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\msn.com
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://search.bearshare.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/?.home=ytieR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Earn2Life Bar - {93344865-74BD-4873-BE65-56539D41A65C} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.CPL,CMICtrlWnd
O4 - HKLM\..\Run: [SiSRaid] C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\SRaid.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O8 - Extra context menu item: Download All by FlashGet - E:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - E:\Program Files\FlashGet\jc_link.htm
O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\Downloaded Program Files\Earn2Life.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - E:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\John\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone:
http://www.msi.com.twO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akama...ex/qtplugin.cabO16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -
http://messenger.zon...kr.cab56986.cabO16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) -
http://messenger.zon...O/GAME_UNO1.cabO16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) -
http://gamedownload....Plugin11USA.cabO16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} (WebSDev Control) -
http://tw.msi.com.tw...ine/install.cabO16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} (Earn2Life Bar) -
http://www.earn2life...n/Earn2Life.cabO16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab56907.cabO16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) -
https://secure.gopet...v/GoPetsWeb.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
--
End of file - 10088 bytes
Sign In
Create Account
