[[email protected]@L]

I'm not sure if this is the only problem or just a part of a bigger one heres my log.




Have tried the following

SUPERAntiSpyware Free Edition

IceSword122en

Aswell as the panda online scan




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:35:02 PM, on 5/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\HPZipm12.exe
E:\WINDOWS\system32\PnkBstrA.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Unlocker\UnlockerAssistant.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\Program Files\Microsoft IntelliType Pro\itype.exe
E:\WINDOWS\system32\LVCOMSX.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
E:\Program Files\Stardock\ObjectDock\ObjectDock.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Ventrilo\Ventrilo.exe
E:\Program Files\Windows Media Player\wmplayer.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "E:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [itype] "e:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [LVCOMSX] E:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] E:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] E:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NVMixerTray] "E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [runner1] E:\WINDOWS\mrofinu1921.exe 61A847B5BBF728133B9939466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "E:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Startup: Stardock ObjectDock.lnk = E:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - E:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - E:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common
Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - E:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5617 bytes









ComboFix 08-05-21.3 - [email protected]@L 2008-05-23 17:00:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1073 [GMT -5:00]
Running from: E:\Documents and Settings\[email protected]@L\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-04-23 to 2008-05-23 )))))))))))))))))))))))))))))))
.

2008-05-23 15:36 . 2008-05-23 15:36 <DIR> d-------- E:\ATI
2008-05-23 15:20 . 2008-05-23 15:20 <DIR> d-------- E:\Program Files\NVIDIA Corporation
2008-05-23 15:20 . 2008-05-23 15:20 <DIR> d-------- E:\Program Files\Common Files\NVIDIA Shared
2008-05-23 15:20 . 2006-08-18 10:30 446,464 --a------ E:\WINDOWS\system32\CapabilityTable.exe
2008-05-23 15:20 . 2006-04-14 14:00 208,896 --------- E:\WINDOWS\system32\nvuide.exe
2008-05-23 15:20 . 2006-08-18 10:28 208,896 --a------ E:\WINDOWS\system32\nvuaudio.exe
2008-05-23 15:20 . 2005-06-03 17:01 4,624 --a------ E:\WINDOWS\system32\nvaudio.nvu
2008-05-23 15:20 . 2006-02-20 13:00 1,570 --------- E:\WINDOWS\system32\nvide.nvu
2008-05-23 15:19 . 2006-06-07 19:49 208,896 --a------ E:\WINDOWS\system32\nvusmb.exe
2008-05-23 15:19 . 2006-04-14 14:00 208,896 --a------ E:\WINDOWS\system32\nvunrm.exe
2008-05-23 15:19 . 2006-08-07 16:39 110,080 --a------ E:\WINDOWS\system32\drivers\nvtcp.sys
2008-05-23 15:19 . 2006-06-01 15:32 3,903 --a------ E:\WINDOWS\system32\nvnrm.nvu
2008-05-23 15:19 . 2006-06-01 15:32 1,864 --a------ E:\WINDOWS\system32\nvsmb.nvu
2008-05-23 15:17 . 2008-05-23 15:17 <DIR> d-------- E:\Program Files\ATI Technologies
2008-05-23 15:17 . 2007-05-03 13:21 1,496,263 --a------ E:\WINDOWS\system32\drivers\CTRL.s3
2008-05-23 15:12 . 2008-05-23 15:12 <DIR> d-------- E:\Program Files\Common Files\Logitech
2008-05-23 15:11 . 2008-05-23 15:12 <DIR> d-------- E:\Program Files\Logitech
2008-05-23 15:10 . 2008-05-23 15:10 <DIR> d-------- E:\Program Files\Microsoft IntelliType Pro
2008-05-23 15:08 . 2008-05-23 15:08 <DIR> d-------- E:\Program Files\Realtek AC97
2008-05-23 15:07 . 2004-12-21 15:51 7,794 --a------ E:\WINDOWS\vp171b-2.cat
2008-05-23 15:07 . 2005-03-04 04:41 7,786 --a------ E:\WINDOWS\g90f-3.cat
2008-05-23 15:07 . 2005-03-03 03:36 7,782 --a------ E:\WINDOWS\q51-9.cat
2008-05-23 15:07 . 2004-12-20 10:38 1,224 --a------ E:\WINDOWS\VP171b-2.inf
2008-05-23 15:07 . 2005-03-01 15:43 1,204 --a------ E:\WINDOWS\Q51-9.inf
2008-05-23 15:07 . 2005-03-01 15:43 1,164 --a------ E:\WINDOWS\G90f-3.inf
2008-05-23 15:07 . 2004-09-16 05:18 512 --a------ E:\WINDOWS\VP171b-2.icm
2008-05-23 15:07 . 2004-11-04 00:00 512 --a------ E:\WINDOWS\Q51-9.icm
2008-05-23 15:07 . 2004-07-23 00:00 512 --a------ E:\WINDOWS\G90f-3.icm
2008-05-23 14:51 . 2008-05-23 14:51 <DIR> d-------- E:\Program Files\Driver Magician
2008-05-23 14:51 . 2004-03-09 00:00 1,081,616 --a------ E:\WINDOWS\system32\Mscomctl.ocx
2008-05-23 14:51 . 2004-09-28 11:13 526,184 --a------ E:\WINDOWS\system32\XceedCry.dll
2008-05-23 14:51 . 2005-01-12 11:19 456,536 --a------ E:\WINDOWS\system32\XCEEDZIP.DLL
2008-05-23 14:51 . 2004-03-09 00:00 224,016 --a------ E:\WINDOWS\system32\Tabctl32.ocx
2008-05-23 14:51 . 2004-03-09 00:00 152,848 --a------ E:\WINDOWS\system32\Comdlg32.ocx
2008-05-23 14:51 . 2004-03-09 00:00 132,880 --a------ E:\WINDOWS\system32\Msinet.ocx
2008-05-23 14:51 . 2004-08-11 15:55 110,602 --a------ E:\WINDOWS\system32\xcdsfx32.bin
2008-05-23 13:14 . 2008-05-23 13:14 <DIR> d-------- E:\Program Files\XPC Tools
2008-05-23 08:39 . 2008-05-23 08:45 <DIR> d-------- E:\Program Files\Panda Security
2008-05-23 08:23 . 2008-05-23 16:41 <DIR> d-------- E:\VundoFix Backups
2008-05-22 22:55 . 2008-05-22 22:55 <DIR> d-------- E:\Program Files\SUPERAntiSpyware
2008-05-22 22:55 . 2008-05-22 22:55 <DIR> d-------- E:\Documents and Settings\[email protected]@L\Application Data\SUPERAntiSpyware.com
2008-05-22 22:55 . 2008-05-22 22:55 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-22 22:53 . 2008-05-22 22:53 <DIR> d-------- E:\Program Files\Trend Micro
2008-05-22 22:50 . 2008-05-22 22:50 <DIR> d-------- E:\Deckard
2008-05-21 22:18 . 2008-05-21 22:18 <DIR> d-------- E:\Program Files\Valvesoftware
2008-05-21 19:00 . 2008-05-21 19:00 <DIR> d-------- E:\Documents and Settings\[email protected]@L\Application Data\Ashampoo
2008-05-21 18:59 . 2008-05-21 19:37 <DIR> d-------- E:\Program Files\Ashampoo
2008-05-21 18:59 . 2008-05-21 18:59 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\ashampoo
2008-05-21 12:17 . 2008-05-21 12:17 <DIR> d-------- E:\Program Files\Capcom
2008-05-21 10:30 . 2008-05-21 10:30 50 --a------ E:\WINDOWS\MegaManager.INI
2008-05-21 10:24 . 2008-05-21 10:26 <DIR> d--h----- E:\WINDOWS\msdownld.tmp
2008-05-21 10:08 . 2008-03-03 14:25 5,702 --ah----- E:\WINDOWS\nod32restoretemdono.reg
2008-05-21 10:08 . 2008-03-03 18:21 568 --ah----- E:\WINDOWS\nod32fixtemdono.reg
2008-05-21 10:04 . 2008-05-21 10:04 <DIR> d-------- E:\Program Files\ESET
2008-05-21 10:04 . 2008-05-21 10:04 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\ESET
2008-05-21 09:52 . 2008-05-21 09:52 <DIR> d-------- E:\Program Files\Spybot - Search & Destroy
2008-05-21 09:52 . 2008-05-21 10:13 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-21 09:18 . 2008-05-21 09:18 <DIR> d-------- E:\Documents and Settings\[email protected]@L\Application Data\vlc
2008-05-21 08:36 . 2008-05-22 06:33 <DIR> d--h----- E:\WINDOWS\$hf_mig$
2008-05-21 08:36 . 2006-09-06 17:43 22,752 --a------ E:\WINDOWS\system32\spupdsvc.exe
2008-05-21 08:33 . 2008-05-21 08:33 <DIR> d-------- E:\Program Files\Microsoft Games
2008-05-21 08:24 . 2008-05-21 08:24 <DIR> d-------- E:\Program Files\VideoLAN
2008-05-21 08:23 . 2008-05-23 08:27 <DIR> d-------- E:\Program Files\PowerISO
2008-05-21 04:37 . 2008-05-21 04:37 685,816 --a------ E:\WINDOWS\system32\drivers\sptd.sys
2008-05-20 23:47 . 2008-05-20 23:47 1,169 --a------ E:\WINDOWS\mozver.dat
2008-05-19 21:43 . 2008-05-23 09:39 103,736 --a------ E:\WINDOWS\system32\PnkBstrB.exe
2008-05-19 21:43 . 2008-05-23 09:39 22,328 --a------ E:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-05-19 16:23 . 2008-05-19 16:23 66,872 --a------ E:\WINDOWS\system32\PnkBstrA.exe
2008-05-19 16:02 . 2008-05-19 16:00 729,088 --a------ E:\WINDOWS\iun6002.exe
2008-05-19 15:56 . 2008-05-19 15:56 528 --a------ E:\WINDOWS\eReg.dat
2008-05-19 15:51 . 2008-05-19 15:51 <DIR> d-------- E:\Program Files\EA GAMES
2008-05-19 13:01 . 2008-05-19 13:01 <DIR> d-------- E:\Documents and Settings\[email protected]@L\Application Data\Media Player Classic
2008-05-18 21:55 . 2008-05-19 16:23 <DIR> d-------- E:\WINDOWS\system32\LogFiles
2008-05-18 21:35 . 2008-05-18 21:35 <DIR> d-------- E:\Program Files\Common Files\Hewlett-Packard
2008-05-18 21:35 . 2004-08-03 22:58 15,104 --a------ E:\WINDOWS\system32\drivers\usbscan.sys
2008-05-18 21:35 . 2004-08-03 22:58 15,104 --a--c--- E:\WINDOWS\system32\dllcache\usbscan.sys
2008-05-18 21:33 . 1998-10-29 16:45 306,688 --a------ E:\WINDOWS\IsUninst.exe
2008-05-18 21:33 . 2004-09-29 12:12 278,584 --a------ E:\WINDOWS\system32\HPZidr12.dll
2008-05-18 21:33 . 2004-09-29 12:15 204,800 --a------ E:\WINDOWS\system32\HPZipr12.dll
2008-05-18 21:33 . 2004-09-29 12:09 94,208 --a------ E:\WINDOWS\system32\HPZipt12.dll
2008-05-18 21:33 . 2004-09-29 12:14 69,632 --a------ E:\WINDOWS\system32\HPZipm12.exe
2008-05-18 21:33 . 2004-09-29 12:08 61,440 --a------ E:\WINDOWS\system32\HPZinw12.exe
2008-05-18 21:33 . 2004-09-29 12:09 57,344 --a------ E:\WINDOWS\system32\HPZisn12.dll
2008-05-18 21:32 . 2008-05-18 21:32 <DIR> d-------- E:\Program Files\HP
2008-05-18 21:32 . 2008-05-18 21:36 102,262 --a------ E:\WINDOWS\hpoins05.dat
2008-05-18 21:32 . 2005-12-17 00:56 51,120 --a------ E:\WINDOWS\system32\drivers\HPZid412.sys
2008-05-18 21:32 . 2005-12-17 00:56 21,744 --a------ E:\WINDOWS\system32\drivers\HPZius12.sys
2008-05-18 21:32 . 2005-12-17 00:56 17,505 --------- E:\WINDOWS\hpomdl07.dat
2008-05-18 21:32 . 2005-12-17 00:56 16,496 --a------ E:\WINDOWS\system32\drivers\HPZipr12.sys
2008-05-18 21:31 . 2005-12-17 00:56 606,208 --a------ E:\WINDOWS\system32\hpotscl.dll
2008-05-18 21:31 . 2005-12-17 00:55 393,216 --a------ E:\WINDOWS\system32\hpzcon12.dll
2008-05-18 21:31 . 2005-12-17 00:56 278,528 --a------ E:\WINDOWS\system32\hpgwiamd.dll
2008-05-18 21:31 . 2005-12-17 00:56 274,432 --a------ E:\WINDOWS\system32\HPZc3212.dll
2008-05-18 21:31 . 2005-12-17 00:56 258,122 --a------ E:\WINDOWS\system32\hpovst08.dll
2008-05-18 21:31 . 2005-12-17 00:55 196,608 --a------ E:\WINDOWS\system32\hpzcoi12.dll
2008-05-18 21:31 . 2005-12-17 00:55 180,315 --a------ E:\WINDOWS\system32\hpzsnt12.dll
2008-05-18 21:31 . 2005-12-17 00:56 98,304 --a------ E:\WINDOWS\system32\hpzjsn01.dll
2008-05-18 17:36 . 2008-05-18 21:10 81 --a------ E:\WINDOWS\WB.ini
2008-05-18 16:51 . 2008-04-26 16:14 42,672 --a------ E:\WINDOWS\system32\wbsys.dll
2008-05-18 16:11 . 2008-05-18 21:45 <DIR> d-------- E:\Program Files\World of Warcraft
2008-05-18 16:11 . 2008-05-18 16:43 <DIR> d-------- E:\Program Files\Common Files\Blizzard Entertainment
2008-05-18 15:15 . 2008-05-18 15:15 <DIR> d-------- E:\Program Files\Ventrilo
2008-05-18 15:15 . 2008-05-22 22:55 <DIR> d-------- E:\Program Files\Common Files\Wise Installation Wizard
2008-05-18 15:11 . 2008-05-18 15:11 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Azureus
2008-05-18 15:10 . 2008-05-23 15:01 <DIR> d-------- E:\Documents and Settings\[email protected]@L\Application Data\Azureus
2008-05-18 15:02 . 2008-05-18 15:02 <DIR> d-------- E:\Program Files\Azureus
2008-05-18 14:29 . 2008-05-18 14:29 <DIR> d-------- E:\Documents and Settings\[email protected]@L\Application Data\Talkback
2008-05-18 14:27 . 2008-05-18 14:27 0 --a------ E:\WINDOWS\nsreg.dat
2008-05-18 14:16 . 2008-05-23 15:20 <DIR> d--h----- E:\Program Files\InstallShield Installation Information
2008-05-18 14:16 . 2006-11-17 05:40 18,804,736 --a------ E:\WINDOWS\system32\alsndmgr.cpl
2008-05-18 14:16 . 2006-12-08 15:20 10,528,768 --a------ E:\WINDOWS\system32\RTLCPL.exe
2008-05-18 14:16 . 2008-01-24 16:36 4,127,488 -ra------ E:\WINDOWS\system32\drivers\alcxwdm.sys
2008-05-18 14:16 . 2007-04-16 15:28 577,536 --a------ E:\WINDOWS\soundman.exe
2008-05-18 14:16 . 2006-07-31 11:19 315,392 --a------ E:\WINDOWS\alcupd.exe
2008-05-18 14:16 . 2006-07-31 11:27 217,088 --a------ E:\WINDOWS\Alcrmv.exe
2008-05-18 14:16 . 2006-10-18 02:53 147,456 --a------ E:\WINDOWS\system32\RtlCPAPI.dll
2008-05-18 14:16 . 2002-02-05 13:54 141,016 --a------ E:\WINDOWS\system32\alsndmgr.wav
2008-05-18 14:16 . 2006-08-01 15:02 49,152 --a------ E:\WINDOWS\system32\ChCfg.exe
2008-05-18 14:00 . 2008-05-18 14:23 <DIR> d-------- E:\Documents and Settings\[email protected]@L\Application Data\Yahoo!
2008-05-18 14:00 . 2008-05-18 14:00 <DIR> d-------- E:\Documents and Settings\[email protected]@L\Application Data\Ventrilo
2008-05-18 14:00 . 2008-05-18 14:00 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-05-18 13:57 . 2008-05-18 13:57 <DIR> d-------- E:\Program Files\Unlocker
2008-05-18 13:57 . 2008-05-18 13:57 <DIR> d-------- E:\Program Files\K-Lite Codec Pack
2008-05-18 13:57 . 2008-05-18 13:57 <DIR> d-------- E:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-18 13:56 . 2008-05-19 07:08 <DIR> d-------- E:\Program Files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-19 14:22 --------- d-----w E:\Program Files\Common Files\Stardock
2008-05-18 21:51 --------- d-----w E:\Program Files\Stardock
2008-05-18 19:21 60,416 ----a-w E:\WINDOWS\ALCFDRTM.EXE
2008-05-18 19:16 --------- d-----w E:\Program Files\Common Files\InstallShield
2008-05-18 16:25 --------- d-----w E:\Program Files\SysShield Tools
2008-05-18 16:15 --------- d-----w E:\Program Files\microsoft frontpage
2008-03-27 08:12 151,583 ----a-w E:\WINDOWS\system32\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w E:\WINDOWS\system32\win32k.sys
2008-03-05 21:03 479,752 ----a-w E:\WINDOWS\system32\XAudio2_0.dll
2008-03-05 21:03 238,088 ----a-w E:\WINDOWS\system32\xactengine3_0.dll
2008-03-05 21:00 25,608 ----a-w E:\WINDOWS\system32\X3DAudio1_3.dll
2008-03-05 20:56 3,786,760 ----a-w E:\WINDOWS\system32\D3DX9_37.dll
2008-03-05 20:56 1,420,824 ----a-w E:\WINDOWS\system32\D3DCompiler_37.dll
2008-03-01 13:06 826,368 ----a-w E:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"ctfmon.exe"="E:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"SpybotSD TeaTimer"="E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="E:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-13 12:43 1510640]
"LogitechSoftwareUpdate"="E:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="E:\WINDOWS\system32\NvCpl.dll" [2007-09-17 01:07 8491008]
"nwiz"="nwiz.exe" [2007-09-17 01:07 1626112 E:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="E:\WINDOWS\system32\NvMcTray.dll" [2007-09-17 01:07 81920]
"egui"="E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 E:\WINDOWS\soundman.exe]
"itype"="e:\Program Files\Microsoft IntelliType Pro\itype.exe" [2006-11-21 17:08 813912]
"LVCOMSX"="E:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"LogitechVideoRepair"="E:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="E:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"NVMixerTray"="E:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 17:12 131072]

E:\Documents and Settings\[email protected]@L\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - E:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-05-18 11:25:56 3581680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= E:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
E:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 E:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
E:\Program Files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll 2008-05-18 17:03 210168 E:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"E:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"E:\\Program Files\\Azureus\\Azureus.exe"=
"E:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"E:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"E:\\Documents and Settings\\[email protected]@L\\Desktop\\Downloads\\Iron.Man.Multi-3.Full-Rip.Skullptura\\Iron.Man.Multi-3.Full-Rip.Skullptura\\Iron Man\\IronMan.exe"=

R1 epfwtdir;epfwtdir;E:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
S2 NOD32FiXTemDono;Eset Nod32 Boot;E:\WINDOWS\system32\regedt32.exe [2004-08-04 07:00]
S3 blat;blat;E:\Documents and Settings\[email protected]@L\Desktop\GlyDer\blat.sys []
S3 dkgpgcjw;dkgpgcjw;E:\Documents and Settings\[email protected]@L\Desktop\GlyDer\dkgpgcjw.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\Installer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\I]
\Shell\AutoRun\command - I:\INSTALL.EXE

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-23 20:10:37 E:\WINDOWS\Tasks\Microsoft_Hardware_Launch_IType_exe.job"
- e:\Program Files\Microsoft IntelliType Pro\itype.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-23 17:02:03
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-05-23 17:02:33
ComboFix-quarantined-files.txt 2008-05-23 22:02:32

Pre-Run: 226,463,727,616 bytes free
Post-Run: 226,523,430,912 bytes free

225 --- E O F --- 2008-05-22 14:12:01

Edited by [email protected]@L, 23 May 2008 - 04:05 PM.