Here's the results of the combofix script and the hijackthis log.
ComboFix 08-06-20.4 - Administrator 2008-06-25 11:32:54.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1688 [GMT -4:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\IP Changer v2.0 + Serial [App][www.zonatorrent.com]
C:\IP Changer v2.0 + Serial [App][www.zonatorrent.com]\IP Changer v2.0 + Serial [App][www.zonatorrent.com]\IPChanger20Eng.exe
C:\IP Changer v2.0 + Serial [App][www.zonatorrent.com]\IP Changer v2.0 + Serial [App][www.zonatorrent.com]\leer serial.txt
C:\IP Changer v2.0 + Serial [App][www.zonatorrent.com]\IP Changer v2.0 + Serial [App][www.zonatorrent.com]\ZONATORRENT.COM [ La mejor web para descargar desde bit torrent... juegos, divx, xxx, videoconsolas, appz, musica...] -.url
C:\VundoFix Backups
C:\VundoFix Backups\addmorefiles.txt
C:\VundoFix Backups\bmcgexrv.dll.bad
C:\VundoFix Backups\dqkstfxb.dll.bad
.
((((((((((((((((((((((((( Files Created from 2008-05-25 to 2008-06-25 )))))))))))))))))))))))))))))))
.
2008-06-24 23:41 . 2008-06-24 23:41 <DIR> d-------- C:\Documents and Settings\D\Application Data\BitDefender
2008-06-24 20:25 . 2008-06-24 20:25 81,920 --a------ C:\WINDOWS\system32\apqspoka.dll
2008-06-24 20:22 . 2008-06-24 20:22 99,840 --a------ C:\WINDOWS\system32\mapimqlh.dll
2008-06-24 20:13 . 2008-06-24 20:13 91,136 --a------ C:\WINDOWS\system32\hgdggjfj.dll
2008-06-24 11:54 . 2008-06-24 11:54 <DIR> d-------- C:\Program Files\Plustech Inc
2008-06-24 11:54 . 2000-05-22 00:00 1,066,176 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-06-24 11:54 . 2000-12-06 00:00 209,608 --a------ C:\WINDOWS\system32\TABCTL32.OCX
2008-06-24 11:54 . 2001-04-18 11:32 205,848 --a------ C:\WINDOWS\system32\Threed32.ocx
2008-06-24 11:54 . 2000-12-06 00:00 109,248 --a------ C:\WINDOWS\system32\MSWINSCK.OCX
2008-06-24 11:54 . 2001-08-27 15:12 19,490 --a------ C:\WINDOWS\system32\IPCFLT.VXD
2008-06-24 11:38 . 2008-06-24 11:53 4,372,882 --a------ C:\IP Changer v2.0 + Serial [App][www.zonatorrent.com].rar
2008-06-23 23:28 . 2008-06-23 23:45 <DIR> d-------- C:\Program Files\Setup Files
2008-06-23 20:15 . 2008-06-23 20:15 105,984 --a------ C:\WINDOWS\system32\oonbmodd.dll
2008-06-23 20:12 . 2008-06-23 20:12 91,136 --a------ C:\WINDOWS\system32\kkyyykgm.dll
2008-06-23 20:12 . 2008-06-23 20:12 81,408 --a------ C:\WINDOWS\system32\nljtiqui.dll
2008-06-23 20:08 . 2008-06-23 22:58 <DIR> d-------- C:\Program Files\Hide IP NG
2008-06-22 18:44 . 2008-06-23 22:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Hide IP NG
2008-06-22 18:40 . 2008-06-22 18:40 32 --a------ C:\WINDOWS\go
2008-06-18 11:34 . 2008-06-18 11:34 273 --a------ C:\WINDOWS\vtmb.ini
2008-06-14 22:32 . 2008-06-14 22:32 <DIR> d-------- C:\WINDOWS\nvidia icons
2008-06-14 22:32 . 2008-05-02 22:46 182,347 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-06-14 20:03 . 2008-06-14 20:03 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-14 18:18 . 2008-06-13 07:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-14 18:18 . 2008-05-08 10:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-06-08 15:57 . 2008-06-08 15:57 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-06-08 15:54 . 2008-06-08 15:54 <DIR> d-------- C:\Program Files\NCSoft
2008-06-08 15:53 . 2008-06-08 15:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
2008-06-05 20:40 . 2008-06-05 20:42 <DIR> d-------- C:\Monopoly Here & Now Special Edition-BigFish Games-PreCracked-HIVBABY
2008-06-05 20:23 . 2008-06-05 20:23 <DIR> dr-h----- C:\Documents and Settings\Administrator\Application Data\SecuROM
2008-06-05 20:23 . 2008-06-05 20:23 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-06-05 20:21 . 2008-06-05 20:21 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-05 20:17 . 2008-06-05 20:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools
2008-06-05 20:17 . 2008-06-05 20:17 717,296 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-06-05 19:45 . 2008-06-05 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-06-05 19:44 . 2008-06-05 19:44 <DIR> d-------- C:\Program Files\AOL Games
2008-06-02 19:11 . 2008-06-23 21:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-02 19:10 . 2008-06-03 09:11 <DIR> d-------- C:\Program Files\DAP
2008-06-02 19:10 . 2008-06-02 19:10 479,298 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-06-02 19:10 . 2008-06-02 19:10 172,032 --a------ C:\WINDOWS\system32\AniGIF.ocx
2008-06-02 19:10 . 2008-06-02 19:10 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-05-29 22:27 . 2008-05-29 22:27 <DIR> d-------- C:\Program Files\Ventrilo
2008-05-29 22:27 . 2008-05-29 22:27 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-29 22:27 . 2008-05-29 22:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Ventrilo
2008-05-29 02:00 . 2008-06-14 22:57 <DIR> d-------- C:\Program Files\HeroStats
2008-05-28 19:35 . 2008-05-28 20:56 <DIR> d-------- C:\Program Files\CityBinder
2008-05-28 19:29 . 2008-05-28 19:29 286,720 --------- C:\WINDOWS\Setup1.exe
2008-05-28 19:29 . 2008-05-28 19:29 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-05-28 18:52 . 2008-05-29 02:00 <DIR> d-------- C:\binds
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 15:32 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-06-24 18:12 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-06-24 03:42 --------- d-----w C:\Program Files\MSI
2008-06-24 00:20 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-06-19 21:48 34,296 ----a-w C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-19 21:47 17,144 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2008-06-18 15:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-28 22:38 3,148 ----a-w C:\Documents and Settings\Administrator\Application Data\LMLayout.dat
2008-05-28 22:38 268 ----a-w C:\Documents and Settings\Administrator\Application Data\LMCPaper.dat
2008-05-22 19:02 --------- d-----w C:\Program Files\Trend Micro
2008-05-21 18:37 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-14 20:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-13 23:32 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2008-05-13 22:52 85,520 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
2008-05-13 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-05-13 22:49 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Bitdefender
2008-05-13 22:48 --------- d-----w C:\Program Files\BitDefender
2008-05-13 22:41 --------- d-----w C:\Program Files\VideoLAN
2008-05-12 23:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-05-12 23:57 --------- d-----w C:\Program Files\Yahoo!
2008-05-12 22:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-05-12 22:52 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-12 22:30 --------- d-----w C:\Program Files\Windows Live
2008-05-12 22:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-05-12 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 16:04 --------- d-----w C:\Program Files\Common Files\BitDefender
2008-05-12 13:57 163,712 ----a-w C:\WINDOWS\system32\drivers\vidstub.sys
2008-05-12 13:56 --------- d-----w C:\Program Files\Stardock
2008-05-12 13:56 --------- d-----w C:\Program Files\Common Files\Stardock
2008-05-12 13:04 --------- d-----w C:\Program Files\uTorrent
2008-05-12 11:42 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-05-12 02:31 --------- d-----w C:\Program Files\VIA Technologies, Inc
2008-05-12 02:28 --------- d-----w C:\Program Files\VIA
2008-05-12 02:28 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-12 02:24 --------- d-----w C:\Program Files\DIFX
2008-05-12 02:08 --------- d-----w C:\Program Files\AWS
2008-05-12 02:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\WeatherBug
2008-05-12 01:39 --------- d-----w C:\Program Files\Xvid
2008-05-12 01:24 17,801 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-05-12 01:24 --------- d-----w C:\Program Files\NETGEAR
2008-05-12 01:24 --------- d-----w C:\Documents and Settings\Administrator\Application Data\InstallShield
2008-05-12 01:11 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-08 14:02 203,136 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-30 21:27 442,368 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 299,520 ----a-w C:\WINDOWS\system32\drmclien.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 00:10 102,912 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:24 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:43 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-13 18:43 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\Program Files\Setup Files ----
2008-06-23 23:45 891637 --------- C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\cache\VIALanDriversv3.68.0.453.exe
2008-06-23 23:41 4298079 --a------ C:\Program Files\Setup Files\Live Update 3 v3.91\LIVEUPDATE3V3.91.EXE
2007-08-06 15:00 126 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\MSISetup.ini
2007-04-27 12:39 65458 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\netvt.cat
2007-04-17 15:17 61802 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\FETNDIS.inf
2007-04-17 14:58 1915 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\WIN.txt
2007-04-17 11:58 42496 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\FETND5BV.sys
2007-04-17 11:58 40960 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\FETND5AV.sys
2006-11-22 10:38 5610 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\winsetup.txt
2006-11-21 19:01 253952 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\WinSetup.exe
2006-11-21 19:01 245760 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\WinUinst.exe
2006-11-07 17:54 13312 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\winsetup\VETUP64.DLL
2006-10-27 16:26 69632 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\vuins32.dll
2006-10-27 16:19 57376 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\vuins16.dll
2005-11-17 15:46 337320 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\difxapi.dll
2005-07-28 17:51 12672 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\WINNDI.DLL
2005-07-01 18:14 25920 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\winsetup\VETUP16.DLL
2005-04-18 17:50 32768 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\winsetup\VETUP32.DLL
2004-11-04 11:58 10240 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\winsetup\ntsim2A.sys
2004-11-04 11:57 8320 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\winsetup\ntsim2.sys
2004-09-14 10:18 18513 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\winsetup\NTSetup.inf
2003-08-26 09:55 133120 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\SetupDrv.exe
2003-04-03 11:17 209408 --a------ C:\Program Files\Setup Files\VIA Lan Drivers v3.68.0.453\MSISetup.exe
((((((((((((((((((((((((((((( snapshot@2008-06-25_ 0.38.43.79 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-25 04:35:57 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-25 15:16:40 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="C:\Program Files\AWS\WeatherBug\Weather.exe" [2007-08-29 10:55 1347584]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 05:39 486856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="nwiz.exe" [2008-05-02 22:46 1630208 C:\WINDOWS\system32\nwiz.exe]
"BootSkin Startup Jobs"="C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" [2004-04-26 16:21 270336]
"BDAgent"="C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" [2008-06-23 21:31 360448]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 22:46 13529088]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 22:46 86016]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - C:\Program Files\NETGEAR\WPN111\wpn111.exe [2008-05-11 21:24:40 884838]
PC Alert 4.lnk - C:\Program Files\MSI\PC Alert 4\PCAlert4.exe [2008-05-11 22:33:00 552960]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\LMpdpsrv.exe"=
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 20:22]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-10-18 17:39]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-05-13 18:52]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\WINDOWS\System32\DNINDIS5.SYS [2003-07-24 12:10]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;C:\WINDOWS\system32\DRIVERS\WPN111.sys [2005-05-29 18:00]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys [2007-04-17 11:58]
S3 Vsp;Vsp;C:\WINDOWS\system32\drivers\Vsp.sys [2003-05-27 16:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c66e07a-2146-11dd-ae68-000fb597ed4b}]
\Shell\AutoRun\command - F:\setup.exe
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-25 11:34:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfsfltr]
"ImagePath"=hex:73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,44,00,52,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\oonbmodd.dll
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\oonbmodd.dll
.
Completion time: 2008-06-25 11:35:40
ComboFix-quarantined-files.txt 2008-06-25 15:35:25
Pre-Run: 47,915,991,040 bytes free
Post-Run: 47,902,691,328 bytes free
255
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:22 AM, on 6/25/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -
http://dev.srtest.co.../sysreqlab3.cabO16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) -
http://housecall65.t...ivex/hcImpl.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1210556266165O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1210808453171O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.m...ash/swflash.cabO23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 4761 bytes
This topic is locked
Sign In
Create Account
