here is my combo fix log
ComboFix 08-06-20.4 - Owner 2008-06-27 22:16:26.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.468 [GMT -7:00]
Running from: C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\temp.zip
C:\WINDOWS\BM53fafe29.xml
C:\WINDOWS\hosts
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtsQHxw.dll
C:\WINDOWS\system32\bnevmdvi.ini
C:\WINDOWS\system32\byXOiGYQ.dll
C:\WINDOWS\system32\byXPHwVL.dll
C:\WINDOWS\system32\dbxDgrevCheck.dll
C:\WINDOWS\system32\ddrdvheg.ini
C:\WINDOWS\system32\geBrqnMF.dll
C:\WINDOWS\system32\GhkUwyxx.ini
C:\WINDOWS\system32\GhkUwyxx.ini2
C:\WINDOWS\system32\hvoeyokl.ini
C:\WINDOWS\system32\iifdaAro.dll
C:\WINDOWS\system32\iifedbcy.dll
C:\WINDOWS\system32\iiffGWNf.dll
C:\WINDOWS\system32\iifgDuts.dll
C:\WINDOWS\system32\iifgEuUL.dll
C:\WINDOWS\system32\kthnhadh.ini
C:\WINDOWS\system32\mlJAsQhe.dll
C:\WINDOWS\system32\nnnllLba.dll
C:\WINDOWS\system32\nnnoPJYQ.dll
C:\WINDOWS\system32\obsvcnwf.ini
C:\WINDOWS\system32\pmnkLEts.dll
C:\WINDOWS\system32\pmnliJAR.dll
C:\WINDOWS\system32\pmnmjggh.dll
C:\WINDOWS\system32\qgrjgbpw.ini
C:\WINDOWS\system32\qwqyrasf.ini
C:\WINDOWS\system32\ssqOICUL.dll
C:\WINDOWS\system32\ssqQkLCR.dll
C:\WINDOWS\system32\tuvVoliG.dll
C:\WINDOWS\system32\vtUlMdaX.dll
C:\WINDOWS\system32\vtUomjJC.dll
C:\WINDOWS\system32\vtUooNEV.dll
C:\WINDOWS\system32\wvUoNHwV.dll
C:\WINDOWS\system32\xxvtcjhl.ini
C:\WINDOWS\system32\xxywUkhG.dll
C:\WINDOWS\system32\xxywUNDS.dll
C:\WINDOWS\system32\yayyAtrS.dll
C:\WINDOWS\system32\yxhronnk.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-28 to 2008-06-28 )))))))))))))))))))))))))))))))
.
2008-06-27 23:15 . 2008-06-27 23:15 22 --a------ C:\WINDOWS\pskt.ini
2008-06-27 23:15 . 2008-06-27 23:15 0 --a------ C:\WINDOWS\BM53fafe29.xml
2008-06-27 21:04 . 2008-06-27 21:04 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-06-27 20:40 . 2008-06-27 20:40 102,912 --a------ C:\WINDOWS\system32\vffldz.dll
2008-06-27 20:40 . 2008-06-27 20:40 102,912 --a------ C:\WINDOWS\system32\jppjobbn.dll
2008-06-27 19:17 . 2008-06-27 19:17 90,112 --a------ C:\WINDOWS\system32\anrubsko.dll
2008-06-27 19:17 . 2008-06-27 19:17 81,920 --a------ C:\WINDOWS\system32\knnorhxy.dll
2008-06-26 21:09 . 2008-06-26 21:09 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-06-26 14:04 . 2008-06-26 14:04 106,496 --a------ C:\WINDOWS\system32\tyuaydos.dll
2008-06-26 14:01 . 2008-06-26 14:01 91,648 --a------ C:\WINDOWS\system32\yxvtlqed.dll
2008-06-25 14:04 . 2008-06-25 14:04 106,496 --a------ C:\WINDOWS\system32\bktkrvnf.dll
2008-06-25 13:59 . 2008-06-25 13:59 91,136 --a------ C:\WINDOWS\system32\mwwuapna.dll
2008-06-24 10:02 . 2008-06-24 10:02 99,840 --a------ C:\WINDOWS\system32\pqsyhrhv.dll
2008-06-22 12:26 . 2008-06-22 12:26 99,328 --a------ C:\WINDOWS\system32\xejllydp.dll
2008-06-22 12:20 . 2008-06-22 12:20 90,624 --a------ C:\WINDOWS\system32\guimpqsg.dll
2008-06-21 17:18 . 2008-06-27 20:39 <DIR> d-------- C:\Program Files\Exterminate It!
2008-06-21 14:27 . 2003-07-24 02:56 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\WINDOWS
2008-06-21 14:27 . 2003-07-26 01:54 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\Symantec
2008-06-21 14:27 . 2003-07-24 02:35 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\Sonic
2008-06-21 14:27 . 2003-07-24 03:02 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\SampleView
2008-06-21 14:27 . 2003-07-26 01:57 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Application Data\interMute
2008-06-21 14:27 . 2008-06-21 14:27 <DIR> d-------- C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41
2008-06-21 12:23 . 2008-06-21 12:23 99,328 --a------ C:\WINDOWS\system32\kgwleuhy.dll
2008-06-21 12:17 . 2008-06-21 12:17 90,112 --a------ C:\WINDOWS\system32\qbaxelxg.dll
2008-06-20 12:20 . 2008-06-20 12:20 99,328 --a------ C:\WINDOWS\system32\rqccwarc.dll
2008-06-20 12:17 . 2008-06-20 12:17 90,624 --a------ C:\WINDOWS\system32\sdcksnjv.dll
2008-06-20 09:39 . 2008-06-27 23:10 151,070 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k0
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k7
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k6
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k5
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k4
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k3
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k2
2008-06-20 09:39 . 2008-06-27 23:10 64 --a------ C:\WINDOWS\system32\drivers\kmxcfg.u2k1
2008-06-20 09:37 . 2008-06-20 09:37 880,560 --a------ C:\WINDOWS\system32\drivers\vetefile.sys
2008-06-20 09:37 . 2008-06-20 09:37 108,368 --a------ C:\WINDOWS\system32\drivers\veteboot.sys
2008-06-20 09:24 . 2007-08-20 13:37 99,592 --a------ C:\WINDOWS\system32\isafeif.dll
2008-06-20 09:24 . 2007-08-20 13:26 79,424 --a------ C:\WINDOWS\system32\vetredir.dll
2008-06-20 09:24 . 2007-08-20 13:37 75,016 --a------ C:\WINDOWS\system32\isafprod.dll
2008-06-20 09:24 . 2007-08-20 13:38 32,264 --a------ C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-06-20 09:24 . 2007-08-20 13:38 26,376 --a------ C:\WINDOWS\system32\drivers\vet-filt.sys
2008-06-20 09:24 . 2007-08-20 13:38 21,512 --a------ C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-06-20 09:24 . 2007-08-20 13:38 21,128 --a------ C:\WINDOWS\system32\drivers\vet-rec.sys
2008-06-20 08:56 . 2006-11-27 17:00 4,212 --ah----- C:\WINDOWS\system32\zllictbl_cpy.dat
2008-06-17 17:09 . 2008-06-17 17:09 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-17 17:08 . 2008-06-17 17:08 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-10 23:20 . 2008-04-14 04:01 272,128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 16:53 . 2008-06-05 16:53 <DIR> d-------- C:\Program Files\LG Electronics
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-28 04:06 --------- d-----w C:\Program Files\ShortKeys2
2008-06-28 04:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-28 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-06-28 01:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Babylon
2008-06-27 04:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\CA
2008-06-27 02:53 --------- d-----w C:\Program Files\Minilyrics
2008-06-22 00:41 --------- d-----w C:\Program Files\MSN Messenger
2008-06-22 00:41 --------- d-----w C:\Program Files\Instant Source
2008-06-22 00:41 --------- d-----w C:\Program Files\ColourToHTML
2008-06-22 00:03 --------- d-----w C:\Program Files\Winamp
2008-06-21 15:50 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-21 03:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-20 17:52 --------- d-----w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\U3
2008-06-20 16:20 --------- d-----w C:\Program Files\CA
2008-06-18 00:15 --------- d-----w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\Skype
2008-06-18 00:05 --------- d-----w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\skypePM
2008-06-05 23:53 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 17:07 --------- d-----w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\AdobeUM
2008-05-27 00:11 --------- d-----w C:\Program Files\XAimer
2008-05-22 06:26 --------- d-----w C:\Program Files\Common Files\Download Manager
2008-05-20 14:41 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-05 13:43 --------- d-----w C:\Program Files\Watchtower
2008-05-05 13:39 --------- d-----w C:\Program Files\Common Files\Acronis
2008-05-05 13:25 --------- d-----w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\Watchtower
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2007-11-16 22:14 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-05-27 02:43 87,608 ----a-w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\inst.exe
2007-05-27 02:43 47,360 ----a-w C:\Documents and Settings\Owner.YOUR-LK4RLMSU41\Application Data\pcouffin.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{698ab64d-8784-46e9-80e9-ef25e300dc1a}]
2008-06-27 20:40 102912 --a------ C:\WINDOWS\system32\vffldz.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2002-09-13 21:42 212992]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-07-31 20:28 81920]
"winsock32"="C:\WINDOWS\system32:winsock32.exe" [ ]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [2007-08-16 22:25 177416]
"CAVRID"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2007-08-20 13:36 230664]
"cafwc"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe" [2008-06-20 09:37 1193224]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [2008-06-20 09:37 173320]
"capfupgrade"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfupgrade.exe" [2008-06-20 09:37 259336]
"BM53fafe29"="C:\WINDOWS\system32\anrubsko.dll" [2008-06-27 19:17 90112]
C:\Documents and Settings\Administrator.YOUR-LK4RLMSU41\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 07:11:14 27136]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ShortKeys 2.lnk]
backup=C:\WINDOWS\pss\ShortKeys 2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinTasks.lnk]
backup=C:\WINDOWS\pss\WinTasks.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Owner.YOUR-LK4RLMSU41^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\
00ERSRRRNKY]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
--a------ 2004-09-07 13:47 57344 C:\WINDOWS\ALCXMNTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI DeviceDetect]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Launchpad]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATI Remote Control]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Babylon Client]
--a------ 2007-08-19 15:57 2841824 C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM53fafe29]
C:\WINDOWS\system32\sgibupda.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CaAvTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dvd43]
--a------ 2006-05-22 13:26 694272 C:\Program Files\dvd43\dvd43_tray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gizmo Project]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2007-10-01 21:45 840704 C:\Program Files\Internet Download Manager\IDMan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
--a------ 2003-02-11 20:02 61440 C:\HP\KBD\KBD.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
--a------ 2003-08-19 03:43 57344 C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
--a------ 2006-10-13 17:01 277296 C:\Program Files\Microsoft LifeCam\LifeExp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LTMSG]
--a------ 2003-07-14 10:52 40960 C:\WINDOWS\ltmsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-04-06 18:40 190024 C:\Program Files\MessengerPlus! 3\MsgPlus.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 12:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MySpaceIM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 14:21 2213160 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 14:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIEW]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-05-02 23:19 323584 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QOELOADER]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-05-30 15:54 21718312 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-08-03 06:12 577536 C:\WINDOWS\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-06-14 17:58 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tracks Eraser Pro]
--a------ 2006-02-24 11:32 1290240 C:\Program Files\Acesoft\Tracks Eraser Pro\te.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 17:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp]
--a------ 2007-06-06 16:52 936960 C:\Program Files\Verizon\McciTrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
--a------ 2006-12-19 12:29 994072 C:\WINDOWS\vVX6000.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 21:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YBrowser]
--a------ 2006-07-21 16:19 129536 C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ymetray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YOP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"LightScribeService"=2 (0x2)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"gusvc"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\CA Personal Firewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ComputerAssociatesAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 KmxStart;KmxStart;C:\WINDOWS\system32\DRIVERS\kmxstart.sys [2007-10-18 10:24]
R1 KmxAgent;KmxAgent;C:\WINDOWS\system32\DRIVERS\kmxagent.sys [2007-05-18 13:30]
R1 KmxFile;KmxFile;C:\WINDOWS\system32\DRIVERS\KmxFile.sys [2007-05-18 13:30]
R1 KmxFw;KmxFw;C:\WINDOWS\system32\DRIVERS\kmxfw.sys [2007-10-18 14:21]
R2 KmxCF;KmxCF;C:\WINDOWS\system32\DRIVERS\KmxCF.sys [2007-10-18 10:24]
R2 KmxSbx;KmxSbx;C:\WINDOWS\system32\DRIVERS\KmxSbx.sys [2007-11-02 12:09]
R2 MSCamSvc;MSCamSvc;"C:\Program Files\Microsoft LifeCam\MSCamS32.exe" [2006-10-13 17:01]
R2 UmxAgent;HIPS Event Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe" [2007-10-18 10:24]
R2 UmxCfg;HIPS Configuration Interpreter;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe" [2007-10-18 10:24]
R2 UmxPol;HIPS Policy Manager;"C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe" [2007-05-18 13:30]
R3 ATIDACXX;ATI DTV Wonder Analog Audio Capture Device;C:\WINDOWS\system32\drivers\atidacxx.sys [2005-09-26 18:21]
R3 ATIDDCXX;ATI DTV Wonder Digital BDA Capture Device;C:\WINDOWS\system32\drivers\atiddcxx.sys [2005-09-26 18:20]
R3 ATIDTUXX;ATI DTV Wonder Digital And Analog Tuner Device;C:\WINDOWS\system32\drivers\atidtuxx.sys [2005-09-26 18:21]
R3 ATIDVCXX;ATI DTV Wonder Analog AV Capture Device;C:\WINDOWS\system32\drivers\atidvcxx.sys [2005-09-26 18:20]
R3 ATIDXBXX;ATI DTV Wonder Analog AV Crossbar Device;C:\WINDOWS\system32\drivers\atidxbxx.sys [2005-09-26 18:21]
R3 KmxCfg;KmxCfg;C:\WINDOWS\system32\DRIVERS\kmxcfg.sys [2007-09-13 15:15]
R3 MSHUSBVideo;NX6000/NX3000/VX7000 Filter Driver;C:\WINDOWS\system32\Drivers\nx6000.sys [2007-04-12 15:46]
R3 PPCtlPriv;PPCtlPriv;"C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe" [2007-08-16 21:10]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 09:05]
S3 hamachi_oem;PlayLinc Adapter;C:\WINDOWS\system32\DRIVERS\gan_adapter.sys [2006-10-19 11:11]
S3 PL-40R;LK USB MIDI;C:\WINDOWS\system32\Drivers\pl40rwdm.sys [2002-08-15 23:21]
S3 USB_RNDIS_XP;Westell WireSpeed Dual Connect Modem;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-03 23:04]
S3 VX6000;Microsoft LifeCam VX-6000;C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys [2006-12-19 12:29]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{206b8be9-b3dd-11db-a13b-0018f8302cc0}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{df725db4-ef9c-11db-a161-dd7686fd9430}]
\Shell\AutoRun\command - G:\setupSNK.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
C:\WINDOWS\system32:winsock32.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-06-13 06:57:03 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-27 04:10:09 C:\WINDOWS\Tasks\CAAntiSpywareScan_Daily as Owner at 9 10 PM.job"
- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAAntiSpyware.exe
"2008-06-26 08:00:00 C:\WINDOWS\Tasks\PPv5Scan_Daily as Owner at 1 00 AM.job"
- C:\Program Files\CA\eTrust EZ Armor\eTrust PestPatrol\ppv5consumercl.exe
"2008-06-28 00:57:27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{95B5C862-29AA-455A-8B29-91938C14A80D}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-27 23:15:43
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\anrubsko.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\isafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\vetmsg.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
.
**************************************************************************
.
Completion time: 2008-06-27 23:48:52 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-06-28 06:47:42
Pre-Run: 8,517,492,736 bytes free
Post-Run: 8,409,530,368 bytes free
355 --- E O F --- 2008-06-11 13:51:14