[buymanix]

Hi, I've recently had a lot of trouble with malware, including Vundo and Virtumonde which made it almost impossible to load any site. So I followed the Malware Cleanup Guide, which I think helped wonders. But being paranoid, I want to be sure I'm in the clear. Can someone take a look at my HJT and Combofix logs and tell me if my pc is ok?? Thanks in advance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:38 AM, on 7/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\blp\API\OFFICE~1\Bloomberg.UIServer.exe
C:\blp\API\OFFICE~1\Bloomberg.RtdServer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\WINDOWS\TEMP\JDD4ED.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: CitiUS Shared Browser Helper Object - {387EDF53-1CF2-4523-BC2F-13462651BE8C} - C:\WINDOWS\system32\BhoCitUS.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [TotalRecorderScheduler] "C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CitiVAN] C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe /dontopenmycards
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [CLRHost] C:\blp\API\OFFICE~1\bbxlcmd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Citi - {4C730913-3961-439b-83D5-F4E445520422} - C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://bba.bloomber...ca32/icaweb.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 10769 bytes

[Advertisements]

Here's my Combofix log....thanks.

ComboFix 08-07-10.1 - Manix 2008-07-12 3:41:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1592 [GMT -4:00]
Running from: C:\Documents and Settings\Manix\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-12 03:21 . 2008-07-12 03:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-12 03:21 . 2008-07-12 03:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-12 01:50 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-12 01:49 . 2008-07-12 01:49 <DIR> d-------- C:\Program Files\Panda Security
2008-07-10 22:59 . 2008-07-10 22:59 <DIR> d-------- C:\Temp\BCAP
2008-07-10 22:34 . 2008-07-12 03:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-10 22:34 . 2008-07-10 22:34 <DIR> d-------- C:\Documents and Settings\Manix\Application Data\SUPERAntiSpyware.com
2008-07-10 22:34 . 2008-07-10 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-10 22:33 . 2008-07-10 22:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 22:26 . 2008-07-10 22:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 22:26 . 2008-07-10 22:26 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-10 22:26 . 2008-07-10 22:26 <DIR> d-------- C:\Documents and Settings\Manix\Application Data\Malwarebytes
2008-07-10 22:26 . 2008-07-10 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-10 22:26 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-10 22:26 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 21:53 . 2008-07-10 21:53 <DIR> d-------- C:\VundoFix Backups
2008-07-08 23:38 . 2008-07-09 21:57 310 --a------ C:\WINDOWS\wininit.ini
2008-07-08 23:24 . 2008-07-08 23:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-08 23:24 . 2008-07-08 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 03:59 . 2008-07-07 23:00 <DIR> d-------- C:\Temp\Windows XP Professional with SP2 ISO, Pre-activated, and key included
2008-07-04 00:44 . 2008-07-04 00:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-04 00:44 . 2008-07-04 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-02 23:57 . 2008-06-28 12:57 6,602,240 --a------ C:\mplayerc.exe
2008-07-02 23:25 . 2008-07-12 03:02 21,852 --a------ C:\mplayerc.ini
2008-07-01 01:50 . 2008-07-01 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-07-01 00:21 . 2008-07-01 00:21 <DIR> d-------- C:\Program Files\Common Files\Doblon
2008-07-01 00:20 . 2008-07-01 00:21 <DIR> d-------- C:\Program Files\Siglos
2008-06-30 23:57 . 2008-07-01 00:19 <DIR> d-------- C:\Temp\Siglos Karaoke Player + Recorder v1.2.21
2008-06-30 23:55 . 2008-07-01 00:35 <DIR> d-------- C:\Temp\EK
2008-06-30 00:45 . 2008-07-07 22:32 <DIR> d-------- C:\Temp\[gg] Code Geass
2008-06-29 20:35 . 2008-06-29 20:35 <DIR> d-------- C:\Documents and Settings\Manix\Application Data\Sierra Wireless
2008-06-29 20:35 . 2007-09-05 17:56 101,632 -ra------ C:\WINDOWS\system32\drivers\swnc8u51.sys
2008-06-29 20:35 . 2007-09-05 17:56 73,600 -ra------ C:\WINDOWS\system32\drivers\swumx51.sys
2008-06-29 20:35 . 2008-04-13 14:45 17,152 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-06-29 20:35 . 2008-04-13 14:45 17,152 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2008-06-29 20:34 . 2008-06-29 20:34 <DIR> d-------- C:\Documents and Settings\Manix\Application Data\AT&T
2008-06-29 20:32 . 2008-06-29 20:32 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
2008-06-29 20:31 . 2008-06-29 20:31 <DIR> d-------- C:\Documents and Settings\Manix\Application Data\DBUpdater
2008-06-23 19:06 . 2008-06-23 19:20 <DIR> d-------- C:\New Folder
2008-06-23 18:59 . 2008-06-23 19:33 <DIR> d-------- C:\Program Files\IMAPSize
2008-06-23 18:59 . 2008-06-23 18:59 1,883,178 --a------ C:\Temp\IMAPSize_036_Setup.exe
2008-06-20 13:46 . 2008-06-20 13:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:46 . 2008-06-20 13:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 07:51 . 2008-06-20 07:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:40 . 2008-06-20 07:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 07:08 . 2008-06-20 07:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 07:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-12 07:37 --------- d-----w C:\Program Files\Trend Micro
2008-07-12 07:33 --------- d-----w C:\Program Files\Steam
2008-07-12 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-11 02:22 --------- d-----w C:\Program Files\Java
2008-07-11 02:06 --------- d-----w C:\Documents and Settings\Manix\Application Data\uTorrent
2008-07-11 00:08 --------- d-----w C:\Program Files\Free Music Zilla
2008-07-08 02:35 --------- d-----w C:\Program Files\MediaCoder PSP Edition
2008-07-01 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 04:08 --------- d-----w C:\Documents and Settings\Manix\Application Data\Move Networks
2008-06-23 23:24 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 15:16 --------- d-----w C:\Documents and Settings\Manix\Application Data\Canon
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-24 01:41 --------- d-----w C:\Documents and Settings\Manix\Application Data\FMZilla
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-10_21.37.36.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 01:29:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-12 07:31:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 02:34:22 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-07-11 02:34:22 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-07-11 02:34:22 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
- 2007-08-13 22:38:04 491,520 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
- 2007-08-13 22:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53:40 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-04-14 00:11:52 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-07-12 05:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-12 05:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-12 06:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-04-14 00:11:56 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Steam"="c:\program files\steam\steam.exe" [2008-07-10 22:12 1271032]
"CLRHost"="C:\blp\API\OFFICE~1\bbxlcmd.exe" [2008-01-18 16:42 102400]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-12 03:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-09-01 17:58 356429]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13 1032192]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2005-10-13 07:47 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 00:06 185896]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 11:43 228088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00 59392]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 06:00 208952]
"CitiVAN"="C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 14:55 192512]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AtiPTA"="atiptaxx.exe" [2006-02-21 20:05 344064 C:\WINDOWS\system32\atiptaxx.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-12 03:32 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-12 03:33 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-06-17 15:24 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"482e405f"=rundll32.exe "C:\WINDOWS\system32\uyhqhwyl.dll",b
"BM4b1d73c3"=Rundll32.exe "C:\WINDOWS\system32\qtgfdsea.dll",s
"iRiver Updater"=\Updater.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\blp\\Wintrv\\wintrv.exe"=
"C:\\blp\\API\\bbcomm.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Documents and Settings\\Manix\\Desktop\\Desktop\\PSP\\GPS 2\\GMDL\\bin\\Debug\\Global Map Download Tool.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe21f4f1-f8f0-11dc-a2c1-00123fd8fea2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 04:30:21 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9464A6B0-DCAF-4318-9836-C7DA82F59BD7}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 03:44:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-12 3:46:34
ComboFix-quarantined-files.txt 2008-07-12 07:46:13
ComboFix2.txt 2008-07-11 01:37:58

Pre-Run: 5,253,898,240 bytes free
Post-Run: 5,247,139,840 bytes free

250 --- E O F --- 2008-06-20 00:21:01

[buymanix]

Here's my Combofix log....thanks.

ComboFix 08-07-10.1 - Manix 2008-07-12 3:41:50.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1592 [GMT -4:00]
Running from: C:\Documents and Settings\Manix\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
.

2008-07-12 03:21 . 2008-07-12 03:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-12 03:21 . 2008-07-12 03:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-12 01:50 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-12 01:49 . 2008-07-12 01:49 <DIR> d-------- C:\Program Files\Panda Security
2008-07-10 22:59 . 2008-07-10 22:59 <DIR> d-------- C:\Temp\BCAP
2008-07-10 22:34 . 2008-07-12 03:33 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-10 22:34 . 2008-07-10 22:34 <DIR> d-------- C:\Documents and Settings\Manix\Application Data\SUPERAntiSpyware.com
2008-07-10 22:34 . 2008-07-10 22:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-10 22:33 . 2008-07-10 22:33 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 22:26 . 2008-07-10 22:26 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-10 22:26 . 2008-07-10 22:26 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-07-10 22:26 . 2008-07-10 22:26 <DIR> d-------- C:\Documents and Settings\Manix\Application Data\Malwarebytes
2008-07-10 22:26 . 2008-07-10 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-10 22:26 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-10 22:26 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-10 21:53 . 2008-07-10 21:53 <DIR> d-------- C:\VundoFix Backups
2008-07-08 23:38 . 2008-07-09 21:57 310 --a------ C:\WINDOWS\wininit.ini
2008-07-08 23:24 . 2008-07-08 23:24 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-08 23:24 . 2008-07-08 23:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-06 03:59 . 2008-07-07 23:00 <DIR> d-------- C:\Temp\Windows XP Professional with SP2 ISO, Pre-activated, and key included
2008-07-04 00:44 . 2008-07-04 00:44 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-04 00:44 . 2008-07-04 00:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-02 23:57 . 2008-06-28 12:57 6,602,240 --a------ C:\mplayerc.exe
2008-07-02 23:25 . 2008-07-12 03:02 21,852 --a------ C:\mplayerc.ini
2008-07-01 01:50 . 2008-07-01 01:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AT&T
2008-07-01 00:21 . 2008-07-01 00:21 <DIR> d-------- C:\Program Files\Common Files\Doblon
2008-07-01 00:20 . 2008-07-01 00:21 <DIR> d-------- C:\Program Files\Siglos
2008-06-30 23:57 . 2008-07-01 00:19 <DIR> d-------- C:\Temp\Siglos Karaoke Player + Recorder v1.2.21
2008-06-30 23:55 . 2008-07-01 00:35 <DIR> d-------- C:\Temp\EK
2008-06-30 00:45 . 2008-07-07 22:32 <DIR> d-------- C:\Temp\[gg] Code Geass
2008-06-29 20:35 . 2008-06-29 20:35 <DIR> d-------- C:\Documents and Settings\Manix\Application Data\Sierra Wireless
2008-06-29 20:35 . 2007-09-05 17:56 101,632 -ra------ C:\WINDOWS\system32\drivers\swnc8u51.sys
2008-06-29 20:35 . 2007-09-05 17:56 73,600 -ra------ C:\WINDOWS\system32\drivers\swumx51.sys
2008-06-29 20:35 . 2008-04-13 14:45 17,152 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-06-29 20:35 . 2008-04-13 14:45 17,152 --a--c--- C:\WINDOWS\system32\dllcache\usbohci.sys
2008-06-29 20:34 . 2008-06-29 20:34 <DIR> d-------- C:\Documents and Settings\Manix\Application Data\AT&T
2008-06-29 20:32 . 2008-06-29 20:32 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
2008-06-29 20:31 . 2008-06-29 20:31 <DIR> d-------- C:\Documents and Settings\Manix\Application Data\DBUpdater
2008-06-23 19:06 . 2008-06-23 19:20 <DIR> d-------- C:\New Folder
2008-06-23 18:59 . 2008-06-23 19:33 <DIR> d-------- C:\Program Files\IMAPSize
2008-06-23 18:59 . 2008-06-23 18:59 1,883,178 --a------ C:\Temp\IMAPSize_036_Setup.exe
2008-06-20 13:46 . 2008-06-20 13:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 13:46 . 2008-06-20 13:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 07:51 . 2008-06-20 07:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 07:40 . 2008-06-20 07:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 07:08 . 2008-06-20 07:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-12 07:40 --------- d-----w C:\Program Files\PeerGuardian2
2008-07-12 07:37 --------- d-----w C:\Program Files\Trend Micro
2008-07-12 07:33 --------- d-----w C:\Program Files\Steam
2008-07-12 04:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-11 02:22 --------- d-----w C:\Program Files\Java
2008-07-11 02:06 --------- d-----w C:\Documents and Settings\Manix\Application Data\uTorrent
2008-07-11 00:08 --------- d-----w C:\Program Files\Free Music Zilla
2008-07-08 02:35 --------- d-----w C:\Program Files\MediaCoder PSP Edition
2008-07-01 06:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-25 04:08 --------- d-----w C:\Documents and Settings\Manix\Application Data\Move Networks
2008-06-23 23:24 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 15:16 --------- d-----w C:\Documents and Settings\Manix\Application Data\Canon
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-05-24 01:41 --------- d-----w C:\Documents and Settings\Manix\Application Data\FMZilla
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-14 09:42 985,088 ----a-w C:\WINDOWS\system32\setupapi.dll
2008-04-14 09:42 11,264 ----a-w C:\WINDOWS\system32\spnpinst.exe
2008-04-14 09:41 423,936 ----a-w C:\WINDOWS\system32\licdll.dll
2008-04-14 00:25 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 00:16 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 00:13 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 00:13 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 00:13 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 00:11 997,376 ----a-w C:\WINDOWS\system32\msgina.dll
2008-04-14 00:10 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 00:10 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 00:10 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-13 21:00 103,424 ----a-w C:\WINDOWS\system32\dpcdll.dll
2008-04-13 19:30 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-13 18:44 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-13 18:35 24,064 ----a-w C:\WINDOWS\system32\pidgen.dll
2008-04-13 18:31 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-13 18:31 2,065,792 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-13 18:30 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-13 18:14 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-13 17:39 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-13 17:39 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-13 17:39 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-13 17:37 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-13 17:37 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-13 17:27 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-13 17:26 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-13 17:26 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-13 17:24 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-13 17:21 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-13 17:09 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-13 17:03 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-13 17:03 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-13 16:48 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-13 16:45 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-13 16:23 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-13 16:22 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-13 15:39 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-10_21.37.36.22 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-11 01:29:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-12 07:31:59 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-11 02:34:22 29,696 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF11.exe
+ 2008-07-11 02:34:22 18,944 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF13.exe
+ 2008-07-11 02:34:22 65,024 ----a-r C:\WINDOWS\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF15.exe
+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
- 2007-08-13 22:38:04 491,520 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
- 2007-08-13 22:54:10 413,696 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-09 10:53:40 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-04-14 00:11:52 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
+ 2008-06-20 17:46:57 147,968 ----a-w C:\WINDOWS\system32\dnsapi.dll
- 2007-07-12 05:22:00 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-07-12 05:22:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-07-12 06:22:38 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-04-14 00:11:56 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian"="C:\Program Files\PeerGuardian2\pg2.exe" [2005-09-18 18:40 1421824]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 20:12 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"Steam"="c:\program files\steam\steam.exe" [2008-07-10 22:12 1271032]
"CLRHost"="C:\blp\API\OFFICE~1\bbxlcmd.exe" [2008-01-18 16:42 102400]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-12 03:33 1506544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-09-01 17:58 356429]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-06-29 12:13 1032192]
"TotalRecorderScheduler"="C:\Program Files\HighCriteria\TotalRecorder\TotRecSched.exe" [2005-10-13 07:47 81920]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 00:06 185896]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 11:43 228088]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-15 00:43 286720]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 06:00 455168]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00 59392]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 14:11 267048]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 06:00 208952]
"CitiVAN"="C:\Program Files\Citi Virtual Account Numbers\CitiVAN.exe" [2004-08-12 14:55 192512]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AtiPTA"="atiptaxx.exe" [2006-02-21 20:05 344064 C:\WINDOWS\system32\atiptaxx.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-12 03:32 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-12 03:33 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-06-17 15:24 176128 C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= DrvTrNTm.dll
"wave"= DrvTrNTm.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"482e405f"=rundll32.exe "C:\WINDOWS\system32\uyhqhwyl.dll",b
"BM4b1d73c3"=Rundll32.exe "C:\WINDOWS\system32\qtgfdsea.dll",s
"iRiver Updater"=\Updater.exe
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\blp\\Wintrv\\wintrv.exe"=
"C:\\blp\\API\\bbcomm.exe"=
"C:\\WINDOWS\\system32\\javaw.exe"=
"C:\\WINDOWS\\system32\\java.exe"=
"C:\\Program Files\\Steam\\Steam.exe"=
"C:\\Documents and Settings\\Manix\\Desktop\\Desktop\\PSP\\GPS 2\\GMDL\\bin\\Debug\\Global Map Download Tool.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Free Music Zilla\\FMZilla.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe21f4f1-f8f0-11dc-a2c1-00123fd8fea2}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

*Newly Created Service* - CATCHME
*Newly Created Service* - SASDIFSV
.
Contents of the 'Scheduled Tasks' folder
"2008-07-12 04:30:21 C:\WINDOWS\Tasks\User_Feed_Synchronization-{9464A6B0-DCAF-4318-9836-C7DA82F59BD7}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 03:44:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-12 3:46:34
ComboFix-quarantined-files.txt 2008-07-12 07:46:13
ComboFix2.txt 2008-07-11 01:37:58

Pre-Run: 5,253,898,240 bytes free
Post-Run: 5,247,139,840 bytes free

250 --- E O F --- 2008-06-20 00:21:01