Ok, This is what I got for a file...
ComboFix 08-01-03.1 - HP_Owner 2008-01-02 14:03:05.1 - NTFSx86
Running from: G:\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\alxvdvm.dll
C:\WINDOWS\domnftwqpd.dll
C:\WINDOWS\fvkwdrt.exe
C:\WINDOWS\rs.txt
C:\WINDOWS\search_res.txt
.
((((((((((((((((((((((((( Files Created from 2007-12-03 to 2008-01-03 )))))))))))))))))))))))))))))))
.
2008-01-02 13:56 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 17:54 . 2008-01-01 17:54 <DIR> d-------- C:\Program Files\ParetoLogic
2008-01-01 17:54 . 2008-01-01 17:54 <DIR> d-------- C:\Program Files\Common Files\ParetoLogic
2008-01-01 17:54 . 2008-01-01 17:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2008-01-01 17:53 . 2008-01-01 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-01-01 15:43 . 2008-01-02 11:37 3,820 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-01 15:38 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-01-01 15:38 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-01-01 15:38 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-01-01 15:38 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-01-01 15:38 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-01-01 15:38 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-01-01 15:16 . 2008-01-01 15:16 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-01 15:12 . 2008-01-01 16:12 <DIR> d-------- C:\Program Files\SpywareGuard
2008-01-01 15:12 . 2008-01-01 15:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-01 15:11 . 2008-01-01 15:22 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-01 15:11 . 2008-01-01 15:11 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\SUPERAntiSpyware.com
2008-01-01 01:30 . 2008-01-02 12:24 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-01 01:30 . 2008-01-01 01:31 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-31 14:45 . 2008-01-01 01:38 <DIR> d-------- C:\Program Files\Norton 360
2007-12-31 14:44 . 2007-12-31 15:50 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-12-31 14:44 . 2007-12-31 15:50 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-31 14:44 . 2007-12-31 15:50 10,740 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-12-31 14:44 . 2007-12-31 15:50 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-12-30 21:59 . 2007-12-30 21:59 85 --a------ C:\WINDOWS\wininit.ini
2007-12-30 20:17 . 2007-12-30 20:17 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2007-12-30 20:17 . 2007-12-30 20:17 125,690 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2007-12-30 20:17 . 2007-12-30 20:17 60,416 --a------ C:\WINDOWS\ALCFDRTM.VER
2007-12-30 20:17 . 2007-12-30 20:17 60,416 --a------ C:\WINDOWS\ALCFDRTM.EXE
2007-12-30 15:44 . 2007-12-30 15:44 <DIR> d-------- C:\Program Files\Lavasoft
2007-12-30 15:44 . 2007-12-30 15:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-12-30 15:41 . 2008-01-01 15:10 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 15:39 . 2007-12-30 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-30 15:32 . 2007-12-30 15:32 <DIR> d-------- C:\Documents and Settings\HP_Owner\Application Data\Grisoft
2007-12-30 15:31 . 2007-12-30 15:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-30 15:31 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-12-30 13:26 . 2007-12-30 13:26 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2007-12-25 20:21 . 2007-12-25 20:21 <DIR> dr-h----- C:\Documents and Settings\HP_Owner\Application Data\SecuROM
2007-12-25 20:21 . 2007-12-25 20:21 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 17:12 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Symantec
2008-01-02 01:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-01 16:32 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-31 21:50 --------- d-----w C:\Program Files\Symantec
2007-12-31 00:51 4,004 ----a-w C:\WINDOWS\viassary-hp.reg
2007-12-30 15:43 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\U3
2007-12-29 14:41 --------- d-----w C:\Program Files\Lx_cats
2007-12-26 02:12 --------- d-----w C:\Program Files\EA GAMES
2007-12-22 14:28 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\AdobeUM
2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys
2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys
2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-11-20 01:47 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\dvdcss
2007-11-19 23:41 --------- d-----w C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2007-11-19 21:50 --------- d-----w C:\Program Files\Xilisoft
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-08 23:02 --------- d-----w C:\Program Files\iTunes
2007-11-08 23:02 --------- d-----w C:\Program Files\iPod
2007-11-08 23:00 --------- d-----w C:\Program Files\QuickTime
2007-11-04 16:40 --------- d-----w C:\Program Files\LimeWire
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 21:05 81,920 ----a-w C:\WINDOWS\system32\LSPConfig.dll
2007-10-25 21:05 303,104 ----a-w C:\WINDOWS\system32\WebController.dll
2007-10-25 21:03 8,704 ----a-w C:\WINDOWS\system32\SpOrder.Dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-10 13:24 68856]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 15:51 118784]
"HPHUPD06"="c:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe" [2004-06-07 19:53 49152]
"HPHmon06"="C:\WINDOWS\system32\hphmon06.exe" [2004-06-07 19:42 659456]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 21:02 61440]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-08-07 15:03 180269]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 21:43 233472]
"VTTimer"="VTTimer.exe" []
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-07-01 19:58 73728 C:\WINDOWS\SOUNDMAN.EXE]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 17:57 81920]
"AlcWzrd"="ALCWZRD.EXE" [2004-07-06 02:05 2550272 C:\WINDOWS\ALCWZRD.EXE]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 15:55 155648]
"Lexmark 5200 series"="C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe" [2004-02-24 11:10 57344]
"LXBTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll" [2004-02-23 07:47 61440]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33 294912]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-07-17 19:54 116072]
"PGsurfer"="C:\Program Files\ParetoLogic\PGsurfer\PGsurfer.exe" [2007-10-25 15:07 2340192]
C:\Documents and Settings\HP_Owner\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-05-29 06:31:38]
Updates from HP.lnk - C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe [2004-08-07 15:33:32]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PctrlsInjectService]
@="Service"
R2 PctrlsInjectService;PctrlsInjectService;C:\Program Files\ParetoLogic\PGsurfer\InjectService.exe [2007-10-25 15:04]
S3 MR97310_USB_DUAL_CAMERA;CIF Dual-Mode Camera;C:\WINDOWS\system32\DRIVERS\mr97310c.sys [2006-05-02 12:38]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5807d726-e549-11db-a579-0011d81a0609}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2007-12-29 03:46:07 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-01-01 23:57:13 C:\WINDOWS\Tasks\ParetoLogic Update Version2.job"
- C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-03 14:21:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-03 14:22:08
ComboFix-quarantined-files.txt 2008-01-03 20:22:05
.
2007-12-12 19:19:58 --- E O F ---
EDIT/QUESTION: I ran it from my flash drive on accident, is this going to make a difference?
Edited by Sometimes needs help, 02 January 2008 - 03:02 PM.