here is the log for the hijack this and the combo fix.
ComboFix 08-06-19.2 - varhuem 2008-06-20 8:08:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1391 [GMT -4:00]
Running from: C:\MATT C Drive\ComboFix.exe
Command switches used :: C:\MATT C Drive\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\ayhxxrbt.dll
C:\WINDOWS\system32\dojttunq.dll
C:\WINDOWS\system32\fxjgdkok.dll
C:\WINDOWS\system32\hgGASMdB.dll
C:\WINDOWS\system32\lddwskjf.dll
C:\WINDOWS\system32\mtejfprj.dll
C:\WINDOWS\system32\nbuxtonv.dll
C:\WINDOWS\system32\qhtpgyck.dll
C:\WINDOWS\system32\qqerciqr.dll
C:\WINDOWS\system32\qwhffqyr.dll
C:\WINDOWS\system32\smswifys.dll
C:\WINDOWS\system32\tjrwkjvw.exe
C:\WINDOWS\system32\tplngtmn.dll
C:\WINDOWS\system32\vmmyibyr.exe
C:\WINDOWS\system32\wgtpaita.exe
C:\WINDOWS\system32\wqmjebst.dll
C:\WINDOWS\system32\yxgabave.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMd76bfe83.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ayhxxrbt.dll
C:\WINDOWS\system32\dojttunq.dll
C:\WINDOWS\system32\fxjgdkok.dll
C:\WINDOWS\system32\hgGASMdB.dll
C:\WINDOWS\system32\kQsAyyay.ini
C:\WINDOWS\system32\kQsAyyay.ini2
C:\WINDOWS\system32\lddwskjf.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mtejfprj.dll
C:\WINDOWS\system32\nbuxtonv.dll
C:\WINDOWS\system32\qhtpgyck.dll
C:\WINDOWS\system32\qqerciqr.dll
C:\WINDOWS\system32\qwhffqyr.dll
C:\WINDOWS\system32\smswifys.dll
C:\WINDOWS\system32\tjrwkjvw.exe
C:\WINDOWS\system32\tplngtmn.dll
C:\WINDOWS\system32\utkniphi.ini
C:\WINDOWS\system32\vmmyibyr.exe
C:\WINDOWS\system32\wgtpaita.exe
C:\WINDOWS\system32\wqjvlods.dll
C:\WINDOWS\system32\wqmjebst.dll
C:\WINDOWS\system32\yayyAsQk.dll
C:\WINDOWS\system32\yxgabave.dll
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BMd76bfe83.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aylknvco.dll
C:\WINDOWS\system32\bhyjbnli.dll
C:\WINDOWS\system32\bkbvxcgh.dll
C:\WINDOWS\system32\buewmnky.dll
C:\WINDOWS\system32\bwtavvaw.ini
C:\WINDOWS\system32\djphvggt.ini
C:\WINDOWS\system32\dkipppvp.dll
C:\WINDOWS\system32\DLlUuBeg.ini
C:\WINDOWS\system32\DLlUuBeg.ini2
C:\WINDOWS\system32\eapoytgt.dll
C:\WINDOWS\system32\efmfifoj.dll
C:\WINDOWS\system32\eleeqslf.ini
C:\WINDOWS\system32\emccgrad.dll
C:\WINDOWS\system32\fknuxkvj.ini
C:\WINDOWS\system32\fkuiwjte.ini
C:\WINDOWS\system32\foelccet.exe
C:\WINDOWS\system32\fqvvtejf.dll
C:\WINDOWS\system32\fshwgjmw.dll
C:\WINDOWS\system32\fvavojtx.dll
C:\WINDOWS\system32\geBuUlLD.dll
C:\WINDOWS\system32\ghevlqfo.ini
C:\WINDOWS\system32\gsoyhdrl.ini
C:\WINDOWS\system32\gwmcekuh.ini
C:\WINDOWS\system32\gxieirih.dll
C:\WINDOWS\system32\hldppsti.dll
C:\WINDOWS\system32\hovcgsnu.exe
C:\WINDOWS\system32\hpqqpcch.dll
C:\WINDOWS\system32\hturdljm.dll
C:\WINDOWS\system32\hukecmwg.dll
C:\WINDOWS\system32\hxjdavhe.dll
C:\WINDOWS\system32\hxsxuwlt.dll
C:\WINDOWS\system32\imymxxdk.dll
C:\WINDOWS\system32\ioujeptc.dll
C:\WINDOWS\system32\jcvrcejk.dll
C:\WINDOWS\system32\jdpqpfhj.dll
C:\WINDOWS\system32\jevrxvuw.dll
C:\WINDOWS\system32\jgmgqxyo.exe
C:\WINDOWS\system32\jyknilve.dll
C:\WINDOWS\system32\kbsywbsu.dll
C:\WINDOWS\system32\kkbfueni.dll
C:\WINDOWS\system32\kqvfgrrc.dll
C:\WINDOWS\system32\laoicyaf.dll
C:\WINDOWS\system32\ldapvubl.ini
C:\WINDOWS\system32\lnlsltox.dll
C:\WINDOWS\system32\lsilapab.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mdngerwv.exe
C:\WINDOWS\system32\mppuypwg.ini
C:\WINDOWS\system32\mrpaugxr.ini
C:\WINDOWS\system32\myatvapw.dll
C:\WINDOWS\system32\nkedxhlx.dll
C:\WINDOWS\system32\ocgaxpqm.ini
C:\WINDOWS\system32\ocwjkshh.dll
C:\WINDOWS\system32\odwwrhuu.ini
C:\WINDOWS\system32\oqiitkvf.ini
C:\WINDOWS\system32\owqpempy.exe
C:\WINDOWS\system32\oxfibyqs.ini
C:\WINDOWS\system32\pgywdayp.exe
C:\WINDOWS\system32\qdmvntmh.dll
C:\WINDOWS\system32\qksdbcpi.dll
C:\WINDOWS\system32\qyrehyhg.ini
C:\WINDOWS\system32\rfbsoadc.dll
C:\WINDOWS\system32\rmbhmhpj.exe
C:\WINDOWS\system32\rslvlkgp.exe
C:\WINDOWS\system32\TtAHPqru.ini
C:\WINDOWS\system32\TtAHPqru.ini2
C:\WINDOWS\system32\uuhrwwdo.dll
C:\WINDOWS\system32\vahfwjxt.dll
C:\WINDOWS\system32\vdmhddqq.ini
C:\WINDOWS\system32\vmvowmaw.exe
C:\WINDOWS\system32\wdbltxau.dll
C:\WINDOWS\system32\WEfOqXyb.ini
C:\WINDOWS\system32\WEfOqXyb.ini2
C:\WINDOWS\system32\wjkfqkoc.dll
C:\WINDOWS\system32\wmjgwhsf.ini
C:\WINDOWS\system32\wuvxrvej.ini
C:\WINDOWS\system32\xlkhvhlq.dll
C:\WINDOWS\system32\yfwwrwiq.exe
C:\WINDOWS\system32\yjwwprht.dll
C:\WINDOWS\system32\yrvckije.dll
E:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-05-20 to 2008-06-20 )))))))))))))))))))))))))))))))
.
2008-06-20 07:41 . 2008-06-20 07:41 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-20 07:40 . 2008-06-20 07:40 79,360 --a------ C:\WINDOWS\system32\ihpinktu.dll
2008-06-20 07:38 . 2008-06-20 07:38 90,112 --a------ C:\WINDOWS\system32\vrfqmbdx.dll
2008-06-18 22:22 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-18 22:22 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-06-18 22:22 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-06-18 22:22 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-18 14:44 . 2008-06-18 14:44 <DIR> d-------- C:\Program Files\CCleaner
2008-06-18 12:39 . 2008-06-18 14:29 <DIR> d-------- C:\Incomplete
2008-06-18 12:38 . 2008-06-18 14:30 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\LimeWire
2008-06-18 12:37 . 2008-06-18 12:38 <DIR> d-------- C:\Program Files\LimeWire
2008-06-18 11:45 . 2008-06-18 11:45 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\STOPzilla!
2008-06-18 11:44 . 2008-06-18 20:52 <DIR> d-------- C:\Program Files\STOPzilla!
2008-06-18 11:42 . 2008-06-18 11:54 <DIR> d-------- C:\Program Files\Desktop Armor
2008-06-16 18:56 . 2008-06-16 18:57 99 --a------ C:\WINDOWS\WirelessFTP.INI
2008-06-15 12:13 . 2008-06-15 12:13 <DIR> d-------- C:\Program Files\AOD
2008-06-15 12:13 . 2008-06-15 12:13 <DIR> d-------- C:\Program Files\AIM
2008-06-15 12:13 . 2008-06-15 12:14 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\Aim
2008-06-15 12:13 . 2002-12-18 18:46 344,064 --a------ C:\WINDOWS\system32\msvcr70.dll
2008-06-15 11:52 . 2008-06-18 20:43 2,397 --a------ C:\WINDOWS\mozver.dat
2008-06-09 15:03 . 2008-06-09 15:03 0 --a------ C:\WINDOWS\MS.INI
2008-06-08 16:26 . 2008-06-08 16:26 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\CiscoCAA
2008-06-08 16:25 . 2008-06-08 16:25 <DIR> d-------- C:\savinstall
2008-06-08 16:25 . 2008-06-08 16:25 <DIR> d-------- C:\Program Files\Cisco Systems
2008-06-02 14:58 . 2008-06-02 15:11 27 --a------ C:\WINDOWS\settings.ini
2008-05-29 15:28 . 2008-05-29 15:28 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\DivX
2008-05-29 15:27 . 2008-05-29 15:27 <DIR> d-------- C:\Program Files\DivX
2008-05-29 15:27 . 2007-07-09 15:07 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2008-05-29 15:27 . 2007-07-09 15:07 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2008-05-29 15:23 . 2008-05-29 15:23 <DIR> d-------- C:\Program Files\AC3Filter
2008-05-27 19:57 . 2008-05-27 19:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-22 13:34 . 2008-05-22 13:34 <DIR> d-------- C:\Program Files\Google
2008-05-22 13:34 . 2008-06-19 07:47 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-05-21 21:54 . 2008-06-18 13:37 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\uTorrent
2008-05-21 21:53 . 2008-06-15 12:31 <DIR> d-------- C:\Program Files\uTorrent
2008-05-21 16:18 . 2008-06-19 20:27 476 --a------ C:\WINDOWS\hpbafd.ini
2008-05-21 14:17 . 1998-06-18 00:00 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2008-05-21 14:16 . 2008-06-16 14:26 <DIR> d-------- C:\Program Files\matlib
2008-05-21 14:15 . 2008-05-21 14:17 <DIR> d-------- C:\MATLIB
2008-05-21 14:15 . 2008-05-21 14:15 78 --a------ C:\WINDOWS\mes.ini
2008-05-21 14:07 . 1996-12-09 13:51 703,984 --a------ C:\WINDOWS\system32\Ss32x25.ocx
2008-05-21 14:07 . 1998-06-24 00:00 260,920 --a------ C:\WINDOWS\system32\MSDATGRD.OCX
2008-05-21 14:07 . 1995-12-04 14:09 210,944 --a------ C:\WINDOWS\system32\MSVCRT10.DLL
2008-05-21 14:07 . 1998-06-18 00:00 146,944 --a------ C:\WINDOWS\system32\VB6EXT.OLB
2008-05-21 14:01 . 2008-05-21 14:08 <DIR> d-------- C:\Program Files\CAMWorks2008-07
2008-05-21 13:56 . 2008-05-21 13:58 <DIR> d-------- C:\Program Files\CAMWorksFlexLM
2008-05-21 12:38 . 2008-05-21 12:40 <DIR> d-------- C:\Program Files\Winamp
2008-05-21 12:38 . 2008-05-21 12:40 <DIR> d-------- C:\Documents and Settings\varhuem\Application Data\Winamp
2008-05-21 09:52 . 2008-05-21 09:52 0 --a------ C:\WINDOWS\system32\history.aaw
2008-05-21 09:51 . 2008-06-15 15:06 153 --a------ C:\WINDOWS\wininit.ini
2008-05-21 09:25 . 2008-05-21 09:25 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-21 09:25 . 2008-05-21 09:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-21 09:24 . 2008-05-21 09:24 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-21 09:23 . 2008-06-16 14:39 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-21 09:23 . 2008-06-16 14:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-20 15:39 . 2008-05-21 13:48 7,680 --ahs---- C:\WINDOWS\Thumbs.db
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-20 12:14 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-20 03:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-06-18 02:08 --------- d-----w C:\Documents and Settings\varhuem\Application Data\U3
2008-06-16 22:28 --------- d-----w C:\Program Files\SolidWorks
2008-06-16 22:27 --------- d-----w C:\Documents and Settings\Default User\Application Data\SolidWorks
2008-06-02 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-21 18:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-19 18:04 --------- d-----w C:\Program Files\LMC
2008-05-19 18:04 --------- d-----w C:\Program Files\Common Files\LMC
2008-05-16 23:36 --------- d-----w C:\Program Files\Avanquest update
2008-05-16 23:35 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-05-16 23:34 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-05-16 23:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-05-16 19:12 --------- d-----w C:\Program Files\Motorola USB Drivers
2008-05-15 19:48 --------- d-----w C:\Program Files\Investintech.com Inc
2008-05-15 00:12 --------- d-----w C:\Documents and Settings\varhuem\Application Data\vlc
2008-05-15 00:11 --------- d-----w C:\Program Files\VideoLAN
2008-05-15 00:11 --------- d-----w C:\Program Files\AIM6
2008-05-15 00:11 --------- d-----w C:\Documents and Settings\varhuem\Application Data\acccore
2008-05-15 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2008-05-15 00:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-05-15 00:10 --------- d-----w C:\Program Files\Common Files\AOL
2008-05-06 13:29 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-05-06 12:16 --------- d-----w C:\Program Files\Microsoft Works
2008-05-02 14:04 --------- d-----w C:\Documents and Settings\varhuem\Application Data\SolidWorks
2008-05-01 18:32 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-05-01 18:32 --------- d-----w C:\Program Files\Common Files\L&H
2008-05-01 18:19 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-05-01 18:17 --------- d-----w C:\Documents and Settings\setup.WIT-B94B9000F37\Application Data\Autodesk
2008-05-01 18:16 --------- d-----w C:\Program Files\Autodesk
2008-04-30 15:48 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-04-30 15:48 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-04-29 15:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 15:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 15:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-22 19:31 --------- d-----w C:\Program Files\Java
2008-04-22 19:30 --------- d-----w C:\Program Files\Common Files\Java
2008-04-22 19:15 --------- d-----w C:\Program Files\QuickTime
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\varhuem\Application Data\Apple Computer
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\setup.WIT-B94B9000F37\Application Data\Apple Computer
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\Default User\Application Data\Apple Computer
2008-04-22 19:15 --------- d-----w C:\Documents and Settings\admin\Application Data\Apple Computer
2008-04-22 19:14 --------- d-----w C:\Program Files\Apple Software Update
2008-04-22 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-22 19:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-04-17 07:19 737,280 ----a-w C:\WINDOWS\iun6002.exe
2004-03-15 21:51 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV71ActiveXControl.dll
2003-05-01 13:36 114,688 ----a-w C:\Program Files\internet explorer\plugins\LV7ActiveXControl.dll
2006-01-23 14:32 131,072 ----a-w C:\Program Files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 14:48 133,920 ----a-w C:\Program Files\internet explorer\plugins\LV82ActiveXControl.dll
.
((((((((((((((((((((((((((((( snapshot@2008-06-20_ 7.37.16.53 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-20 11:15:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-20 12:13:48 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-20 11:33:55 122,312 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-20 11:57:39 122,830 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-20 11:33:55 546,116 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-20 11:57:39 546,992 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-23 12:53 68856]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 16:21 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVHotkey"="nvHotkey.dll" [2007-04-28 19:05 67584 C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="NvMCTray.dll" [2007-04-28 19:05 81920 C:\WINDOWS\system32\nvmctray.dll]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-03 20:56 143360]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-28 19:05 8429568]
C:\Documents and Settings\admin\Start Menu\Programs\Startup\
Shortcut to bg.lnk - C:\Documents and Settings\Administrator\BGinfo\bg.bat [2008-04-17 10:19:11 34]
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Shortcut to bg.lnk - C:\Documents and Settings\Administrator\BGinfo\bg.bat [2008-04-17 10:19:11 34]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-2746289630-3061505222-2800193894-17919\Scripts\Logon\
0\
0]
"Script"=\\wit.private\SysVol\wit.private\scripts\students.bat
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
--a------ 2007-03-20 16:40 1884160 C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIMWDInstallFilename]
--------- 2004-01-12 16:29 102400 C:\PROGRA~1\AIM\AIMWDI~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
--a------ 2007-07-02 13:29 159744 C:\Program Files\DellTPad\Apoint.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Broadcom Wireless Manager UI]
--a------ 2007-10-09 19:17 2183168 C:\WINDOWS\system32\WLTRAY.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2006-03-07 13:02 53408 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray]
C:\Program Files\Spyware Doctor\pctsTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-04-28 19:05 8429568 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-04-28 19:05 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-04-28 19:05 1626112 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperProfessional]
C:\Program Files\Panicware\Pop-Up Stopper Professional\PopUpStopperProfessional.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
--a------ 2007-02-19 14:26 303104 C:\WINDOWS\stsystra.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Synchronization Manager]
--a------ 2004-08-03 20:56 143360 C:\WINDOWS\system32\mobsync.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
--a------ 2006-03-17 06:34 124656 C:\PROGRA~1\SYMANT~1\VPTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
R0 NIPALK;NIPALK;C:\WINDOWS\system32\drivers\nipalk.sys [2007-02-15 22:59]
R0 nipbcfk;National Instruments Class Upper Filter Driver;C:\WINDOWS\system32\drivers\nipbcfk.sys [2007-02-15 17:23]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;"C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe" -service []
R2 cvintdrv;cvintdrv;C:\WINDOWS\system32\drivers\cvintdrv.sys [2007-02-21 10:00]
R2 mxssvr;NI Configuration Manager;"C:\Program Files\National Instruments\MAX\nimxs.exe" [2007-03-20 16:19]
R2 NextMove;NextMove;C:\WINDOWS\system32\drivers\NEXTMOVE.SYS [1999-08-27 09:40]
R2 ni488enumsvc;NI-488.2 Enumeration Service;C:\WINDOWS\system32\nipalsm.exe [2007-02-16 10:21]
R2 niarbk;niarbk;C:\WINDOWS\system32\drivers\niarbk.dll [2007-02-02 09:36]
R2 nibffrk;nibffrk;C:\WINDOWS\system32\drivers\nibffrk.dll [2007-02-02 09:37]
R2 nidevldu;NI Device Loader;C:\WINDOWS\system32\nipalsm.exe [2007-02-16 10:21]
R2 nimdsk;nimdsk;C:\WINDOWS\system32\drivers\nimdsk.dll [2007-02-02 09:37]
R2 nipxirmk;nipxirmk;C:\WINDOWS\system32\drivers\nipxirmkl.sys [2007-02-22 11:18]
R2 nistck;nistck;C:\WINDOWS\system32\drivers\nistck.dll [2007-02-02 09:38]
R2 NITaggerService;National Instruments Variable Engine;"C:\Program Files\National Instruments\Shared\Tagger\tagsrv.exe" [2007-02-06 22:47]
R2 NiViPxiK;NI-VISA PXI Driver;C:\WINDOWS\system32\drivers\NiViPxiKl.sys [2007-02-23 10:25]
R2 Remote Solver for COSMOSFloWorks 2007;Remote Solver for COSMOSFloWorks 2007;"C:\Program Files\SolidWorks\COSMOS\FloWorks\binCFW\StandAloneSlv.exe" [2007-02-27 17:27]
R3 nidimk;nidimk;C:\WINDOWS\system32\drivers\nidimkl.sys [2007-02-21 22:20]
R3 nimdbgk;nimdbgk;C:\WINDOWS\system32\drivers\nimdbgkl.sys [2007-02-21 21:46]
R3 nimru2k;nimru2k;C:\WINDOWS\system32\drivers\nimru2kl.sys [2007-02-21 22:39]
R3 nimstsk;nimstsk;C:\WINDOWS\system32\drivers\nimstskl.sys [2007-02-25 20:12]
R3 nimxdfk;nimxdfk;C:\WINDOWS\system32\drivers\nimxdfkl.sys [2007-02-21 22:10]
R3 niorbk;niorbk;C:\WINDOWS\system32\drivers\niorbkl.sys [2007-02-21 21:39]
S2 Nidaq32k;Nidaq32k;C:\WINDOWS\system32\drivers\Nidaq32k.sys [2007-02-02 10:55]
S2 nidmmk;NI DMM and Data Logger Kernel Driver;C:\WINDOWS\system32\drivers\nidmmk.dll [2007-02-02 10:57]
S3 lvalarmk;lvalarmk;C:\WINDOWS\system32\drivers\lvalarmk.sys [2007-01-11 10:18]
S3 ni1006k;NI PXI-1006 Chassis Pilot;C:\WINDOWS\system32\drivers\ni1006k.sys [2007-02-22 11:40]
S3 ni1045k;NI PXI-1045 Chassis Pilot;C:\WINDOWS\system32\drivers\ni1045kl.sys [2007-02-22 11:43]
S3 ni488lock;NI-488.2 Locking Service;C:\WINDOWS\system32\drivers\ni488lock.sys [2007-02-26 12:40]
S3 nicdrk;nicdrk;C:\WINDOWS\system32\drivers\nicdrkl.sys [2007-02-22 18:18]
S3 nidmxfk;nidmxfk;C:\WINDOWS\system32\drivers\nidmxfkl.sys [2007-02-25 20:12]
S3 nidsark;nidsark;C:\WINDOWS\system32\drivers\nidsarkl.sys [2007-02-23 17:43]
S3 nidwgk;nidwgk;C:\WINDOWS\system32\drivers\nidwgkl.sys [2007-02-23 22:32]
S3 niemrk;niemrk;C:\WINDOWS\system32\drivers\niemrkl.sys [2007-02-25 19:13]
S3 niesrk;niesrk;C:\WINDOWS\system32\drivers\niesrkl.sys [2007-02-25 19:13]
S3 nifslk;nifslk;C:\WINDOWS\system32\drivers\nifslkl.sys [2007-02-22 13:21]
S3 nigplk;nigplk;C:\WINDOWS\system32\drivers\nigplkl.sys [2007-02-23 16:20]
S3 nihsdrk;nihsdrk;C:\WINDOWS\system32\drivers\nihsdrkl.sys [2007-02-24 01:10]
S3 nimsdrk;nimsdrk;C:\WINDOWS\system32\drivers\nimsdrkl.sys [2007-02-25 20:10]
S3 nimslk;nimslk;C:\WINDOWS\system32\drivers\nimslk.dll [2006-12-18 12:55]
S3 nimsrlk;nimsrlk;C:\WINDOWS\system32\drivers\nimsrlk.dll [2006-12-18 12:55]
S3 nimxpk;nimxpk;C:\WINDOWS\system32\drivers\nimxpkl.sys [2007-02-22 13:26]
S3 ninshsdk;ninshsdk;C:\WINDOWS\system32\drivers\ninshsdkl.sys [2007-02-23 17:25]
S3 nipalfwedl;nipalfwedl;C:\WINDOWS\system32\drivers\nipalfwedl.sys [2007-02-15 23:00]
S3 nipalusbedl;nipalusbedl;C:\WINDOWS\system32\drivers\nipalusbedl.sys [2007-02-15 23:00]
S3 nipsdk;nipsdk;C:\WINDOWS\system32\drivers\nipsdkl.sys [2007-02-23 22:19]
S3 nipxigpk;NI PXI Generic Chassis Pilot;C:\WINDOWS\system32\drivers\nipxigpk.sys [2007-02-22 11:45]
S3 nirfsa2k;nirfsa2k;C:\WINDOWS\system32\drivers\nirfsa2kl.sys [2007-02-24 04:19]
S3 niscdk;niscdk;C:\WINDOWS\system32\drivers\niscdkl.sys [2007-02-26 16:31]
S3 nisdigk;nisdigk;C:\WINDOWS\system32\drivers\nisdigkl.sys [2007-02-25 19:11]
S3 nisftk;nisftk;C:\WINDOWS\system32\drivers\nisftkl.sys [2007-02-24 00:17]
S3 nisldk;nisldk;C:\WINDOWS\system32\drivers\nisldkl.sys [2007-02-23 22:05]
S3 nismbusk;nismbusk;C:\WINDOWS\system32\drivers\nismbusk.sys [2007-02-22 11:34]
S3 nispdk;nispdk;C:\WINDOWS\system32\drivers\nispdkl.sys [2007-02-26 16:31]
S3 nisrcdk;nisrcdk;C:\WINDOWS\system32\drivers\nisrcdkl.sys [2007-02-23 22:28]
S3 nissrk;nissrk;C:\WINDOWS\system32\drivers\nissrkl.sys [2007-02-25 19:13]
S3 nistc2k;nistc2k;C:\WINDOWS\system32\drivers\nistc2kl.sys [2007-02-22 20:17]
S3 nistcrk;nistcrk;C:\WINDOWS\system32\drivers\nistcrkl.sys [2007-02-23 03:14]
S3 niswdk;niswdk;C:\WINDOWS\system32\drivers\niswdkl.sys [2007-02-23 20:44]
S3 nitiork;nitiork;C:\WINDOWS\system32\drivers\nitiorkl.sys [2007-02-23 15:54]
S3 nitnr2k;nitnr2k;C:\WINDOWS\system32\drivers\nitnr2kl.sys [2007-02-24 00:09]
S3 NiViFWK;NI-VISA FireWire Driver;C:\WINDOWS\system32\drivers\NiViFWKl.sys [2007-02-22 10:42]
S3 NiViPciK;NI-VISA PCI Driver;C:\WINDOWS\system32\drivers\NiViPciKl.sys [2007-02-23 10:25]
S3 niwfrk;niwfrk;C:\WINDOWS\system32\drivers\niwfrkl.sys [2007-02-25 19:13]
S3 nixsrk;nixsrk;C:\WINDOWS\system32\drivers\nixsrkl.sys [2007-02-25 19:13]
S3 usb6xxxk;usb6xxxk;C:\WINDOWS\system32\drivers\usb6xxxk.sys [2007-02-25 19:11]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{644520cc-2277-11dd-b316-001e37ed397d}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a034b3c6-2665-11dd-b323-001644bc7fc4}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-06-18 01:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-19 16:05:00 C:\WINDOWS\Tasks\OGADaily.job"
- C:\WINDOWS\system32\OGAVerify.exe
"2008-06-20 12:14:01 C:\WINDOWS\Tasks\OGALogon.job"
- C:\WINDOWS\system32\OGAVerify.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-20 08:14:47
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\WLTRYSVC.EXE
C:\WINDOWS\system32\BCMWLTRY.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\Program Files\AIM6\aolsoftware.exe
.
**************************************************************************
.
Completion time: 2008-06-20 8:19:31 - machine was rebooted [varhuem]
ComboFix-quarantined-files.txt 2008-06-20 12:19:23
Pre-Run: 120,213,803,008 bytes free
Post-Run: 120,226,344,960 bytes free
460 --- E O F --- 2008-05-14 20:19:24