latest combofix log after running CFScript.txt. I'll post how my machine is running later.
ComboFix 07-12-19.3 - David 2007-12-21 7:57:05.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.604 [GMT 0:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\David\Desktop\CFScript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\tcpdiss.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\tcpdiss.exe
.
((((((((((((((((((((((((( Files Created from 2007-11-21 to 2007-12-21 )))))))))))))))))))))))))))))))
.
2007-12-20 17:26 . 2007-12-20 17:26 <DIR> d-------- C:\WINDOWS\system32\ineWc01
2007-12-20 17:26 . 2007-12-20 17:26 <DIR> d-------- C:\Temp\tpBe12
2007-12-20 17:26 . 2007-12-20 17:26 <DIR> d-------- C:\Temp
2007-12-19 08:18 . 2007-12-19 08:18 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-19 08:18 . 2007-12-19 08:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-18 23:08 . 2007-12-18 23:08 <DIR> d-------- C:\Documents and Settings\David\Application Data\PrevxCSI
2007-12-18 23:08 . 2007-12-18 23:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-15 19:19 . 2007-12-17 16:29 <DIR> d-------- C:\Documents and Settings\Kids\Application Data\AVG7
2007-12-14 23:15 . 2007-12-14 23:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-14 14:32 . 2007-12-14 14:32 <DIR> d--hs---- C:\SpyGuardPro
2007-12-14 14:32 . 2007-12-14 14:32 <DIR> d-------- C:\Documents and Settings\David\Application Data\SpyGuardPro
2007-12-14 14:32 . 2007-12-14 14:32 <DIR> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2007-12-12 22:32 . 2007-12-12 22:32 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-12-12 22:19 . 2007-12-19 08:01 <DIR> d-------- C:\Documents and Settings\David\Application Data\AVG7
2007-12-12 22:19 . 2007-12-12 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-12 22:19 . 2007-12-13 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-12-12 21:54 . 2007-12-12 21:54 244 --ah----- C:\sqmnoopt04.sqm
2007-12-12 21:54 . 2007-12-12 21:54 232 --ah----- C:\sqmdata04.sqm
2007-12-06 09:46 . 2007-12-06 09:46 <DIR> d---s---- C:\Documents and Settings\LocalService\UserData
2007-12-01 14:43 . 2007-12-21 07:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-01 14:43 . 2007-12-01 14:43 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-01 14:42 . 2007-12-01 14:42 <DIR> d-------- C:\Program Files\QuickTime
2007-12-01 14:42 . 2007-12-01 14:42 <DIR> d-------- C:\Program Files\iPod
2007-11-23 08:27 . 2007-11-23 08:32 <DIR> d-------- C:\Program Files\BoardMod
2007-11-21 15:30 . 2002-12-29 01:14 81,920 --a------ C:\WINDOWS\system32\Startup.cpl
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-18 21:42 --------- d-----w C:\Documents and Settings\David\Application Data\Canon
2007-12-17 19:59 --------- d-----w C:\Program Files\DigiGuide Lite TV Guide
2007-12-12 08:05 --------- d-----w C:\Program Files\LimeWire
2007-12-10 19:11 --------- d-----w C:\Program Files\MSN Messenger
2007-12-08 21:12 --------- d-----w C:\Program Files\BlackHole
2007-12-08 21:05 --------- d-----w C:\Program Files\Safari
2007-12-08 21:01 --------- d-----w C:\Program Files\Apollo DivX to DVD Creator
2007-12-03 12:49 --------- d-----w C:\Program Files\Azureus
2007-12-03 12:49 --------- d-----w C:\Documents and Settings\David\Application Data\Azureus
2007-12-01 14:42 --------- d-----w C:\Program Files\iTunes
2007-12-01 14:35 --------- d-----w C:\Program Files\Apple Software Update
2007-11-20 20:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2007-11-19 15:37 --------- d-----w C:\Program Files\Java
2007-11-17 18:59 --------- d-----w C:\Program Files\MP3 Audio Converter
2007-11-16 21:26 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-11-11 23:07 --------- d-----w C:\Program Files\mp3DirectCut
2007-11-04 19:57 --------- d-----w C:\Program Files\Fast Color Codes
2007-11-03 13:49 --------- d-----w C:\Program Files\Winamp
2007-11-02 23:27 --------- d-----w C:\Program Files\NewsReactor
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-09-28 07:03 2,750 ----a-w C:\Documents and Settings\David\Passwords.zip
2007-09-11 07:36 2,252 ----a-w C:\Documents and Settings\David\MAVSpasswords11_09_2007.zip
2006-09-22 21:32 9,876 -c--a-w C:\Documents and Settings\David\Application Data\wklnhst.dat
2006-08-28 10:05 44,544 -c--a-w C:\Documents and Settings\David\Application Data\GDIPFONTCACHEV1.DAT
2006-01-01 17:41 40,484 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2006_01_01_10_48_44_small.dmp.zip
2005-12-10 12:52 114 -c--a-w C:\Documents and Settings\Kids\Application Data\wklnhst.dat
2005-10-18 16:53 28,936 -c--a-w C:\Documents and Settings\Kids\Application Data\GDIPFONTCACHEV1.DAT
2005-09-20 10:05 456,768 ----a-w C:\WINDOWS\inf\WG311T\WG311T13.sys
2005-08-10 06:29 33,743 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_08_09_23_33_11_small.dmp.zip
2005-08-03 16:42 33,084 -c--a-w C:\WINDOWS\Internet Logs\zlclient_2nd_2005_08_03_14_12_51_small.dmp.zip
2004-10-19 18:58 35,232 ----a-w C:\WINDOWS\inf\WG311T\ME_INST.EXE
2004-10-19 18:58 26,112 ----a-w C:\WINDOWS\inf\WG311T\install.exe
.
((((((((((((((((((((((((((((( snapshot@2007-12-13_ 7.50.20.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-05-07 16:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2007-05-07 16:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll
+ 2007-05-07 16:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2004-11-02 13:41:52 516,832 ----a-w C:\WINDOWS\system32\capicom.dll
+ 2007-12-12 11:50:02 32,768 ----a-w C:\WINDOWS\system32\ineWc01\ineWc011065.exe
+ 2005-05-24 12:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 15:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 15:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2007-07-22 18:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-12-13 21:26:50 156,160 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sticky Pad"="C:\Program Files\StickyPad\StickyPad.exe" [2007-04-23 22:13]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 13:39]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="C:\WINDOWS\system32\nvraidservice.exe" [2004-09-02 07:25]
"NVRTCLK"="C:\WINDOWS\system32\NVRTCLK\NVRTClk.exe" [2003-12-30 09:44]
"NvCplDaemon"="RUNDLL32.exe" [2004-05-18 17:19 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2004-09-30 05:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-05-18 17:19 C:\WINDOWS\system32\rundll32.exe]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-08-23 19:41]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-11-14 23:43]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-15 13:11]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-12-12 22:19]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-05-18 17:18]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-12-12 22:19]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG311T Smart Wizard.lnk - C:\Program Files\NETGEAR\WG311T\wlancfg5.exe [2006-02-22 10:59:32]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^IDW Logging Tool.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\IDW Logging Tool.lnk
backup=C:\WINDOWS\pss\IDW Logging Tool.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^Active To-Do List.LNK]
path=C:\Documents and Settings\David\Start Menu\Programs\Startup\Active To-Do List.LNK
backup=C:\WINDOWS\pss\Active To-Do List.LNKStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^David^Start Menu^Programs^Startup^³¬¼¶²¥°Ô.lnk]
path=C:\Documents and Settings\David\Start Menu\Programs\Startup\³¬¼¶²¥°Ô.lnk
backup=C:\WINDOWS\pss\³¬¼¶²¥°Ô.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe /s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2007-11-15 13:11 267048 --a------ C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 15:40 155648 --a------ C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbmini]
C:\Program Files\pcast\PodcastbarMini\PodcastBarMiniStater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
2006-09-09 09:16 196608 --a------ C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 18:42 32768 --a--c--- C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_8 -reboot 1
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Agent]
C:\Program Files\webHancer\Programs\whagent.exe
R3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 08:47]
S3 MarkFun_NT;MarkFun_NT;C:\Program Files\Gigabyte\ET5\markfun.w32 [2003-04-15 09:16]
.
Contents of the 'Scheduled Tasks' folder
"2007-12-01 14:35:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-12-21 07:59:16
Windows 5.1.2600 Service Pack 2, v.2135 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-12-21 7:59:40
C:\ComboFix2.txt ... 2007-12-20 16:53
C:\ComboFix3.txt ... 2007-12-19 08:05