Thanks Katana,
Installed programs:-
Adobe Acrobat 5.0
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.2
Adobe Stock Photos 1.0
Adobe® Photoshop® Album Starter Edition 3.2
AppCore
Apple Mobile Device Support
Apple Software Update
AV
BOINC
Bonus
Camera RAW Plug-In for EPSON Creativity Suite
Capture NX
CC_ccProxyExt
ccCommon
ccCommon
ccPxyCore
CheckIt Diagnostics
CIB
CLIOwin 7 QC
Component Framework
Connection Keep Alive
Creative Audio Console
EAX4 Unified Redist
eBay Toolbar
Englesko-hrvatski rjeènik
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Print CD
EPSON PRINT Image Framer Tool
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
EPSON Web-To-Page
ESPRX560_590 User's Guide
Family Tree Maker 2006
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB935448)
Intel(R) PRO Network Connections Drivers
J2SE Runtime Environment 5.0 Update 2
Java(TM) 6 Update 3
LEAP 5.0.0.320 Uninstall
LimeWire 4.16.6
LiveUpdate 3.2 (Symantec Corporation)
LiveUpdate Notice (Symantec Corporation)
Logitech SetPoint
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Shockwave Player
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 SR-1 Premium
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Motorola Driver Installation
Mozilla Firefox (2.0.0.12)
MSRedist
MSRedist
MSXML 4.0 SP2 (KB936181)
Nero 7 Premium
neroxml
nik ColorEfexPro
nik ColorEfexPro 2.0
Nikon View 6
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus
Norton Cleanup
Norton Confidential Browser Component
Norton Confidential Web Protection Component
Norton Ghost
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security (Symantec Corporation)
Norton Internet Security Add-on Pack (Symantec Corporation)
Norton Internet Security Bonus Pack
Norton Protection Center
Norton SystemWorks
Norton SystemWorks
Norton SystemWorks (Symantec Corporation)
Norton SystemWorks Basic Edition
Norton Utilities
NVIDIA Drivers
PC Pitstop Driver Alert 1.0
Picture Control Utility
PowerDVD
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Restorer2000 Professional
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
Skype™ 3.2
Sonic MyDVD
Sonic RecordNow!
SPBBC 32bit
System Requirements Lab
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
VariCADen2005 3.00
ViewNX
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
WinISD beta
WinRAR archiver
And the original Combofix log
ComboFix 08-02-18.1 - Billy B 2008-02-18 13:43:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.205 [GMT 0:00]
Running from: D:\Documents and Settings\Billy B\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
d:\Documents and Settings\Billy B\Local Settings\Application Data\brgvk.dat
D:\Documents and Settings\Billy B\Local Settings\Application Data\brgvk.exe
d:\Documents and Settings\Billy B\Local Settings\Application Data\brgvk_nav.dat
d:\Documents and Settings\Billy B\Local Settings\Application Data\brgvk_navps.dat
.
((((((((((((((((((((((((( Files Created from 2008-01-18 to 2008-02-18 )))))))))))))))))))))))))))))))
.
2008-02-18 10:01 . 2008-02-18 11:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-18 08:28 . 2008-02-18 09:19 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 08:09 . 2008-02-18 08:09 <DIR> d-------- C:\VProRecovery
2008-02-17 10:18 . 2008-02-17 22:39 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-17 10:07 . 2008-02-18 07:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-17 10:07 . 2008-02-17 10:07 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-02-17 08:47 . 2008-02-18 07:25 <DIR> d-------- D:\Documents and Settings\Billy B\Application Data\SUPERAntiSpyware.com
2008-02-17 08:47 . 2008-02-17 08:47 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 09:31 . 2008-02-16 09:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-08 16:28 . 2008-02-08 16:28 1 --a------ C:\WINDOWS\system32\SI.bin
2008-02-04 11:13 . 2008-02-04 11:13 <DIR> d-------- C:\Program Files\Smith Micro
2008-02-04 11:06 . 2008-02-18 12:10 <DIR> d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-02-04 10:53 . 2008-02-04 10:53 <DIR> d-------- D:\Documents and Settings\All Users\Symantec Temporary Files
2008-02-04 08:12 . 2008-02-04 08:12 <DIR> d-------- C:\Program Files\Skype
2008-02-04 08:12 . 2008-02-04 08:12 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-01 13:18 . 2008-02-01 13:19 <DIR> d-------- C:\Program Files\MorEmoticons
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-20 20:44 . 2008-01-20 20:45 <DIR> d-------- C:\Program Files\Macromedia
2008-01-20 20:44 . 2008-01-20 20:48 <DIR> d-------- C:\Program Files\Common Files\Macromedia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-18 13:47 --------- d-----w D:\Documents and Settings\Billy B\Application Data\Skype
2008-02-18 13:47 --------- d-----w C:\Program Files\BOINC
2008-02-18 13:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 07:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 18:30 --------- d-----w D:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-02-17 18:30 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-02-13 13:38 --------- d-----w D:\Documents and Settings\Billy B\Application Data\VariCAD
2008-02-13 07:58 --------- d-----w C:\Program Files\LimeWire
2008-02-08 16:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 16:37 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-02-08 16:35 --------- d-----w C:\Program Files\Ubisoft
2008-02-06 13:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 13:11 --------- d-----w D:\Documents and Settings\Billy B\Application Data\Symantec
2008-02-04 11:07 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-04 11:07 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-04 11:07 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-04 11:07 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-04 11:07 --------- d-----w C:\Program Files\Symantec
2008-02-04 08:12 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-02-04 08:04 --------- d-----w D:\Documents and Settings\Billy B\Application Data\skypePM
2008-02-01 09:08 --------- d-----w C:\Program Files\Norton Ghost
2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 04:30 133,216 ----a-w C:\WINDOWS\system32\drivers\symsnap.sys
2007-12-31 20:57 20 ---h--w D:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2007-12-30 14:32 --------- d-----w C:\Program Files\EPSON Print CD
2007-12-21 16:27 92,064 ----a-w D:\Documents and Settings\Billy B\mqdmmdm.sys
2007-12-21 16:27 9,232 ----a-w D:\Documents and Settings\Billy B\mqdmmdfl.sys
2007-12-21 16:27 79,328 ----a-w D:\Documents and Settings\Billy B\mqdmserd.sys
2007-12-21 16:27 66,656 ----a-w D:\Documents and Settings\Billy B\mqdmbus.sys
2007-12-21 16:27 6,208 ----a-w D:\Documents and Settings\Billy B\mqdmcmnt.sys
2007-12-21 16:27 5,936 ----a-w D:\Documents and Settings\Billy B\mqdmwhnt.sys
2007-12-21 16:27 4,048 ----a-w D:\Documents and Settings\Billy B\mqdmcr.sys
2007-12-21 16:27 25,600 ----a-w D:\Documents and Settings\Billy B\usbsermptxp.sys
2007-12-21 16:27 22,768 ----a-w D:\Documents and Settings\Billy B\usbsermpt.sys
2007-12-21 16:25 --------- d-----w D:\Documents and Settings\Billy B\Application Data\InstallShield
2007-12-21 14:39 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-21 14:39 --------- d-----w C:\Program Files\Common Files\Real
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-19 14:41 --------- d-----w C:\Program Files\Common Files\Nikon
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-29 16:50 38,567 ----a-w C:\WINDOWS\system32\pcpbios.exe
2007-11-26 22:10 0 ----a-w D:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-11-20 10:17 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-11-19 15:22 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
.
Files Infected - Win32.Agent.zb.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 19:03 94208]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 16:50 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"EPSON Stylus Photo RX560 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.exe" [2006-05-23 04:00 139264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"MorEmoticons"="C:\Program Files\MorEmoticons\MorEmoticons.exe" [2007-11-12 02:35 64000]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]
"SpybotSD TeaTimer"="d:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 13:28 29696 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-09-06 22:30 115560]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-26 05:00 771440]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2008-01-10 04:43 2037088]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-01-17 07:41 623856]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 08:22 25472]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-10 14:00 158208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
"EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 19:03 94208]
D:\Documents and Settings\Billy B\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664]
BOINC Manager.lnk - C:\Program Files\BOINC\boincmgr.exe [2006-08-03 01:26:30 1966080]
LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2007-09-17 14:19:14 147456]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-11-06 15:01:41 82026]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-11-05 17:12:49 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 00:15:54 65588]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2007-11-05 20:19:14 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
R1 Cliosys;Cliosys;C:\WINDOWS\SYSTEM32\DRIVERS\Cliosys.sys [2002-03-05 15:56]
R2 MMK_NTD;MMK_NTD;C:\WINDOWS\system32\drivers\MMK_NTD.sys [2007-07-23 11:03]
R3 cwrwdm;SoundFusion(tm) WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2004-08-03 22:32]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 13:17]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-04 02:43]
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 19:21:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-12 13:06:51 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Billy B.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-18 12:10:33 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-18 13:47:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-18 13:49:00
.
2008-02-13 08:23:43 --- E O F ---
Finally just in case you need it the current combofix log
ComboFix 08-02-18.1 - Billy B 2008-02-22 14:08:57.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.326 [GMT 0:00]
Running from: D:\Documents and Settings\Billy B\Desktop\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-22 to 2008-02-22 )))))))))))))))))))))))))))))))
.
2008-02-22 13:27 . 2008-02-22 13:27 <DIR> d--h----- C:\WINDOWS\PIF
2008-02-18 10:01 . 2008-02-18 11:34 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-02-18 08:28 . 2008-02-20 13:22 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-18 08:09 . 2008-02-18 08:09 <DIR> d-------- C:\VProRecovery
2008-02-17 10:18 . 2008-02-17 22:39 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SITEguard
2008-02-17 10:07 . 2008-02-18 07:30 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-02-17 10:07 . 2008-02-17 10:07 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-02-17 08:47 . 2008-02-18 07:25 <DIR> d-------- D:\Documents and Settings\Billy B\Application Data\SUPERAntiSpyware.com
2008-02-17 08:47 . 2008-02-17 08:47 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 09:31 . 2008-02-16 09:33 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-08 16:28 . 2008-02-08 16:28 1 --a------ C:\WINDOWS\system32\SI.bin
2008-02-04 11:13 . 2008-02-04 11:13 <DIR> d-------- C:\Program Files\Smith Micro
2008-02-04 11:06 . 2008-02-18 12:10 <DIR> d-------- C:\Program Files\Norton SystemWorks Basic Edition
2008-02-04 10:53 . 2008-02-04 10:53 <DIR> d-------- D:\Documents and Settings\All Users\Symantec Temporary Files
2008-02-04 08:12 . 2008-02-04 08:12 <DIR> d-------- C:\Program Files\Skype
2008-02-04 08:12 . 2008-02-04 08:12 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-02-01 13:18 . 2008-02-01 13:19 <DIR> d-------- C:\Program Files\MorEmoticons
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-22 14:11 --------- d-----w C:\Program Files\BOINC
2008-02-22 13:56 --------- d-----w D:\Documents and Settings\Billy B\Application Data\Skype
2008-02-22 10:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-02-22 10:17 --------- d-----w D:\Documents and Settings\All Users\Application Data\Symantec
2008-02-21 17:04 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-20 08:02 --------- d-----w C:\Program Files\LimeWire
2008-02-18 07:25 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-13 13:38 --------- d-----w D:\Documents and Settings\Billy B\Application Data\VariCAD
2008-02-08 16:40 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-08 16:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 16:37 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-02-08 16:35 --------- d-----w C:\Program Files\Ubisoft
2008-02-06 13:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-04 13:11 --------- d-----w D:\Documents and Settings\Billy B\Application Data\Symantec
2008-02-04 11:07 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-02-04 11:07 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-02-04 11:07 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-02-04 11:07 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-02-04 11:07 --------- d-----w C:\Program Files\Symantec
2008-02-04 08:12 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype
2008-02-04 08:04 --------- d-----w D:\Documents and Settings\Billy B\Application Data\skypePM
2008-02-01 09:08 --------- d-----w C:\Program Files\Norton Ghost
2008-01-20 20:48 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-01-20 20:45 --------- d-----w C:\Program Files\Macromedia
2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-10 04:30 133,216 ----a-w C:\WINDOWS\system32\drivers\symsnap.sys
2007-12-31 20:57 20 ---h--w D:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2007-12-30 14:32 --------- d-----w C:\Program Files\EPSON Print CD
2007-12-21 16:27 92,064 ----a-w D:\Documents and Settings\Billy B\mqdmmdm.sys
2007-12-21 16:27 9,232 ----a-w D:\Documents and Settings\Billy B\mqdmmdfl.sys
2007-12-21 16:27 79,328 ----a-w D:\Documents and Settings\Billy B\mqdmserd.sys
2007-12-21 16:27 66,656 ----a-w D:\Documents and Settings\Billy B\mqdmbus.sys
2007-12-21 16:27 6,208 ----a-w D:\Documents and Settings\Billy B\mqdmcmnt.sys
2007-12-21 16:27 5,936 ----a-w D:\Documents and Settings\Billy B\mqdmwhnt.sys
2007-12-21 16:27 4,048 ----a-w D:\Documents and Settings\Billy B\mqdmcr.sys
2007-12-21 16:27 25,600 ----a-w D:\Documents and Settings\Billy B\usbsermptxp.sys
2007-12-21 16:27 22,768 ----a-w D:\Documents and Settings\Billy B\usbsermpt.sys
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-11-29 16:50 38,567 ----a-w C:\WINDOWS\system32\pcpbios.exe
2007-11-26 22:10 0 ----a-w D:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2007-11-19 15:22 32 ----a-w D:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 19:03 94208]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24 1694208]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-08 16:50 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 14:00 15360]
"EPSON Stylus Photo RX560 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBPE.exe" [2006-05-23 04:00 139264]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03 152872]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"MorEmoticons"="C:\Program Files\MorEmoticons\MorEmoticons.exe" [2007-11-12 02:35 64000]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 14:00 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 14:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-08 16:55 57344]
"RTHDCPL"="RTHDCPL.EXE" [2005-06-29 13:25 14720000 C:\WINDOWS\RTHDCPL.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-10-21 13:28 29696 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-09-06 22:30 115560]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-06-26 05:00 771440]
"Norton Ghost 12.0"="C:\Program Files\Norton Ghost\Agent\VProTray.exe" [2008-01-10 04:43 2037088]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 11:09 63712]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-01-17 07:41 623856]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-11-28 19:51 583048]
"NSWosCheck"="C:\Program Files\Norton SystemWorks Basic Edition\osCheck.exe" [2007-09-18 08:22 25472]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="D:\Program Files\QuickTime\QTTask.exe" [2008-01-31 23:13 385024]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 14:00 15360]
"EzStatus"="C:\Apps\EZHome\EZStatus.exe" [2004-12-20 19:03 94208]
D:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-11-06 15:01:41 82026]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-11-05 17:12:49 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 00:15:54 65588]
NkvMon.exe.lnk - C:\Program Files\Nikon\NkView6\NkvMon.exe [2007-11-05 20:19:14 233472]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
R1 Cliosys;Cliosys;C:\WINDOWS\SYSTEM32\DRIVERS\Cliosys.sys [2002-03-05 15:56]
R2 MMK_NTD;MMK_NTD;C:\WINDOWS\system32\drivers\MMK_NTD.sys [2007-07-23 11:03]
R3 cwrwdm;SoundFusion(tm) WDM Driver;C:\WINDOWS\system32\DRIVERS\cwrwdm.sys [2004-08-03 22:32]
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 13:17]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddriver.sys [2005-11-04 02:43]
*Newly Created Service* - COMHOST
*Newly Created Service* - UMWDF
.
Contents of the 'Scheduled Tasks' folder
"2008-02-21 19:21:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-19 13:06:52 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Billy B.job"
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exeh/TASK:
"2008-02-18 12:10:33 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks Basic Edition\OBC.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-22 14:12:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\Logitech\SetPoint\lgscroll.dll
.
Completion time: 2008-02-22 14:13:36
ComboFix-quarantined-files.txt 2008-02-22 14:13:28
ComboFix2.txt 2008-02-18 13:49:01
.
2008-02-13 08:23:43 --- E O F ---