Here are my new updated logs...
ComboFix 08-08-28.02 - Robert 2008-08-31 13:39:23.2 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1252.1.1033.18.1528 [GMT -5:00]
Running from: E:\Downloads\ComboFix.exe
Command switches used :: C:\Users\Robert\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
E:\install.exe
G:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_NOBICYT
((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-31 )))))))))))))))))))))))))))))))
.
2008-08-24 20:25 . 2008-08-31 05:22 326,781,304 --a------ C:\Windows\MEMORY.DMP
2008-08-23 13:02 . 2008-08-23 13:02 <DIR> d-------- C:\Program Files\CCleaner
2008-08-23 12:58 . 2008-08-23 12:58 <DIR> d-------- C:\Program Files\ToniArts
2008-08-23 12:48 . 2008-08-23 12:48 <DIR> d-------- C:\Program Files\AML Products
2008-08-23 12:48 . 2000-05-22 16:58 608,448 --a------ C:\Windows\System32\comctl32.ocx
2008-08-20 16:29 . 2008-01-17 05:17 3,948 --a------ C:\Windows\System32\drivers\nvphy.bin
2008-08-20 14:29 . 2008-08-20 14:36 <DIR> d-------- C:\Program Files\Driver Sweeper
2008-08-18 16:16 . 2008-07-19 00:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-18 16:16 . 2008-07-18 22:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-18 16:16 . 2008-07-19 00:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-18 16:16 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-18 16:16 . 2008-07-18 22:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-18 16:16 . 2008-07-19 00:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-18 16:16 . 2008-07-19 00:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-18 16:16 . 2008-07-19 00:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-18 16:16 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-17 19:15 . 2008-08-17 19:15 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-08-16 12:21 . 2008-08-16 12:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-16 12:21 . 2007-11-27 22:51 35,216 --a------ C:\Windows\System32\drivers\TMPassthru.sys
2008-08-15 22:20 . 2008-08-15 22:20 <DIR> d-------- C:\Program Files\Western Digital Technologies
2008-08-15 20:31 . 2008-08-15 20:31 <DIR> d-------- C:\Users\All Users\WEBREG
2008-08-15 20:31 . 2008-08-15 20:31 <DIR> d-------- C:\ProgramData\WEBREG
2008-08-15 20:30 . 2008-08-15 20:30 <DIR> d-------- C:\Users\Robert\AppData\Roaming\HP
2008-08-15 20:30 . 2008-08-15 20:30 <DIR> d-------- C:\Users\All Users\HPSSUPPLY
2008-08-15 20:30 . 2008-08-15 20:30 <DIR> d-------- C:\ProgramData\HPSSUPPLY
2008-08-15 20:28 . 2008-08-15 20:28 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-08-15 20:28 . 2008-08-15 20:30 <DIR> d-------- C:\Program Files\Common Files\HP
2008-08-15 20:28 . 2008-08-15 20:28 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2008-08-15 20:27 . 2008-08-15 20:27 <DIR> d-------- C:\Users\All Users\Hewlett-Packard
2008-08-15 20:27 . 2008-08-15 20:27 <DIR> d-------- C:\ProgramData\Hewlett-Packard
2008-08-15 20:26 . 2008-08-15 20:30 <DIR> d-------- C:\Program Files\HP
2008-08-15 20:25 . 2008-08-15 20:41 <DIR> d-------- C:\Users\All Users\HP
2008-08-15 20:25 . 2008-08-15 20:41 <DIR> d-------- C:\ProgramData\HP
2008-08-15 20:25 . 2007-02-01 03:24 258,048 --a------ C:\Windows\System32\hpzids01.dll
2008-08-15 20:25 . 2008-08-20 13:32 130,835 --a------ C:\Windows\hpoins18.dat
2008-08-15 20:25 . 2007-02-28 19:07 6,600 --a------ C:\Windows\hpomdl18.dat
2008-08-15 20:10 . 2008-08-15 20:10 2,560 --a------ C:\Windows\_MSRSTRT.EXE
2008-08-15 00:23 . 2008-08-15 20:03 105,280 --a------ C:\Windows\System32\_BLOCK.WB4
2008-08-15 00:23 . 2008-08-15 20:08 274 --a------ C:\Windows\System32\_PersonalityVert2.WB4
2008-08-15 00:23 . 2008-08-15 20:08 274 --a------ C:\Windows\System32\_PersonalityVert1.WB4
2008-08-15 00:23 . 2008-08-15 20:08 274 --a------ C:\Windows\System32\_PersonalityHorz2.WB4
2008-08-15 00:23 . 2008-08-15 20:08 274 --a------ C:\Windows\System32\_PersonalityHorz1.WB4
2008-08-14 19:27 . 2008-08-14 19:27 <DIR> d-------- C:\Users\All Users\BCR
2008-08-14 19:27 . 2008-08-14 19:27 <DIR> d-------- C:\ProgramData\BCR
2008-08-14 18:51 . 2008-08-14 18:51 <DIR> d-------- C:\Windows\System32\AGEIA
2008-08-14 18:51 . 2008-08-14 18:51 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-14 18:51 . 2008-08-14 18:51 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-08-14 18:50 . 2008-08-14 18:50 <DIR> d-------- C:\Program Files\Capcom
2008-08-14 18:15 . 2008-08-14 18:15 <DIR> d-------- C:\Users\Robert\AppData\Roaming\SystemGadgets
2008-08-14 17:18 . 2008-08-14 17:26 <DIR> d-------- C:\Windows\nvtmpinst
2008-08-13 16:30 . 2008-08-13 16:31 145 --a------ C:\Users\Robert\cleanup.reg
2008-08-13 03:02 . 2008-07-15 20:32 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-13 02:08 . 2008-06-26 20:55 1,383,424 --a------ C:\Windows\System32\mshtml.tlb
2008-08-13 02:08 . 2008-06-26 23:15 827,392 --a------ C:\Windows\System32\wininet.dll
2008-08-13 02:08 . 2008-06-18 22:31 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-13 02:08 . 2008-04-18 00:48 269,312 --a------ C:\Windows\System32\es.dll
2008-08-13 02:07 . 2008-04-10 00:12 738,304 --a------ C:\Windows\System32\inetcomm.dll
2008-08-12 19:58 . 2007-11-14 15:18 553 --a------ C:\Windows\USetup.iss
2008-08-12 19:56 . 2008-08-12 19:56 <DIR> d-------- C:\Windows\System32\RTCOM
2008-08-12 19:54 . 2008-08-12 19:54 <DIR> d-------- C:\Program Files\Realtek
2008-08-12 19:54 . 2008-05-19 18:25 1,933,312 --a------ C:\Windows\System32\MaxxAudioEQ.dll
2008-08-12 19:54 . 2008-07-29 15:42 528,384 --a------ C:\Windows\RtlExUpd.dll
2008-08-12 19:54 . 2008-08-12 19:54 319,488 --a------ C:\Windows\HideWin.exe
2008-08-12 19:54 . 2008-04-30 12:18 159,744 --a------ C:\Windows\System32\MaxxAudioAPO20.dll
2008-08-12 19:54 . 2008-05-13 17:52 143,360 --a------ C:\Windows\System32\FMAPO.dll
2008-08-12 19:54 . 2007-07-30 18:26 126,976 --a------ C:\Windows\System32\MaxxAudioAPO.dll
2008-08-12 18:46 . 2008-08-15 00:00 <DIR> d-------- C:\Program Files\SpeedFan
2008-08-12 18:46 . 2008-08-12 18:46 45 --a------ C:\Windows\System32\initdebug.nfo
2008-08-08 23:17 . 2008-08-08 23:17 <DIR> dr------- C:\Windows\System32\config\systemprofile\Documents
2008-08-06 06:15 . 2008-08-06 06:14 102,664 --a------ C:\Windows\System32\drivers\tmcomm.sys
2008-08-06 06:14 . 2008-08-16 12:25 <DIR> d-------- C:\Users\Robert\.housecall6.6
2008-08-05 19:59 . 2008-08-05 20:04 <DIR> d-------- C:\Program Files\RocketDock
2008-08-05 18:43 . 2008-08-05 18:43 <DIR> d-------- C:\Program Files\Microsoft IntelliType Pro
2008-08-05 16:16 . 2008-08-05 16:16 <DIR> d-------- C:\Users\All Users\Stardock
2008-08-05 16:16 . 2008-08-05 16:16 <DIR> d-------- C:\ProgramData\Stardock
2008-08-05 15:47 . 2008-08-05 21:08 <DIR> d-------- C:\Boot
2008-08-05 15:47 . 2008-01-19 02:45 333,203 --a------ C:\bootmgr
2008-08-05 15:33 . 2008-08-23 15:21 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-05 15:33 . 2008-08-23 15:21 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-04 23:48 . 2008-08-04 23:48 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-08-04 23:47 . 2008-08-04 23:47 <DIR> d-------- C:\Program Files\eRightSoft
2008-08-04 23:26 . 2008-08-04 23:26 <DIR> d-------- C:\Users\Robert\AppData\Roaming\AVS4YOU
2008-08-04 23:26 . 2008-08-04 23:26 <DIR> d-------- C:\Users\All Users\AVS4YOU
2008-08-04 23:26 . 2008-08-04 23:26 <DIR> d-------- C:\ProgramData\AVS4YOU
2008-08-04 23:25 . 2008-08-04 23:28 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
2008-08-04 23:25 . 2008-08-04 23:28 <DIR> d-------- C:\Program Files\AVS4YOU
2008-08-04 23:25 . 2007-02-27 19:36 1,700,352 --a------ C:\Windows\System32\GdiPlus.dll
2008-08-04 23:25 . 2007-02-27 19:36 974,848 --a------ C:\Windows\System32\mfc70.dll
2008-08-04 23:25 . 2007-02-27 19:36 487,424 --a------ C:\Windows\System32\msvcp70.dll
2008-08-04 23:25 . 2007-02-27 19:36 24,576 --a------ C:\Windows\System32\msxml3a.dll
2008-08-04 23:20 . 2006-08-25 09:45 617,472 --a------ C:\Windows\System32\temp.002
2008-08-04 23:20 . 2004-08-03 23:56 343,040 --a------ C:\Windows\System32\temp.000
2008-08-04 23:20 . 2004-08-09 21:27 151,552 --a------ C:\Windows\System32\temp.001
2008-08-04 23:20 . 2005-02-04 10:21 40,960 --a------ C:\Windows\System32\FxHorizBtn.ocx
2008-08-04 23:20 . 2003-03-06 10:43 36,864 --a------ C:\Windows\System32\FxPanel.ocx
2008-08-04 23:20 . 2001-08-23 06:00 3,584 --a------ C:\Windows\System32\temp.003
2008-08-04 23:20 . 2000-06-13 00:00 2,493 --a------ C:\Windows\System32\COMCTL32.DEP
2008-08-04 23:19 . 2008-08-04 23:19 <DIR> d-------- C:\Users\Robert\AppData\Roaming\Download Manager
2008-08-04 20:54 . 1996-08-30 17:02 13,824 --a------ C:\Windows\System32\LAYOUT.DLL
2008-08-04 20:54 . 1996-06-25 06:46 518 --a------ C:\Windows\System32\LAYOUT.REG
2008-08-03 14:50 . 2008-08-03 14:50 0 --------- C:\Windows\WB.ini
2008-08-02 22:00 . 2008-08-02 22:28 <DIR> d-------- C:\Users\Robert\AppData\Roaming\Winamp
2008-08-02 22:00 . 2008-08-07 18:59 <DIR> d-------- C:\Program Files\Winamp Remote
2008-08-02 22:00 . 2008-08-07 18:50 <DIR> d-------- C:\Program Files\Winamp
2008-08-02 22:00 . 2007-03-07 18:51 129,784 --------- C:\Windows\System32\pxafs.dll
2008-07-26 12:48 . 2008-07-26 12:48 13,576,736 --a------ C:\Windows\System32\nvcpl.dll
2008-07-10 20:28 . 2008-06-25 20:45 12,240,896 --a------ C:\Windows\System32\NlsLexicons0007.dll
2008-07-10 20:28 . 2008-06-25 20:45 2,644,480 --a------ C:\Windows\System32\NlsLexicons0009.dll
2008-07-10 20:28 . 2008-06-25 22:29 801,280 --a------ C:\Windows\System32\NaturalLanguage6.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-31 18:28 --------- d-----w C:\Program Files\Steam
2008-08-23 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-20 21:32 --------- d-----w C:\ProgramData\NVIDIA
2008-08-20 08:00 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-14 23:51 --------- d-----w C:\Program Files\OpenAL
2008-08-13 08:03 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-13 08:03 --------- d-----w C:\Program Files\Windows Mail
2008-08-13 00:55 319,456 ----a-w C:\Windows\DIFxAPI.dll
2008-08-06 22:19 1,833,504 ----a-w C:\Windows\SkyTel.exe
2008-08-06 22:19 1,202,720 ----a-w C:\Windows\RtlUpd.exe
2008-08-06 22:18 6,265,376 ----a-w C:\Windows\RtHDVCpl.exe
2008-08-06 22:11 2,164,248 ----a-w C:\Windows\system32\drivers\RTKVHDA.sys
2008-08-05 20:43 --------- d-----w C:\ProgramData\Media Center Programs
2008-08-03 20:08 --------- d---a-w C:\ProgramData\TEMP
2008-08-03 20:04 --------- d-----w C:\Program Files\Common Files\Steam
2008-08-01 01:17 --------- d-----w C:\Users\Robert\AppData\Roaming\DAEMON Tools
2008-07-26 17:48 7,281,056 ----a-w C:\Windows\system32\drivers\nvlddmkm.sys
2008-07-13 02:40 --------- d-----w C:\Program Files\Savage 2 - A Tortured Soul
2008-07-09 02:20 --------- d-----w C:\Program Files\Java
2008-07-08 14:33 96,520 ----a-w C:\Windows\system32\drivers\avgldx86.sys
2008-06-29 19:32 --------- d-----w C:\Program Files\Diablo II
2008-06-12 05:28 541,696 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-05-13 01:20 94,208 ----a-w C:\Windows\DIIUnin.exe
2008-05-13 01:20 2,829 ----a-w C:\Windows\DIIUnin.pif
2008-04-25 03:27 174 --sha-w C:\Program Files\desktop.ini
2006-05-03 09:06 163,328 --sh--r C:\Windows\System32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r C:\Windows\System32\msfDX.dll
2008-03-16 12:30 216,064 --sh--r C:\Windows\System32\nbDX.dll
.
((((((((((((((((((((((((((((( snapshot@2008-08-28_14.30.08.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-31 18:43:11 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-08-28 19:26:57 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-08-31 18:44:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-08-28 19:26:57 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-31 18:44:53 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-08-31 18:44:53 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-08-28 19:10:48 1,916,928 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-08-31 18:43:56 1,916,928 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-08-28 19:10:48 851,968 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2008-08-31 18:43:56 851,968 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-08-28 19:10:48 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-08-31 18:43:56 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-08-27 23:46:19 384,718 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-08-31 10:30:03 406,006 ----a-w C:\Windows\System32\perfc009.dat
- 2008-08-27 23:46:19 1,391,204 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-08-31 10:30:03 1,450,596 ----a-w C:\Windows\System32\perfh009.dat
- 2008-08-27 23:41:28 11,976 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-148177899-1021147868-3132030957-1000_UserData.bin
+ 2008-08-29 03:09:53 12,818 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-148177899-1021147868-3132030957-1000_UserData.bin
- 2008-08-27 23:41:28 84,712 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-08-29 03:09:53 85,370 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 02:33 1233920]
"Steam"="C:\Program Files\Steam\Steam.exe" [2008-04-22 18:18 1271032]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 02:33 125952]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58 495616]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 02:33 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWPersistentQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE" [2007-08-24 03:18 437160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 12:01 1037736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-08 09:33 1232152]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-01-22 17:22 81920]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2008-07-26 12:48 13576736]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2008-07-26 12:48 92704]
"TMRUBottedTray"="C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe" [2007-12-19 00:18 288088]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-06 17:18 6265376 C:\Windows\RtHDVCpl.exe]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 21:40:10 210520]
iReboot 1.0.0.lnk - C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe [2007-07-26 05:51:12 281600]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-07-22 10:53 240376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"VIDC.XFR1"= xfcodec.dll
"vidc.yv12"= yv12vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 04:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2006-12-10 21:52 49152 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-148177899-1021147868-3132030957-1000]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F2E90BEA-78E8-4B28-BF1F-46A12837034F}"= UDP:RPC|C:\Program Files\Microsoft Virtual Server\vssrvc.exe:Virtual Server
"TCP Query User{C047CB96-335B-4755-B868-FF1A1D16BA12}C:\\program files\\starcraft\\starcraft.exe"= UDP:C:\program files\starcraft\starcraft.exe:Starcraft
"UDP Query User{ECE46776-EA2B-49F3-92C3-B42ED5540A84}C:\\program files\\starcraft\\starcraft.exe"= TCP:C:\program files\starcraft\starcraft.exe:Starcraft
"TCP Query User{58F1497C-26F1-4C7F-A36E-CF090975C9F5}C:\\program files\\microsoft virtual pc\\virtual pc.exe"= UDP:C:\program files\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"UDP Query User{60E1E945-FCA4-4FD2-A924-0251531CEB37}C:\\program files\\microsoft virtual pc\\virtual pc.exe"= TCP:C:\program files\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"TCP Query User{08585456-4AC3-4FD1-AB9B-3E29269C099E}C:\\program files\\videolan\\vlc\\vlc.exe"= UDP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{72838EF7-5B02-48E1-B1A4-4539546DB45B}C:\\program files\\videolan\\vlc\\vlc.exe"= TCP:C:\program files\videolan\vlc\vlc.exe:VLC media player
"{8FC17F96-D1CE-4BA5-8862-70AC224B4348}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{08C5C278-BEAD-4C89-BAC4-7EC14B1C06AF}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2
"{24341CA8-0ACC-4DCD-A28A-98CB3B7E4327}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{29E12118-C344-4EE6-AA0A-A0407019153E}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{FBF12439-0636-47D3-99C8-79DD74C44EB3}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{EFB2A98F-EC5E-4A1C-9B0A-F7C9CB5D3DF2}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"TCP Query User{B8940F66-98BD-436D-BA2B-C8657FEAC72E}C:\\program files\\microsoft virtual pc\\virtual pc.exe"= UDP:C:\program files\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"UDP Query User{D20FAF7E-E3A6-48C5-99B8-7DFECC7B04ED}C:\\program files\\microsoft virtual pc\\virtual pc.exe"= TCP:C:\program files\microsoft virtual pc\virtual pc.exe:Virtual PC 2007
"{BA121A2F-F219-4988-9CB8-61352CC84233}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{748FCFE2-FE65-4934-AA60-2473270130F2}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{A2F1D4EA-8234-45F1-84FE-E64A4E1D4EC6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{D19813F8-3511-4901-965E-DA0D18CB3187}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{097E632E-800A-43D6-8B43-B38BD4A3DBC6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{085D20F2-BD9C-4A6D-9365-2913D96122C8}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{61DE26B8-F7B1-4631-96B7-8ED06776D121}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{2D911054-EC9A-4CF7-B397-E222C85E57CA}D:\\remote programs\\ea\\need for speed carbon\\nfsc.exe"= UDP:D:\remote programs\ea\need for speed carbon\nfsc.exe:NFSC
"UDP Query User{AA766D16-0433-45FE-BB42-996145412F5A}D:\\remote programs\\ea\\need for speed carbon\\nfsc.exe"= TCP:D:\remote programs\ea\need for speed carbon\nfsc.exe:NFSC
"TCP Query User{B7337A82-6711-4DDB-B0C7-711901737895}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{7D628829-4140-4AB9-834A-8795E95AA996}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{3207507A-C03F-45E3-9FE2-C1CA2CAEA7FE}C:\\program files\\thq\\gas powered games\\supreme commander - forged alliance\\bin\\forgedalliance.exe"= UDP:C:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe:Supreme Commander Forged Alliance Application
"UDP Query User{A6EC222C-02E0-47EF-A3CD-B06D3533753C}C:\\program files\\thq\\gas powered games\\supreme commander - forged alliance\\bin\\forgedalliance.exe"= TCP:C:\program files\thq\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe:Supreme Commander Forged Alliance Application
"{75C51C14-9DC5-4D10-9643-C4D013349C9B}"= C:\Program Files\AVG\AVG8\avgupd.exe:avgupd.exe
"{37096941-E718-4CFC-BAF8-4862B39B9666}"= UDP:C:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe:Bionic Commando Rearmed
"{1140199F-2B06-45E9-8216-5028944EF184}"= TCP:C:\Program Files\Capcom\Bionic Commando Rearmed\bcr.exe:Bionic Commando Rearmed
"TCP Query User{E26D3BF7-69BF-40D5-8C09-3B2097C594AC}C:\\program files\\steam\\steamapps\\express5577@yahoo.com\\counter-strike source\\hl2.exe"= UDP:C:\program files\steam\steamapps\express5577@yahoo.com\counter-strike source\hl2.exe:hl2
"UDP Query User{8E73308E-B455-4F86-AAA3-6DD7AF69B998}C:\\program files\\steam\\steamapps\\express5577@yahoo.com\\counter-strike source\\hl2.exe"= TCP:C:\program files\steam\steamapps\express5577@yahoo.com\counter-strike source\hl2.exe:hl2
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\Windows\system32\Drivers\avgldx86.sys [2008-07-08 09:33]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-08 09:33]
R2 SBSDWSCService;SBSD Security Center Service;D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-08-14 13:39]
R2 Virtual Server;Virtual Server;C:\Program Files\Microsoft Virtual Server\vssrvc.exe [2007-05-24 13:36]
R3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-08-03 14:30]
R3 TMPassthruMP;TMPassthruMP;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
R3 vhdbus;Microsoft Virtual Server Storage Bus;C:\Windows\system32\DRIVERS\vhdbus.sys [2007-05-05 04:25]
R3 vmh;Virtual Machine Helper;C:\Program Files\Microsoft Virtual Server\vmh.exe [2007-05-24 13:36]
R3 X10Hid;X10 Hid Device;C:\Windows\system32\Drivers\x10hid.sys [2006-11-17 11:31]
S2 RUBotted;Trend Micro RUBotted Service;C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe [2007-12-19 00:18]
S3 msloop;Microsoft Loopback Adapter Driver;C:\Windows\system32\DRIVERS\loop.sys [2008-01-19 00:55]
S3 TMPassthru;Trend Micro Passthru Ndis Service;C:\Windows\system32\DRIVERS\TMPassthru.sys [2007-11-27 22:51]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
%SystemRoot%\system32\soundschemes.exe /AddRegistration
.
Contents of the 'Scheduled Tasks' folder
2008-08-31 C:\Windows\Tasks\User_Feed_Synchronization-{8C28E154-F323-4AD7-ADF2-57743A4D4198}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-19 02:33]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-31 13:44:58
Windows 6.0.6001 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\Windows\system32\winlogon.exe
-> C:\Windows\system32\wbload.dll
PROCESS: C:\Windows\Explorer.exe
-> C:\Windows\system32\wbload.dll
-> C:\Program Files\RocketDock\RocketDock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\nvvsvc.exe
C:\Windows\System32\audiodg.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
C:\Windows\System32\rundll32.exe
C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\WBVista.exe
C:\Windows\System32\inetsrv\inetinfo.exe
C:\Windows\System32\PnkBstrA.exe
C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
C:\Windows\System32\WUDFHost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Trend Micro\RUBotted\TMRUBottedLite.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\msiexec.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\Windows\System32\taskmgr.exe
C:\Windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2008-08-31 13:49:42 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-31 18:49:38
ComboFix2.txt 2008-08-28 19:30:29
Pre-Run: 9,543,290,880 bytes free
Post-Run: 13,391,097,856 bytes free
327 --- E O F --- 2008-08-20 08:00:23
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:09:31 PM, on 8/31/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Steam\Steam.exe
C:\Windows\ehome\ehtray.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\sdclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [DWPersistentQueuedReporting] C:\PROGRA~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE -a
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TMRUBottedTray] "C:\Program Files\Trend Micro\RUBotted\TMRUBottedTray.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: iReboot 1.0.0.lnk = C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone:
http://*.Robert-PC (HKLM)
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) -
http://www.linksysfix.com/netcheck/67/i ... downls.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O22 - SharedTaskScheduler: Deskscapes - {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\deskscapes.dll
O22 - SharedTaskScheduler: Stardock Vista ControlPanel Extension - {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DesktopControlPanel.dll
O22 - SharedTaskScheduler: StardockDreamController - {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - C:\PROGRA~1\Stardock\OBJECT~1\DESKSC~1\DreamControl.dll
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Trend Micro RUBotted Service (RUBotted) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\TMRUBotted.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Stardock WindowBlinds (WindowBlinds) - Stardock Corporation - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\VistaSrv.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
--
End of file - 7800 bytes