OK - no problem running ComboFix.
Logs here:
ComboFix 08-10-14.07 - Chris 2008-10-15 18:50:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1260 [GMT 8:00]
Running from: C:\Documents and Settings\Chris\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Chris\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Chris\Application Data\Azureus
C:\Documents and Settings\Chris\Application Data\Azureus\.certs
C:\Documents and Settings\Chris\Application Data\Azureus\.keystore
C:\Documents and Settings\Chris\Application Data\Azureus\.lock
C:\Documents and Settings\Chris\Application Data\Azureus\active\cache.dat
C:\Documents and Settings\Chris\Application Data\Azureus\azureus.config
C:\Documents and Settings\Chris\Application Data\Azureus\azureus.config.bak
C:\Documents and Settings\Chris\Application Data\Azureus\azureus.statistics
C:\Documents and Settings\Chris\Application Data\Azureus\azureus.statistics.bak
C:\Documents and Settings\Chris\Application Data\Azureus\banips.config
C:\Documents and Settings\Chris\Application Data\Azureus\banips.config.bak
C:\Documents and Settings\Chris\Application Data\Azureus\dht\addresses.dat
C:\Documents and Settings\Chris\Application Data\Azureus\dht\contacts.dat
C:\Documents and Settings\Chris\Application Data\Azureus\dht\diverse.dat
C:\Documents and Settings\Chris\Application Data\Azureus\dht\general.dat
C:\Documents and Settings\Chris\Application Data\Azureus\dht\version.dat
C:\Documents and Settings\Chris\Application Data\Azureus\downloads.config
C:\Documents and Settings\Chris\Application Data\Azureus\downloads.config.bak
C:\Documents and Settings\Chris\Application Data\Azureus\filters.config
C:\Documents and Settings\Chris\Application Data\Azureus\friends.config
C:\Documents and Settings\Chris\Application Data\Azureus\friends.config.bak
C:\Documents and Settings\Chris\Application Data\Azureus\ipfilter.cache
C:\Documents and Settings\Chris\Application Data\Azureus\logs\alerts_1.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\AutoSpeed_1.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\AutoSpeedSearchHistory_1.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\debug_1.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\debug_2.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\Friends_1.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\NetStatus_1.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\seltrace_1.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\seltrace_2.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\SpeedMan_1.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\SpeedMan_2.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\thread_1.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\thread_2.log
C:\Documents and Settings\Chris\Application Data\Azureus\logs\v3.STres_1.log
C:\Documents and Settings\Chris\Application Data\Azureus\net\pm_9506.dat
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.3.jar
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.3.zip
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.jar
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\azupnpav_0.1.7.zip
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.0.jar
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.0.zip
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.jar
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.1.zip
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.jar
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\azupnpav_0.2.2.zip
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\plugin.properties
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.3
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.1.7
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.0
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.1
C:\Documents and Settings\Chris\Application Data\Azureus\plugins\azupnpav\plugin.properties_0.2.2
C:\Documents and Settings\Chris\Application Data\Azureus\tables.config
C:\Documents and Settings\Chris\Application Data\Azureus\tables.config.bak
C:\Documents and Settings\Chris\Application Data\Azureus\tmp\AZU33620.tmp
C:\Documents and Settings\Chris\Application Data\Azureus\tmp\AZU33621.tmp
C:\Documents and Settings\Chris\Application Data\Azureus\tmp\AZU33622.tmp
C:\Documents and Settings\Chris\Application Data\Azureus\tmp\AZU33623.tmp
C:\Documents and Settings\Chris\Application Data\Azureus\tmp\AZU33624.tmp
C:\Documents and Settings\Chris\Application Data\Azureus\tmp\AZU33625.tmp
C:\Documents and Settings\Chris\Application Data\Azureus\tmp\AZU33626.tmp
C:\Documents and Settings\Chris\Application Data\Azureus\tmp\AZU33628.tmp
C:\Documents and Settings\Chris\Application Data\Azureus\tmp\speedTestTorrent.torrent
C:\Documents and Settings\Chris\Application Data\Azureus\tracker.config
C:\Documents and Settings\Chris\Application Data\Azureus\tracker.config.bak
C:\Documents and Settings\Chris\Application Data\Azureus\update.log
C:\Documents and Settings\Chris\Application Data\Azureus\update.properties
C:\Program Files\DNA
C:\Program Files\DNA\btdna.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.
2008-10-14 10:28 . 2008-10-14 10:29 <DIR> d-------- C:\WINDOWS\LastGood
2008-10-14 10:28 . 2008-10-15 07:16 613 --a------ C:\WINDOWS\hpntwksetup.ini
2008-10-12 09:17 . 2008-10-12 09:17 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Media Player Classic
2008-10-08 16:33 . 2008-10-08 16:33 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-10-08 16:33 . 2008-10-08 16:33 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-10-08 15:58 . 2008-10-08 15:58 <DIR> d-------- C:\Program Files\Trek 310
2008-10-08 15:58 . 2008-10-08 15:58 <DIR> d-------- C:\Program Files\Common Files\Trek310
2008-10-08 15:58 . 2005-05-23 20:29 392,448 --a------ C:\WINDOWS\system32\drivers\snpstd2.sys
2008-10-08 15:58 . 2005-06-10 18:49 98,304 --a------ C:\WINDOWS\system32\rsnpstd2.dll
2008-10-08 15:58 . 2004-02-16 13:59 61,440 --a------ C:\WINDOWS\system32\csnpstd2.dll
2008-10-08 15:58 . 2004-06-08 18:25 53,248 --a------ C:\WINDOWS\system32\dsnpstd2.dll
2008-10-08 15:58 . 2005-05-26 10:21 36,864 --a------ C:\WINDOWS\system32\vsnpstd2.dll
2008-10-08 15:58 . 2005-05-26 10:18 36,864 --a------ C:\WINDOWS\system32\dsnpstd2.ax
2008-10-08 15:58 . 2003-01-17 17:34 15,541 --a------ C:\WINDOWS\snpstd2.ini
2008-10-08 15:58 . 2003-01-17 17:35 13,023 --a------ C:\WINDOWS\snpstd2.src
2008-10-07 18:33 . 2004-08-30 16:37 286,720 --------- C:\WINDOWS\vsnpstd2.exe
2008-10-07 13:14 . 2008-10-07 13:14 921,624 --a------ C:\img2-001.raw
2008-10-07 12:48 . 2008-10-07 12:48 <DIR> d-------- C:\Program Files\DD PlayCam
2008-10-07 12:47 . 2008-04-14 02:45 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-10-07 12:47 . 2008-04-14 02:45 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-10-07 12:42 . 2008-10-07 17:58 <DIR> d-------- C:\WINDOWS\Album
2008-09-21 20:17 . 2008-09-21 20:17 <DIR> d-------- C:\Documents and Settings\Chris\Application Data\Image Zone Express
2008-09-16 08:14 . 2008-09-16 08:14 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-16 08:14 . 2008-09-16 08:14 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-09-16 08:14 . 2008-09-16 08:14 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-09-16 08:11 . 2008-09-16 08:11 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2008-09-16 08:11 . 2008-09-16 08:11 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2008-09-16 08:11 . 2008-09-16 08:11 815,104 --a------ C:\WINDOWS\system32\divx_xx0a.dll
2008-09-16 08:11 . 2008-09-16 08:11 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2008-09-16 08:11 . 2008-09-16 08:11 683,520 --a------ C:\WINDOWS\system32\DivX.dll
2008-09-16 08:11 . 2008-09-16 08:11 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-09-16 08:11 . 2008-09-16 08:11 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 10:25 --------- d-----w C:\Program Files\Java
2008-10-15 10:20 --------- d-----w C:\Program Files\Azureus
2008-10-15 01:37 --------- d-----w C:\Documents and Settings\Chris\Application Data\Skype
2008-10-15 00:09 --------- d-----w C:\Documents and Settings\Chris\Application Data\skypePM
2008-10-14 23:05 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-10-12 23:32 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-07 10:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Creative
2008-10-07 04:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-04 23:58 --------- d-----w C:\Program Files\DivX
2008-10-02 10:08 --------- d-----w C:\Documents and Settings\Chris\Application Data\Roxio
2008-09-16 00:12 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-09-16 00:12 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-09-16 00:12 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-09-16 00:12 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-09-16 00:12 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-09-16 00:12 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-09-16 00:12 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-09-16 00:12 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-09-16 00:12 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-09-13 05:10 --------- d-----w C:\Program Files\iTunes
2008-09-13 05:10 --------- d-----w C:\Program Files\iPod
2008-09-13 05:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-13 05:08 --------- d-----w C:\Program Files\QuickTime
2008-09-13 05:08 --------- d-----w C:\Program Files\Bonjour
2008-09-13 05:07 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-10 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-09-01 11:17 --------- d-----w C:\Program Files\DK Multimedia
2008-08-29 02:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 01:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-22 01:47 --------- d-----w C:\Program Files\RssReader
2008-08-21 22:44 --------- d-----w C:\Program Files\Skype
2008-08-21 22:44 --------- d-----w C:\Program Files\Common Files\Skype
2008-08-21 22:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-08-21 01:10 --------- d-----w C:\Documents and Settings\Chris\Application Data\NeroDigital™
2008-08-20 23:18 --------- d-----w C:\Documents and Settings\Chris\Application Data\Nero
2008-08-20 23:17 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-20 23:15 --------- d-----w C:\Program Files\Nero
2008-08-20 23:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-20 15:20 --------- d-----w C:\Program Files\Common Files\Ahead
2008-07-23 05:19 47,360 ----a-w C:\Documents and Settings\Chris\Application Data\pcouffin.sys
2008-07-18 14:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 14:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 14:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 14:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 14:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 14:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 14:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 14:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 14:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 14:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-15 09:23 72,728 ----a-w C:\WINDOWS\system32\CTHWIUT.DLL
2008-07-15 09:23 170,520 ----a-w C:\WINDOWS\system32\CT20XUT.DLL
2008-07-15 09:22 1,323,544 ----a-w C:\WINDOWS\system32\CTEXFIFX.DLL
2007-11-17 00:22 22,328 ------w C:\Documents and Settings\Chris\Application Data\PnkBstrK.sys
2008-05-15 10:28 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2005-06-02 48752]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-02 13529088]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-04-23 228088]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 483328]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-02 86016]
"CPU Power Monitor"="C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe" [2008-01-09 627200]
"Cpu Level Up help"="C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"ASUS Energy Saving"="C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe" [2008-01-28 1352704]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SNPSTD2"="C:\WINDOWS\vsnpstd2.exe" [2004-08-30 286720]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"CTHelper"="CTHELPER.EXE" [2006-08-17 C:\WINDOWS\CTHELPER.EXE]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 C:\WINDOWS\KHALMNPR.Exe]
"nwiz"="nwiz.exe" [2008-05-02 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 C:\WINDOWS\KHALMNPR.Exe]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 C:\WINDOWS\system32\Ctxfihlp.exe]
C:\Documents and Settings\Chris\Start Menu\Programs\Startup\
BUFFALO NAS Navigator.lnk - C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe [2007-03-02 802816]
ImationFlashDetect.lnk - C:\Program Files\Imation\ImationFlashDetect.exe [2007-03-04 806912]
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe [2007-07-21 2913584]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-03-11 25214]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-04 258048]
HP Image Zone Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-04 53248]
Logitech SetPoint.lnk - C:\Logitech\SetPoint\SetPoint.exe [2008-03-25 789008]
Nike+ Utility.lnk - C:\Program Files\Nike+ Utility\Nike+ Utility.exe [2008-04-30 1228800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-01-09 12:30 72208 c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AtiExtEvent]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:6112
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R2 CTAudSvcService;Creative Audio Service;C:\Program Files\Creative\Shared Files\CTAudSvc.exe [2008-04-30 417792]
R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 70912]
R3 ha20x2k;Creative 20X HAL Driver;C:\WINDOWS\system32\drivers\ha20x2k.sys [2008-07-15 1173016]
R3 snpstd2;Trek 310;C:\WINDOWS\system32\DRIVERS\snpstd2.sys [2005-05-23 392448]
S3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\WINDOWS\system32\drivers\asusgsb.sys [2007-07-12 12416]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-08-01 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\WINDOWS\system32\drivers\CT20XUT.SYS [ ]
S3 CT20XUT;CT20XUT;C:\WINDOWS\system32\drivers\CT20XUT.SYS [ ]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [ ]
S3 CTEXFIFX;CTEXFIFX;C:\WINDOWS\system32\drivers\CTEXFIFX.SYS [ ]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\WINDOWS\system32\drivers\CTHWIUT.SYS [ ]
S3 CTHWIUT;CTHWIUT;C:\WINDOWS\system32\drivers\CTHWIUT.SYS [ ]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D32.sys [ ]
*Newly Created Service* - CATCHME
*Newly Created Service* - HPJMPR50
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
BHO-{37331906-4d48-45ba-940c-9370158830c6} - (no file)
BHO-{648991E4-904F-4EF3-96C0-ACF53A9DAE08} - (no file)
BHO-{9F872798-68EA-44A8-BD39-F8257595E013} - (no file)
BHO-{B5ED07FE-985A-4941-9BAC-2D4A10C5F106} - (no file)
BHO-{FF9DD5EA-1D61-412C-989B-17A7F9CDE386} - (no file)
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-10-15 18:55:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?
scanning hidden files ...
**************************************************************************
.
Completion time: 2008-10-15 18:57:50
ComboFix-quarantined-files.txt 2008-10-15 10:56:47
ComboFix2.txt 2008-10-15 01:45:24
Pre-Run: 220,394,401,792 bytes free
Post-Run: 220,376,817,664 bytes free
283 --- E O F --- 2008-09-10 19:05:36
=====================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:45:55 PM, on 10/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\ASUS\AASP\1.00.59\aaCenter.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Nike+ Utility\Nike+ Utility.exe
C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
C:\Program Files\Imation\ImationFlashDetect.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {37331906-4d48-45ba-940c-9370158830c6} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {648991E4-904F-4EF3-96C0-ACF53A9DAE08} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {9F872798-68EA-44A8-BD39-F8257595E013} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {B5ED07FE-985A-4941-9BAC-2D4A10C5F106} - (no file)
O2 - BHO: (no name) - {C8CDF0B6-A3C3-4ABC-BBCA-EA772B562921} - (no file)
O2 - BHO: (no name) - {FF9DD5EA-1D61-412C-989B-17A7F9CDE386} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CPU Power Monitor] "C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe
O4 - HKLM\..\Run: [ASUS Energy Saving] "C:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe"
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: BUFFALO NAS Navigator.lnk = C:\Program Files\BUFFALO\NASNAVI\NasNavi.exe
O4 - Startup: ImationFlashDetect.lnk = C:\Program Files\Imation\ImationFlashDetect.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Nike+ Utility.lnk = C:\Program Files\Nike+ Utility\Nike+ Utility.exe
O8 - Extra context menu item: Convert link target to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF -
res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=58813O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -
http://cdn.scan.onecare.live.com/resour ... ase370.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{0F47A558-728E-4F40-9F2E-266D96322B85}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0F47A558-728E-4F40-9F2E-266D96322B85}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{0F47A558-728E-4F40-9F2E-266D96322B85}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - Unknown owner - C:\WINDOWS\ATKKBService.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
--
End of file - 14004 bytes