I don,t know why
ComboFix 07-10-11.1 - Sr 2007-10-13 8:16:43.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.61 [GMT -4:00]
Running from: C:\Documents and Settings\Sr\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sr\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-09-13 to 2007-10-13 )))))))))))))))))))))))))))))))
.
2007-10-10 22:55 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 07:08 582,656 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 11:25 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-06 19:17 <DIR> d-------- C:\Program Files\Incomplete
2007-10-02 17:35 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-30 22:10 <DIR> d-------- C:\Program Files\RegCleaner
2007-09-28 19:48 <DIR> d-------- C:\Documents and Settings\Sr\Incomplete
2007-09-28 19:43 <DIR> d-------- C:\Documents and Settings\Sr\.limewire
2007-09-26 16:46 <DIR> d-------- C:\Documents and Settings\Sr\Application Data\Thunderbird
2007-09-26 16:45 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-09-17 18:39 <DIR> d-------- C:\WINDOWS\pss
2007-09-16 17:18 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-09-15 21:45 <DIR> d-------- C:\temp\ext34942
2007-09-15 21:45 <DIR> d-------- C:\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-13 02:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2007-10-07 23:29 --------- d-----w C:\Program Files\Windows Live
2007-10-07 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-10-07 15:27 --------- d-----w C:\Program Files\Java
2007-10-06 23:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\avg7
2007-10-06 23:40 --------- d-----w C:\Program Files\LimeWire
2007-10-06 23:26 --------- d-----w C:\Documents and Settings\Sr\Application Data\AVG7
2007-10-06 14:19 --------- d-----w C:\Program Files\Microsoft Silverlight
2007-09-29 02:28 --------- d-----w C:\Program Files\Dobermann
2007-09-16 21:18 --------- d-----w C:\Program Files\Common Files\Real
2007-09-13 21:37 --------- d-----w C:\Program Files\Windows Desktop Search
2007-09-05 21:42 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2007-09-05 21:32 --------- d-----w C:\Program Files\Windows Live Toolbar
2007-09-04 02:28 --------- d-----w C:\Program Files\Windows Media Bonus Pack for Windows XP
2007-09-03 23:47 --------- d-----w C:\Program Files\Windows Defender
2007-08-23 14:04 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-08-23 14:04 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-23 04:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-08-23 03:52 --------- d-----w C:\Program Files\Lavasoft
2007-08-23 03:49 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-08-21 22:29 --------- d-----w C:\Documents and Settings\Sr\Application Data\Grisoft
2007-08-21 22:21 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-21 22:21 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-21 22:21 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2007-08-21 22:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-08-21 15:02 691,304,544 ----a-w C:\Documents and Settings\Sr\CD.bin
2007-08-21 03:13 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2007-08-19 12:21 --------- d-----w C:\Documents and Settings\Sr\Application Data\GTek
2007-08-15 19:04 578,560 ----a-w C:\WINDOWS\WLXPGSS.SCR
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"anvshell"="anvshell.exe" [2003-07-23 23:19 C:\WINDOWS\anvshell.exe]
"LiveNote"="livenote.exe" [2002-07-11 05:31 C:\WINDOWS\livenote.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-19 21:34]
"nwiz"="nwiz.exe" [2005-09-19 21:35 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-09-19 21:34]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 18:15]
"MOUSE32B"="C:\Program Files\Tilt Wheel Mouse\MULTI-DIRECTION OPTICAL MOUSE\1.3\Mouse32B.exe" [2004-11-25 12:24]
"LyraHD2TrayApp"="C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe" [2005-04-18 16:35]
"SchedulingAgent"="mstinit.exe" [2004-08-04 00:56 C:\WINDOWS\system32\mstinit.exe]
"AtiPTA"="atiptaxx.exe" [2001-09-26 22:39 C:\WINDOWS\system32\atiptaxx.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-06-29 06:24]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-13 16:46]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 05:25]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-16 17:16]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-08-16 16:19]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2005-05-31 01:04]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"SchedulingAgent"=mstask.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-05-30 22:19:31]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Watch2007.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-08-17 19:58:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-10-13 12:07:35 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-10-13 12:26:35 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2007-10-13 12:23:12 C:\WINDOWS\Tasks\wlmail.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-13 08:24:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-10-13 8:31:20 - machine was rebooted
C:\ComboFix2.txt ... 2007-10-11 23:20
C:\ComboFix3.txt ... 2007-10-10 23:04
.
--- E O F ---