Sorry took so long. Here are my updates.
ComboFix 08-06-12.2 - Nikki's 2008-06-16 19:14:45.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1463 [GMT 1:00]
Running from: C:\Documents and Settings\Nikki's\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Nikki's\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2008-05-16 to 2008-06-16 )))))))))))))))))))))))))))))))
.
2008-06-14 21:02 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 21:02 . 2008-04-14 12:01 272,128 --------- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 20:16 . 2008-06-05 20:17 <DIR> d-------- C:\Program Files\Total Video Converter
2008-06-05 20:02 . 2008-06-05 20:08 <DIR> d-------- C:\Program Files\AviSynth 2.5
2008-06-05 20:01 . 2008-06-05 20:08 <DIR> d-------- C:\Program Files\Gabest
2008-06-04 21:05 . 2008-06-04 21:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-04 21:05 . 2008-06-04 21:05 <DIR> d-------- C:\Documents and Settings\Nikki's\Application Data\Malwarebytes
2008-06-04 21:05 . 2008-06-04 21:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-04 21:05 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-04 21:05 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-03 21:55 . 2008-06-03 21:55 <DIR> d-------- C:\Program Files\Java
2008-06-03 21:55 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-03 21:54 . 2008-06-03 21:54 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-02 21:59 . 2008-06-02 21:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-02 19:50 . 2008-06-02 19:50 <DIR> d-------- C:\Documents and Settings\Nikki's\Application Data\Grisoft
2008-06-02 19:50 . 2008-06-02 19:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-06-02 19:50 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-06-02 00:08 . 2008-06-02 21:28 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-06-02 00:08 . 2008-06-02 21:02 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-01 13:25 . 2008-06-01 13:36 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-06-01 13:25 . 2008-06-01 13:36 88,774 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-06-01 13:24 . 2008-06-01 13:24 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-06-01 13:24 . 2008-06-16 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-06-01 13:24 . 2008-06-16 19:23 3,763,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-01 13:24 . 2008-06-16 19:23 69,152 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-01 13:24 . 2008-06-15 23:01 50,756 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-01 13:24 . 2008-06-15 23:01 7,244 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-01 13:23 . 2008-06-01 13:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-05-27 19:25 . 2008-05-27 19:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-05-27 19:25 . 2008-06-16 11:09 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-05-27 19:25 . 2008-05-27 19:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-26 19:51 . 2008-05-26 19:51 <DIR> d-------- C:\Program Files\QuickTime
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 20:37 --------- d-----w C:\Documents and Settings\Nikki's\Application Data\DNA
2008-06-05 18:57 --------- d-----w C:\Documents and Settings\Nikki's\Application Data\Creative
2008-06-05 18:51 --------- d-----w C:\Program Files\Xilisoft
2008-06-01 21:26 --------- d-----w C:\Program Files\Steam
2008-06-01 12:36 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-06-01 12:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-05-11 12:19 442 ----a-w C:\Documents and Settings\Nikki's\Application Data\wklnhst.dat
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-08 12:28 202,752 ------w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-29 21:26 --------- d-----w C:\Documents and Settings\Nikki's\Application Data\Sports Interactive
2008-04-29 21:25 --------- d--h--w C:\Program Files\Zero G Registry
2008-04-29 21:25 --------- d--h--r C:\Documents and Settings\Nikki's\Application Data\SecuROM
2008-04-29 21:23 --------- d-----w C:\Program Files\Sports Interactive
2008-04-26 21:29 --------- d-----w C:\Documents and Settings\Nikki's\Application Data\PlayFirst
2008-04-26 21:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-26 21:28 --------- d-----w C:\Program Files\Diner Dash Flo on the Go
2008-04-26 21:28 --------- d-----w C:\Program Files\BFG
2008-04-17 10:46 18,432 ------w C:\WINDOWS\system32\dllcache\iedw.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
.
((((((((((((((((((((((((((((( snapshot@2008-06-03_21.41.07.85 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-21 06:44:29 3,066,880 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\mshtml.dll
+ 2008-04-21 06:44:29 666,112 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3GDR\wininet.dll
+ 2008-04-21 06:24:01 3,067,392 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\mshtml.dll
+ 2008-04-21 06:24:02 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP3QFE\wininet.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950759\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950759\update\updspapi.dll
+ 2008-05-07 04:55:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP2QFE\quartz.dll
+ 2008-05-07 05:12:40 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3GDR\quartz.dll
+ 2008-05-07 05:04:15 1,288,192 ----a-w C:\WINDOWS\$hf_mig$\KB951698\SP3QFE\quartz.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951698\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951698\update\updspapi.dll
- 2008-06-03 19:28:01 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-16 10:09:04 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-14 11:01:02 272,128 ------w C:\WINDOWS\Driver Cache\i386\bthport.sys
- 2008-02-16 09:32:03 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 ----a-w C:\WINDOWS\system32\browseui.dll
- 2008-02-16 09:32:03 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
+ 2008-04-21 06:56:54 151,040 ----a-w C:\WINDOWS\system32\cdfview.dll
- 2008-02-16 09:32:03 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
+ 2008-04-21 06:56:55 1,054,208 ----a-w C:\WINDOWS\system32\danim.dll
- 2008-02-16 09:32:03 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
+ 2008-04-21 06:56:54 1,024,000 ------w C:\WINDOWS\system32\dllcache\browseui.dll
- 2008-02-16 09:32:03 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
+ 2008-04-21 06:56:54 151,040 ------w C:\WINDOWS\system32\dllcache\cdfview.dll
- 2008-02-16 09:32:03 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
+ 2008-04-21 06:56:55 1,054,208 ------w C:\WINDOWS\system32\dllcache\danim.dll
- 2008-02-16 09:32:04 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 ------w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-02-16 09:32:04 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 ------w C:\WINDOWS\system32\dllcache\dxtrans.dll
- 2008-02-16 09:32:04 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-04-21 06:56:55 55,808 ------w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-02-16 09:32:04 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
+ 2008-04-21 06:56:56 251,904 ------w C:\WINDOWS\system32\dllcache\iepeers.dll
- 2008-02-16 09:32:04 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
+ 2008-04-21 06:56:56 96,256 ------w C:\WINDOWS\system32\dllcache\inseng.dll
- 2008-02-16 09:32:04 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 ------w C:\WINDOWS\system32\dllcache\jsproxy.dll
- 2008-02-16 09:32:06 3,066,880 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-02-16 09:32:06 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 ------w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-02-16 09:32:06 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-04-21 06:56:57 146,432 ------w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-02-16 09:32:07 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-04-21 06:56:58 532,480 ------w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-02-16 09:32:07 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 ------w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-02-16 09:32:08 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 ------w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-02-16 09:32:08 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 ------w C:\WINDOWS\system32\dllcache\shlwapi.dll
- 2008-02-16 09:32:08 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-04-21 06:56:58 618,496 ------w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-02-16 09:32:09 666,112 ------w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-04-21 06:56:59 666,624 ------w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-02-16 09:32:04 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-04-21 06:56:55 357,888 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-02-16 09:32:04 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-04-21 06:56:55 205,312 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2008-02-16 09:32:04 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-04-21 06:56:55 55,808 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-11 20:39:24 189,792 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-06-14 19:56:47 190,592 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2008-02-16 09:32:04 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
+ 2008-04-21 06:56:56 251,904 ----a-w C:\WINDOWS\system32\iepeers.dll
- 2008-02-16 09:32:04 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
+ 2008-04-21 06:56:56 96,256 ----a-w C:\WINDOWS\system32\inseng.dll
- 2005-11-10 10:27:06 49,248 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 00:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2005-11-10 10:27:16 49,250 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 00:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2005-11-10 12:03:54 127,078 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 01:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
- 2008-02-16 09:32:04 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-04-21 06:56:56 16,384 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2008-05-09 13:35:06 16,863,864 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
- 2008-02-16 09:32:06 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-04-21 06:56:57 3,066,880 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-02-16 09:32:06 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-04-21 06:56:57 449,024 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-02-16 09:32:06 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-04-21 06:56:57 146,432 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-02-16 09:32:07 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-04-21 06:56:58 532,480 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-02-16 09:32:07 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-04-21 06:56:58 39,424 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2008-02-16 09:32:08 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-04-21 06:56:58 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
- 2008-02-16 09:32:08 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
+ 2008-04-21 06:56:58 474,112 ----a-w C:\WINDOWS\system32\shlwapi.dll
- 2007-10-08 14:46:18 14,640 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-02-16 09:32:08 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-04-21 06:56:58 618,496 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-02-16 09:32:09 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-04-21 06:56:59 666,624 ----a-w C:\WINDOWS\system32\wininet.dll
- 2008-02-15 09:06:21 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
+ 2008-04-17 10:37:04 351,744 ----a-w C:\WINDOWS\system32\xpsp3res.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 12:09 460784]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [ ]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CamTray.exe" [2005-10-27 19:00 299008]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-09-13 12:12 139264]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 11:03 868352]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-06-13 20:41 16132608 C:\WINDOWS\RTHDCPL.EXE]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 11:35 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 11:37 81920]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 11:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 09:00 1116920]
"PDVDDXSrv"="C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2006-10-20 17:23 118784]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 17:40 155648]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 05:00 15360]
C:\Documents and Settings\Nikki's\Start Menu\Programs\Startup\
wkcalrem.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2006-06-04 18:18:54 21504]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.325\\English\\setup.exe"=
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 10:35]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
*Newly Created Service* - CATCHME
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-06-16 19:23:38
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-16 19:24:42
ComboFix-quarantined-files.txt 2008-06-16 18:24:39
ComboFix2.txt 2008-06-14 21:29:45
ComboFix3.txt 2008-06-04 19:22:41
ComboFix4.txt 2008-06-03 20:41:58
Pre-Run: 229,329,076,224 bytes free
Post-Run: 229,410,955,264 bytes free
241 --- E O F --- 2008-06-15 18:17:08
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, June 16, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, June 16, 2008 17:04:19
Records in database: 873457
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 86223
Threat name: 1
Infected objects: 5
Suspicious objects: 0
Duration of the scan: 00:38:33
File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\system32\ikvxqxsm.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\joqntkjo.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\lfwbtqhe.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\swumqrpk.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyvSJY.dll.vir Infected: Trojan.Win32.Monder.gen 1
The selected area was scanned.
Firewall - OFF
Automatic Updates - ON
Virus Protection - ON Kaspersky Anti-Virus
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:38:01, on 16/06/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\CPdeSrvU.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\nikki.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/ig/dell?hl=en&c ... bd=5070810R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www1.euro.dell.com/content/defau ... l=en&s=genR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =
http://www.google.co.uk/ig/dell?hl=en&c ... bd=5070810O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] "C:\Program Files\Creative\Shared Files\CamTray.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) -
http://www.creative.com/su/ocx/15031/CTSUEng.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 5334819156O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) -
http://www.creative.com/su/ocx/15031/CTPID.cabO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
--
End of file - 7342 bytes