Shaba,
Thank you again and again!! ComboFix did not take more than 20 minutes to run, it was done in under 10 minutes if not less.
Brand new Combofix.txtComboFix 08-09-05.02 - Lesha 2008-09-06 12:10:54.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1595 [GMT -4:00]
Running from: C:\Documents and Settings\Lesha\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Lesha\Desktop\CFScript.txt
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\BitComet
C:\Program Files\BitComet\BitComet.xml
C:\Program Files\BitComet\Downloads.xml
C:\Program Files\BitComet\Favourite.xml
C:\Program Files\BitComet\rules\dhtnodes.dat
C:\Program Files\BitComet\share\my_shares.xml
C:\Program Files\BitComet\torrents\Agnez.torrent
C:\Program Files\BitComet\torrents\Agnez.xml
C:\Program Files\BitComet\torrents\Allok.WMV.to.AVI.MPEG.DVD.WMV.Converter.v1.6.8.Incl.Keygen-Lz0.torrent
C:\Program Files\BitComet\torrents\Allok.WMV.to.AVI.MPEG.DVD.WMV.Converter.v1.6.8.Incl.Keygen-Lz0.xml
C:\Program Files\BitComet\torrents\Boilsoft_Video_Splitter_v5.01.rar.torrent
C:\Program Files\BitComet\torrents\Boilsoft_Video_Splitter_v5.01.rar.xml
C:\Program Files\BitComet\torrents\DVDFab Platinum 4.0.6.5 Beta - Personalized.torrent
C:\Program Files\BitComet\torrents\DVDFab Platinum 4.0.6.5 Beta - Personalized.xml
C:\Program Files\BitComet\torrents\DVDFabPlatinum4035Beta-Licensed.exe.torrent
C:\Program Files\BitComet\torrents\DVDFabPlatinum4035Beta-Licensed.exe.xml
C:\Program Files\BitComet\torrents\dvdSanta v4.00.exe.torrent
C:\Program Files\BitComet\torrents\dvdSanta v4.00.exe.xml
C:\Program Files\BitComet\torrents\lost.torrent
C:\Program Files\BitComet\torrents\lost.xml
C:\Program Files\BitComet\torrents\MuveeReveal-7.torrent
C:\Program Files\BitComet\torrents\MuveeReveal-7.xml
C:\Program Files\BitComet\torrents\Slepoi-3.(12.serii.iz.12).2008.XviD.SATRip.torrent
C:\Program Files\BitComet\torrents\Slepoi-3.(12.serii.iz.12).2008.XviD.SATRip.xml
C:\Program Files\BitComet\torrents\Sony Vegas 8 Pro + Crack.torrent
C:\Program Files\BitComet\torrents\Sony Vegas 8 Pro + Crack.xml
C:\Program Files\BitComet\torrents\XXIX_Letnie_Igri_Pekin.avi.torrent
C:\Program Files\BitComet\torrents\XXIX_Letnie_Igri_Pekin.avi.xml
C:\Program Files\eMule
C:\Program Files\eMule\config\AC_SearchStrings.dat
C:\Program Files\eMule\config\addresses.dat
C:\Program Files\eMule\config\cancelled.met
C:\Program Files\eMule\config\clients.met
C:\Program Files\eMule\config\clients.met.bak
C:\Program Files\eMule\config\cryptkey.dat
C:\Program Files\eMule\config\emfriends.met
C:\Program Files\eMule\config\fileinfo.ini
C:\Program Files\eMule\config\filter.dat
C:\Program Files\eMule\config\gui.dat
C:\Program Files\eMule\config\ip-to-country.csv
C:\Program Files\eMule\config\ipfilter.dat
C:\Program Files\eMule\config\known.met
C:\Program Files\eMule\config\known2_64.met
C:\Program Files\eMule\config\partperm.dat
C:\Program Files\eMule\config\preferences.dat
C:\Program Files\eMule\config\preferences.ini
C:\Program Files\eMule\config\preferences[0.47a].ini
C:\Program Files\eMule\config\server.met
C:\Program Files\eMule\config\server_met.old
C:\Program Files\eMule\config\shareddir.dat
C:\Program Files\eMule\config\staticservers.dat
C:\Program Files\eMule\config\statistics.ini
C:\Program Files\eMule\config\tempdir.dat
C:\Program Files\eMule\config\traffic.dat
C:\Program Files\eMule\config\userhash.dat
C:\Program Files\eMule\config\webservices.dat
C:\Program Files\eMule\Db\__db.001
C:\Program Files\eMule\Db\__db.002
C:\Program Files\eMule\Db\__db.003
C:\Program Files\eMule\Db\__db.004
C:\Program Files\eMule\Db\__db.005
C:\Program Files\eMule\Db\Jumpstart.db
C:\Program Files\eMule\Db\log.0000000001
C:\Program Files\eMule\Temp\
001.part.met
C:\Program Files\eMule\Temp\
001.part.met.bak
C:\Program Files\eMule\Temp\
001.part.settings
C:\Program Files\eMule\Temp\
001.part.stats
C:\Program Files\eMule\Temp\
002.part.met
C:\Program Files\eMule\Temp\
002.part.met.bak
C:\Program Files\eMule\Temp\
002.part.settings
C:\Program Files\eMule\Temp\
002.part.stats
C:\Program Files\eMule\Temp\
003.part.met
C:\Program Files\eMule\Temp\
003.part.met.bak
C:\Program Files\eMule\Temp\
003.part.stats
C:\Program Files\eMule\Temp\
004.part.met
C:\Program Files\eMule\Temp\
004.part.met.bad
C:\Program Files\eMule\Temp\
004.part.met.bak
C:\Program Files\eMule\Temp\
004.part.stats
C:\Program Files\eMule\Temp\
005.part.met
C:\Program Files\eMule\Temp\
005.part.met.bak
C:\Program Files\eMule\Temp\
005.part.stats
C:\Program Files\eMule\Temp\
006.part.met
C:\Program Files\eMule\Temp\
006.part.met.bak
C:\Program Files\eMule\Temp\
006.part.stats
C:\Program Files\eMule\Temp\
007.part.met
C:\Program Files\eMule\Temp\
007.part.met.bak
C:\Program Files\eMule\Temp\
007.part.stats
C:\Program Files\eMule\WebServer\Thumbs.db
C:\WINDOWS\system32\ncyraz.dll
C:\WINDOWS\system32\tiysldxg.dll
.
((((((((((((((((((((((((( Files Created from 2008-08-06 to 2008-09-06 )))))))))))))))))))))))))))))))
.
2008-09-06 10:44 . 2008-09-06 10:44 268 --ah----- C:\sqmdata17.sqm
2008-09-06 10:44 . 2008-09-06 10:44 244 --ah----- C:\sqmnoopt17.sqm
2008-09-05 23:51 . 2008-09-05 23:51 244 --ah----- C:\sqmnoopt16.sqm
2008-09-05 23:51 . 2008-09-05 23:51 232 --ah----- C:\sqmdata16.sqm
2008-09-05 21:32 . 2008-09-05 21:32 244 --ah----- C:\sqmnoopt15.sqm
2008-09-05 21:32 . 2008-09-05 21:32 232 --ah----- C:\sqmdata15.sqm
2008-09-05 21:26 . 2008-09-05 21:26 244 --ah----- C:\sqmnoopt14.sqm
2008-09-05 21:26 . 2008-09-05 21:26 232 --ah----- C:\sqmdata14.sqm
2008-09-05 21:25 . 2008-09-05 21:25 244 --ah----- C:\sqmnoopt13.sqm
2008-09-05 21:25 . 2008-09-05 21:25 232 --ah----- C:\sqmdata13.sqm
2008-09-05 21:24 . 2008-09-05 21:24 244 --ah----- C:\sqmnoopt12.sqm
2008-09-05 21:24 . 2008-09-05 21:24 232 --ah----- C:\sqmdata12.sqm
2008-09-05 20:55 . 2008-09-05 20:55 244 --ah----- C:\sqmnoopt11.sqm
2008-09-05 20:55 . 2008-09-05 20:55 232 --ah----- C:\sqmdata11.sqm
2008-09-05 20:46 . 2008-09-05 20:46 268 --ah----- C:\sqmdata10.sqm
2008-09-05 20:46 . 2008-09-05 20:46 244 --ah----- C:\sqmnoopt10.sqm
2008-09-05 20:10 . 2008-09-05 20:33 <DIR> d-------- C:\Old Movies
2008-09-05 19:10 . 2008-09-05 19:10 268 --ah----- C:\sqmdata09.sqm
2008-09-05 19:10 . 2008-09-05 19:10 244 --ah----- C:\sqmnoopt09.sqm
2008-09-05 15:25 . 2008-09-05 15:25 268 --ah----- C:\sqmdata08.sqm
2008-09-05 15:25 . 2008-09-05 15:25 244 --ah----- C:\sqmnoopt08.sqm
2008-09-04 21:39 . 2008-09-04 21:39 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-04 21:31 . 2008-09-04 21:57 <DIR> d-------- C:\SDFix
2008-09-04 20:59 . 2008-09-04 20:59 268 --ah----- C:\sqmdata07.sqm
2008-09-04 20:59 . 2008-09-04 20:59 244 --ah----- C:\sqmnoopt07.sqm
2008-09-04 08:08 . 2008-09-04 08:08 268 --ah----- C:\sqmdata06.sqm
2008-09-04 08:08 . 2008-09-04 08:08 244 --ah----- C:\sqmnoopt06.sqm
2008-09-01 19:29 . 2008-09-01 19:29 244 --ah----- C:\sqmnoopt05.sqm
2008-09-01 19:29 . 2008-09-01 19:29 232 --ah----- C:\sqmdata05.sqm
2008-09-01 00:43 . 2008-09-01 00:43 268 --ah----- C:\sqmdata04.sqm
2008-09-01 00:43 . 2008-09-01 00:43 244 --ah----- C:\sqmnoopt04.sqm
2008-09-01 00:39 . 2008-09-01 00:39 <DIR> d-------- C:\Documents and Settings\Alenka\Application Data\TmpRecentIcons
2008-08-31 22:43 . 2008-08-31 22:57 <DIR> d-------- C:\VideoOutput
2008-08-31 22:40 . 2008-08-31 22:43 <DIR> d-------- C:\Program Files\WMV to AVI MPEG DVD WMV Converter
2008-08-30 20:39 . 2008-08-30 21:08 191 --a------ C:\WINDOWS\Cryvideoslpitter.ini
2008-08-30 20:38 . 2005-05-04 11:58 1,245,184 --a------ C:\WINDOWS\system32\NCTRMFile.dll
2008-08-30 20:38 . 2005-04-18 19:01 991,232 --a------ C:\WINDOWS\system32\NCTVideoCoreM.dll
2008-08-30 20:38 . 2003-01-09 13:43 793,536 --a------ C:\WINDOWS\system32\wmpcdcs8.exe
2008-08-30 20:38 . 2005-03-29 14:35 356,352 --a------ C:\WINDOWS\system32\NCTVideoDxPlayer.dll
2008-08-30 20:38 . 2005-05-05 15:46 282,624 --a------ C:\WINDOWS\system32\NCTQuickTimeFile.dll
2008-08-30 20:38 . 2005-04-14 19:06 196,608 --a------ C:\WINDOWS\system32\NCTWMVFile.dll
2008-08-30 20:38 . 2008-08-30 21:08 5 --a------ C:\WINDOWS\system32\SySvideocutter.dat
2008-08-29 19:57 . 2008-08-29 19:57 <DIR> d-------- C:\Program Files\Cucusoft
2008-08-29 19:57 . 2003-04-03 00:17 172,032 --a------ C:\WINDOWS\system32\ac3filter.ax
2008-08-29 19:54 . 2008-08-29 19:54 <DIR> d-------- C:\Program Files\MPEGJOINER
2008-08-23 00:11 . 2008-08-23 13:24 <DIR> d-------- C:\wmdownloads
2008-08-22 19:16 . 2008-08-31 22:15 <DIR> d-------- C:\WEDDING MOVIE (FINAL)
2008-08-22 15:02 . 2008-08-22 15:22 35,374,160 --a------ C:\Credits.wmv
2008-08-22 13:04 . 2008-08-22 14:17 <DIR> d-------- C:\Documents and Settings\Alenka\Application Data\muvee Technologies
2008-08-22 04:31 . 2008-08-22 16:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-08-22 04:31 . 2008-08-22 16:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-08-21 23:46 . 2008-08-22 15:59 979,327,436 --a------ C:\WeddingLoveStory.wmv
2008-08-21 23:46 . 2008-08-21 23:47 978,711,316 --a------ C:\WeddingLoveStoryOld.wmv
2008-08-21 16:42 . 2008-08-21 16:42 <DIR> d-------- C:\Documents and Settings\Mayya\Application Data\Media Player Classic
2008-08-21 13:59 . 2008-08-21 14:00 <DIR> d-------- C:\Documents and Settings\Grisha\Application Data\Canon
2008-08-21 13:37 . 2008-08-21 14:23 <DIR> d-------- C:\Documents and Settings\Grisha\Application Data\muvee Technologies
2008-08-19 01:06 . 2008-08-24 15:32 <DIR> d-------- C:\Program Files\ImTOO
2008-08-19 01:06 . 2008-08-19 01:06 <DIR> d-------- C:\Documents and Settings\Lesha\Application Data\ImTOO Software Studio
2008-08-18 22:50 . 2008-08-18 22:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Movavi Video Converter 6
2008-08-18 09:17 . 2008-08-18 09:17 <DIR> d-------- C:\Documents and Settings\Mayya\Application Data\Yahoo!
2008-08-18 08:53 . 2008-08-18 08:53 <DIR> d-------- C:\Documents and Settings\Mayya\Application Data\DivX
2008-08-18 03:43 . 2008-08-18 08:57 <DIR> d-------- C:\Documents and Settings\Mayya\Application Data\muvee Technologies
2008-08-17 16:28 . 2008-08-31 21:48 <DIR> d-------- C:\Program Files\Boilsoft Video Splitter
2008-08-17 16:02 . 2008-08-17 16:02 <DIR> d-------- C:\Program Files\Pegasus Media Software
2008-08-17 14:26 . 2008-08-17 14:26 268 --ah----- C:\sqmdata03.sqm
2008-08-17 14:26 . 2008-08-17 14:26 244 --ah----- C:\sqmnoopt03.sqm
2008-08-17 14:18 . 2008-08-17 14:18 <DIR> d-------- C:\Program Files\WMVJoiner
2008-08-17 13:39 . 2008-08-17 13:39 268 --ah----- C:\sqmdata02.sqm
2008-08-17 13:39 . 2008-08-17 13:39 244 --ah----- C:\sqmnoopt02.sqm
2008-08-17 12:55 . 2008-08-21 13:51 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-08-17 11:35 . 2008-08-17 11:35 268 --ah----- C:\sqmdata01.sqm
2008-08-17 11:35 . 2008-08-17 11:35 244 --ah----- C:\sqmnoopt01.sqm
2008-08-17 02:53 . 2008-08-17 02:53 268 --ah----- C:\sqmdata00.sqm
2008-08-17 02:53 . 2008-08-17 02:53 244 --ah----- C:\sqmnoopt00.sqm
2008-08-16 23:31 . 2008-08-17 13:17 <DIR> d-------- C:\Documents and Settings\Lesha\Contacts
2008-08-16 23:22 . 2008-08-16 23:30 <DIR> d-------- C:\Program Files\Windows Live
2008-08-16 23:22 . 2008-08-16 23:29 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-16 23:22 . 2008-08-16 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-16 14:00 . 2008-08-16 14:00 <DIR> d-------- C:\Documents and Settings\Grisha\Application Data\Sony
2008-08-16 14:00 . 2008-08-16 14:00 <DIR> d-------- C:\Documents and Settings\Grisha\Application Data\Publish Providers
2008-08-16 13:54 . 2008-08-16 13:54 <DIR> d-------- C:\Documents and Settings\Alenka\Application Data\Sony
2008-08-16 13:54 . 2008-08-16 13:54 <DIR> d-------- C:\Documents and Settings\Alenka\Application Data\Publish Providers
2008-08-15 02:18 . 2008-08-15 02:18 <DIR> d-------- C:\Program Files\MagicISO
2008-08-11 01:32 . 2008-08-17 16:45 <DIR> d-------- C:\My Music
2008-08-11 01:24 . 2008-08-22 13:38 <DIR> d-------- C:\Program Files\MP3 Wav Editor
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-05 23:28 --------- d-----w C:\Program Files\PowerArchiver
2008-08-31 19:27 --------- d-----w C:\Program Files\MediaCoder
2008-08-30 15:21 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-30 01:28 --------- d-----w C:\Documents and Settings\Lesha\Application Data\TransLite
2008-08-29 01:28 --------- d-----w C:\Documents and Settings\Lesha\Application Data\Move Networks
2008-08-21 18:25 --------- d-----w C:\Documents and Settings\Mayya\Application Data\translite
2008-08-21 17:35 --------- d-----w C:\Documents and Settings\Grisha\Application Data\translite
2008-08-19 21:50 --------- d-----w C:\Documents and Settings\Lesha\Application Data\Vso
2008-08-19 16:54 --------- d-----w C:\Documents and Settings\Lesha\Application Data\dvdcss
2008-08-19 07:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-19 05:39 --------- d-----w C:\Documents and Settings\Lesha\Application Data\Sony
2008-08-18 07:41 --------- d-----w C:\Documents and Settings\Mayya\Application Data\Roxio
2008-08-18 00:41 --------- d-----w C:\Documents and Settings\Lesha\Application Data\Canon
2008-08-16 16:24 --------- d-----w C:\Documents and Settings\Alenka\Application Data\translite
2008-08-15 06:24 --------- d-----w C:\Program Files\Sony Setup
2008-08-15 06:24 --------- d-----w C:\Program Files\Sony
2008-08-13 05:06 --------- d-----w C:\Program Files\avi.NET
2008-08-03 00:26 --------- d--h--r C:\Documents and Settings\Grisha\Application Data\yahoo!
2008-08-03 00:21 --------- d--h--r C:\Documents and Settings\Alenka\Application Data\yahoo!
2008-07-30 03:41 --------- d-----w C:\Program Files\Common Files\AVSMedia
2008-07-30 03:41 --------- d-----w C:\Program Files\AVS4YOU
2008-07-29 07:02 --------- d-----w C:\Program Files\Microsoft Works
2008-07-29 03:10 --------- d-----w C:\Documents and Settings\Lesha\Application Data\muvee Technologies
2008-07-29 00:51 --------- d-----w C:\Program Files\bobyte
2008-07-29 00:40 --------- d-----w C:\Documents and Settings\Lesha\Application Data\AVS4YOU
2008-07-29 00:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2008-07-28 02:14 --------- dc-h--w C:\Documents and Settings\All Users\Application Data\{8928E3C2-3767-4ADC-B470-9B87A98E3B0D}
2008-07-28 02:14 --------- d-----w C:\Program Files\Blaze Media Pro
2008-07-28 01:59 --------- d-----w C:\Program Files\TVU Player
2008-07-25 04:00 --------- d-----w C:\Documents and Settings\Lesha\Application Data\Publish Providers
2008-07-25 03:27 --------- d-----w C:\Program Files\Vstplugins
2008-07-25 03:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sony
2008-07-18 06:04 --------- d-----w C:\Documents and Settings\Lesha\Application Data\Roxio
2008-07-18 04:39 --------- d-----w C:\Program Files\DivX
2008-07-17 07:01 --------- d-----w C:\Program Files\MSXML 6.0
2008-07-16 03:16 --------- d-----w C:\Program Files\muvee Technologies
2008-07-16 03:16 --------- d-----w C:\Program Files\Common Files\muvee Technologies
2008-07-16 03:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\muvee Technologies
2008-07-16 03:13 --------- d-----w C:\Program Files\MSBuild
2008-07-16 03:11 --------- d-----w C:\Program Files\Reference Assemblies
2008-07-15 05:55 --------- d-----w C:\Program Files\Photodex Presenter
2008-07-15 05:55 --------- d-----w C:\Documents and Settings\Lesha\Application Data\Netscape
2008-07-09 04:45 --------- d--h--r C:\Documents and Settings\Lesha\Application Data\yahoo!
2008-07-09 04:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-09 03:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-04-16 00:51 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-08 02:23 47,360 ----a-w C:\Documents and Settings\Lesha\Application Data\pcouffin.sys
2007-10-10 18:38 10,666 ----a-w C:\Program Files\uninstal.log
2007-06-08 03:57 87,608 ----a-w C:\Documents and Settings\Lesha\Application Data\ezpinst.exe
2005-09-02 04:34 56 --sh--r C:\WINDOWS\system32\49AF5AB142.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PowerArchiver Tray"="C:\Program Files\PowerArchiver\PASTARTER.EXE" [2007-02-22 139816]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-24 180269]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 221184]
"GUpload"="C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\GRAS301\GUpload.exe" [2003-08-22 122880]
"OpwareSE2"="C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 286720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TransLite Dictionary.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TransLite Dictionary.lnk
backup=C:\WINDOWS\pss\TransLite Dictionary.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^VPN Client.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
backup=C:\WINDOWS\pss\VPN Client.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
--a------ 2008-07-17 16:23 266497 C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2004-10-12 17:54 57344 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-12-11 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-09-16 16:41 1961984 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROVATray]
--a------ 2007-02-09 08:00 143360 C:\Program Files\ROVA\rovatray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral]
--a------ 2003-07-15 13:38 319488 C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc]
--a------ 2003-12-09 19:24 868352 C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioEngineUtility]
--a------ 2003-05-01 19:44 65536 C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\Totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Ahead\\Nero\\nero.exe"=
"C:\\Program Files\\Microsoft Visual Studio\\COMMON\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\TVU Player\\TVUPlayer.exe"=
"C:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupXu.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"E:\\Gateway Image\\Games\\Electronic Arts\\Sports Car GT Demo\\Spcar.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R2 Neoteris Setup Service;Neoteris Setup Service;C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe [2006-09-25 36864]
R2 ROVA_Srvc;ROVA Service;C:\Program Files\ROVA Update\rovasrvc.exe [2006-11-09 83536]
R3 dsNcAdpt;Juniper Network Connect Adapter;C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys [2006-09-25 23552]
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 16512]
S3 BCM44X2;BCM 10/100 Ethernet Network Adapter Driver;C:\WINDOWS\system32\DRIVERS\BCM4E5.SYS [2001-08-17 26568]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{66734c8a-106c-11db-807f-001111b8cd87}]
\Shell\AutoRun\command - H:\JDSecure\Windows\JDSecure31.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f90610d8-13b1-11db-99d7-001111b8cd87}]
\Shell\AutoRun\command - H:\JDSecure\Windows\JDSecure31.exe
.
Contents of the 'Scheduled Tasks' folder
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-06 12:14:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2008-09-06 12:19:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-06 16:19:03
ComboFix2.txt 2008-09-06 15:26:47
Pre-Run: 6,833,000,448 bytes free
Post-Run: 6,874,902,528 bytes free
357 --- E O F --- 2008-08-21 16:53:25
Latest HijackThis log:Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:38 PM, on 9/6/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
C:\Program Files\ROVA Update\rovasrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerArchiver\PASTARTER.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Trend Micro\HijackThis\Leshka.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://go.microsoft.com/fwlink/?LinkId=488R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL =
http://proxy.ml.com:8083R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [GUpload] C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Cm\GRAS301\GUpload.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [PowerArchiver Tray] C:\Program Files\PowerArchiver\PASTARTER.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O8 - Extra context menu item: Download &Flash Movies - C:\Program Files\Flash2X\Flash Hunter\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O9 - Extra button: Flash2X Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: &Launch Flash Hunter - {77B563A5-2A35-4E6B-BFC8-F4B6BB65D5DF} - C:\Program Files\Flash2X\Flash Hunter\save.htm (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cabO16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) -
http://www.musicnotes.com/download/mnviewer.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 7208574453O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/softwa ... Plugin.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) -
http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) -
http://www.photodex.com/pxplay.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Neoteris Setup Service - Juniper Networks - C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe
O23 - Service: ROVA Service (ROVA_Srvc) - Quintech, Inc. - C:\Program Files\ROVA Update\rovasrvc.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe (file missing)
--
End of file - 8935 bytes