wtrmn76

after 25 minutes it gave me the end program option and the program never entered into any stage.

ComboFix 07-12-07.5 - Brad 2007-12-08 11:41:13.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.540 [GMT -6:00]
Running from: C:\Documents and Settings\Brad\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-08 to 2007-12-08 )))))))))))))))))))))))))))))))
.

2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\system32\xircom
2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\system32\restore
2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\WINDOWS\srchasst
2007-12-08 01:39 . 2007-12-08 01:39 <DIR> d-------- C:\Program Files\microsoft frontpage
2007-12-07 21:13 . 2007-12-07 21:13 <DIR> d-------- C:\Program Files\Wootalyzer
2007-12-07 21:13 . 2007-12-07 21:13 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Wootalyzer
2007-11-30 04:12 . 2007-11-30 04:12 63,488 --a------ C:\WINDOWS\system32\sprt_ads.dll
2007-11-27 18:17 . 2007-11-27 18:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-11-27 18:17 . 2007-11-27 18:17 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-11-27 18:17 . 2007-11-27 18:17 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-11-27 18:17 . 2007-11-27 18:17 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-11-26 19:02 . 2007-11-26 19:02 <DIR> d-------- C:\Deckard
2007-11-26 17:43 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2007-11-24 13:40 . 2007-11-26 02:18 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-11-24 13:40 . 2007-11-24 13:40 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\PC Tools
2007-11-24 13:40 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-11-24 13:40 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-11-24 13:40 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-11-24 13:40 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-11-24 13:39 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-24 12:42 . 2007-11-24 13:14 <DIR> d-------- C:\Documents and Settings\Brad\.housecall6.6
2007-11-24 12:42 . 2007-11-24 12:42 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-11-24 11:49 . 2007-12-04 17:00 <DIR> d-------- C:\Program Files\ContextTool
2007-11-16 18:57 . 1998-02-13 14:30 143,872 --a------ C:\WINDOWS\system32\iacenc.dll
2007-11-16 18:57 . 1997-06-13 08:56 56,832 --a------ C:\WINDOWS\system32\Iyvu9_32.dll
2007-11-16 18:57 . 2007-11-16 18:57 5,768 --a------ C:\WINDOWS\system32\CDUninst.isu
2007-11-16 18:28 . 2007-11-18 10:23 <DIR> d-------- C:\Program Files\Dcads Advanced Toolbar
2007-11-16 18:28 . 2007-11-16 18:32 <DIR> d-------- C:\Documents and Settings\Brad\Application Data\Dcads Advanced Toolbar
2007-11-16 18:28 . 2007-11-19 23:49 80,105 --a------ C:\WINDOWS\system32\dcads-remove.exe
2007-11-16 18:28 . 2007-11-30 06:39 40,734 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2007-11-16 18:03 . 2007-11-16 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2007-11-16 18:00 . 2007-11-22 08:41 <DIR> d-------- C:\Program Files\SlySoft
2007-11-16 18:00 . 2007-11-16 18:02 24 ---hs---- C:\WINDOWS\S72C093FB.tmp
2007-11-09 18:57 . 2007-11-09 18:57 <DIR> d-------- C:\Program Files\Guild Wars
2007-11-08 17:45 . 2007-11-08 17:45 <DIR> d-------- C:\Program Files\iTunes
2007-11-08 17:45 . 2007-11-08 17:45 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-02 19:53 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-02 18:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-30 01:10 --------- d-----w C:\Documents and Settings\Brad\Application Data\Skype
2007-11-22 14:44 --------- d-----w C:\Program Files\Yahoo!
2007-11-17 16:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-17 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2007-11-17 00:08 --------- d-----w C:\Program Files\LimeWire
2007-11-11 02:50 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2007-11-08 23:45 --------- d-----w C:\Program Files\QuickTime Alternative
2007-11-06 01:53 --------- d-----w C:\Program Files\Stamps.com Internet Postage
2007-10-26 22:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2007-10-26 21:48 --------- d-----w C:\Program Files\IVT Corporation
2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\DllCache\shell32.dll
2007-10-23 22:42 --------- d-----w C:\Program Files\Apple Software Update
2007-10-23 22:41 --------- d-----w C:\Program Files\Common Files\Apple
2007-10-23 22:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-10-21 16:47 --------- d--h--r C:\Documents and Settings\Brad\Application Data\yahoo!
2007-10-20 21:49 --------- d-s---w C:\Program Files\Xfire
2007-10-20 21:48 --------- d-----w C:\Documents and Settings\Brad\Application Data\Xfire
2007-10-20 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2007-10-17 17:23 10,752 ----a-w C:\WINDOWS\system32\WhoisCL.exe
2007-10-11 01:42 --------- d-----w C:\Program Files\Starcraft
2007-10-11 01:42 --------- d-----w C:\Program Files\Folding@Home
2007-10-11 01:30 --------- d-----w C:\Program Files\Summitsoft
2007-09-18 01:35 164 ----a-w C:\install.dat
2007-09-17 23:46 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-09-13 00:45 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2007-03-10 20:28 32 ----a-r C:\Documents and Settings\All Users\hash.dat
2006-11-19 17:13 209,893 ----a-w C:\Program Files\wap11_fw_v22.zip
2006-11-19 17:12 1,098,187 ----a-w C:\Program Files\wap11_dr_ver22.zip
.

((((((((((((((((((((((((((((( snapshot@2007-12-08_ 1.40.05.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-07-15 05:49:16 258,048 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_aspnet_isapi.dll
+ 2004-07-15 04:32:22 81,920 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_CORPerfMonExt.dll
+ 2004-07-15 04:24:30 282,624 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_fusion.dll
+ 2004-07-15 04:25:06 315,392 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorjit.dll
+ 2004-07-15 18:29:02 2,138,112 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorlib.dll
+ 2003-02-20 23:09:18 77,824 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorsn.dll
+ 2004-07-15 04:26:52 2,510,848 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorsvr.dll
+ 2004-07-15 04:28:34 2,502,656 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_mscorwks.dll
+ 2003-02-21 08:42:22 348,160 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_msvcr71.dll
+ 2004-07-15 04:34:50 94,208 ----a-w C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\SHADOW3980\_PerfCounter.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0D39A900-0F3A-4C29-A254-3E65244FDC34}]
2007-06-27 14:27 1044480 --a------ C:\Program Files\ContextTool\ContextTool-2.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AD44D3E-7316-4251-B754-9B10EC96AF92}]
2007-11-30 04:12 63488 --a------ C:\WINDOWS\system32\sprt_ads.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E015787-B1E3-404a-95DE-3E71E1FA0305}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-02-01 12:18]
"npad_ql"="C:\WINDOWS\system32\Npad.exe" [2005-12-17 13:25]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 17:51]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 16:43]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" []
"Vistadrv"="C:\WINDOWS\system32\vsdrv.exe" [2006-07-30 03:37]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 14:42]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 17:50]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-03 22:56 C:\WINDOWS\system32\rundll32.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-03 22:56 C:\WINDOWS\system32\rundll32.exe]
"hcsystray"="C:\Program Files\Kuma Games\hcsystray\hc_tray.exe" []
"DXDllRegExe"="dxdllreg.exe" []
"EPSON Stylus CX4200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.exe" [2005-03-07 13:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" [2007-10-19 20:16]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-11-02 18:36]
"RegistryMechanic"="" []
"spa_start"="C:\WINDOWS\System32\Rundll32.exe" [2004-08-03 22:56]
"SansaDispatch"="C:\Documents and Settings\Brad\Desktop\SansaDispatch.exe" [2007-05-02 19:00]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"npad_ql"="C:\WINDOWS\system32\Npad.exe" [2005-12-17 13:25]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoRecentDocsHistory"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoRecentDocsHistory"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
"LClock"=C:\Program Files\LClock\LClock.exe
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

S3 BTNetFilter;Bluetooth Network Filter;\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys

.
Contents of the 'Scheduled Tasks' folder
"2007-12-06 23:33:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-12-08 01:08:26 C:\WINDOWS\Tasks\User_Feed_Synchronization-{AE75908B-8294-4A09-9F36-23EE90111646}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 11:41:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-08 11:42:15
C:\ComboFix2.txt ... 2007-12-08 01:43
.
--- E O F ---