Wow that was eye-opening, thank you.
BitLord was removed sometime ago.. but yes the folder was there.
Utorrent however, was on there twice, which was strange. I should have been more careful with that being that I am the one who put it on here for educational purposes (the moms' forum for homeschool & educational/games swap), but I am not the only who lives here, so I was fine to remove it considering what I've been dealing with now for 2 weeks.
Here is the new log:
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
ComboFix 08-06-12.2 - CHRISTOPHER 2008-06-14 18:35:40.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1556 [GMT -4:00]
Running from: C:\Documents and Settings\CHRISTOPHER\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\CHRISTOPHER\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active
FILE ::
C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\DMSKSSRh.sys
C:\WINDOWS\AppPatch\SET5AE.tmp
C:\WINDOWS\AppPatch\SET5AF.tmp
C:\WINDOWS\AppPatch\SET5B0.tmp
C:\WINDOWS\system32\71.tmp
C:\WINDOWS\system32\SET24A.tmp
C:\WINDOWS\system32\SET25B.tmp
C:\WINDOWS\system32\SET278.tmp
C:\WINDOWS\system32\SET27A.tmp
C:\WINDOWS\system32\SET29D.tmp
C:\WINDOWS\system32\SET2EC.tmp
C:\WINDOWS\system32\SET2EF.tmp
C:\WINDOWS\system32\SET341.tmp
C:\WINDOWS\system32\SET345.tmp
C:\WINDOWS\system32\SET34D.tmp
C:\WINDOWS\system32\SET357.tmp
C:\WINDOWS\system32\SET35C.tmp
C:\WINDOWS\system32\SET36A.tmp
C:\WINDOWS\system32\SET41A.tmp
C:\WINDOWS\system32\SET498.tmp
C:\WINDOWS\system32\SET4A8.tmp
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Enigma Software Group
C:\Program Files\Enigma Software Group\SpyHunter\ActiveKill.dll
C:\Program Files\Enigma Software Group\SpyHunter\ActiveXKill.dll
C:\Program Files\Enigma Software Group\SpyHunter\Language.dll
C:\Program Files\Enigma Software Group\SpyHunter\Options.dll
C:\Program Files\Enigma Software Group\SpyHunter\ProcessGuard.dll
C:\Program Files\Enigma Software Group\SpyHunter\RegistryGuard.dll
C:\Program Files\Enigma Software Group\SpyHunter\Scanner.dll
C:\Program Files\Enigma Software Group\SpyHunter\Scheduler.dll
C:\Program Files\Enigma Software Group\SpyHunter\SHDS.mht
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.chm
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.skn
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
C:\Program Files\Enigma Software Group\SpyHunter\Updater.dll
C:\Program Files\Enigma Software Group\SpyHunter\whitelist.dat
C:\Program Files\Enigma Software Group\SpyHunter\WSAMonitor.dll
C:\WINDOWS\AppPatch\SET5AE.tmp
C:\WINDOWS\AppPatch\SET5AF.tmp
C:\WINDOWS\AppPatch\SET5B0.tmp
C:\WINDOWS\system32\71.tmp
C:\WINDOWS\system32\SET24A.tmp
C:\WINDOWS\system32\SET25B.tmp
C:\WINDOWS\system32\SET278.tmp
C:\WINDOWS\system32\SET27A.tmp
C:\WINDOWS\system32\SET29D.tmp
C:\WINDOWS\system32\SET2EC.tmp
C:\WINDOWS\system32\SET2EF.tmp
C:\WINDOWS\system32\SET341.tmp
C:\WINDOWS\system32\SET345.tmp
C:\WINDOWS\system32\SET34D.tmp
C:\WINDOWS\system32\SET357.tmp
C:\WINDOWS\system32\SET35C.tmp
C:\WINDOWS\system32\SET36A.tmp
C:\WINDOWS\system32\SET41A.tmp
C:\WINDOWS\system32\SET498.tmp
C:\WINDOWS\system32\SET4A8.tmp
.
((((((((((((((((((((((((( Files Created from 2008-05-14 to 2008-06-14 )))))))))))))))))))))))))))))))
.
2008-06-14 18:31 . 2008-06-14 18:31 <DIR> d-------- C:\Program Files\Common Files\Java
2008-06-14 18:31 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-14 16:17 . 2008-06-14 16:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-06-14 11:37 . 2008-06-14 11:37 <DIR> d-------- C:\Deckard
2008-06-13 07:06 . 2008-06-13 07:06 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\Vso
2008-06-13 07:06 . 2008-06-13 07:06 87,608 --a------ C:\Documents and Settings\CHRISTOPHER\Application Data\ezpinst.exe
2008-06-13 07:06 . 2008-06-13 07:06 47,360 --a------ C:\Documents and Settings\CHRISTOPHER\Application Data\pcouffin.sys
2008-06-12 03:02 . 2008-06-12 03:02 118 --a------ C:\WINDOWS\system32\MRT.INI
2008-06-11 22:50 . 2008-04-14 07:01 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 22:50 . 2008-04-14 07:01 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-05 14:50 . 2008-06-05 14:50 <DIR> d-------- C:\Documents and Settings\GENEVIEVE\Application Data\ESET
2008-06-05 14:39 . 2008-06-05 14:39 <DIR> d-------- C:\Documents and Settings\LAURYN\Application Data\ESET
2008-06-05 06:39 . 2008-06-05 06:39 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-06-05 06:22 . 2008-06-05 06:22 <DIR> d-------- C:\Documents and Settings\BRITTNEY\Application Data\ESET
2008-06-04 17:41 . 2008-06-04 17:41 <DIR> d-------- C:\Program Files\ESET
2008-06-04 17:41 . 2008-06-04 17:41 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\ESET
2008-06-04 17:41 . 2008-06-04 17:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-06-04 17:39 . 2008-06-04 17:39 <DIR> d-------- C:\Program Files\iPod
2008-06-04 17:39 . 2008-06-14 18:29 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-04 17:39 . 2008-06-04 17:39 1,409 --a------ C:\WINDOWS\QTFont.for
2008-06-04 17:38 . 2008-06-04 17:39 <DIR> d-------- C:\Program Files\iTunes
2008-06-04 15:20 . 2008-06-04 15:20 392 --a------ C:\sslist.sss
2008-06-04 15:19 . 2008-06-04 15:20 21,976 --a------ C:\ssave0.sss
2008-06-04 14:46 . 2008-06-04 15:03 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-06-04 14:46 . 2008-06-04 15:03 <DIR> d-------- C:\WINDOWS\system32\en
2008-06-04 14:46 . 2008-06-04 15:03 <DIR> d-------- C:\WINDOWS\system32\bits
2008-06-04 14:46 . 2008-06-04 15:02 <DIR> d-------- C:\WINDOWS\l2schemas
2008-06-04 14:45 . 2008-06-04 14:47 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-06-04 14:39 . 2007-10-25 23:36 8,454,656 --a------ C:\WINDOWS\system32\dllcache\shell32.dll
2008-06-04 14:38 . 2008-06-04 14:38 <DIR> d-------- C:\WINDOWS\EHome
2008-06-04 14:38 . 2004-08-04 02:58 2,012,670 --------- C:\WINDOWS\nt5.cat
2008-06-04 14:38 . 2001-03-02 20:52 15,360 --a------ C:\WINDOWS\system32\asfsipc.dll
2008-06-04 14:32 . 2008-04-13 20:11 3,066,880 --a------ C:\WINDOWS\system32\SET358.tmp
2008-06-04 14:23 . 2008-06-04 15:01 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-06-04 10:20 . 2008-06-04 10:20 <DIR> d-------- C:\Program Files\Panda Security
2008-06-03 21:11 . 2008-06-03 21:11 <DIR> d-------- C:\Documents and Settings\GENEVIEVE\Application Data\SUPERAntiSpyware.com
2008-06-03 21:11 . 2008-06-03 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-05-25 22:05 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-05-18 12:31 . 2008-05-18 12:31 <DIR> d-------- C:\Documents and Settings\CHRISTOPHER\Application Data\HPAppData
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-14 22:31 --------- d-----w C:\Program Files\Java
2008-06-14 04:34 --------- d-----w C:\Program Files\D-Link Media Server
2008-06-13 11:11 --------- d-----w C:\Program Files\Qualcomm
2008-06-12 21:45 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-10 23:41 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\.purple
2008-06-05 10:21 --------- d-----w C:\Program Files\Apple Software Update
2008-06-04 21:37 --------- d-----w C:\Program Files\QuickTime
2008-06-04 03:35 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-06-04 00:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-04 00:33 3,168 ----a-w C:\WINDOWS\system32\tmp.reg
2008-06-04 00:13 --------- d-----w C:\Program Files\The Learning Company
2008-06-04 00:07 --------- d-----w C:\Program Files\GameHouse
2008-06-04 00:03 --------- d-----w C:\Program Files\PopCap Games
2008-06-01 20:24 --------- d-----w C:\Documents and Settings\BRITTNEY\Application Data\.purple
2008-05-27 22:25 --------- d-----w C:\Documents and Settings\GENEVIEVE\Application Data\uTorrent
2008-05-26 22:18 --------- d-----w C:\Program Files\dl_Cats
2008-05-20 10:41 --------- d-----w C:\Program Files\Picasa2
2008-05-18 18:42 --------- d-----w C:\Documents and Settings\CHRISTOPHER\Application Data\uTorrent
2008-05-15 13:16 --------- d-----w C:\Documents and Settings\GENEVIEVE\Application Data\HPAppData
2008-05-12 17:25 --------- d-----w C:\Documents and Settings\GENEVIEVE\Application Data\.purple
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-06 10:35 --------- d-----w C:\Documents and Settings\BRITTNEY\Application Data\HPAppData
2008-04-29 16:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\WEBREG
2008-04-29 16:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Hewlett-Packard
2008-04-29 16:29 --------- d-----w C:\Program Files\HP
2008-04-29 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-04-29 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2008-04-29 16:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2008-04-29 16:26 --------- d-----w C:\Program Files\Common Files\HP
2008-04-21 07:04 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-15 04:04 --------- d-----w C:\Program Files\ItsDeductible2006
2008-04-14 16:54 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-14 16:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avg7
2008-04-14 00:11 99,840 ----a-w C:\WINDOWS\system32\SET4C0.tmp
2008-04-13 19:27 2,188,928 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-27 08:12 151,583 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-25 21:16 25,840 ----a-w C:\Documents and Settings\BRITTNEY\Application Data\GDIPFONTCACHEV1.DAT
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-18 23:36 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
2007-07-16 15:20 27,016 ----a-w C:\Documents and Settings\GENEVIEVE\Application Data\GDIPFONTCACHEV1.DAT
2007-04-17 01:39 87,608 ----a-w C:\Documents and Settings\GENEVIEVE\Application Data\ezpinst.exe
2007-04-17 01:39 47,360 ----a-w C:\Documents and Settings\GENEVIEVE\Application Data\pcouffin.sys
2007-11-29 15:54 56 --sh--r C:\WINDOWS\system32\8F26DE8530.sys
2007-11-29 15:54 3,766 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2005-03-01 21:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 12:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2006-12-19 12:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 00:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2006-12-19 10:17 2180352 8f0deab1f81fb83f9c5995853ce48b9f C:\WINDOWS\$NtUninstallKB929338$\ntoskrnl.exe
2005-03-01 20:59 2179328 4d4cf2c14550a4b7718e94a6e581856e C:\WINDOWS\$NtUninstallKB929338_0$\ntoskrnl.exe
2006-12-19 12:51 2182016 cef243f6defd20be4adde26c7ecacb54 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\SoftwareDistribution\Download\3c0bacd63e67d049a438275fd7b87f25\ntoskrnl.exe
2008-04-13 15:27 2188928 0c89243c7c3ee199b96fcc16990e0679 C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 05:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\system32\dllcache\ntoskrnl.exe
.
((((((((((((((((((((((((((((( snapshot@2008-06-14_16.13.10.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-14 20:00:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-14 22:29:14 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-02-22 05:23:35 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-03-25 05:28:39 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2008-02-22 05:23:39 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-03-25 05:28:43 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2008-02-22 06:33:32 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-03-25 06:37:01 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2007-03-18 19:59 339968 C:\WINDOWS\system32\WDBtnMgr.exe]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 16:24 71216]
"PRONoMgr.exe"="C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 17:24 86016]
"Lexmark X1100 Series"="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 11:43 57344]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 16:21 54832]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 11:44 81920]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 11:35 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 11:36 114688]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 11:32 77824]
"FaxCenterServer"="C:\Program Files\Dell PC Fax\fm3032.exe" [2006-12-12 04:22 312200]
"dlcqmon.exe"="C:\Program Files\Dell Photo AIO Printer 966\dlcqmon.exe" [2007-01-12 13:21 292336]
"CmPCIaudio"="CMICNFG3.CPL" []
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.divxa32"= divxa32.acm
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NoteBurner]
C:\Program Files\NoteBurner\VTBurnerGUI.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfileWatcher]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-05-14 18:22 35328 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--a------ 2006-10-18 20:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
C:\Program Files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\WINDOWS\\system32\\MediaServerDump\\LiveUpdate\\OLUpdate.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
"C:\\Program Files\\D-Link Media Server\\MediaGUI.exe"=
"C:\\Program Files\\D-Link Media Server\\MediaServer.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\WINDOWS\\system32\\dlcqcoms.exe"=
"C:\\Program Files\\Pidgin\\pidgin.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\
000.fcl [2006-11-02 16:51]
S0 ntcdrdrv;ntcdrdrv;C:\WINDOWS\system32\DRIVERS\ntcdrdrv.sys []
S3 DMSKSSRh;DMSKSSRh;C:\DOCUME~1\GENEVI~1\LOCALS~1\Temp\DMSKSSRh.sys []
S3 RTIUSB;RTI USB Driver;C:\WINDOWS\system32\Drivers\RTIusb.sys [2005-09-30 16:04]
S4 dlcq_device;dlcq_device;C:\WINDOWS\system32\dlcqcoms.exe [2006-12-12 04:22]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e3b6ae5-416c-11dc-a119-0016e665bbdc}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-06-10 12:07:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-06-14 18:38:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\
000.fcl"
.
Completion time: 2008-06-14 18:40:52
ComboFix-quarantined-files.txt 2008-06-14 22:40:50
ComboFix2.txt 2008-06-14 20:56:07
ComboFix3.txt 2008-06-14 20:13:35
Pre-Run: 36,359,401,472 bytes free
Post-Run: 36,344,745,984 bytes free
288 --- E O F --- 2008-06-12 07:02:45