again.. sorry for the trouble Thebruce..
ComboFix 08-12-01.03 - Owner 2008-12-02 6:16:21.2 - NTFSx86
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-11-02 to 2008-12-02 )))))))))))))))))))))))))))))))
.
2008-12-02 15:55 . 2008-12-02 15:55 <DIR> d-------- c:\program files\Trend Micro
2008-12-01 20:03 . 2008-12-01 20:13 250 --a------ c:\windows\gmer.ini
2008-11-30 23:39 . 2008-11-30 23:39 22,528 --a------ c:\documents and settings\Owner\~.exe
2008-11-23 04:30 . 2008-11-23 04:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\channels
2008-11-20 17:28 . 2008-11-20 17:28 <DIR> d-------- c:\program files\UnRar for Windows
2008-11-20 14:36 . 2008-11-20 14:36 <DIR> d-------- c:\program files\Free Sound Recorder
2008-11-20 14:36 . 2008-11-20 14:36 <DIR> d-------- c:\documents and settings\Owner\Application Data\Free Sound Recorder
2008-11-20 14:36 . 2005-05-17 12:37 1,986,560 --a------ c:\windows\system32\NCTAudioFile2.dll
2008-11-20 14:36 . 2005-05-18 11:52 1,212,416 --a------ c:\windows\system32\NCTAudioInformation2.dll
2008-11-20 14:36 . 2005-04-15 12:08 880,640 --a------ c:\windows\system32\NCTAudioEditor2.dll
2008-11-20 14:36 . 2004-11-04 13:31 835,584 --a------ c:\windows\system32\NCTAudioCDGrabber2.dll
2008-11-20 14:36 . 2005-04-04 17:21 602,112 --a------ c:\windows\system32\NCTAudioTransform2.dll
2008-11-20 14:36 . 2005-03-28 15:54 479,232 --a------ c:\windows\system32\NCTAudioVisualization2.dll
2008-11-20 14:36 . 2005-04-25 13:01 458,752 --a------ c:\windows\system32\NCTAudioRecord2.dll
2008-11-20 14:36 . 2005-04-25 13:01 458,752 --a------ c:\windows\system32\NCTAudioPlayer2.dll
2008-11-20 14:36 . 2005-03-28 15:52 417,792 --a------ c:\windows\system32\NCTTextToAudio2.dll
2008-11-20 14:36 . 2005-02-24 11:51 348,160 --a------ c:\windows\system32\NCTWMAFile2.dll
2008-11-20 14:36 . 2006-03-23 12:56 113,486 --a------ c:\windows\system32\NCTWMAProfiles.prx
2008-11-15 15:21 . 2008-11-16 18:51 <DIR> d-------- c:\program files\Lexmark X1100 Series
2008-11-15 15:21 . 2001-08-17 22:36 87,040 --a------ c:\windows\system32\wiafbdrv.dll
2008-11-15 15:21 . 2001-08-17 22:36 87,040 --a--c--- c:\windows\system32\dllcache\wiafbdrv.dll
2008-11-15 15:21 . 2003-08-18 06:56 69,632 --a------ c:\windows\system32\lxbkscin.dll
2008-11-15 15:21 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-15 15:21 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-02 20:11 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2008-12-02 01:12 --------- d-----w c:\program files\Puppy Luv
2008-12-02 01:12 --------- d-----w c:\program files\CyberLink
2008-12-02 01:11 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-01 06:12 --------- d-----w c:\program files\FTP Commander
2008-11-05 11:56 --------- d-----w c:\program files\DivX
2008-11-03 17:34 362 ----a-w c:\windows\Fonts\BOISTERC.PFM
2008-11-03 17:34 1,482 ----a-w c:\windows\Fonts\BOISTERB.PFM
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-09-30 21:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-04 16:42 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-04-21 13:00 0 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat
2008-08-29 16:10 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008082920080830\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-09 139264]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-10-11 7286784]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-10-11 86016]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-25 966656]
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 151552]
"OASClnt"="c:\program files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 53248]
"MCAgentExe"="c:\progra~1\mcafee.com\agent\mcagent.exe" [2005-09-22 303104]
"MCUpdateExe"="c:\progra~1\mcafee.com\agent\McUpdate.exe" [2006-01-11 212992]
"MSKAGENTEXE"="c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 110592]
"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2005-08-10 163840]
"MPFExe"="c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-09-27 999424]
"StormCodec_Helper"="c:\program files\Ringz Studio\Storm Codec\StormSet.exe" [2006-09-30 96984]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"nwiz"="nwiz.exe" [2005-10-11 c:\windows\system32\nwiz.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-12-14 c:\windows\soundman.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
c:\documents and settings\Owner\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2007-12-23 225280]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=lwrdgc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\PROGRA~1\\RINGZS~1\\STORMC~1\\Stormser.exe"=
*Newly Created Service* - RSVP
.
Contents of the 'Scheduled Tasks' folder
2007-02-02 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]
2007-02-02 c:\windows\Tasks\ISP signup reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]
2007-02-02 c:\windows\Tasks\ISP signup reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-04 14:00]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\i4ats6w5.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-02 06:19:00
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-12-02 6:20:26
ComboFix-quarantined-files.txt 2008-12-02 11:19:38
ComboFix2.txt 2008-12-02 20:46:39
Pre-Run: 193,820,241,920 bytes free
Post-Run: 193,853,411,328 bytes free
157 --- E O F --- 2008-11-13 22
05