Member Panel

Mooko

I've just done a brand new scan with both programs, here are the reports:

Combofix:

ComboFix 07-12-02.5 - Administrator 2007-12-02 5:22:07.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1587 [GMT 0:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2007-11-02 to 2007-12-02 )))))))))))))))))))))))))))))))
.

2007-12-02 03:29 . 2007-12-02 03:29 <DIR> d-------- C:\WINDOWS\SDFIX
2007-11-29 13:29 . 2007-11-29 13:33 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Winamp
2007-11-29 01:42 . 2007-11-29 01:42 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2007-11-27 12:46 . 2007-11-27 12:46 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-11-27 12:45 . 2007-11-30 05:24 <DIR> d-------- C:\Program Files\Xfire
2007-11-27 12:45 . 2007-12-02 04:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Xfire
2007-11-23 10:00 . 2007-11-23 10:00 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InstallShield Installation Information
2007-11-23 09:49 . 2007-11-23 09:49 <DIR> d-------- C:\Program Files\Unreal Tournament 3
2007-11-23 09:48 . 2007-11-23 09:48 <DIR> d-------- C:\WINDOWS\system32\AGEIA
2007-11-23 09:48 . 2007-11-23 09:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-23 09:48 . 2007-11-23 09:49 <DIR> d-------- C:\Program Files\AGEIA Technologies
2007-11-23 05:49 . 2007-11-23 05:54 <DIR> d-------- C:\Program Files\World of Warcraft
2007-11-23 05:14 . 2007-03-05 07:55 88,960 --a------ C:\WINDOWS\system32\drivers\ewusbmdm.sys
2007-11-23 05:14 . 2007-03-05 07:55 24,448 --a------ C:\WINDOWS\system32\drivers\ewdcsc.sys
2007-11-23 05:00 . 2007-11-23 05:00 <DIR> d-------- C:\Program Files\T-Mobile
2007-11-22 21:15 . 2007-11-22 21:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\vlc
2007-11-22 21:02 . 2007-11-22 21:02 <DIR> d-------- C:\Program Files\VideoLAN
2007-11-21 17:24 . 2007-12-02 04:55 <DIR> d-------- C:\Program Files\Mozilla Firefox 3 Beta 1
2007-11-21 03:06 . 2007-11-21 03:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DivX
2007-11-21 02:52 . 2007-11-28 07:44 <DIR> d-------- C:\Program Files\DivX
2007-11-20 06:25 . 2007-11-20 06:25 <DIR> d-------- C:\WINDOWS\Performance
2007-11-20 06:25 . 2007-11-20 06:25 <DIR> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-11-20 06:25 . 2007-11-20 06:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2007-11-18 16:20 . 2007-11-29 18:22 <DIR> d-------- C:\Program Files\Steam
2007-11-17 08:09 . 2007-11-25 03:12 <DIR> d-------- C:\Program Files\mIRC
2007-11-17 08:09 . 2007-11-25 13:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\mIRC
2007-11-14 15:21 . 2007-11-14 15:21 <DIR> d-------- C:\Program Files\BitLord
2007-11-14 12:57 . 2007-11-15 20:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-14 05:45 . 2007-11-15 10:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Desktop Sidebar
2007-11-14 05:43 . 2007-11-14 05:43 <DIR> d-------- C:\Program Files\Desktop Sidebar
2007-11-14 03:51 . 2007-12-01 19:55 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-11-13 20:04 . 2007-11-13 20:04 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-13 20:00 . 2007-11-23 05:13 <DIR> d-------- C:\Program Files\Serious Sam 2
2007-11-13 12:53 . 2007-11-13 12:53 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-11-12 20:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-12 20:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-12 20:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-12 15:41 . 2007-11-12 15:41 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2007-11-12 10:11 . 2007-11-24 08:43 <DIR> d-------- C:\Program Files\Soulseek
2007-11-11 19:09 . 2007-11-29 13:30 <DIR> d-------- C:\Program Files\Winamp
2007-11-11 16:02 . 2007-11-11 16:02 <DIR> d-------- C:\Program Files\RocketDock
2007-11-11 15:57 . 2007-11-11 15:57 <DIR> d-------- C:\Program Files\HELP
2007-11-11 15:57 . 2007-11-22 20:54 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-11 15:57 . 2007-11-11 15:57 34,552 --a------ C:\Program Files\uninstall.exe
2007-11-11 15:50 . 2003-07-16 14:27 43,264 --------- C:\WINDOWS\system32\drivers\ser2pl.sys
2007-11-11 15:49 . 2007-11-11 15:49 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-11-11 14:58 . 2007-11-28 07:44 1,429 --a------ C:\WINDOWS\mozver.dat
2007-11-11 14:56 . 2007-11-11 21:57 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2007-11-11 14:54 . 2007-11-23 09:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-11-11 14:46 . 2007-11-11 14:54 <DIR> d-------- C:\Program Files\Windows Live
2007-11-11 14:46 . 2007-11-11 14:54 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-11 14:46 . 2007-11-11 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-11 14:42 . 2007-11-11 14:42 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-11 14:30 . 2007-11-23 05:12 <DIR> d-------- C:\Program Files\web'n'walk USB manager
2007-11-11 14:28 . 2007-12-02 03:50 22,328 --a------ C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-11-11 14:28 . 2007-11-11 14:28 22,328 --a------ C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
2007-11-11 14:27 . 2007-12-02 03:50 107,832 --a------ C:\WINDOWS\system32\PnkBstrB.exe
2007-11-11 14:27 . 2007-11-14 03:05 66,872 --a------ C:\WINDOWS\system32\PnkBstrA.exe
2007-11-11 14:27 . 2007-11-11 14:27 319 --a------ C:\WINDOWS\game.ini
2007-11-11 14:18 . 2007-11-11 14:18 <DIR> d-------- C:\Program Files\Activision
2007-11-11 14:16 . 2007-11-11 14:16 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-11-10 21:47 . 2007-11-10 21:47 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink
2007-11-10 21:25 . 2007-11-10 21:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2007-11-10 14:54 . 2007-12-01 11:44 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2007-11-10 14:53 . 2007-11-10 14:53 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-11-10 14:53 . 2007-11-10 14:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-10 14:53 . 2007-11-10 14:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2007-11-10 14:53 . 2007-11-10 14:53 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-11-10 14:53 . 2007-11-10 14:53 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-11-10 14:33 . 2007-10-04 17:14 136,260 --a------ C:\WINDOWS\system32\nvapps.nvb
2007-11-10 13:56 . 2007-11-10 13:56 <DIR> d-------- C:\WINDOWS\system32\Futuremark
2007-11-10 13:56 . 2007-11-10 13:56 <DIR> d-------- C:\Program Files\Futuremark
2007-11-10 13:56 . 2004-10-25 20:02 21,664 --a------ C:\WINDOWS\system32\drivers\Entech.sys
2007-11-10 13:56 . 2001-11-19 18:05 3,972 --------- C:\WINDOWS\system32\drivers\PciBus.sys
2007-11-10 13:55 . 2007-11-10 13:55 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-11-10 13:55 . 2007-11-10 13:55 <DIR> d-------- C:\Program Files\Common Files\Ahead
2007-11-10 13:55 . 2007-11-10 13:55 <DIR> d-------- C:\Program Files\Ahead
2007-11-10 13:55 . 2004-07-20 16:24 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-11-10 13:55 . 2004-07-20 16:24 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-11-10 13:55 . 2004-07-20 16:24 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-11-10 13:55 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-11-10 13:55 . 2004-07-20 16:24 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-11-10 13:55 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2007-11-10 13:55 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-11-10 13:55 . 2001-06-26 07:15 38,912 --------- C:\WINDOWS\system32\picn20.dll
2007-11-10 13:50 . 2007-11-10 13:50 <DIR> d-------- C:\Program Files\Windows Defender
2007-11-10 13:50 . 2007-11-10 13:50 <DIR> d-------- C:\Program Files\CyberLink
2007-11-10 13:50 . 2007-11-10 13:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-10 13:47 . 2007-11-10 14:50 <DIR> d-------- C:\WINDOWS\nview
2007-11-10 13:47 . 2007-10-04 17:14 356,352 --a------ C:\WINDOWS\system32\nvudisp.exe
2007-11-10 13:47 . 2007-11-13 12:45 140,158 --a------ C:\WINDOWS\system32\nvapps.xml
2007-11-10 13:47 . 2007-10-04 17:14 17,525 --a------ C:\WINDOWS\system32\nvdisp.nvu
2007-11-10 13:46 . 2007-10-04 18:16 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-11-10 13:45 . 2007-11-10 13:45 <DIR> d-------- C:\NVIDIA
2007-11-10 13:36 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-11-10 13:13 . 2007-11-10 13:13 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-10 13:00 . 2007-11-10 13:00 <DIR> d-------- C:\Program Files\MSBuild

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2007-11-28 04:36 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-11 15:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-10 12:58 --------- d-----w C:\Program Files\Reference Assemblies
2007-11-10 12:52 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-10 12:14 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-10 12:14 --------- d-----w C:\Program Files\Realtek
2007-11-10 12:11 --------- d-----w C:\Program Files\Intel
2007-11-10 12:05 --------- d-----w C:\Program Files\microsoft frontpage
2007-10-20 00:56 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-10-20 00:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-10-20 00:56 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-10-20 00:56 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-10-20 00:54 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-10-20 00:54 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-10-20 00:54 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-10-20 00:54 739,840 ----a-w C:\WINDOWS\system32\DivX.dll
2007-10-20 00:54 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-10-18 11:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-18 09:06 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2007-10-18 09:03 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-10-18 09:03 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-10-18 09:03 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-10-18 09:03 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-10-18 09:03 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-10-18 09:02 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2007-10-04 17:14 81,920 ----a-w C:\WINDOWS\system32\nvwddi.dll
2007-10-04 17:14 81,920 ----a-w C:\WINDOWS\system32\nvmctray.dll
2007-10-04 17:14 8,491,008 ----a-w C:\WINDOWS\system32\nvcpl.dll
2007-10-04 17:14 753,664 ----a-w C:\WINDOWS\system32\nvcplui.exe
2007-10-04 17:14 6,854,464 ----a-w C:\WINDOWS\system32\drivers\nv4_mini.sys
2007-10-04 17:14 6,750,208 ----a-w C:\WINDOWS\system32\nvoglnt.dll
2007-10-04 17:14 6,344,704 ----a-w C:\WINDOWS\system32\nvdisps.dll
2007-10-04 17:14 5,783,424 ----a-w C:\WINDOWS\system32\nv4_disp.dll
2007-10-04 17:14 5,509,120 ----a-w C:\WINDOWS\system32\nvdispsr.dll
2007-10-04 17:14 466,944 ----a-w C:\WINDOWS\system32\nvshell.dll
2007-10-04 17:14 458,752 ----a-w C:\WINDOWS\system32\nvmccssr.dll
2007-10-04 17:14 45,056 ----a-w C:\WINDOWS\system32\nvmccsrs.dll
2007-10-04 17:14 442,368 ----a-w C:\WINDOWS\system32\nvappbar.exe
2007-10-04 17:14 425,984 ----a-w C:\WINDOWS\system32\keystone.exe
2007-10-04 17:14 364,544 ----a-w C:\WINDOWS\system32\nvapi.dll
2007-10-04 17:14 36,864 ----a-w C:\WINDOWS\system32\nvcodins.dll
2007-10-04 17:14 36,864 ----a-w C:\WINDOWS\system32\nvcod.dll
2007-10-04 17:14 335,872 ----a-w C:\WINDOWS\system32\nvwrses.dll
2007-10-04 17:14 335,872 ----a-w C:\WINDOWS\system32\nvwrsel.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsfr.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvwrsesm.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvrshe.dll
2007-10-04 17:14 327,680 ----a-w C:\WINDOWS\system32\nvrsar.dll
2007-10-04 17:14 323,584 ----a-w C:\WINDOWS\system32\nvwrspt.dll
2007-10-04 17:14 323,584 ----a-w C:\WINDOWS\system32\nvwrsit.dll
2007-10-04 17:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsptb.dll
2007-10-04 17:14 319,488 ----a-w C:\WINDOWS\system32\nvwrsnl.dll
2007-10-04 17:14 315,392 ----a-w C:\WINDOWS\system32\nvwrsru.dll
2007-10-04 17:14 315,392 ----a-w C:\WINDOWS\system32\nvwrshu.dll
2007-10-04 17:14 311,296 ----a-w C:\WINDOWS\system32\nvwrsde.dll
2007-10-04 17:14 307,200 ----a-w C:\WINDOWS\system32\nvexpbar.dll
2007-10-04 17:14 303,104 ----a-w C:\WINDOWS\system32\nvwrstr.dll
2007-10-04 17:14 303,104 ----a-w C:\WINDOWS\system32\nvwrssl.dll
2007-10-04 17:14 303,104 ----a-w C:\WINDOWS\system32\nvwrsfi.dll
2007-10-04 17:14 3,629,056 ----a-w C:\WINDOWS\system32\nvvitvsr.dll
2007-10-04 17:14 3,551,232 ----a-w C:\WINDOWS\system32\nvvitvs.dll
2007-10-04 17:14 3,334,144 ----a-w C:\WINDOWS\system32\nvgames.dll
2007-10-04 17:14 3,166,208 ----a-w C:\WINDOWS\system32\nvgamesr.dll
2007-10-04 17:14 299,008 ----a-w C:\WINDOWS\system32\nvwrssk.dll
2007-10-04 17:14 299,008 ----a-w C:\WINDOWS\system32\nvwrsno.dll
2007-10-04 17:14 294,912 ----a-w C:\WINDOWS\system32\nvwrssv.dll
2007-10-04 17:14 294,912 ----a-w C:\WINDOWS\system32\nvwrspl.dll
2007-10-04 17:14 294,912 ----a-w C:\WINDOWS\system32\nvwrsda.dll
2007-10-04 17:14 290,816 ----a-w C:\WINDOWS\system32\nvwrsth.dll
2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvwrseng.dll
2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvwrscs.dll
2007-10-04 17:14 286,720 ----a-w C:\WINDOWS\system32\nvnt4cpl.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvwrsar.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvrsfr.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvrses.dll
2007-10-04 17:14 282,624 ----a-w C:\WINDOWS\system32\nvrsel.dll
2007-10-04 17:14 278,528 ----a-w C:\WINDOWS\system32\nvwrshe.dll
2007-10-04 17:14 278,528 ----a-w C:\WINDOWS\system32\nvrsit.dll
2007-10-04 17:14 278,528 ----a-w C:\WINDOWS\system32\nvrsde.dll
2007-10-04 17:14 274,432 ----a-w C:\WINDOWS\system32\nvrspt.dll
2007-10-04 17:14 274,432 ----a-w C:\WINDOWS\system32\nvrsnl.dll
2007-10-04 17:14 274,432 ----a-w C:\WINDOWS\system32\nvrsesm.dll
2007-10-04 17:14 270,336 ----a-w C:\WINDOWS\system32\nvrsru.dll
2007-10-04 17:14 266,240 ----a-w C:\WINDOWS\system32\nvrsptb.dll
2007-10-04 17:14 266,240 ----a-w C:\WINDOWS\system32\nvrsja.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrstr.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrssl.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrssk.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrsko.dll
2007-10-04 17:14 258,048 ----a-w C:\WINDOWS\system32\nvrshu.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrsth.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrssv.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrspl.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrsno.dll
2007-10-04 17:14 253,952 ----a-w C:\WINDOWS\system32\nvrsda.dll
2007-10-04 17:14 249,856 ----a-w C:\WINDOWS\system32\nvrsfi.dll
2007-10-04 17:14 249,856 ----a-w C:\WINDOWS\system32\nvrscs.dll
2007-10-04 17:14 245,760 ----a-w C:\WINDOWS\system32\nvrseng.dll
.

((((((((((((((((((((((((((((( snapshot@2007-12-02_ 3.40.28.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-02 03:36:54 70,580 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2007-12-02 04:59:18 70,580 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2007-12-02 03:36:54 437,134 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-02 04:59:18 437,134 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2007-12-02 04:54:59 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_698.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 16:24]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [2007-09-02 13:58]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 12:32]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 07:28 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 09:22 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [2007-10-04 17:14 C:\WINDOWS\system32\nwiz.exe]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.e xe" [2001-07-09 10:50]
"NvMediaCenter"="RUNDLL32.exe" [2004-08-04 12:00 C:\WINDOWS\system32\rundll32.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-10 14:53]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" []

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-10 14:53]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-03-13 16:38]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-11-15 00:59:50]

R3 AtcL002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l251x86.sys
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial;C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{43e9826b-9062-11dc-a283-001bfc76955a}]
\Shell\AutoRun\command - E:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{de1eb5a8-9982-11dc-a298-001bfc76955a}]
\Shell\AutoRun\command - E:\AutoRun.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-02 04:58:00 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
************************************************** ************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-02 05:22:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2007-12-02 5:23:17
.
--- E O F ---

Hijack this report:

Logfile of HijackThis v1.99.1
Scan saved at 05:24:43, on 02/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\T-Mobile\web'n'walk USB manager\web'n'walk USB manager.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox 3 Beta 1\firefox.exe
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Idea2 SidebarBrowserMonitor Class - {45AD732C-2CE2-4666-B366-B2214AD57A49} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\Program Files\Desktop Sidebar\sbhelp.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1194697347109
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D084B63-9470-4D97-BCD1-7FA4482CD7D9}: NameServer = 149.254.201.126 149.254.192.126
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

Pancake

Ok.Thats good.The files are gone.You should be fine now..

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted text below and click OK.

ComboFix /u

Mooko

Thankyou so much Pancake, I appreciate your help.
I accidently picked up the keyloggers off a .cn website on the World of warcraft forums. I'm usually a little more cautious but heh it got me this time.

Once again thankyou so much, If your heading to England anytime in the next 5 years, let me know and you have a pint with your name on it.

Cheers

Mooko

Pancake

Your welcome..

Member Panel

Sponsors and Ads

Noticeboard