Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:55, on 15/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myexpresssearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.besttoolbars.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {05BD1C7F-7D04-4AF1-B0DB-7923F2FF9CB6} - C:\WINDOWS\system32\cbXQhETL.dll (file missing)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0E98AFCA-60F6-4071-91BC-B38951D86280} - (no file)
O2 - BHO: (no name) - {28220052-D9A9-44B1-AB98-EDC594D238B6} - C:\WINDOWS\system32\khfCTLcA.dll
O2 - BHO: (no name) - {3CFDD872-70A3-4361-BC71-7699E1F2F4EE} - C:\WINDOWS\system32\efccaXnM.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: {012bc5ff-7c89-94cb-2d04-5e1e3a8ffcd6} - {6dcff8a3-e1e5-40d2-bc49-98c7ff5cb210} - C:\WINDOWS\system32\ueumiq.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8F9E75E7-A185-4EBF-86ED-33A00557D356} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B94F3F24-6C6E-4225-AA2C-789CC2B20CE5} - (no file)
O2 - BHO: (no name) - {CA5B8305-1A1C-40B5-BC62-F2DB6C4C703C} - (no file)
O2 - BHO: (no name) - {F4152C16-8D12-48B5-A2C6-A6A9125B7005} - (no file)
O3 - Toolbar: My Express Search Toolbar - {6226BA26-C017-4007-928C-DE9715C6FA67} - C:\Program Files\MyExpressSearch\My Express Search Toolbar\my_express_search.dll
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [KBDriver] C:\Program Files\Keyboard Driver\OEMDriver.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [SpybotDeletingC3535] cmd /c del "C:\WINDOWS\system32\efccaXnM.dll_old"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/re [...] oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wi [...] 3309443312
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: khfCTLcA - C:\WINDOWS\SYSTEM32\khfCTLcA.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DCPFLICS - Unknown owner - C:\Program Files\DCPFLICS\DCPFLICS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit (mi-raysat_3dsMax2009_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe
O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe

--
End of file - 9270 bytes

ComboFix 08-07-15.4 - Fayt 2008-07-16 15:58:41.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2518 [GMT 2:00]
Running from: C:\Documents and Settings\Fayt\Desktop\ComboFix.exe

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\akidmmhs.ini
C:\WINDOWS\system32\awownhcs.ini
C:\WINDOWS\system32\cbHhknmp.ini
C:\WINDOWS\system32\cbHhknmp.ini2
C:\WINDOWS\system32\cdLkQXyb.ini
C:\WINDOWS\system32\cdLkQXyb.ini2
C:\WINDOWS\system32\ckusoatl.ini
C:\WINDOWS\system32\cnidsamb.ini
C:\WINDOWS\system32\epgbaygh.ini
C:\WINDOWS\system32\fihlgewe.ini
C:\WINDOWS\system32\GjlRYcfe.ini
C:\WINDOWS\system32\GjlRYcfe.ini2
C:\WINDOWS\system32\gjweyvxg.ini
C:\WINDOWS\system32\khvaekki.ini
C:\WINDOWS\system32\LTEhQXbc.ini
C:\WINDOWS\system32\LTEhQXbc.ini2
C:\WINDOWS\system32\MnXaccfe.ini
C:\WINDOWS\system32\MnXaccfe.ini2
C:\WINDOWS\system32\oqqqAJjl.ini
C:\WINDOWS\system32\oqqqAJjl.ini2
C:\WINDOWS\system32\tfdnrwsi.ini
C:\WINDOWS\system32\tictbpex.ini
C:\WINDOWS\system32\vlfqhfxl.ini
C:\WINDOWS\system32\xcavcrpk.ini
C:\WINDOWS\system32\xISsvyxx.ini
C:\WINDOWS\system32\xISsvyxx.ini2
C:\WINDOWS\system32\xxyvsSIx.dll
.
---- Previous Run -------
.
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-16 15:56 . 2008-07-16 15:56 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Avira
2008-07-16 14:06 . 2008-07-16 14:06 <DIR> d-------- C:\Program Files\Avira
2008-07-16 12:19 . 2008-07-16 12:19 102,400 --a------ C:\WINDOWS\system32\tvfyiv.dll
2008-07-16 12:19 . 2008-07-16 12:19 102,400 --a------ C:\WINDOWS\system32\qlbytxql.dll
2008-07-15 22:19 . 2008-07-15 22:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 22:19 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-15 22:19 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 15:26 . 2008-07-15 15:26 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-07-15 15:26 . 2008-07-15 15:26 1,409 --a------ C:\WINDOWS\QTFont.for
2008-07-15 13:40 . 2008-07-15 13:40 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-07-15 13:40 . 2005-06-24 12:50 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-15 13:40 . 2005-06-24 12:50 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-07-14 00:48 . 2008-07-14 19:33 <DIR> d-------- C:\Program Files\CAPCOM
2008-07-13 22:34 . 2008-07-13 22:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-10 00:32 . 2008-07-10 00:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 16:27 . 2008-07-09 16:38 <DIR> d-------- C:\Program Files\Jacky Pomme
2008-07-06 00:14 . 2008-07-06 00:14 <DIR> d-------- C:\Graphics
2008-07-06 00:14 . 2005-11-13 02:28 238,080 --a------ C:\WINDOWS\system32\mwgfx24.dll
2008-07-06 00:14 . 2008-03-16 09:43 190,464 --a------ C:\WINDOWS\system32\mwgfx.dll
2008-07-06 00:14 . 2008-06-23 09:42 104,960 --a------ C:\WINDOWS\system32\mwdds.dll
2008-07-06 00:14 . 2004-05-14 12:13 56,832 --a------ C:\WINDOWS\system32\mwace.dll
2008-07-06 00:14 . 2007-08-19 10:37 28,672 --a------ C:\WINDOWS\system32\mwgfxcopy.exe
2008-07-04 16:25 . 2008-07-13 21:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TrackMania
2008-07-04 16:19 . 2008-07-04 16:22 <DIR> d-------- C:\Program Files\TmNationsForever
2008-07-04 12:08 . 2008-07-04 12:07 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-04 12:07 . 2008-07-04 12:14 <DIR> d-------- C:\Documents and Settings\Fayt\.housecall6.6
2008-07-03 16:13 . 2008-07-03 16:13 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-03 15:28 . 2008-07-03 15:28 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Malwarebytes
2008-07-03 15:28 . 2008-07-03 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 13:05 . 2008-07-03 13:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 20:48 . 2008-07-06 20:35 <DIR> d-------- C:\Program Files\Diablo II
2008-07-02 20:28 . 2008-07-04 18:13 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-02 18:43 . 2008-07-02 18:43 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-07-01 20:13 . 2008-07-01 20:13 28,288 --a------ C:\WINDOWS\system32\khfCTLcA.dll
2008-07-01 20:09 . 2008-07-02 20:57 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-07-01 20:09 . 2008-07-02 20:57 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-07-01 20:09 . 2008-07-02 20:57 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-07-01 18:15 . 2008-07-01 18:15 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Ace
2008-06-30 18:59 . 2008-06-30 18:59 <DIR> d-------- C:\Program Files\uTorrent
2008-06-30 18:59 . 2008-07-16 15:27 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\uTorrent
2008-06-27 18:06 . 2008-06-27 18:06 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-27 18:06 . 2008-06-27 18:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-27 14:57 . 2008-06-27 14:57 <DIR> d-------- C:\Program Files\MyExpressSearch
2008-06-23 09:05 . 2008-06-23 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI
2008-06-22 15:42 . 2008-06-22 15:43 <DIR> d-------- C:\Program Files\SystemRequirementsLab
2008-06-22 15:42 . 2008-07-08 15:39 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-16 14:03 --------- d-----w C:\Documents and Settings\Fayt\Application Data\WTablet
2008-07-16 13:27 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Skype
2008-07-16 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-15 19:29 --------- d-----w C:\Documents and Settings\Fayt\Application Data\skypePM
2008-07-15 11:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-03 07:27 --------- d-----w C:\Program Files\BitComet
2008-07-01 16:13 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-23 07:05 --------- d-----w C:\Program Files\Google
2008-06-22 13:54 --------- d-----w C:\Program Files\ATI Technologies
2008-06-22 13:45 --------- d-----w C:\Program Files\Trillian
2008-06-22 13:39 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-06-21 19:20 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-06-21 19:20 --------- d-----w C:\Program Files\Autodesk
2008-06-21 19:19 --------- d-----w C:\Program Files\Allegorithmic
2008-06-15 12:15 --------- d-----w C:\Documents and Settings\Fayt\Application Data\dvdcss
2008-06-14 20:06 --------- d-----w C:\Program Files\AMT
2008-06-14 14:05 --------- d-----w C:\Documents and Settings\Fayt\Application Data\OpenOffice.org2
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 20:08 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Autodesk
2008-06-11 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-11 20:01 --------- d-----w C:\Program Files\MSBuild
2008-06-11 19:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-02 19:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-05-31 06:09 --------- d-----w C:\Program Files\FlashGet
2008-05-24 15:47 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Wormux
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-14 21:09 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28220052-D9A9-44B1-AB98-EDC594D238B6}]
2008-07-01 20:13 28288 --a------ C:\WINDOWS\system32\khfCTLcA.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52177f70-3a5a-4730-a2b2-0c931b26ba0e}]
2008-07-16 12:19 102400 --a------ C:\WINDOWS\system32\tvfyiv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6226BA26-C017-4007-928C-DE9715C6FA67}"= "C:\Program Files\MyExpressSearch\My Express Search Toolbar\my_express_search.dll" [2008-05-12 18:42 2396160]

[HKEY_CLASSES_ROOT\clsid\{6226ba26-c017-4007-928c-de9715c6fa67}]
[HKEY_CLASSES_ROOT\TBSB06009.TBSB06009.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB06009.TBSB06009]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6226BA26-C017-4007-928C-DE9715C6FA67}"= "C:\Program Files\MyExpressSearch\My Express Search Toolbar\my_express_search.dll" [2008-05-12 18:42 2396160]

[HKEY_CLASSES_ROOT\clsid\{6226ba26-c017-4007-928c-de9715c6fa67}]
[HKEY_CLASSES_ROOT\TBSB06009.TBSB06009.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB06009.TBSB06009]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 21:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 18:23 1953792]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 21:01 1037736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 08:16 39792]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 04:05 734264]
"KBDriver"="C:\Program Files\Keyboard Driver\OEMDriver.exe" [2004-08-26 08:27 151552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-02-12 10:06 262401]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{28220052-D9A9-44B1-AB98-EDC594D238B6}"= "C:\WINDOWS\system32\khfCTLcA.dll" [2008-07-01 20:13 28288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCTLcA]
2008-07-01 20:13 28288 C:\WINDOWS\system32\khfCTLcA.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 21:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\TmNationsForever\\TmForever.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DCPFLICS\\DCPFLICS_tools.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX9.exe"=
"C:\\Program Files\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX10.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22737:TCP"= 22737:TCP:BitComet 22737 TCP
"22737:UDP"= 22737:UDP:BitComet 22737 UDP

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-16 14:40]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-04-09 15:57]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-02-07 10:06]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-06-02 10:07]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 18:34]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 20:16]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-21 04:40]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38c6b20c-e70f-11dc-9786-001d60ea6fc7}]
\Shell\AutoRun\command - G:\CDIntro.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ceae267-dde8-11dc-976b-001d60ea6fc7}]
\Shell\AutoRun\command - F:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 16:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{05BD1C7F-7D04-4AF1-B0DB-7923F2FF9CB6} - C:\WINDOWS\system32\cbXQhETL.dll
BHO-{3CFDD872-70A3-4361-BC71-7699E1F2F4EE} - C:\WINDOWS\system32\efccaXnM.dll
Notify-WB - (no file)
MSConfigStartUp-BitComet - C:\Program Files\BitComet\BitComet.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 16:04:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\khfCTLcA.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-07-16 16:08:56 - machine was rebooted [Fayt]
ComboFix-quarantined-files.txt 2008-07-16 14:08:47

Pre-Run: 372,989,804,544 bytes free
Post-Run: 372,914,503,680 bytes free

281 --- E O F --- 2008-06-20 22:17:21

File::
C:\WINDOWS\system32\tvfyiv.dll
C:\WINDOWS\system32\qlbytxql.dll
C:\WINDOWS\system32\khfCTLcA.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{28220052-D9A9-44B1-AB98-EDC594D238B6}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52177f70-3a5a-4730-a2b2-0c931b26ba0e}]
[-HKEY_CLASSES_ROOT\TBSB06009.TBSB06009.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[-HKEY_CLASSES_ROOT\TBSB06009.TBSB06009]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{28220052-D9A9-44B1-AB98-EDC594D238B6}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khfCTLcA]

ComboFix 08-07-15.4 - Fayt 2008-07-18 23:06:36.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2564 [GMT 2:00]
Running from: C:\Documents and Settings\Fayt\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Fayt\Desktop\cfscript.txt
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]

FILE ::
C:\WINDOWS\system32\khfCTLcA.dll
C:\WINDOWS\system32\qlbytxql.dll
C:\WINDOWS\system32\tvfyiv.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\khfCTLcA.dll
C:\WINDOWS\system32\qlbytxql.dll
C:\WINDOWS\system32\tvfyiv.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-18 to 2008-07-18 )))))))))))))))))))))))))))))))
.

2008-07-16 15:56 . 2008-07-16 15:56 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Avira
2008-07-16 14:06 . 2008-07-16 14:06 <DIR> d-------- C:\Program Files\Avira
2008-07-15 13:40 . 2008-07-15 13:40 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-07-15 13:40 . 2005-06-24 12:50 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2008-07-15 13:40 . 2005-06-24 12:50 1,047,552 --a------ C:\WINDOWS\system32\MFC71u.dll
2008-07-14 00:48 . 2008-07-14 19:33 <DIR> d-------- C:\Program Files\CAPCOM
2008-07-13 22:34 . 2008-07-13 22:36 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-10 00:32 . 2008-07-10 00:32 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-09 16:27 . 2008-07-09 16:38 <DIR> d-------- C:\Program Files\Jacky Pomme
2008-07-06 00:14 . 2008-07-06 00:14 <DIR> d-------- C:\Graphics
2008-07-06 00:14 . 2005-11-13 02:28 238,080 --a------ C:\WINDOWS\system32\mwgfx24.dll
2008-07-06 00:14 . 2008-03-16 09:43 190,464 --a------ C:\WINDOWS\system32\mwgfx.dll
2008-07-06 00:14 . 2008-06-23 09:42 104,960 --a------ C:\WINDOWS\system32\mwdds.dll
2008-07-06 00:14 . 2004-05-14 12:13 56,832 --a------ C:\WINDOWS\system32\mwace.dll
2008-07-06 00:14 . 2007-08-19 10:37 28,672 --a------ C:\WINDOWS\system32\mwgfxcopy.exe
2008-07-04 12:08 . 2008-07-04 12:07 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-07-04 12:07 . 2008-07-04 12:14 <DIR> d-------- C:\Documents and Settings\Fayt\.housecall6.6
2008-07-03 16:13 . 2008-07-03 16:13 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-03 15:28 . 2008-07-03 15:28 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Malwarebytes
2008-07-03 15:28 . 2008-07-03 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-03 13:05 . 2008-07-03 13:05 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-02 20:48 . 2008-07-06 20:35 <DIR> d-------- C:\Program Files\Diablo II
2008-07-02 20:28 . 2008-07-04 18:13 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-07-02 18:43 . 2008-07-02 18:43 <DIR> d-------- C:\Program Files\Teamspeak2_RC2
2008-07-01 20:09 . 2008-07-02 20:57 21,840 --a----t- C:\WINDOWS\system32\SIntfNT.dll
2008-07-01 20:09 . 2008-07-02 20:57 17,212 --a----t- C:\WINDOWS\system32\SIntf32.dll
2008-07-01 20:09 . 2008-07-02 20:57 12,067 --a----t- C:\WINDOWS\system32\SIntf16.dll
2008-07-01 18:15 . 2008-07-01 18:15 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\Ace
2008-06-30 18:59 . 2008-06-30 18:59 <DIR> d-------- C:\Program Files\uTorrent
2008-06-30 18:59 . 2008-07-16 16:06 <DIR> d-------- C:\Documents and Settings\Fayt\Application Data\uTorrent
2008-06-27 18:06 . 2008-06-27 18:06 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-06-27 18:06 . 2008-06-27 18:06 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-06-27 14:57 . 2008-07-16 19:02 <DIR> d-------- C:\Program Files\MyExpressSearch
2008-06-23 09:05 . 2008-06-23 09:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ATI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-18 21:11 --------- d-----w C:\Documents and Settings\Fayt\Application Data\WTablet
2008-07-16 22:11 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Skype
2008-07-16 19:03 --------- d-----w C:\Documents and Settings\Fayt\Application Data\skypePM
2008-07-16 14:20 --------- d-----w C:\Program Files\Bodom-Child - RaBBi
2008-07-16 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
2008-07-15 11:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-09 22:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 21:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-07-03 07:27 --------- d-----w C:\Program Files\BitComet
2008-07-01 16:13 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-06-23 07:05 --------- d-----w C:\Program Files\Google
2008-06-22 13:54 --------- d-----w C:\Program Files\ATI Technologies
2008-06-22 13:45 --------- d-----w C:\Program Files\Trillian
2008-06-22 13:39 --------- d-----w C:\Program Files\OpenOffice.org 2.3
2008-06-21 19:20 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2008-06-21 19:20 --------- d-----w C:\Program Files\Autodesk
2008-06-21 19:19 --------- d-----w C:\Program Files\Allegorithmic
2008-06-15 12:15 --------- d-----w C:\Documents and Settings\Fayt\Application Data\dvdcss
2008-06-14 20:06 --------- d-----w C:\Program Files\AMT
2008-06-14 14:05 --------- d-----w C:\Documents and Settings\Fayt\Application Data\OpenOffice.org2
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 20:08 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Autodesk
2008-06-11 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Autodesk
2008-06-11 20:01 --------- d-----w C:\Program Files\MSBuild
2008-06-11 19:59 --------- d-----w C:\Program Files\Reference Assemblies
2008-06-03 06:20 3,100,160 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-06-03 03:46 10,276,864 ----a-w C:\WINDOWS\system32\atioglx2.dll
2008-06-03 03:22 413,696 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-06-03 03:21 306,688 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-06-03 03:11 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-06-03 03:11 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-06-03 03:11 180,224 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-06-03 03:11 139,264 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-06-03 03:09 552,960 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-06-03 03:08 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-06-03 03:04 245,760 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-06-03 03:02 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-06-03 02:59 3,500,352 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-06-03 02:48 2,120,832 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-06-03 02:33 48,128 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-06-03 02:29 348,160 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-06-03 02:28 23,040 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-06-03 02:28 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-06-03 02:27 49,152 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-06-03 02:21 557,056 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-06-02 19:05 593,920 ----a-w C:\WINDOWS\system32\ati2sgag.exe
2008-05-31 06:09 --------- d-----w C:\Program Files\FlashGet
2008-05-24 15:47 --------- d-----w C:\Documents and Settings\Fayt\Application Data\Wormux
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-14 21:09 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2006-06-23 22:48 32,768 ----a-r C:\WINDOWS\inf\UpdateUSB.exe
.

((((((((((((((((((((((((((((( snapshot@2008-07-16_16.08.26.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-05-07 09:07:23 135,168 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\cscript.exe
+ 2008-05-09 10:45:15 512,000 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\jscript.dll
+ 2008-05-09 10:45:16 180,224 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrobj.dll
+ 2008-05-09 10:45:16 172,032 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\scrrun.dll
+ 2008-05-09 10:45:16 430,080 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\vbscript.dll
+ 2008-05-08 11:24:44 155,648 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wscript.exe
+ 2008-05-09 10:45:17 90,112 ----a-w C:\WINDOWS\$hf_mig$\KB951978\SP3QFE\wshext.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951978\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951978\update\updspapi.dll
+ 2008-05-07 09:07:23 135,168 -c----w C:\WINDOWS\system32\dllcache\cscript.exe
+ 2008-05-09 10:53:39 512,000 -c----w C:\WINDOWS\system32\dllcache\jscript.dll
+ 2008-05-09 10:53:39 180,224 -c----w C:\WINDOWS\system32\dllcache\scrobj.dll
+ 2008-05-09 10:53:40 172,032 -c----w C:\WINDOWS\system32\dllcache\scrrun.dll
+ 2008-05-09 10:53:40 430,080 -c----w C:\WINDOWS\system32\dllcache\vbscript.dll
+ 2008-05-08 11:24:44 155,648 -c----w C:\WINDOWS\system32\dllcache\wscript.exe
+ 2008-05-09 10:53:40 90,112 -c----w C:\WINDOWS\system32\dllcache\wshext.dll
- 2008-03-04 11:28:53 79,424 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2008-07-18 20:53:47 75,072 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
- 2008-04-14 00:11:56 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
+ 2008-05-09 10:53:39 512,000 ----a-w C:\WINDOWS\system32\jscript.dll
- 2008-05-29 23:35:11 17,486,968 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
- 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\system32\spmsg.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 21:34 5724184]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 16:36 36864]
"36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-03-21 18:23 1953792]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 21:01 1037736]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 08:16 39792]
"XboxStat"="c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 04:05 734264]
"KBDriver"="C:\Program Files\Keyboard Driver\OEMDriver.exe" [2004-08-26 08:27 151552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 12:17 61440]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-07-18 22:53 266497]
"RTHDCPL"="RTHDCPL.EXE" [2007-03-21 16:49 16126464 C:\WINDOWS\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-18 21:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 9\\3dsmax.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\monitor.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\manager.exe"=
"C:\\Program Files\\Autodesk\\Backburner\\server.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\e-on software\\Vue 6 xStream\\Application\\Vue 6 xStream.eon"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\DCPFLICS\\DCPFLICS_tools.exe"=
"C:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX9.exe"=
"C:\\Program Files\\CAPCOM\\LOSTPLANETCOLONIES\\LostPlanetColoniesDX10.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"22737:TCP"= 22737:TCP:BitComet 22737 TCP
"22737:UDP"= 22737:UDP:BitComet 22737 UDP

R2 AntiVirMailService;Avira AntiVir Premium MailGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe [2008-07-18 22:53]
R2 antivirwebservice;Avira AntiVir Premium WebGuard;C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE [2008-07-18 22:53]
R2 AVEService;Avira AntiVir Premium MailGuard helper service;C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe [2008-07-18 22:53]
R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-06-02 10:07]
R2 NMSAccessU;NMSAccessU;C:\Program Files\CDBurnerXP\NMSAccessU.exe [2007-10-12 18:34]
R2 TabletServicePen;TabletServicePen;C:\WINDOWS\system32\Pen_Tablet.exe [2007-09-07 20:16]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2007-03-15 16:12]
S3 AtiHdmiService;ATI Function Driver for HDMI Service;C:\WINDOWS\system32\drivers\AtiHdmi.sys [2007-07-21 04:40]
S3 XDva090;XDva090;C:\WINDOWS\system32\XDva090.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38c6b20c-e70f-11dc-9786-001d60ea6fc7}]
\Shell\AutoRun\command - G:\CDIntro.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9ceae267-dde8-11dc-976b-001d60ea6fc7}]
\Shell\AutoRun\command - F:\autorun.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 16:42:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-18 23:11:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DCPFLICS\DCPFLICS.exe
C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
.
**************************************************************************
.
Completion time: 2008-07-18 23:14:49 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-18 21:14:46
ComboFix2.txt 2008-07-16 14:08:57

Pre-Run: 373,756,411,904 bytes free
Post-Run: 373,743,063,040 bytes free

254 --- E O F --- 2008-07-18 20:52:25