the other threads are not displaying properly on my comp i am getting a white space where the replies and post are meant to be. here is the combo fix log without the snap shot section
ComboFix 08-06-20.4 - Admin 2008-06-27 10:44:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.431 [GMT 1:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BMbf924418.xml
C:\WINDOWS\pskt.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-27 to 2008-06-27 )))))))))))))))))))))))))))))))
.
2008-06-27 10:16 . 2008-06-13 14:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-27 10:09 . 2008-06-27 10:18 <DIR> d-------- C:\WINDOWS\LastGood
2008-06-27 09:39 . 2004-08-04 08:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-27 09:37 . 2008-06-27 09:37 <DIR> d-------- C:\WINDOWS\provisioning
2008-06-27 09:37 . 2008-06-27 09:37 <DIR> d-------- C:\WINDOWS\peernet
2008-06-26 16:47 . 2004-08-04 06:41 404,990 --------- C:\WINDOWS\system32\drivers\slntamr.sys
2008-06-26 16:46 . 2004-08-04 08:56 1,737,856 --------- C:\WINDOWS\system32\mtxparhd.dll
2008-06-26 16:45 . 2004-08-04 08:56 380,416 --------- C:\WINDOWS\system32\irprops.cpl
2008-06-26 16:44 . 2004-08-04 06:41 1,041,536 --------- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
2008-06-26 16:43 . 2004-08-04 08:56 1,888,992 --------- C:\WINDOWS\system32\ati3duag.dll
2008-06-26 16:42 . 2004-08-04 08:56 4,255 --------- C:\WINDOWS\system32\drivers\adv01nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,967 --------- C:\WINDOWS\system32\drivers\adv02nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,775 --------- C:\WINDOWS\system32\drivers\adv11nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,711 --------- C:\WINDOWS\system32\drivers\adv09nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,647 --------- C:\WINDOWS\system32\drivers\adv07nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,615 --------- C:\WINDOWS\system32\drivers\adv05nt5.dll
2008-06-26 16:42 . 2004-08-04 08:56 3,135 --------- C:\WINDOWS\system32\drivers\adv08nt5.dll
2008-06-26 16:27 . 2005-10-20 23:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-06-26 15:35 . 2008-06-27 10:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-06-26 15:35 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-06-26 14:41 . 2008-06-26 14:41 13,646 --a------ C:\WINDOWS\system32\wpa.bak
2008-06-26 14:35 . 2008-06-27 10:33 13,646 --a------ C:\WINDOWS\system32\wpa.dbl
2008-06-26 13:32 . 2004-08-04 08:56 96,768 --a------ C:\WINDOWS\system32\dpcdll.dll
2008-06-26 13:28 . 2004-08-04 06:19 1,351,168 --a------ C:\WINDOWS\system32\mshtml.tlb
2008-06-26 13:27 . 2004-08-04 08:56 1,708,032 --a------ C:\WINDOWS\system32\netshell.dll
2008-06-26 13:26 . 2004-07-17 19:35 1,326,080 --a------ C:\WINDOWS\system32\webfldrs.msi
2008-06-26 13:23 . 2002-06-14 18:46 19,274 --a------ C:\WINDOWS\001253_.tmp
2008-06-26 12:42 . 2001-08-23 13:00 116,736 --a------ C:\WINDOWS\system32\dpcdll.dll.wga
2008-06-26 12:42 . 2001-08-23 13:00 29,338 --a------ C:\WINDOWS\system32\EULA.TXT.wga
2008-06-26 12:42 . 2001-08-23 13:00 27,136 --a------ C:\WINDOWS\system32\pidgen.dll.wga
2008-06-26 12:12 . 2008-06-26 12:12 1,025 --a------ C:\XPChangeSerial.vbs
2008-06-26 10:42 . 2008-06-26 10:42 <DIR> d-------- C:\Program Files\HP
2008-06-26 10:42 . 2008-06-26 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-06-25 14:50 . 2008-06-25 14:51 <DIR> d-------- C:\Program Files\SIW
2008-06-25 13:49 . 2008-06-25 13:49 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-25 13:49 . 2008-06-25 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-25 13:49 . 2008-06-25 13:49 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Malwarebytes
2008-06-25 13:49 . 2008-06-19 17:48 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-25 13:49 . 2008-06-19 17:47 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-25 11:13 . 2008-06-25 11:13 <DIR> d-------- C:\VundoFix Backups
2008-06-24 16:06 . 2008-06-24 16:06 <DIR> d-------- C:\WINDOWS\ERUNT
2008-06-24 15:58 . 2008-06-24 17:23 <DIR> d-------- C:\SDFix
2008-06-24 15:07 . 2008-06-24 15:07 <DIR> d-------- C:\TEMP\PendMoves
2008-06-24 14:17 . 2008-06-24 14:18 <DIR> d-------- C:\TEMP\ListDLLS
2008-06-24 10:56 . 2008-06-25 14:59 <DIR> d-------- C:\Program Files\iKnowPS
2008-06-24 10:02 . 2008-06-24 10:19 <DIR> d-------- C:\spywarebegone
2008-06-24 10:02 . 2008-06-24 10:02 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-06-24 10:02 . 2008-06-24 10:02 170 --a------ C:\WINDOWS\spywarebegone-fullversion-installed.html
2008-06-24 09:42 . 2008-06-27 10:37 <DIR> d-------- C:\Program Files\SpyZooka
2008-06-24 09:40 . 2008-06-24 09:40 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-06-23 16:34 . 2008-06-23 16:34 81,408 --a------ C:\WINDOWS\system32\kftlenbl.dll
2008-06-23 16:33 . 2008-06-23 16:33 105,984 --a------ C:\WINDOWS\system32\Evil4
2008-06-23 16:33 . 2008-06-23 16:33 91,136 --a------ C:\WINDOWS\system32\Evil2
2008-06-23 16:33 . 2008-06-23 16:33 81,408 --a------ C:\WINDOWS\system32\jsovamal.dll
2008-06-23 13:41 . 2008-06-26 17:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-06-20 13:52 . 2008-06-20 13:52 <DIR> d-------- C:\Program Files\Genometri
2008-06-10 13:12 . 2008-06-10 14:52 <DIR> d-------- C:\Program Files\RegCure
2008-05-28 12:49 . 2008-05-28 12:49 <DIR> d-------- C:\Program Files\Alwil Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-27 09:44 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2008-06-25 12:10 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-06-23 14:47 --------- d-----w C:\Program Files\Password Spectator
2008-06-23 12:41 --------- d-----w C:\Program Files\Google
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-02 11:23 --------- d-----w C:\Documents and Settings\Admin\Application Data\AdobeUM
2008-05-22 14:54 --------- d-----w C:\Documents and Settings\Admin\Application Data\LimeWire
2008-05-20 10:22 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-20 10:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-20 10:20 --------- d-----w C:\Program Files\Norton 360
2008-05-20 10:19 --------- d-----w C:\Program Files\Symantec
2008-04-30 10:17 --------- d-----w C:\Program Files\Free FLV Converter
2008-04-22 08:59 3,293,209 --sha-w C:\WINDOWS\system32\womabcsj.tmp
2008-04-15 14:02 1,024 ----a-w C:\Documents and Settings\All Users\Application Data\1doc2pdf.dll
2008-04-11 11:08 118,586 ----a-w C:\WINDOWS\Keyfinder Advanced 2007 (Trial Version) Uninstaller.exe
2008-02-19 11:34 69,416 ----a-w C:\Documents and Settings\Admin\Application Data\GDIPFONTCACHEV1.DAT
2006-05-18 09:18 317,987 ----a-w C:\Program Files\setuplog.txt
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ae5b2c8-22ca-420c-b799-a1a506d436be}]
C:\WINDOWS\System32\iifdcYst.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Begone"="C:\spywarebegone\SpywareBeGone.exe" [2006-12-07 08:20 3712512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 11:15 106496]
"SiS Windows KeyHook"="C:\WINDOWS\System32\keyhook.exe" [2004-05-12 16:22 249856]
"gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-11-15 13:12 473928]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 02:50 155648]
"Miramar Systems, Inc."="C:\Program Files\Miramar\PC MACLAN\atmsg.exe" [2003-05-30 15:14 290816]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2004-02-26 09:53 65024 C:\WINDOWS\SOUNDMAN.EXE]
"MimBoot"="C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe" [2005-05-10 17:04 11776]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2006-03-18 03:24 184320]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-05 14:08 385024]
"SearchSettings"="C:\Program Files\Search Settings\SearchSettings.exe" [2008-02-06 18:47 1036640]
"iKnowPS"="C:\Program Files\iKnowPS\iKnowPS.exe" [2005-11-24 22:12 114688]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
C:\Documents and Settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-04-07 09:25:17 110592]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-24 05:37:56 217194]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2001-04-07 09:25:17 110592]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2005-04-07 01:14:32 335872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MSUD"= msulvc06.dll
"VIDC.LAGS"= lagarith.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Admin^Start Menu^Programs^Startup^TomTom HOME.lnk]
backup=C:\WINDOWS\pss\TomTom HOME.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2007-03-14 19:05 257088 C:\Program Files\iTunes\iTunesHelper.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 00:20]
R2 atalk;Miramar AppleTalk Protocol;C:\WINDOWS\system32\DRIVERS\atalk.sys [2003-05-30 15:11]
R2 atfsd;Miramar AppleTalk File System Client;C:\WINDOWS\system32\DRIVERS\atfsd.sys [2003-05-30 15:17]
R2 Miramar AppleTalk File Server;Miramar AppleTalk File Server;C:\Program Files\Miramar\PC MACLAN\ATSERVER.EXE [2003-05-30 14:57]
R2 Miramar AppleTalk Print Server;Miramar AppleTalk Print Server;C:\Program Files\Miramar\PC MACLAN\ATSPOOL.EXE [2003-05-30 15:05]
R3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-08-28 22:59]
S2 ATMsg;AppleTalk Messenger;C:\Program Files\Miramar\PC MACLAN\ATMsg.exe [2003-05-30 15:14]
S3 FXDRV;FXDRV;D:\Fxdrv.sys []
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 16:11:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-27 09:33:51 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-10 12:12:37 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-27 10:49:33
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-06-27 10:58:13
ComboFix-quarantined-files.txt 2008-06-27 09:57:48
ComboFix2.txt 2008-06-25 09:51:23
Pre-Run: 41,262,669,824 bytes free
Post-Run: 41,255,055,360 bytes free
6345 --- E O F --- 2008-06-27 09:13:09
