Here's the combofix log...
ComboFix 07-07-30.2 - "Matthew" 2007-07-31 9:25:38.1 [GMT -5:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\fkdnvaxn.dll
C:\WINDOWS\system32\ruivvabt.dll
C:\WINDOWS\system32\cravlwxh.exe
C:\WINDOWS\system32\gcqnpuee.exe
C:\WINDOWS\system32\lujfcssq.exe
C:\WINDOWS\system32\mfercqaq.exe
C:\WINDOWS\system32\pxgwalah.exe
C:\WINDOWS\system32\ttjtpgsq.exe
C:\WINDOWS\system32\vktibvth.exe
C:\WINDOWS\system32\wdltjryn.exe
C:\WINDOWS\system32\weouccky.exe
C:\WINDOWS\system32\fkdnvaxn.dll
C:\WINDOWS\SYSTEM32\ccfhk.bak1
C:\WINDOWS\SYSTEM32\ccfhk.bak2
C:\WINDOWS\SYSTEM32\ccfhk.ini
C:\WINDOWS\SYSTEM32\ccfhk.ini2
C:\WINDOWS\SYSTEM32\ccfhk.tmp
C:\WINDOWS\SYSTEM32\ccfhk.bak1
C:\WINDOWS\SYSTEM32\ccfhk.bak2
C:\WINDOWS\SYSTEM32\ccfhk.ini
C:\WINDOWS\SYSTEM32\ccfhk.ini2
C:\WINDOWS\SYSTEM32\ccfhk.tmp
C:\WINDOWS\SYSTEM32\ccfhk.bak1
C:\WINDOWS\SYSTEM32\ccfhk.bak2
C:\WINDOWS\SYSTEM32\ccfhk.ini
C:\WINDOWS\SYSTEM32\ccfhk.ini2
C:\WINDOWS\SYSTEM32\ccfhk.tmp
C:\WINDOWS\system32\khfcc.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\racle~1
C:\Program Files\outerinfo
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\winpop
C:\Program Files\winpop\UnInstall.exe
C:\temp\tn3
C:\WINDOWS\acdt-pid67n.exe
C:\WINDOWS\install.exe
C:\WINDOWS\scurit~1
C:\WINDOWS\scurit~1\d?dplay.exe
C:\WINDOWS\system32\b02FdUe
C:\WINDOWS\system32\drivers\Browse.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\drivers\dadtray.exe
C:\WINDOWS\system32\drivers\OnScDisp.exe
C:\WINDOWS\system32\gxcyxunk.exe
C:\WINDOWS\system32\haflwksg.exe
C:\WINDOWS\system32\L1
C:\WINDOWS\system32\L11
C:\WINDOWS\system32\L3
C:\WINDOWS\system32\L3\wr716.exe
C:\WINDOWS\system32\L5
C:\WINDOWS\system32\L7
C:\WINDOWS\system32\letwmseb.exe
C:\WINDOWS\system32\lhdamfec.exe
C:\WINDOWS\system32\lvsbrqkw.exe
C:\WINDOWS\system32\lxcosarc.exe
C:\WINDOWS\system32\middxmmc.exe
C:\WINDOWS\system32\oouvfsv.dll
C:\WINDOWS\system32\pdinflun.exe
C:\WINDOWS\system32\quxeergl.exe
C:\WINDOWS\system32\rowbfmld.exe
C:\WINDOWS\system32\scnuxcrh.exe
C:\WINDOWS\system32\temmmxsv.exe
C:\WINDOWS\system32\win
C:\WINDOWS\system32\wnsintsv.exe
C:\WINDOWS\wr.txt
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CORE
-------\LEGACY_WINDOWS_OVERLAY_COMPONENTS
-------\core
((((((((((((((((((((((((( Files Created from 2007-06-28 to 2007-07-31 )))))))))))))))))))))))))))))))
2007-07-31 09:21 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-31 09:08 125,504 --a------ C:\WINDOWS\SYSTEM32\vswwacgu.dll
2007-07-31 08:34 125,504 --a------ C:\WINDOWS\SYSTEM32\dyggtxki.dll
2007-07-26 14:48 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys
2007-07-26 14:48 <DIR> d-------- C:\Program Files\Trend Micro
2007-07-26 14:38 <DIR> d-------- C:\DOCUME~1\Matthew\APPLIC~1\Viewpoint
2007-07-25 13:03 126,016 --a------ C:\WINDOWS\SYSTEM32\cbytkmgq.dll
2007-07-25 12:45 143,360 --a------ C:\WINDOWS\SYSTEM32\dunzip32.dll
2007-07-25 12:36 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2007-07-25 12:36 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2007-07-25 12:36 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2007-07-25 12:36 33,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2007-07-25 12:36 201,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2007-07-25 12:35 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2007-07-25 12:27 <DIR> d-------- C:\Program Files\McAfee
2007-07-25 12:26 <DIR> d-------- C:\Program Files\Common Files\McAfee
2007-07-25 11:11 <DIR> d-------- C:\DOCUME~1\Matthew\APPLIC~1\McAfee
2007-07-25 11:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\McAfee
2007-07-25 10:47 126,016 --a------ C:\WINDOWS\SYSTEM32\vdsloxkk.dll
2007-07-23 22:59 <DIR> d-------- C:\Program Files\Enigma Software Group
2007-07-23 00:11 465,209 --a------ C:\temp\bY001.exe
2007-07-23 00:11 <DIR> d-------- C:\tempc2
2007-07-23 00:10 <DIR> d-------- C:\temp\brr
2007-06-05 13:25 <DIR> d-------- C:\Program Files\iPod
2007-06-05 13:24 <DIR> d-------- C:\Program Files\iTunes
2007-06-04 14:35 <DIR> d-------- C:\DOCUME~1\Matthew\APPLIC~1\eFax Messenger
2007-06-04 14:17 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\eFax Messenger 4.3 Output
2007-06-04 14:15 <DIR> d-------- C:\Program Files\eFax Messenger 4.3
2007-06-04 14:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\eFax Messenger 4.3 Setup
2007-06-03 20:18 5,632 --a------ C:\WINDOWS\SYSTEM32\ptpusb.dll
2007-06-03 20:18 159,232 --a------ C:\WINDOWS\SYSTEM32\ptpusd.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-28 11:57 --------- d-------- C:\Program Files\Trillian
2007-07-25 12:53 --------- d-------- C:\Program Files\McAfee.com
2007-07-25 11:53 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-25 11:53 --------- d-------- C:\Program Files\WinMX
2007-07-25 11:53 --------- d-------- C:\Program Files\Symantec
2007-07-25 11:53 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-25 11:45 --------- d-------- C:\Program Files\Lavasoft
2007-07-23 01:16 --------- d-------- C:\Program Files\Online Services
2007-07-13 13:17 --------- d-------- C:\Program Files\Picasa2
2007-06-13 11:42 --------- d-------- C:\Program Files\eFax Messenger Plus
2007-06-12 02:52 --------- d-------- C:\Program Files\Cryptainer PE
2007-06-05 13:19 --------- d-------- C:\Program Files\Apple Software Update
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-04-08 22:21 109984 --a--c--- C:\DOCUME~1\Matthew\APPLIC~1\GDIPFONTCACHEV1.DAT
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{840DACDF-C007-4EDE-82D7-11A0B3CBADC3}]
2001-12-31 19:00 131072 --a------ C:\WINDOWS\SYSTEM32\jdqiumwu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Utility"="Logi_MwX.Exe" [2003-11-07 09:50 C:\WINDOWS\LOGI_MWX.EXE]
"WG511WLU"="C:\Program Files\NETGEAR\WG511\Utility\WG511WLU.exe" [2004-01-16 16:16]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2003-03-17 18:21]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2003-03-17 18:20]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-06-15 18:15]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-07-13 16:14]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56]
"DW4"="C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe" [2005-11-07 15:49]
"Iomega Automatic Backup"="C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe" [2002-10-15 09:32]
"Ncao"="C:\PROGRA~1\COMMON~1\RACLE~1\svchost.exe" []
"Fanmz"="C:\WINDOWS\s?curity\d?dplay.exe" []
C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\
DESKTOP.INI [2001-08-30 20:02:02]
Trend Micro Anti-Spyware.lnk - C:\Program Files\Trend Micro\Tmasy\Tmasy.exe [2007-07-26 14:48:08]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DESKTOP.INI [2001-08-30 20:02:02]
Network Hard Drive Administrator.lnk - C:\Program Files\Iomega\Network Hard Drive\Admin.exe [2003-12-10 16:23:20]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
@=
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2002-02-15 09:51 24638 C:\WINDOWS\SYSTEM32\PCANotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttrq]
wvuttrq.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 7.0 Tray Icon.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 7.0 Tray Icon.lnk
backup=C:\WINDOWS\pss\America Online 7.0 Tray Icon.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Camio Viewer 2000.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Camio Viewer 2000.lnk
backup=C:\WINDOWS\pss\Camio Viewer 2000.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax 4.3.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax 4.3.lnk
backup=C:\WINDOWS\pss\eFax 4.3.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax.com Tray Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax.com Tray Menu.lnk
backup=C:\WINDOWS\pss\eFax.com Tray Menu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Live Menu.lnk
backup=C:\WINDOWS\pss\Live Menu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SideACT!.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SideACT!.lnk
backup=C:\WINDOWS\pss\SideACT!.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=C:\WINDOWS\pss\MyWebSearch Email Plugin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^QuickLink.lnk]
path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\QuickLink.lnk
backup=C:\WINDOWS\pss\QuickLink.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Matthew^Start Menu^Programs^Startup^Web Chrono Desktop.lnk]
path=C:\Documents and Settings\Matthew\Start Menu\Programs\Startup\Web Chrono Desktop.lnk
backup=C:\WINDOWS\pss\Web Chrono Desktop.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Belt]
C:\WINDOWS\Belt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bklwf]
C:\WINDOWS\bklwf.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
C:\WINDOWS\System32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.3]
"C:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup]
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup 1.0.1]
C:\Program Files\Iomega\Iomega Automatic Backup\ibackup.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Iomega Automatic Backup Pro]
"C:\Program Files\Iomega\Automatic Backup Pro\LiveSystem.exe" -s
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
%systemroot%\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MoneyStartUp10.0]
"C:\Program Files\Microsoft Money\System\Activation.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msbb]
c:\windows\system32\msbb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pop-Up Stopper]
"C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
"C:\PROGRA~1\PANICW~1\POP-UP~2\PSFree.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SAHAgent]
C:\WINDOWS\System32\SahAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartupDelayer]
"C:\Program Files\r2 studios\Startup Delayer\Startup Launcher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"C:\Program Files\Winamp3\winampa.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zinio DLM]
C:\PROGRA~1\Zinio\ZDLM.exe /hide
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
R0 Gernuwa;Gernuwa;C:\WINDOWS\system32\drivers\Gernuwa.sys
R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys
R0 iomdisk;Iomega Devices Disk Filter Services;C:\WINDOWS\system32\DRIVERS\iomdisk.sys
R0 sonyhcb;Sony Digital Imaging Base;C:\WINDOWS\system32\DRIVERS\sonyhcb.sys
R1 Cdr4_xp;Cdr4_xp;C:\WINDOWS\system32\drivers\Cdr4_xp.sys
R1 Cdralw2k;Cdralw2k;C:\WINDOWS\system32\drivers\Cdralw2k.sys
R1 cdudf_xp;cdudf_xp;C:\WINDOWS\system32\drivers\cdudf_xp.sys
R1 GhPciScan;GhostPciScanner;\??\C:\Program Files\Symantec\Norton Ghost 2003\ghpciscan.sys
R1 MPFP;MPFP;C:\WINDOWS\system32\Drivers\Mpfp.sys
R1 pwd_2K;pwd_2K;C:\WINDOWS\system32\drivers\pwd_2K.sys
R1 UdfReadr_xp;UdfReadr_xp;C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
R2 CdaC15BA;CdaC15BA;\??\C:\WINDOWS\System32\drivers\CdaC15BA.SYS
R2 LanScsiHelper;LANSCSI Helper Service;C:\Program Files\Iomega\Network Hard Drive\LDServ.exe
R2 lpx;LPX Protocol;C:\WINDOWS\system32\DRIVERS\lpx.sys
R2 MSSQL$AWDLOCALDB;MSSQL$AWDLOCALDB;C:\Program Files\AwdImportData\MSSQL$AWDLOCALDB\Binn\sqlservr.exe -sAWDLOCALDB
R2 ssoftnt4;ssoftnt4;\??\C:\WINDOWS\system32\Drivers\ssoftnt4.sys
R2 tcaicchg;tcaicchg;\??\C:\WINDOWS\System32\tcaicchg.sys
R2 TCAITDI;TCAITDI Protocol;C:\WINDOWS\system32\DRIVERS\TCAITDI.sys
R3 AWINDIS5;AWINDIS5 Protocol Driver;\??\C:\WINDOWS\System32\AWINDIS5.SYS
R3 EL556;3Com 10/100 Mini PCI Ethernet Adapter NDIS 5.0 Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys
R3 el575nd5;FE575C-3Com 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\DRIVERS\el575nd5.sys
R3 lanscsibus;LANSCSI Bus Driver for Network Hard Drive;C:\WINDOWS\system32\DRIVERS\lanscsibus.sys
R3 maestro;ESS Maestro Audio Driver (WDM);C:\WINDOWS\system32\drivers\es198xdl.sys
R3 mmc_2K;mmc_2K;C:\WINDOWS\system32\drivers\mmc_2K.sys
R3 PRISM_ICB;NETGEAR WG511 Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\WG511ICB.sys
R3 SynTP;Synaptics TouchPad Driver;C:\WINDOWS\system32\DRIVERS\SynTP.sys
R3 WDHAALBA;WDHAALBAMiniPCI Winmodem;C:\WINDOWS\system32\DRIVERS\WDHAALBA.sys
S2 0009611185851002mcinstcleanup;McAfee Application Installer Cleanup (0009611185851002);C:\WINDOWS\TEMP00961~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service
S2 SMTPSVC;Simple Mail Transfer Protocol (SMTP);C:\WINDOWS\System32\inetsrv\inetinfo.exe
S3 awhost32;pcAnywhere Host Service;C:\Program Files\Symantec\pcAnywhere\awhost32.exe
S3 Bridge;MAC Bridge;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 BridgeMP;MAC Bridge Miniport;C:\WINDOWS\system32\DRIVERS\bridge.sys
S3 Dot4;MS IEEE-1284.4 Driver;C:\WINDOWS\system32\DRIVERS\Dot4.sys
S3 Dot4Print;Print Class Driver for IEEE-1284.4;C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
S3 dvd_2K;dvd_2K;C:\WINDOWS\system32\drivers\dvd_2K.sys
S3 EL556ND5;3Com 10/100 Mini PCI Ethernet Adapter NDIS5 Driver;C:\WINDOWS\system32\DRIVERS\EL556ND5.sys
S3 lanscsiminiport;LANSCSI Miniport Driver for Network Hard Drive;C:\WINDOWS\system32\DRIVERS\lanscsiminiport.sys
S3 OASIS;OASIS;C:\WINDOWS\system32\drivers\oasisusb.sys
S3 SDDMI2;SDDMI2;\??\C:\WINDOWS\system32\DDMI2.sys
S3 SNMPTRAP;SNMP Trap Service;C:\WINDOWS\system32\snmptrap.exe
S3 sonyhcs;Sony Digital Imaging Video;C:\WINDOWS\system32\DRIVERS\sonyhcs.sys
S3 SQLAgent$AWDLOCALDB;SQLAgent$AWDLOCALDB;C:\Program Files\AwdImportData\MSSQL$AWDLOCALDB\Binn\sqlagent.EXE -i AWDLOCALDB
S3 TnIDriver;TnIDriver;\??\C:\DOCUME~1\Matthew\LOCALS~1\Temp\tni4D8.tmp
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
S4 hpt3xx;hpt3xx;C:\WINDOWS\system32\DRIVERS\hpt3xx.sys
S4 IISADMIN;IIS Admin;C:\WINDOWS\System32\inetsrv\inetinfo.exe
Contents of the 'Scheduled Tasks' folder
2007-07-27 22:15:06 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2004\SystemOptimizer.exe
2007-07-24 18:05:12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2002-04-16 13:34:48 C:\WINDOWS\Tasks\ISP signup reminder 1.job - C:\WINDOWS\System32\OOBE\OOBEBALN.EXE
2007-07-25 17:31:52 C:\WINDOWS\Tasks\McDefragTask.job - c:\program files\mcafee\mqc\QcConsol.exe
2007-07-25 17:31:50 C:\WINDOWS\Tasks\McQcTask.job - c:\program files\mcafee\mqc\QcConsol.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-07-31 10:14:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000248
"TracesSuccessful"=dword:00000026
scanning hidden files ...
**************************************************************************
Completion time: 2007-07-31 10:20:12 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-31 10:18
--- E O F ---
Show Posts
http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\'
\' /> 