ComboFix 08-11-01.06 - Mastos 2008-11-02 18:42:44.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.3.1251.7.1049.18.1344 [GMT 2:00]
Running from: C:\Documents and Settings\Mastos\ \ComboFix.exe
 * Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\[u]0[/u]71DF48FA255.jpg
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\176308ED93A5.jpg
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\1CB3643AF9A0.gif
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\2587A57961E3.gif
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\2757D4C18CC1.gif
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\28260DD487DD.gif
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\2B79D15BD947.gif
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\4FE36C7CDD9F.jpg
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\5471C7278A14.gif
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\5F2E2DE42E91.jpg
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\AA90BF414B9B.gif
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\BA6BE092A64A.gif
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\C7AA4524D721.gif
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\C86C6CA84F93.gif
C:\Documents and Settings\Mastos\Local Settings\Temporary Internet Files\SuggestedSites.dat
C:\windows\a3kebook.ini
C:\windows\akebook.ini
C:\windows\ANS2000.INI
C:\windows\system32\drivers\tcpsr.sys
C:\windows\system32\lsprst7.dll
C:\windows\system32\ssprs.dll

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_NPF
-------\Service_tcpsr


(((((((((((((((((((((((((   Files Created from 2008-10-02 to 2008-11-02  )))))))))))))))))))))))))))))))
.

2008-11-02 18:18 . 2008-04-14 20:40	221,184	--a------	C:\WINDOWS\system32\wmpns.dll
2008-11-02 18:18 . 	1,320		C:\WINDOWS\system32\spupdsvc.inf
2008-11-02 18:15 . 	<DIR>		C:\WINDOWS\LastGood.Tmp
2008-11-02 17:50 . 2008-11-02 17:50	<DIR>	d--------	C:\Program Files\DivX
2008-11-02 17:34 . 2008-11-02 17:34	<DIR>	d--------	C:\Program Files\Java
2008-11-02 17:34 . 2005-11-10 13:03	49,265	--a------	C:\WINDOWS\system32\jpicpl32.cpl
2008-11-02 17:31 . 2008-11-02 17:31	<DIR>	d--------	C:\Program Files\Common Files\Java
2008-11-02 09:55 . 2008-11-02 09:55	<DIR>	d--------	C:\Program Files\Microsoft Silverlight
2008-11-01 16:01 . 2008-11-02 18:48	<DIR>	d--------	C:\WINDOWS\system32\CatRoot2
2008-11-01 15:22 . 2008-11-01 15:22	<DIR>	d--------	C:\WU
2008-10-31 12:37 . 2008-10-31 12:37	<DIR>	d--hs----	C:\Documents and Settings\Mastos\PrivacIE
2008-10-31 12:28 . 2008-10-31 12:29	<DIR>	d--h-c---	C:\WINDOWS\ie8
2008-10-31 12:13 . 2008-04-14 21:40	338,432	---------	C:\WINDOWS\system32\ir41_qcx.dll
2008-10-31 12:13 . 2008-04-14 21:40	200,192	---------	C:\WINDOWS\system32\ir50_qc.dll
2008-10-31 12:13 . 2008-04-14 21:40	183,808	---------	C:\WINDOWS\system32\ir50_qcx.dll
2008-10-31 12:13 . 2008-04-14 21:41	154,624	---------	C:\WINDOWS\system32\ivfsrc.ax
2008-10-31 12:13 . 2008-04-14 21:40	120,320	---------	C:\WINDOWS\system32\ir41_qc.dll
2008-10-31 12:12 . 2006-12-29 00:31	19,569	--a------	C:\WINDOWS\[u]0[/u]00001_.tmp
2008-10-30 18:47 . 2008-11-02 17:46	<DIR>	d--------	C:\Program Files\Mozilla Thunderbird
2008-10-30 18:47 . 2008-10-30 18:47	<DIR>	d--------	C:\Documents and Settings\Mastos\Application Data\Thunderbird
2008-10-30 16:49 . 2008-10-30 17:38	<DIR>	d--------	C:\Documents and Settings\Mastos\Application Data\The Bat!
2008-10-30 16:46 . 2008-10-31 20:39	<DIR>	d--------	C:\Program Files\The Bat!
2008-10-30 10:15 . 2008-10-30 10:15	<DIR>	d--------	C:\Kaspersky Lab Tool
2008-10-30 10:15 . 2008-07-08 13:54	148,496	--a------	C:\WINDOWS\system32\drivers\29167242.sys
2008-10-26 16:52 . 2008-10-26 16:52	103,736	--a------	C:\WINDOWS\system32\PnkBstrB.exe
2008-10-26 16:52 . 2007-10-19 05:19	63,040	--a------	C:\WINDOWS\system32\PnkBstrA.exe
2008-10-26 16:52 . 2008-10-26 16:52	22,328	--a------	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-10-26 16:49 . 2008-10-26 16:49	<DIR>	dr-h-----	C:\Documents and Settings\Mastos\Application Data\SecuROM
2008-10-26 16:49 . 2008-10-26 16:49	107,888	--a------	C:\WINDOWS\system32\CmdLineExt.dll
2008-10-22 10:30 . 2008-10-22 10:31	<DIR>	d--------	C:\Program Files\WinUHA
2008-10-20 14:05 . 2008-11-02 17:31	<DIR>	d--------	C:\WebServers
2008-10-18 18:25 . 2008-10-18 18:25	<DIR>	d--------	C:\Program Files\
2008-10-16 13:06 . 2008-10-16 13:06	<DIR>	d--------	C:\Program Files\RussianFontSPB
2008-10-16 11:34 . 2008-10-16 12:07	516	--a------	C:\WINDOWS\flax.ini
2008-10-16 10:36 . 2008-10-16 11:34	<DIR>	d--------	C:\Program Files\Goldshell
2008-10-08 19:10 . 2008-10-08 19:11	<DIR>	d--------	C:\Program Files\Trapcode
2008-10-08 19:10 . 2008-10-08 19:10	<DIR>	d--------	C:\Presets
2008-10-06 18:28 . 2008-10-06 19:38	<DIR>	d--------	C:\Documents and Settings\Mastos\Application Data\Apple Computer
2008-10-06 18:28 . 2008-04-17 12:12	107,368	--a------	C:\WINDOWS\system32\GEARAspi.dll
2008-10-06 18:28 . 2008-04-17 12:12	15,464	--a------	C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-10-06 18:27 . 2008-10-06 18:28	<DIR>	d--------	C:\Program Files\iTunes
2008-10-06 18:27 . 2008-10-06 18:27	<DIR>	d--------	C:\Program Files\iPod
2008-10-06 18:27 . 2008-10-06 18:28	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 18:26 . 2008-10-08 13:25	<DIR>	d--------	C:\Program Files\QuickTime
2008-10-06 18:26 . 2008-10-06 18:26	<DIR>	d--------	C:\Program Files\Common Files\Apple
2008-10-06 18:26 . 2008-10-06 18:26	<DIR>	d--------	C:\Program Files\Apple Software Update
2008-10-06 18:26 . 2008-10-08 14:10	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-06 15:57 . 2008-10-06 15:57	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\proDAD
2008-10-06 10:02 . 2008-10-06 10:02	<DIR>	d--------	C:\Documents and Settings\Mastos\Application Data\Ulead Systems
2008-10-06 09:58 . 2008-10-06 09:58	<DIR>	d--------	C:\Program Files\Common Files\InterVideo
2008-10-06 09:58 . 2008-10-06 09:58	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\InterVideo
2008-10-06 09:58 . 2002-11-22 01:57	204,800	--a------	C:\WINDOWS\system32\IVIresizeW7.dll
2008-10-06 09:58 . 2002-11-22 01:57	200,704	--a------	C:\WINDOWS\system32\IVIresizeA6.dll
2008-10-06 09:58 . 2002-11-22 01:57	192,512	--a------	C:\WINDOWS\system32\IVIresizeP6.dll
2008-10-06 09:58 . 2002-11-22 01:57	192,512	--a------	C:\WINDOWS\system32\IVIresizeM6.dll
2008-10-06 09:58 . 2002-11-22 01:57	188,416	--a------	C:\WINDOWS\system32\IVIresizePX.dll
2008-10-06 09:58 . 2002-11-22 01:57	20,480	--a------	C:\WINDOWS\system32\IVIresize.dll
2008-10-06 09:57 . 2008-10-08 17:46	<DIR>	d--------	C:\Program Files\Common Files\LightScribe
2008-10-06 09:53 . 2008-10-06 09:54	<DIR>	d--------	C:\Program Files\Common Files\Ulead Systems
2008-10-06 09:53 . 2008-10-06 09:55	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-10-05 09:22 . 2008-10-05 09:22	<DIR>	d--------	C:\Program Files\Paragon Software
2008-10-05 09:22 . 2008-01-21 16:43	4,244,744	--a------	C:\WINDOWS\system32\qtp-mt334.dll
2008-10-05 09:22 . 2008-01-21 16:43	247,560	--a------	C:\WINDOWS\system32\prgiso.dll
2008-10-05 09:22 . 2008-01-21 16:43	39,472	--a------	C:\WINDOWS\system32\drivers\hotcore3.sys
2008-10-05 09:22 . 2008-01-21 16:43	13,576	--a------	C:\WINDOWS\system32\wnaspi32.dll
2008-10-03 20:05 . 2008-10-03 20:05	<DIR>	d--------	C:\Program Files\Womble Multimedia
2008-10-03 18:22 . 2008-10-03 18:22	<DIR>	d--------	C:\Documents and Settings\Mastos\Application Data\Grass Valley
2008-10-03 18:21 . 2008-10-03 18:21	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Grass Valley
2008-10-03 18:16 . 2008-10-03 18:16	<DIR>	d--------	C:\Documents and Settings\Mastos\Application Data\Nero8
2008-10-03 18:11 . 2007-03-14 08:54	798,801	--a------	C:\WINDOWS\system32\cseuvec.dll
2008-10-03 18:11 . 2006-03-26 11:48	671,815	--a------	C:\WINDOWS\system32\csehqa.dll
2008-10-03 18:11 . 2007-07-12 12:56	532,480	--a------	C:\WINDOWS\system32\csdshowcodc.dll
2008-10-03 18:11 . 2002-10-28 22:00	376,832	--a------	C:\WINDOWS\system32\hlDVSD.dll
2008-10-03 18:11 . 2007-03-14 06:54	262,144	--a------	C:\WINDOWS\system32\cllccodc.dll
2008-10-03 18:11 . 2002-10-28 22:00	159,832	--a------	C:\WINDOWS\system32\cscDVSD.dll
2008-10-03 18:11 . 2004-10-12 23:00	122,961	--a------	C:\WINDOWS\system32\csellc.dll
2008-10-03 18:11 . 2006-10-30 09:56	69,632	--a------	C:\WINDOWS\system32\cuvccodc.dll
2008-10-03 18:11 . 2006-09-21 18:22	69,632	--a------	C:\WINDOWS\system32\cdv5codc.dll
2008-10-03 18:11 . 2006-09-21 18:22	65,536	--a------	C:\WINDOWS\system32\cdvhcodc.dll
2008-10-03 18:11 . 2002-12-02 10:42	49,152	--a------	C:\WINDOWS\system32\cvpcdvc.dll
2008-10-03 18:11 . 2006-05-01 12:08	4,096	--a------	C:\WINDOWS\system32\paveno.dll
2008-10-03 18:10 . 2008-10-03 18:10	<DIR>	d--------	C:\Program Files\Grass Valley
2008-10-03 18:10 . 2008-10-03 18:10	<DIR>	d--------	C:\Program Files\Common Files\Snell & Wilcox Shared
2008-10-03 18:10 . 2008-10-03 18:10	<DIR>	d--------	C:\Program Files\Common Files\Grass Valley
2008-10-03 18:10 . 2008-10-03 18:10	<DIR>	d--------	C:\Program Files\Common Files\Canopus Shared
2008-10-02 19:45 . 2004-07-27 15:22	63,232	--a------	C:\WINDOWS\system32\drivers\cxvcap.sys
2008-10-02 17:40 . 2008-10-02 17:40	<DIR>	d--------	C:\Documents and Settings\Mastos\Application Data\MainConcept

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-02 16:52	757,831,712	--sha-w	C:\windows\system32\drivers\fidbox.dat
2008-11-02 16:49	8,881,772	--sha-w	C:\windows\system32\drivers\fidbox.idx
2008-11-02 16:38	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\Skype
2008-11-01 17:02	---------	d-----w	C:\Program Files\Opera
2008-10-29 09:34	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\Alien Skin
2008-10-29 09:33	---------	d---a-w	C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-12 10:19	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-10-12 10:19	---------	d-----w	C:\Program Files\KWorld Multimedia
2008-10-03 17:45	---------	d-----w	C:\Program Files\honestech VHS to DVD 3.0
2008-10-03 17:23	---------	d-----w	C:\Program Files\HT MPEG Encoder 7.0 ProAuthor
2008-10-02 18:15	---------	d-----w	C:\Program Files\PC-TV
2008-10-02 15:39	---------	d-----w	C:\Program Files\Common Files\MainConcept
2008-10-02 12:36	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\FlyDS
2008-10-02 12:33	---------	d-----w	C:\Program Files\FlyDS
2008-10-01 15:09	---------	d-----w	C:\Program Files\Realtek
2008-10-01 12:38	---------	d-----w	C:\Program Files\FLY2000TV
2008-10-01 11:52	319,488	----a-w	C:\windows\HideWin.exe
2008-09-30 14:22	---------	d-----w	C:\Program Files\SlyDiman
2008-09-30 11:25	---------	d-----w	C:\Program Files\CyberLink
2008-09-30 10:10	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\KWorld Multimedia
2008-09-27 11:51	---------	d-----w	C:\Program Files\Hercules
2008-09-21 14:26	---------	d-----w	C:\Program Files\ESET
2008-09-21 11:06	---------	d-----w	C:\Program Files\BitAccelerator
2008-09-20 17:46	---------	d-----w	C:\Program Files\vmntoolbar
2008-09-20 13:25	---------	d-----w	C:\Program Files\Total Commander
2008-09-20 11:33	---------	d-----w	C:\Program Files\Common Files\INCA Shared
2008-09-20 10:48	---------	d-----w	C:\Documents and Settings\All Users\Application Data\ABBYY
2008-09-20 10:46	---------	d-----w	C:\Program Files\ABBYY FineReader 9.0
2008-09-20 10:44	---------	d-----w	C:\Program Files\Common Files\ABBYY
2008-09-20 09:05	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\vmntoolbar
2008-09-20 08:58	---------	d-----w	C:\Program Files\Easy CD-DA Extractor 12
2008-09-19 11:43	---------	d-----w	C:\Program Files\Mp3tag
2008-09-19 11:43	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\Mp3tag
2008-09-18 17:53	---------	d-----w	C:\Program Files\Download Master
2008-09-18 09:30	274,982	----a-w	C:\windows\Pragma Uninstaller.exe
2008-09-18 06:53	---------	d-----w	C:\Program Files\Daily Satellite Utilities
2008-09-16 15:21	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\TeamViewer
2008-09-16 06:38	---------	d-----w	C:\Program Files\Hotkey
2008-09-14 12:57	---------	d-----w	C:\Program Files\Astro Gemini Software
2008-09-12 14:53	---------	d-----w	C:\Program Files\TeamViewer3
2008-09-11 07:01	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\Winamp
2008-09-10 15:50	---------	d-----w	C:\Program Files\Winamp
2008-09-10 06:35	---------	d-----w	C:\Program Files\MagicTune Premium
2008-09-09 15:39	16,851,968	----a-w	C:\windows\RTHDCPL.EXE
2008-09-09 15:07	4,813,824	----a-w	C:\windows\system32\drivers\RtkHDAud.sys
2008-09-07 17:41	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\Playrix Entertainment
2008-09-07 17:41	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\Astro Gemini Software
2008-09-04 16:53	---------	d-----w	C:\Documents and Settings\Mastos\Application Data\skypePM
2008-08-29 07:18	87,336	----a-w	C:\windows\system32\dns-sd.exe
2008-08-29 06:53	61,440	----a-w	C:\windows\system32\dnssd.dll
2008-08-22 08:58	1,821,192	----a-w	C:\windows\system32\vcredist_x86.exe
2008-08-22 01:08	878,592	----a-w	C:\windows\system32\wininet.dll
2008-08-22 01:08	43,008	----a-w	C:\windows\system32\licmgr10.dll
2008-08-22 01:07	18,944	----a-w	C:\windows\system32\corpol.dll
2008-08-22 01:06	72,704	----a-w	C:\windows\system32\admparse.dll
2008-08-22 01:06	71,680	----a-w	C:\windows\system32\iesetup.dll
2008-08-22 01:06	434,176	----a-w	C:\windows\system32\vbscript.dll
2008-08-22 01:05	48,640	------w	C:\windows\system32\PrivacIE.dll
2008-08-22 01:05	48,128	----a-w	C:\windows\system32\mshtmler.dll
2008-08-22 01:05	35,840	----a-w	C:\windows\system32\imgutil.dll
2008-08-22 01:04	45,568	----a-w	C:\windows\system32\mshta.exe
2008-08-22 00:57	156,160	----a-w	C:\windows\system32\msls31.dll
2008-08-19 10:26	77,824	----a-w	C:\windows\SOUNDMAN.EXE
2008-08-06 12:51	1,200,128	----a-w	C:\windows\RtlUpd.exe
2008-08-05 15:55	265,720	----a-w	C:\windows\system32\msdbg2.dll
2008-05-25 14:41	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-06-15 14:26	16,176,640	----a-w	C:\Program Files\BorisFX9-20.avx
2006-06-23 22:48	32,768	-c--a-r	C:\windows\inf\UpdateUSB.exe
.

------- Sigcheck -------

2008-06-20 13:59  361600  ad978a1b783b5719720cff204b666c8e	C:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2004-08-04 01:14  359040  6a603809f598332dbedd535bdbce313e	C:\windows\$NtServicePackUninstall$\tcpip.sys
2008-04-13 23:50  361344  93ea8d04ec73a85db02eb8805988f733	C:\windows\$NtUninstallKB951748$\tcpip.sys
2008-04-14 00:50  361344  93ea8d04ec73a85db02eb8805988f733	C:\windows\ServicePackFiles\i386\tcpip.sys
2008-06-20 13:51  361600  9425b72f40257b45d45d24773273dad0	C:\windows\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"ASUS SmartDoctor"="C:\Program Files\ASUS\SmartDoctor\SmartDoctor.exe" [2007-12-18 1126400]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2006-05-16 57344]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
"Center Agent"="C:\Program Files\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe" [2008-08-29 1519616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TrueImageMonitor.exe"="C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe" [2005-10-25 1005180]
"Acronis Scheduler2 Service"="C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" [2005-10-25 118784]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"OM_Monitor"="C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2006-05-16 40960]
"RemoteControl8"="C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" [2008-03-20 83240]
"PDVD8LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" [2007-12-14 50472]
"BDRegion"="C:\Program Files\Cyberlink\Shared Files\brs.exe" [2008-05-19 91432]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-02-18 2221352]
"Ai Nap"="C:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe" [2007-04-09 1423360]
"Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2007-05-09 2130432]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-02-28 570664]
"Pragma5"="C:\Program Files\Trident Software\Pragma\prestart.exe" [2008-03-26 40960]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"CamserviceDP"="C:\Program Files\Hercules\DualPix Exchange\Camservice.exe" [2007-08-10 81920]
"NexusServer"="C:\Program Files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe" [2007-03-26 389120]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-10 289576]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2008-09-09 C:\WINDOWS\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 1294336]

C:\Documents and Settings\Mastos\ \ணࠬ\⮧㧪\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-05-02 113664]
Create virtual drive for Denwer.lnk - C:\WebServers\denwer\Boot.exe [2008-10-20 6656]
PowerInstall Softcam Updater.lnk - C:\Program Files\FreePack\PSU\PSU.EXE [2008-08-04 57124]
Remote Control.lnk - C:\Program Files\KWorld Multimedia\TV Tuner Card Utilities\HMCP3XCtl.exe [2008-09-30 77824]

C:\Documents and Settings\All Users\ \ணࠬ\⮧㧪\
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe [2008-09-10 36864]
Microtek Scanner Finder.lnk - C:\Program Files\Microtek\ScanWizard 5\ScannerFinder.exe [2008-05-02 344064]
NCProTray.lnk - C:\Program Files\SEC\Natural Color Pro\NCProTray.exe [2008-08-30 49220]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"vidc.asv2"= asusasv2.dll
"VIDC.MJPG"= pvmjpg21.dll
"msacm.l3codec"= l3codecp.acm
"vidc.CDVC"= cdvccodc.dll
"vidc.dvsd"= hldvsd.dll
"vidc.cmic"= cmiccodc.dll
"vidc.CDVH"= cdvhcodc.dll
"vidc.CUVC"= cuvccodc.dll
"vidc.CLLC"= cllccodc.dll
"vidc.CDV5"= cdv5codc.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^ ^^^Total Commander.lnk]
backup=C:\windows\pss\Total Commander.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^ ^^^WinManager.lnk]
backup=C:\WINDOWS\pss\WinManager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Mastos^ ^^^PowerInstall Softcam Updater.lnk]
backup=C:\windows\pss\PowerInstall Softcam Updater.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Mastos^ ^^^Total Commander.lnk]
backup=C:\windows\pss\Total Commander.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSGamerOSD]
--a------ 2007-10-23 16:48 380928 C:\Program Files\ASUS\GamerOSD\GamerOSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Daily Satellite Utilities]
--a------ 2008-09-16 20:58 823296 C:\Program Files\Daily Satellite Utilities\DSU v1.0.4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pragma5]
--a------ 2008-08-01 13:46 393216 C:\Program Files\Trident Software\Pragma\pragma.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 878BDA;DVB-TV 878 BDA Driver;C:\windows\system32\Drivers\878BDA.sys [2006-04-04 86016]
R0 hotcore3;hotcore3;C:\windows\system32\drivers\hotcore3.sys [2008-01-21 39472]
R1 EIO_XP;EIO_XP;C:\WINDOWS\system32\drivers\EIO_XP.sys [2006-06-14 12288]
R1 is-QSI37drv;is-QSI37drv;C:\windows\system32\DRIVERS\29167242.sys [2008-07-08 148496]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl [2008-05-15 11:07 61424]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-05-19 660768]
R3 3xHybrid;3xHybrid service;C:\windows\system32\DRIVERS\3xHybrid.sys [2007-10-16 945920]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;C:\windows\system32\drivers\asusgsb.sys [2007-10-23 12416]
R3 ASUSVRC;ASUSTeK Virtual Capture Device;C:\windows\system32\DRIVERS\AsusVRC.sys [2007-01-29 18432]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\windows\system32\DRIVERS\atl01_xp.sys [2007-03-15 38656]
R3 camfilt2;camfilt2;C:\windows\system32\Drivers\camfilt2.sys [2007-05-29 94208]
R3 Video3D;ASUS Video3D Service;C:\windows\system32\Drivers\Video3D32.sys [2007-10-23 10752]
S1 eusk2par;EUTRON SmartKey Parallel Driver;C:\windows\system32\Drivers\eusk2par.sys [2004-11-18 24786]
S2 BT848;KWorld TV878 Video Capture;C:\windows\system32\drivers\cxvcap.sys [2004-07-27 63232]
S2 PTsup5;PsViatau;C:\Program Files\Trident Software\Pragma\ptsup5.exe [2008-03-26 77824]
S3 DtvAudio;DtvAudio;C:\windows\system32\DRIVERS\DtvAudio.sys [ ]
S3 DtvVideo;DtvVideo;C:\windows\system32\DRIVERS\DtvVideo.sys [ ]
S3 FlyDrv;FlyDrv;E:\TV-TUN~1\FLY200~1.38\FlyTest\FlyDrv.sys [2003-07-12 4116]
S3 Mama;Mama Hardware Access Driver;C:\windows\system32\DRIVERS\Mama.sys [2008-04-22 4864]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 VPNET;DTVNet Ethernet Controller;C:\windows\system32\DRIVERS\DTVNet.sys [2006-03-13 19712]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\autorun.exe
.
- - - - ORPHANS REMOVED - - - -

Notify-WgaLogon - (no file)
SafeBoot-ati1dxxx.sys
SafeBoot-ati2lbxx.sys
SafeBoot-ati4wexx.sys
SafeBoot-ati5vtxx.sys
SafeBoot-ati6jyxx.sys
SafeBoot-ati6rhxx.sys
SafeBoot-ati7elxx.sys
SafeBoot-ati7etxx.sys
SafeBoot-Jmt76.sys
SafeBoot-Vgm07.sys
SafeBoot-Winco42.sys
SafeBoot-Winfi20.sys
SafeBoot-Winfr86.sys
SafeBoot-Winhb64.sys
SafeBoot-Winhs42.sys
SafeBoot-Winna75.sys
SafeBoot-Winqm20.sys
SafeBoot-Winsm53.sys
SafeBoot-Winug20.sys
SafeBoot-Winxk18.sys
SafeBoot-Winyd20.sys


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Mastos\Application Data\Mozilla\Firefox\Profiles\5ru9kife.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - about:blank
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 18:50:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD8\[u]0[/u]00.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\MagicTune Premium\MagicTuneEngine.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\MagicTune Premium\MagicTune.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2008-11-02 18:59:21 - machine was rebooted [Mastos]
ComboFix-quarantined-files.txt  2008-11-02 16:59:17

Pre-Run: 22849347584  
Post-Run: 23,541,993,472  

382
