Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:53, on 2008-07-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F540F83-102D-41B7-A23F-5E7BB2356C17} - C:\WINDOWS\system32\rqRhffgG.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7D8F380F-E933-4E5E-8646-CF8CD05AB32D} - (no file)
O2 - BHO: (no name) - {992E4188-36F5-4726-89BC-F5AB2690D74C} - C:\WINDOWS\system32\yayyXOFU.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [System Updater Machine] system.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [LSA Shellu] C:\Documents and Settings\Administrator\lsass.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\RunServices: [System Updater Machine] system.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215171345843
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: pmnlihEw - C:\WINDOWS\
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 6874 bytes

After applying combofix.exe, I get the following resutls.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:07 µµ, on 16/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1215171345843
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe

--
End of file - 6367 bytes
**********************************************************
ComboFix 08-07-14.2 - Administrator 2008-07-16 13:07:08.1 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\services.exe
C:\WINDOWS\evrb.exe
C:\WINDOWS\mrvtdpqe.exe
C:\WINDOWS\system32\_004538_.tmp.dll
C:\WINDOWS\system32\bbtxkftt.ini
C:\WINDOWS\system32\GgffhRqr.ini
C:\WINDOWS\system32\GgffhRqr.ini2
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnlihEw.dll
C:\WINDOWS\system32\ttfkxtbb.dll
C:\WINDOWS\system32\UFOXyyay.ini
C:\WINDOWS\system32\UFOXyyay.ini2
C:\WINDOWS\system32\wfdqrcry.ini
C:\WINDOWS\system32\yrcrqdfw.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.

2008-07-16 12:53 . 2008-07-16 12:53 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-10 16:12 . 2008-07-10 16:12 <DIR> d-------- C:\Documents and Settings\Administrator\cbt
2008-07-10 16:10 . 2008-07-10 16:10 <DIR> d-------- C:\WINDOWS\Sun
2008-07-09 11:33 . 2004-06-14 14:56 427,864 --a------ C:\WINDOWS\system32\XceedZip.dll
2008-07-09 11:32 . 2008-07-09 11:32 <DIR> d-------- C:\Program Files\Driver-Soft
2008-07-08 11:52 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-07-08 10:39 . 2008-07-08 11:44 <DIR> d-------- C:\Program Files\SDL International
2008-07-08 10:39 . 2008-07-08 10:39 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-07-08 10:11 . 2008-07-08 11:52 <DIR> d-------- C:\Program Files\Java
2008-07-08 10:10 . 2008-07-08 10:10 <DIR> d-------- C:\Program Files\Common Files\Java
2008-07-08 09:49 . 2008-07-08 11:31 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-08 09:30 . 2008-07-08 09:30 <DIR> d-------- C:\Program Files\SDL Trados 2007 lic
2008-07-07 13:31 . 2008-07-07 13:31 <DIR> d-------- C:\Program Files\Lavalys
2008-07-07 13:22 . 2008-07-07 13:22 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-07 13:22 . 2008-07-08 10:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-07-07 12:43 . 2008-07-07 13:23 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-05 08:06 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-05 08:06 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-04 13:25 . 2008-04-23 07:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-07-04 13:25 . 2008-04-23 07:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-07-04 13:25 . 2008-04-23 07:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-07-04 13:25 . 2008-04-23 07:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-07-04 13:25 . 2008-04-23 07:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-07-04 13:25 . 2008-04-22 10:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-07-04 13:24 . 2008-04-23 07:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-07-04 13:24 . 2007-04-17 12:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-07-04 13:24 . 2007-03-08 08:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-07-04 13:21 . 2008-07-04 13:21 25 --a------ C:\WINDOWS\mixerdef.ini
2008-07-04 12:55 . 2008-06-13 14:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-04 12:53 . 2008-05-07 08:12 1,288,192 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-07-04 12:53 . 2008-05-08 17:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-07-04 12:36 . 2008-04-13 21:47 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-07-04 12:36 . 2008-04-13 21:47 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-07-04 12:27 . 2008-07-04 12:34 <DIR> d-------- C:\Program Files\HP DeskJet 6540 drivers
2008-07-04 11:34 . 2008-07-04 11:34 10,885,192 --a------ C:\Program Files\6500_enu_win2k_xpinfu.exe
2008-07-04 11:09 . 2008-07-04 11:09 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-07-04 10:53 . 2008-07-04 12:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
2008-07-04 10:47 . 2008-07-04 10:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-07-04 10:29 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-07-04 10:22 . 2008-07-04 10:22 <DIR> d-------- C:\Program Files\MSBuild
2008-07-04 10:22 . 2008-07-04 10:22 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-04 10:07 . 2008-07-04 11:04 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-04 10:04 . 2008-07-09 12:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-04 10:01 . 2008-07-04 10:01 <DIR> dr-h----- C:\MSOCache
2008-07-04 09:51 . 2008-07-04 09:51 <DIR> d-------- C:\Program Files\uTorrent
2008-07-04 09:51 . 2008-07-04 13:19 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-07-04 09:47 . 2008-04-13 22:17 83,072 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-07-04 09:47 . 2008-04-13 22:17 83,072 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-07-04 09:47 . 2008-04-13 21:45 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-07-04 09:47 . 2008-04-13 21:45 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2008-07-04 09:47 . 2008-04-13 21:45 6,272 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-04 09:47 . 2008-04-13 21:45 6,272 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-04 09:45 . 2008-04-13 21:45 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-07-04 09:45 . 2008-04-13 21:45 10,624 --a--c--- C:\WINDOWS\system32\dllcache\gameenum.sys
2008-07-04 09:45 . 2008-04-13 21:39 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-07-04 09:45 . 2008-04-13 21:39 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2008-07-04 09:44 . 2008-04-13 22:19 146,048 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-07-04 09:44 . 2008-04-13 22:19 146,048 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-07-04 09:44 . 2008-04-14 03:12 129,536 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-07-04 09:44 . 2008-04-14 03:12 129,536 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-07-04 09:44 . 2008-04-13 21:45 60,160 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-07-04 09:44 . 2008-04-13 21:45 60,160 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-07-04 09:44 . 2008-04-14 03:11 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-07-04 09:44 . 2008-04-14 03:11 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-07-03 18:12 . 2008-07-03 18:12 <DIR> d-------- C:\VundoFix Backups
2008-07-03 17:18 . 2008-07-03 17:18 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-07-03 17:18 . 2008-07-03 17:18 <DIR> d-------- C:\WINDOWS\system32\en
2008-07-03 17:18 . 2008-07-03 17:18 <DIR> d-------- C:\WINDOWS\system32\bits
2008-07-03 17:18 . 2008-07-03 17:18 <DIR> d-------- C:\WINDOWS\l2schemas
2008-07-03 17:02 . 2008-07-03 17:20 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-07-03 16:05 . 2004-08-04 15:00 381,425 -----c--- C:\WINDOWS\system32\dllcache\copycd.wmv
2008-07-03 16:05 . 2004-07-17 22:55 129,045 --------- C:\WINDOWS\system32\drivers\cxthsfs2.cty
2008-07-03 16:05 . 2004-08-04 15:00 9,585 -----c--- C:\WINDOWS\system32\dllcache\controls.css
2008-07-03 16:05 . 2004-08-04 15:00 8,298 -----c--- C:\WINDOWS\system32\dllcache\contents.htm
2008-07-03 16:05 . 2004-08-04 15:00 6,878 -----c--- C:\WINDOWS\system32\dllcache\controls.js
2008-07-03 16:05 . 2004-08-04 15:00 999 -----c--- C:\WINDOWS\system32\dllcache\bktrh.gif
2008-07-03 16:05 . 2004-08-04 15:00 773 -----c--- C:\WINDOWS\system32\dllcache\cnth.gif
2008-07-03 16:05 . 2004-08-04 15:00 773 -----c--- C:\WINDOWS\system32\dllcache\cnt.gif
2008-07-03 16:05 . 2004-08-04 15:00 772 -----c--- C:\WINDOWS\system32\dllcache\cntd.gif
2008-07-03 16:05 . 2004-08-04 15:00 760 -----c--- C:\WINDOWS\system32\dllcache\cloapph.gif
2008-07-03 16:05 . 2004-08-04 15:00 717 -----c--- C:\WINDOWS\system32\dllcache\cloapp.gif
2008-07-03 15:15 . 2008-07-09 11:52 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-07-03 15:15 . 2007-08-10 20:46 26,488 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-07-03 15:07 . 2005-06-21 16:43 163,840 --a------ C:\WINDOWS\system32\igfxres.dll
2008-07-03 15:00 . 2008-07-03 15:00 6,181,783 --a------ C:\Program Files\DriverDisplayAdapter.exe
2008-07-03 14:25 . 2008-06-30 11:50 417 --a------ C:\WINDOWS\system32\Driver.nfo
2008-07-03 12:56 . 2008-07-03 12:56 <DIR> d--hs---- C:\Documents and Settings\Administrator\UserData
2008-07-03 12:15 . 2008-07-16 12:25 358 --a------ C:\WINDOWS\wininit.ini
2008-07-03 11:04 . 2008-07-03 11:05 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-03 11:04 . 2008-07-03 11:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-03 11:03 . 2008-07-03 11:56 <DIR> d-------- C:\WINDOWS\system32\modtrux18
2008-07-03 11:03 . 2008-07-03 11:03 <DIR> d-------- C:\Temp\syschk3
2008-07-03 11:03 . 2008-07-03 11:03 <DIR> d-------- C:\Temp
2008-06-20 20:46 . 2008-06-20 20:46 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 20:46 . 2008-06-20 20:46 147,968 -----c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 14:51 . 2008-06-20 14:51 361,600 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 14:40 . 2008-06-20 14:40 138,496 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 14:08 . 2008-06-20 14:08 225,856 -----c--- C:\WINDOWS\system32\dllcache\tcpip6.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-04 12:11 --------- d-----w C:\Program Files\ESET
2008-07-03 07:58 512,096 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-07-03 07:58 298,104 ----a-w C:\WINDOWS\system32\imon.dll
2008-07-03 07:58 15,424 ----a-w C:\WINDOWS\system32\drivers\nod32drv.sys
2008-07-03 07:44 --------- d-----w C:\Program Files\microsoft frontpage
2008-06-30 08:51 5,874 ----a-w C:\WINDOWS\system32\drivers\igfxnt5.cat
2008-06-30 08:51 3,056 ----a-w C:\WINDOWS\system32\drivers\BackupLog.txt
2008-06-30 08:50 417 ----a-w C:\WINDOWS\system32\drivers\Driver.nfo
2008-06-28 05:35 676,224 ----a-w C:\WINDOWS\system32\OGACheckControl.DLL
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 11:51 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:40 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 11:08 225,856 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 09:30 524,288 ----a-w C:\WINDOWS\opuc.dll
2008-05-09 10:53 90,112 ----a-w C:\WINDOWS\system32\wshext.dll
2008-05-09 10:53 430,080 ----a-w C:\WINDOWS\system32\vbscript.dll
2008-05-09 10:53 180,224 ----a-w C:\WINDOWS\system32\scrobj.dll
2008-05-09 10:53 172,032 ----a-w C:\WINDOWS\system32\scrrun.dll
2008-05-08 11:24 155,648 ----a-w C:\WINDOWS\system32\wscript.exe
2008-05-07 09:07 135,168 ----a-w C:\WINDOWS\system32\cscript.exe
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 03:12 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-07-03 10:58 949376]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 19:54 623992]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"C-Media Mixer"="Mixer.exe" [2002-10-15 18:00 1818624 C:\WINDOWS\mixer.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 03:12 15360]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2007-08-24 04:45:42 101784]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a26dfcfc-4c2a-11dd-9ce9-0040ca313784}]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d772c522-4c03-11dd-9ce8-0040ca313784}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

.
- - - - ORPHANS REMOVED - - - -

BHO-{0F540F83-102D-41B7-A23F-5E7BB2356C17} - C:\WINDOWS\system32\rqRhffgG.dll
BHO-{992E4188-36F5-4726-89BC-F5AB2690D74C} - C:\WINDOWS\system32\yayyXOFU.dll
Notify-pmnlihEw - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 13:15:26
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
.
**************************************************************************
.
Completion time: 2008-07-16 13:28:45 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-07-16 10:28:18

Pre-Run: 7,578,357,760 bytes free
Post-Run: 8,257,744,896 bytes free

208 --- E O F --- 2008-07-08 23:12:42