Help with my hjt log

[Russ234]

ComboFix 08-02-16.2 - Russ 2008-02-17 14:49:10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1607 [GMT -8:00]
Running from: D:\SystemSetup\New SpyWare\ComboFix.exe
Command switches used :: C:\Documents and Settings\Russ\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system32\CheckDll.dll
C:\WINDOWS\system32\jabbnjwc.dll
C:\WINDOWS\system32\ProxySettings.ini
C:\WINDOWS\system32\SDEarlyDelete.exe
C:\WINDOWS\system32\SDRemoveDB.db
C:\WINDOWSkj01d.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\SpywareDetector
C:\Program Files\SpywareDetector\Data\SD10.DB
C:\Program Files\SpywareDetector\SDLiveupdate\ServerVersion.txt
C:\Program Files\SpywareDetector\Setting\CurrentSettings.ini
C:\Program Files\SpywareDetector\Setting\English_Strings.ini
C:\Program Files\SpywareDetector\Setting\Export.ini
C:\WINDOWS\system\SysSD.dll
C:\WINDOWS\system32\cz6
C:\WINDOWS\system32\rp4
C:\WINDOWS\system32\SDRemoveDB.db
C:\WINDOWSkj01d.sys

.
((((((((((((((((((((((((( Files Created from 2008-01-17 to 2008-02-17 )))))))))))))))))))))))))))))))
.

2008-02-15 14:34 . 2008-02-15 14:34 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-14 16:13 . 2008-02-15 13:29 227 --a------ C:\WINDOWS\wininit.ini
2008-02-14 16:01 . 2008-02-14 16:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-14 16:01 . 2008-02-14 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 13:22 . 2008-02-13 13:22 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-13 13:10 . 2008-02-13 13:10 <DIR> d-------- C:\Program Files\Panicware
2008-02-12 15:06 . 2008-02-12 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-02-12 14:41 . 2008-02-12 15:12 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-02-12 14:41 . 2008-02-12 14:52 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\Vso
2008-02-12 14:41 . 2008-02-12 14:41 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-12 14:41 . 2008-02-12 14:41 47,360 --a------ C:\Documents and Settings\Russ\Application Data\pcouffin.sys
2008-02-10 14:04 . 2008-02-10 14:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-10 14:03 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-10 14:03 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-10 14:03 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-10 14:03 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-10 14:03 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-02-10 14:03 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-02-08 14:09 . 2008-02-08 14:09 <DIR> d-------- C:\Webshots Data
2008-02-08 13:11 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-02-08 13:11 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-02-08 13:11 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-02-06 09:22 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-02-06 09:22 . 2002-03-04 12:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2008-02-06 09:22 . 2004-05-11 09:56 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2008-02-06 09:22 . 2001-07-28 12:50 265,753 --a------ C:\WINDOWS\system32\AS-Exp2.ocx
2008-02-06 09:22 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-02-06 09:22 . 2001-03-28 22:02 89,088 --a------ C:\WINDOWS\system32\ProgressBar4.ocx
2008-02-06 09:22 . 2001-04-20 01:28 28,672 --a------ C:\WINDOWS\system32\systray.ocx
2008-02-06 09:22 . 1999-01-26 19:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
2008-02-06 09:22 . 2006-05-31 15:38 10,752 --a------ C:\WINDOWS\system32\md5.dll
2008-02-05 18:07 . 2008-02-05 18:07 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-05 18:07 . 2008-02-05 18:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-31 18:32 . 2008-01-31 17:49 732,056 --a------ C:\WINDOWS\system32\Splash.bmp
2008-01-31 18:08 . 2008-01-31 18:08 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\Microsoft Games
2008-01-31 17:29 . 2008-01-31 17:29 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-31 12:40 . 2008-02-14 16:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 12:40 . 2008-01-31 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-01-31 12:40 . 2007-09-17 14:31 1,126,072 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2008-01-31 12:40 . 2007-04-12 02:58 300,816 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-01-31 12:40 . 2007-09-17 14:40 202,768 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-01-31 12:40 . 2007-04-12 02:58 112,400 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2008-01-31 12:40 . 2007-04-12 02:58 75,792 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2008-01-31 12:40 . 2007-09-17 14:40 35,856 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-01-31 10:35 . 2008-01-31 10:35 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-01-31 08:54 . 2008-01-31 08:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Prevx
2008-01-31 08:53 . 2008-01-31 08:54 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\PrevxCSI
2008-01-29 12:31 . 2008-01-29 12:31 84,723 --a------ C:\WINDOWS\system32\instdump.dmp
2008-01-20 10:51 . 2008-01-20 10:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 01:45 --------- d-----w C:\Program Files\Google
2008-02-14 21:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-07 18:03 --------- d-----w C:\Documents and Settings\Russ\Application Data\Lavasoft
2008-02-05 19:09 --------- d-----w C:\Documents and Settings\Russ\Application Data\U3
2008-02-03 02:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-01 02:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 03:07 --------- d-----w C:\Program Files\HP
2008-01-10 23:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-10 14:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-10 14:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 14:34 --------- d-----w C:\Documents and Settings\Russ\Application Data\InterTrust
2008-01-10 01:12 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-01-10 01:12 --------- d-----w C:\Program Files\CyberLink
2008-01-05 23:34 --------- d-----w C:\Documents and Settings\Russ\Application Data\Canon
2008-01-03 03:15 --------- d-----w C:\Documents and Settings\Russ\Application Data\ESET
2008-01-03 03:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-01-01 23:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-01 19:48 49,420 ----a-w C:\WINDOWS\system32\drivers\XMS1563K.SYS
2007-12-31 15:51 --------- d-----w C:\Program Files\Macromedia
2007-12-31 04:57 --------- d-----w C:\Program Files\Rebellious Antics
2007-12-31 04:39 --------- d-----w C:\Program Files\Webshots
2007-12-31 04:39 --------- d-----w C:\Documents and Settings\Russ\Application Data\Webshots
2007-12-31 03:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2007-12-31 03:18 --------- d-----w C:\Program Files\SlySoft
2007-12-31 03:13 --------- d-----w C:\Program Files\DVD Shrink
2007-12-31 03:09 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-31 03:09 --------- d-----w C:\Program Files\Ahead
2007-12-30 22:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2007-12-30 22:28 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-12-30 22:22 --------- d-----w C:\Program Files\Canon
2007-12-30 22:20 --------- d-----w C:\Program Files\ScanSoft
2007-12-30 22:20 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-12-30 22:20 --------- d-----w C:\Documents and Settings\Russ\Application Data\ScanSoft
2007-12-30 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanWizard
2007-12-30 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
2007-12-30 20:38 --------- d-----w C:\Program Files\Neato
2007-12-30 20:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Fellowes
2007-12-30 17:40 --------- d-----w C:\Documents and Settings\Russ\Application Data\InstallShield Installation Information
2007-12-30 17:30 --------- d-----w C:\Program Files\Unreal Tournament 3
2007-12-30 17:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 17:30 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-30 17:06 --------- d-----w C:\Program Files\Razer
2007-12-30 06:21 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-30 06:21 --------- d-----w C:\Program Files\Common Files\HP
2007-12-30 06:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sonic
2007-12-30 06:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-12-30 06:20 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-30 06:08 --------- d-----w C:\Documents and Settings\Russ\Application Data\HP
2007-12-30 02:43 --------- d-----w C:\Program Files\Siber Systems
2007-12-30 02:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\RoboForm
2007-12-29 18:13 --------- d-----w C:\Program Files\Creative
2007-12-29 17:52 --------- d-----w C:\Program Files\Microsoft Works
2007-12-29 16:32 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-12-29 16:16 558,142 ----a-w C:\WINDOWS\java\Packages\MH71JBNB.ZIP
2007-12-29 16:16 155,995 ----a-w C:\WINDOWS\java\Packages\5R3TJDNR.ZIP
2007-12-29 16:16 --------- d-----w C:\Program Files\microsoft frontpage
2007-11-21 12:15 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
2005-05-12 07:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2007-12-14 14:33 1637312]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-08 16:36 8527872]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-08 16:36 81920]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 02:58 3429904]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [ ]

C:\Documents and Settings\Russ\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-12-30 20:39:33 157008]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Russ^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Russ\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Russ^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Russ\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-08-13 01:00 40960 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2002-09-02 18:55 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-09-11 11:04 53248 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 08:35 49152 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
--a------ 2004-03-25 15:48 53248 C:\Program Files\Neato\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 02:49 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
--a------ 2006-02-17 10:40 270336 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-08 16:36 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
-ra------ 2003-07-07 10:29 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razer]
--a------ 2005-09-06 11:52 155648 C:\Program Files\Razer\Copperhead\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
--a------ 2002-09-23 01:08 2752822 C:\Program Files\Creative\SBAudigy2\Program\Startup Menu\Audigy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDAutoLiveupdate]
C:\Program Files\SpywareDetector\LiveUpdateSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TapiSrv"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)

R0 XMS1563K;XMS1563K;C:\WINDOWS\system32\drivers\XMS1563K.sys [2008-01-01 11:48]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-08-04 23:51]
R3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-07-30 10:25]
S0 MFX;MFX;C:\WINDOWS\system32\drivers\MFX.sys [2003-08-19 08:33]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ae30826-b636-11dc-a9ef-001d60a1ebe0}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-17 14:50:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-17 14:50:57
ComboFix-quarantined-files.txt 2008-02-17 22:50:43
ComboFix2.txt 2008-02-17 00:09:03
.
2007-12-30 11:05:02 --- E O F ---

[__RiP_ChAiN_]

I went to the MS address you had listed, as i have Windows XP PRO SP-2 and it said to download this file. is the correct?

Windows XP Professional with Service Pack 2 Utility: Setup Disks for Floppy Boot Install

Yes, that is correct. Combofix should have produced a short log from it, if done corrrectly. the log would be located at: C:\CF-RC.txt

[Russ234]

I couldnt get it to make the log file CF.RC.txt, but here is the Combofix log.
ComboFix 08-02-18.1 - Russ 2008-02-20 15:26:24.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1532 [GMT -8:00]
Running from: C:\Documents and Settings\Russ\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Russ\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\koos.exe
C:\WINDOWS\system32\kprof
C:\WINDOWS\system32\poof

.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.

2008-02-19 16:25 . 2008-02-20 10:00 <DIR> d-------- C:\RC.exe
2008-02-17 14:59 . 2008-02-20 09:48 2,443 --a------ C:\WINDOWS\system32\SDRemoveDB.db
2008-02-17 14:58 . 2008-02-20 15:28 <DIR> d-------- C:\Program Files\SpywareDetector
2008-02-17 14:58 . 2007-03-19 12:39 270,336 --a------ C:\WINDOWS\system32\CheckDll.dll
2008-02-17 14:58 . 2008-01-25 18:58 67,024 --a------ C:\WINDOWS\system32\CloseAll.exe
2008-02-17 14:58 . 2008-01-30 11:03 6,144 --a------ C:\WINDOWS\system32\SDEarlyDelete.exe
2008-02-17 14:58 . 2008-02-20 09:41 123 --a------ C:\WINDOWS\system\SysSD.dll
2008-02-17 14:58 . 2005-02-06 09:02 104 --a------ C:\WINDOWS\system32\ProxySettings.ini
2008-02-15 14:34 . 2008-02-15 14:34 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-02-14 16:13 . 2008-02-15 13:29 227 --a------ C:\WINDOWS\wininit.ini
2008-02-14 16:01 . 2008-02-14 16:01 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-14 16:01 . 2008-02-14 16:14 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2008-02-13 13:22 . 2008-02-13 13:22 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-13 13:10 . 2008-02-13 13:10 <DIR> d-------- C:\Program Files\Panicware
2008-02-12 15:06 . 2008-02-12 15:06 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2008-02-12 14:41 . 2008-02-12 15:12 <DIR> d-------- C:\Program Files\DVDFab Platinum 4
2008-02-12 14:41 . 2008-02-18 10:44 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\Vso
2008-02-12 14:41 . 2008-02-12 14:41 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2008-02-12 14:41 . 2008-02-12 14:41 47,360 --a------ C:\Documents and Settings\Russ\Application Data\pcouffin.sys
2008-02-10 14:04 . 2008-02-10 14:04 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-02-10 14:03 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2008-02-10 14:03 . 2003-02-28 18:26 46,352 --a------ C:\WINDOWS\setdebug.exe
2008-02-10 14:03 . 2003-02-28 16:54 7,315 --a------ C:\WINDOWS\system32\javasup.vxd
2008-02-10 14:03 . 2003-02-28 16:35 6,550 --a------ C:\WINDOWS\jautoexp.dat
2008-02-10 14:03 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedon.reg
2008-02-10 14:03 . 2003-02-28 16:38 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2008-02-08 14:09 . 2008-02-08 14:09 <DIR> d-------- C:\Webshots Data
2008-02-08 13:11 . 2007-11-15 18:46 83,288 --a------ C:\WINDOWS\system32\LMIRfsClientNP.dll
2008-02-08 13:11 . 2007-08-03 15:09 46,112 --a------ C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2008-02-08 13:11 . 2007-11-15 18:46 21,496 --a------ C:\WINDOWS\system32\LMIport.dll
2008-02-06 09:22 . 2005-08-27 02:38 1,435,272 --a------ C:\WINDOWS\system32\Flash.ocx
2008-02-06 09:22 . 2002-03-04 12:27 1,140,472 --a------ C:\WINDOWS\system32\IGUltraGrid20.ocx
2008-02-06 09:22 . 2004-05-11 09:56 423,784 --a------ C:\WINDOWS\system32\XceedBkp.dll
2008-02-06 09:22 . 2001-07-28 12:50 265,753 --a------ C:\WINDOWS\system32\AS-Exp2.ocx
2008-02-06 09:22 . 2004-03-08 23:00 131,856 --a------ C:\WINDOWS\system32\MSADODC.ocx
2008-02-06 09:22 . 2001-03-28 22:02 89,088 --a------ C:\WINDOWS\system32\ProgressBar4.ocx
2008-02-06 09:22 . 2001-04-20 01:28 28,672 --a------ C:\WINDOWS\system32\systray.ocx
2008-02-06 09:22 . 1999-01-26 19:36 11,012 --a------ C:\WINDOWS\system32\threadapi.tlb
2008-02-06 09:22 . 2006-05-31 15:38 10,752 --a------ C:\WINDOWS\system32\md5.dll
2008-02-05 18:07 . 2008-02-05 18:07 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-05 18:07 . 2008-02-05 18:07 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2008-01-31 18:32 . 2008-01-31 17:49 732,056 --a------ C:\WINDOWS\system32\Splash.bmp
2008-01-31 18:08 . 2008-01-31 18:08 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\Microsoft Games
2008-01-31 17:29 . 2008-01-31 17:29 <DIR> d-------- C:\Program Files\Microsoft Games
2008-01-31 12:40 . 2008-02-14 16:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-31 12:40 . 2008-01-31 12:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trend Micro
2008-01-31 12:40 . 2007-09-17 14:31 1,126,072 --a------ C:\WINDOWS\system32\drivers\vsapint.sys
2008-01-31 12:40 . 2007-04-12 02:58 300,816 --a------ C:\WINDOWS\system32\drivers\TM_CFW.sys
2008-01-31 12:40 . 2007-09-17 14:40 202,768 --a------ C:\WINDOWS\system32\drivers\tmxpflt.sys
2008-01-31 12:40 . 2007-04-12 02:58 112,400 --a------ C:\WINDOWS\system32\drivers\tm_mbd_c.sys
2008-01-31 12:40 . 2007-04-12 02:58 75,792 --a------ C:\WINDOWS\system32\drivers\tmtdi.sys
2008-01-31 12:40 . 2007-09-17 14:40 35,856 --a------ C:\WINDOWS\system32\drivers\tmpreflt.sys
2008-01-31 10:35 . 2008-01-31 10:35 1,152 --a------ C:\WINDOWS\system32\windrv.sys
2008-01-31 08:54 . 2008-01-31 08:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Prevx
2008-01-31 08:53 . 2008-01-31 08:54 <DIR> d-------- C:\Documents and Settings\Russ\Application Data\PrevxCSI
2008-01-29 12:31 . 2008-01-29 12:31 84,723 --a------ C:\WINDOWS\system32\instdump.dmp
2008-01-20 10:51 . 2008-01-20 10:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-17 01:45 --------- d-----w C:\Program Files\Google
2008-02-14 21:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-07 18:03 --------- d-----w C:\Documents and Settings\Russ\Application Data\Lavasoft
2008-02-05 19:09 --------- d-----w C:\Documents and Settings\Russ\Application Data\U3
2008-02-03 02:36 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2008-02-01 02:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 03:07 --------- d-----w C:\Program Files\HP
2008-01-10 23:54 --------- d---a-w C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-01-10 14:42 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-10 14:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-10 01:12 --------- d-----w C:\Program Files\CyberLink
2008-01-05 23:34 --------- d-----w C:\Documents and Settings\Russ\Application Data\Canon
2008-01-03 03:15 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\ESET
2008-01-01 23:25 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2008-01-01 19:48 49,420 ----a-w C:\WINDOWS\system32\drivers\XMS1563K.SYS
2007-12-31 15:51 --------- d-----w C:\Program Files\Macromedia
2007-12-31 04:57 --------- d-----w C:\Program Files\Rebellious Antics
2007-12-31 04:39 --------- d-----w C:\Program Files\Webshots
2007-12-31 04:39 --------- d-----w C:\Documents and Settings\Russ\Application Data\Webshots
2007-12-31 03:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SlySoft
2007-12-31 03:18 --------- d-----w C:\Program Files\SlySoft
2007-12-31 03:13 --------- d-----w C:\Program Files\DVD Shrink
2007-12-31 03:09 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-31 03:09 --------- d-----w C:\Program Files\Ahead
2007-12-30 22:29 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Adobe Systems
2007-12-30 22:28 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2007-12-30 22:22 --------- d-----w C:\Program Files\Canon
2007-12-30 22:20 --------- d-----w C:\Program Files\ScanSoft
2007-12-30 22:20 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-12-30 22:20 --------- d-----w C:\Documents and Settings\Russ\Application Data\ScanSoft
2007-12-30 22:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanWizard
2007-12-30 22:20 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\SSScanAppDataDir
2007-12-30 20:38 --------- d-----w C:\Program Files\Neato
2007-12-30 20:38 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Fellowes
2007-12-30 17:40 --------- d-----w C:\Documents and Settings\Russ\Application Data\InstallShield Installation Information
2007-12-30 17:30 --------- d-----w C:\Program Files\Unreal Tournament 3
2007-12-30 17:30 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2007-12-30 17:30 --------- d-----w C:\Program Files\AGEIA Technologies
2007-12-30 17:06 --------- d-----w C:\Program Files\Razer
2007-12-30 06:21 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2007-12-30 06:21 --------- d-----w C:\Program Files\Common Files\HP
2007-12-30 06:21 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sonic
2007-12-30 06:21 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\HP
2007-12-30 06:20 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-30 06:08 --------- d-----w C:\Documents and Settings\Russ\Application Data\HP
2007-12-30 02:43 --------- d-----w C:\Program Files\Siber Systems
2007-12-30 02:39 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\RoboForm
2007-12-29 18:13 --------- d-----w C:\Program Files\Creative
2007-12-29 17:52 --------- d-----w C:\Program Files\Microsoft Works
2007-12-29 16:32 --------- d-----w C:\Program Files\NVIDIA Corporation
2007-12-29 16:16 558,142 ----a-w C:\WINDOWS\java\Packages\MH71JBNB.ZIP
2007-12-29 16:16 155,995 ----a-w C:\WINDOWS\java\Packages\5R3TJDNR.ZIP
2007-12-29 16:16 --------- d-----w C:\Program Files\microsoft frontpage
2005-05-12 07:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-08 16:36 8527872]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-08 16:36 81920]
"pccguide.exe"="C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" [2007-04-12 02:58 3429904]
"MSConfig"="C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.exe" [2005-09-26 16:34 169984]

C:\Documents and Settings\Russ\Start Menu\Programs\Startup\
Webshots.lnk - C:\Program Files\Webshots\Launcher.exe [2007-12-30 20:39:33 157008]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SDNotify]
C:\Program Files\SpywareDetector\SDNotify.dll 2008-01-28 11:30 167936 C:\Program Files\SpywareDetector\SDNotify.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=C:\WINDOWS\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Russ^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Russ\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Russ^Start Menu^Programs^Startup^Webshots.lnk]
path=C:\Documents and Settings\Russ\Start Menu\Programs\Startup\Webshots.lnk
backup=C:\WINDOWS\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2007-12-14 14:33 1637312 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDet]
--a------ 2002-08-13 01:00 40960 C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2002-09-02 18:55 24576 C:\WINDOWS\system32\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2002-09-11 11:04 53248 C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
C:\Program Files\ESET\ESET Smart Security\egui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-05-11 23:12 49152 C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD08]
--a------ 2005-06-01 08:35 49152 C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]
--a------ 2004-03-25 15:48 53248 C:\Program Files\Neato\MediaFACE 4.0\SetHook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2003-07-13 02:49 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nTrayFw]
--a------ 2006-02-17 10:40 270336 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-10-08 16:36 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OPSE reminder]
-ra------ 2003-07-07 10:29 729088 C:\Program Files\ScanSoft\OmniPageSE2.0\EregEng\Ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\razer]
--a------ 2005-09-06 11:52 155648 C:\Program Files\Razer\Copperhead\razerhid.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SB Audigy 2 Startup Menu]
--a------ 2002-09-23 01:08 2752822 C:\Program Files\Creative\SBAudigy2\Program\Startup Menu\Audigy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SDAutoLiveupdate]
--a------ 2008-02-01 18:31 423376 C:\Program Files\SpywareDetector\LiveUpdateSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SNM]
C:\Program Files\SpyNoMore\SNM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTraySD]
--a------ 2008-01-28 12:48 706000 C:\Program Files\SpywareDetector\SDSystemTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--------- 2000-05-11 01:00 90112 C:\WINDOWS\UpdReg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"TapiSrv"=3 (0x3)
"Creative Service for CDROM Access"=2 (0x2)

R0 XMS1563K;XMS1563K;C:\WINDOWS\system32\drivers\XMS1563K.sys [2008-01-01 11:48]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-08-04 23:51]
R3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-07-30 10:25]
S0 MFX;MFX;C:\WINDOWS\system32\drivers\MFX.sys [2003-08-19 08:33]
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 Razerlow;Razer Copperhead Driver;C:\WINDOWS\system32\Drivers\Razerlow.sys [2005-08-12 10:11]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3ae30826-b636-11dc-a9ef-001d60a1ebe0}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-20 15:28:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Webshots\webshots.scr
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SpywareDetector\SDService.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\WINDOWS\System32\imapi.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tsc.exe
.
**************************************************************************
.
Completion time: 2008-02-20 15:31:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-20 23:31:30
ComboFix2.txt 2008-02-20 18:09:09
ComboFix3.txt 2008-02-20 17:55:10
ComboFix4.txt 2008-02-20 16:56:08
ComboFix5.txt 2008-02-17 22:50:57
.
2007-12-30 11:05:02 --- E O F ---

[__RiP_ChAiN_]

Hello Russ234

Let's try running through it one more time, real quick

Download the latest copy of ComboFix.exe => http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Open notepad and copy/paste the text in the quotebox below into it:

Code:

KillAll::
RecoveryConsole::
C:\RC.EXE

Save this as "CFScript"




Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\CF-RC.txt. Post that log in your next reply.


## Important ##
This is a precautionary measure. Please do not reboot the machine until we have reviewed the log & responded to you.

[Russ234]

I copy the KillAll::
RecoveryConsole::
C:\RC.EXE into note pad save as CFScript.txt then drag that into Combofix on my desk top, then click RUN and combo fix starts and starts to scan and system, then it reboots and no txt file in C:\

[Russ234]

I would like to thank you for the help in the past. I am going to format my hard drive.

[__RiP_ChAiN_]

Hello Russ234

Are you sure you want to go down that route? I'm fairly sure we can still clean out your computer from the malware infestations. If you do decide to to continue cleaning your PC here, please follow this next set of instructions.

Please go HERE to run Panda's ActiveScan

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report