ComboFix 08-05-12.1 - Hady 2008-05-14 20:13:24.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.1177 [GMT -7:00]
Running from: C:\Documents and Settings\Hady\Desktop\ComboFix.exe
 * Created a new restore point
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\gihOYJjl.ini
C:\WINDOWS\system32\gihOYJjl.ini2
C:\WINDOWS\system32\iijhhlay.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mSAJknmp.ini
C:\WINDOWS\system32\mSAJknmp.ini2
C:\WINDOWS\system32\tuwmmxdm.ini

.
(((((((((((((((((((((((((   Files Created from 2008-04-15 to 2008-05-15  )))))))))))))))))))))))))))))))
.

2008-05-14 20:13 . 2008-05-14 20:13	1,024	--ah-----	C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-13 14:59 . 2008-05-13 14:59	<DIR>	d--------	C:\Program Files\Trend Micro
2008-05-12 23:34 . 2008-05-12 23:36	<DIR>	d--------	C:\Program Files\EsetOnlineScanner
2008-05-12 22:36 . 2008-05-12 22:37	<DIR>	d--------	C:\Program Files\Mozilla Firefox 3 Beta 5
2008-04-21 18:39 . 2008-04-21 18:39	<DIR>	d--------	C:\Program Files\Hamachi
2008-04-21 18:39 . 2008-04-21 21:15	<DIR>	d--------	C:\Documents and Settings\Hady\Application Data\Hamachi
2008-04-21 18:39 . 2008-04-21 18:39	25,280	--a------	C:\WINDOWS\system32\drivers\hamachi.sys
2008-04-16 20:26 . 2008-04-18 20:17	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\TrackMania
2008-04-16 20:10 . 2008-04-16 20:10	<DIR>	d--------	C:\VundoFix Backups
2008-04-16 20:01 . 2008-04-16 20:03	<DIR>	d--------	C:\Program Files\Windows Live Safety Center
2008-04-16 19:37 . 2008-04-16 19:37	664	--a------	C:\WINDOWS\system32\d3d9caps.dat
2008-04-16 19:29 . 2008-04-16 19:55	500	--a------	C:\WINDOWS\wininit.ini
2008-04-16 18:58 . 2008-04-16 18:58	<DIR>	d--------	C:\Program Files\Spybot - Search & Destroy
2008-04-16 18:58 . 2008-04-16 19:04	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-16 03:40 . 2008-04-16 15:00	101,165	--a------	C:\WINDOWS\BM671f7a6f.xml
2008-04-15 13:19 . 2008-04-15 13:19	<DIR>	d--------	C:\Program Files\Common Files\Macrovision Shared
2008-04-15 13:19 . 2008-04-15 13:19	<DIR>	d--------	C:\Documents and Settings\All Users\Application Data\FLEXnet

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-15 03:18	1,639,200	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-15 03:17	52,957,216	--sha-w	C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-15 03:16	716,492	--sha-w	C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-15 03:16	191,216	--sha-w	C:\WINDOWS\system32\drivers\fidbox2.idx
2008-05-14 20:37	---------	d-----w	C:\Program Files\Digsby
2008-05-14 09:22	---------	d-----w	C:\Documents and Settings\Hady\Application Data\Azureus
2008-05-01 06:51	---------	d-----w	C:\Documents and Settings\Hady\Application Data\Skype
2008-04-30 23:40	---------	d-----w	C:\Documents and Settings\Hady\Application Data\skypePM
2008-04-17 03:00	---------	d-----w	C:\Program Files\Common Files\Wise Installation Wizard
2008-04-17 01:27	---------	d-----w	C:\Documents and Settings\Hady\Application Data\Move Networks
2008-04-15 20:19	---------	d-----w	C:\Program Files\Common Files\Adobe
2008-04-14 23:40	32	----a-w	C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-04-14 23:38	---------	d-----w	C:\Program Files\Skype
2008-04-14 23:38	---------	d-----w	C:\Program Files\Common Files\Skype
2008-04-14 23:38	---------	d-----w	C:\Documents and Settings\All Users\Application Data\Skype
2008-04-12 21:34	---------	d-----w	C:\Documents and Settings\Hady\Application Data\Digsby
2008-04-10 16:14	---------	d--h--w	C:\Program Files\InstallShield Installation Information
2008-04-10 16:14	---------	d-----w	C:\Program Files\THQ
2008-04-10 16:12	---------	d-----w	C:\Program Files\Gadwin Systems
2008-04-09 14:48	---------	d-----w	C:\Program Files\Java
2008-04-09 11:29	---------	d-----w	C:\Program Files\Kaspersky Lab
2008-04-08 22:19	---------	d-----w	C:\Documents and Settings\Hady\Application Data\SEGA
2008-04-08 22:18	---------	d-----w	C:\Program Files\Sonic
2008-04-08 19:19	22,328	----a-w	C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-04-08 19:19	107,832	----a-w	C:\WINDOWS\system32\PnkBstrB.exe
2008-03-29 03:59	43,520	----a-w	C:\WINDOWS\system32\CmdLineExt03.dll
2008-03-19 09:47	1,845,248	----a-w	C:\WINDOWS\system32\win32k.sys
2008-03-15 02:22	21,840	----atw	C:\WINDOWS\system32\SIntfNT.dll
2008-03-15 02:22	17,212	----atw	C:\WINDOWS\system32\SIntf32.dll
2008-03-15 02:22	12,067	----atw	C:\WINDOWS\system32\SIntf16.dll
2008-03-15 02:09	94,208	----a-w	C:\WINDOWS\DIIUnin.exe
2008-03-15 02:09	2,829	----a-w	C:\WINDOWS\DIIUnin.pif
2008-03-01 13:06	826,368	----a-w	C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51	282,624	----a-w	C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32	45,568	----a-w	C:\WINDOWS\system32\dnsrslvr.dll
2007-12-17 08:08	22,328	----a-w	C:\Documents and Settings\Hady\Application Data\PnkBstrK.sys
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 15:29 165784]
"STYLEXP"="C:\Program Files\TGTSoft\StyleXP\StyleXP.exe" [2005-08-18 06:15 1359872]
"Steam"="d:\program files\valve\steam.exe" [2008-03-28 20:46 1271032]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 21:56 15360]
"SetDefaultMIDI"="MIDIDef.exe" [2006-08-11 14:42 25600 C:\WINDOWS\MIDIDEF.EXE]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 01:42 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kav"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-03-24 19:09 139367]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 01:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 01:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"DeadAIM"="C:\PROGRA~1\AIM\\DeadAIM.ocm" [2004-02-28 12:12 144896]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 20:24 32768]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2005-07-07 15:17 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-07-31 01:30 286720]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 15:32 56080 C:\WINDOWS\KHALMNPR.Exe]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 01:41 81920]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 22:46 624248]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Last.fm Helper.lnk - D:\Program Files\Last.fm\LastFMHelper.exe [2007-11-11 23:05:06 110592]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-07-09 20:17:59 692224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\642c49f3]
C:\WINDOWS\system32\yalhhjii.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM671f7a6f]
C:\WINDOWS\system32\myancbov.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\Valve\\Steam.exe"=
"D:\\Program Files\\Unreal Tournament 3 Demo\\Binaries\\UT3Demo.exe"=
"C:\\WINDOWS\\system32\\PnkBstrA.exe"=
"C:\\WINDOWS\\system32\\PnkBstrB.exe"=
"D:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys []
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys []
S3 SaiH8000;SaiH8000;C:\WINDOWS\system32\DRIVERS\SaiH8000.sys [2004-07-30 10:25]

.
Contents of the 'Scheduled Tasks' folder
"2008-05-14 02:37:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-14 20:18:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-14 20:22:50 - machine was rebooted
ComboFix-quarantined-files.txt  2008-05-15 03:22:45

Pre-Run: 13,354,393,600 bytes free
Post-Run: 13,882,781,696 bytes free

163	--- E O F ---	2008-04-11 09:34:09