ComboFix 10-02-27.04 - Tom 28/02/2010  10:57:45.2.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1918.1397 [GMT -8:00]
Running from: e:\my documents\programma's\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://armmf.adobe.com
.
(((((((((((((((((((((((((   Files Created from 2010-01-28 to 2010-02-28  )))))))))))))))))))))))))))))))
.

2010-02-28 08:42 . 2010-02-28 08:42	--------	d-----w-	c:\program files\CCleaner
2010-02-26 15:30 . 2010-02-26 15:30	--------	d-----w-	c:\documents and settings\Tom\Application Data\Malwarebytes
2010-02-26 15:30 . 2010-01-08 00:07	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-26 15:30 . 2010-02-28 08:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-02-26 15:30 . 2010-02-26 15:30	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-02-26 15:30 . 2010-01-08 00:07	19160	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-02-26 11:09 . 2010-02-26 11:09	--------	d-----w-	c:\program files\Trend Micro
2010-02-25 17:34 . 2010-02-25 17:34	1955472	----a-w-	c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player_ax.exe
2010-02-25 17:34 . 2010-02-26 08:16	--------	d-----w-	c:\documents and settings\All Users\Application Data\NOS
2010-02-20 18:50 . 2010-02-20 18:50	--------	d-----w-	c:\documents and settings\Tom\Application Data\Syntrillium
2010-02-20 18:49 . 2001-10-19 22:40	1683792	----a-w-	c:\windows\system32\wmvcore2.dll
2010-02-20 18:49 . 2001-10-19 22:40	438608	----a-w-	c:\windows\system32\wmv8dmod.dll
2010-02-20 18:49 . 2001-10-19 22:40	665424	----a-w-	c:\windows\system32\wmv8dmoe.dll
2010-02-20 18:49 . 2001-10-19 22:39	572752	----a-w-	c:\windows\system32\wmvdmoe.dll
2010-02-20 18:48 . 2010-02-20 18:51	--------	d-----w-	c:\program files\coolpro2
2010-02-20 15:11 . 2010-02-20 15:11	--------	d-----w-	c:\documents and settings\Tom\Music
2010-02-20 15:06 . 2010-02-20 15:06	--------	d-----w-	c:\documents and settings\Tom\Application Data\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1
2010-02-20 15:06 . 2010-02-20 15:05	38784	----a-w-	c:\documents and settings\Tom\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 15:06 . 2010-02-20 15:06	--------	d-----w-	c:\program files\iTunesExport
2010-02-20 15:06 . 2010-02-20 15:05	38784	----a-w-	c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-20 15:06 . 2010-02-20 15:06	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2010-02-20 14:48 . 2010-02-20 14:48	--------	d-----w-	c:\documents and settings\Tom\Application Data\MixMeister Technology
2010-02-20 14:48 . 2010-02-20 14:48	--------	d-----w-	c:\program files\MixMeister Fusion 7.2.2
2010-02-12 17:52 . 2010-02-12 17:52	--------	d-----w-	c:\documents and settings\All Users\Application Data\Macrovision
2010-02-12 17:52 . 2010-02-12 17:52	--------	d-----w-	c:\program files\Common Files\Adobe Systems Shared
2010-02-12 17:50 . 2004-05-08 00:01	20016	------w-	c:\windows\system32\drivers\pxhelp20.sys
2010-02-12 13:56 . 2010-02-12 14:41	--------	d-----w-	c:\program files\MP3Gain
2010-02-10 22:49 . 2010-02-12 13:56	--------	d-----w-	c:\program files\Mp3GainPRO
2010-02-10 21:42 . 2010-02-10 21:42	766	----a-r-	c:\documents and settings\Tom\Application Data\Microsoft\Installer\{E89B484C-B913-49A0-959B-89E836001658}\ARPPRODUCTICON.exe
2010-02-10 21:41 . 2010-02-20 14:24	--------	d-----w-	c:\program files\MixMeister Fusion
2010-01-31 18:42 . 2010-01-31 18:42	--------	d-----w-	c:\program files\Playlist Creator 3.6
2010-01-30 13:41 . 2005-01-13 02:56	335872	----a-w-	c:\windows\system32\m4atag.dll
2010-01-30 13:41 . 2004-07-22 22:00	214016	----a-w-	c:\windows\system32\sqlite.dll
2010-01-30 13:41 . 2010-02-25 16:24	--------	d-----w-	c:\program files\Media Catalog Studio
2010-01-30 12:03 . 2010-01-30 12:03	--------	d-----w-	c:\documents and settings\Tom\Local Settings\Application Data\Shareaza
2010-01-30 12:03 . 2010-01-30 12:03	--------	d-----w-	c:\documents and settings\Tom\Application Data\Shareaza
2010-01-30 12:03 . 2010-02-26 15:27	--------	d-----w-	c:\program files\Shareaza
2010-01-30 11:51 . 2010-01-30 11:51	--------	d-----w-	c:\program files\2BrightSparks
2010-01-30 11:49 . 2010-01-30 11:54	--------	d-----w-	c:\program files\eMule
2010-01-30 11:18 . 2010-01-30 11:18	44238	----a-w-	c:\windows\system32\drivers\memsysdrv.sys
2010-01-30 11:18 . 2010-01-30 11:18	--------	d-----w-	c:\program files\ShareazaPlus
2010-01-30 11:18 . 2010-01-30 11:18	--------	d-----w-	c:\documents and settings\Tom\Local Settings\Application Data\ShareazaPlus
2010-01-30 11:18 . 2010-01-30 11:18	--------	d-----w-	c:\documents and settings\Tom\Application Data\ShareazaPlus

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-28 18:52 . 2010-01-30 11:36	--------	d-----w-	c:\documents and settings\Tom\Application Data\LimeWire
2010-02-28 09:08 . 2009-10-24 19:39	--------	d-----w-	c:\program files\Common Files\Symantec Shared
2010-02-28 09:08 . 2009-10-24 19:39	--------	d-----w-	c:\documents and settings\All Users\Application Data\Symantec
2010-02-28 08:57 . 2010-01-15 04:20	40	----a-w-	c:\windows\system32\profile.dat
2010-02-12 18:03 . 2009-10-25 00:47	--------	d-----w-	c:\program files\Common Files\Adobe
2010-02-12 17:48 . 2009-10-24 01:49	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-02-10 22:19 . 2010-01-14 23:16	--------	d-----w-	c:\documents and settings\Tom\Application Data\Apple Computer
2010-02-10 21:41 . 2009-10-24 01:50	--------	d-----w-	c:\program files\Common Files\InstallShield
2010-01-28 20:29 . 2009-12-12 12:14	--------	d-----w-	c:\documents and settings\Tom\Application Data\uTorrent
2010-01-26 11:21 . 2010-01-26 11:21	--------	d-----w-	c:\program files\DynDNS Updater
2010-01-26 11:21 . 2010-01-26 11:21	--------	d-----w-	c:\documents and settings\All Users\Application Data\DynDNS
2010-01-25 19:08 . 2010-01-25 19:00	--------	d-----w-	c:\documents and settings\Tom\Application Data\GrandVJ
2010-01-25 18:59 . 2010-01-25 18:59	--------	d-----w-	c:\program files\ArKaos GrandVJ 1.2
2010-01-25 18:14 . 2010-01-25 18:14	--------	d-----w-	c:\program files\ASIO4ALL v2
2010-01-25 18:01 . 2010-01-25 18:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\UAB
2010-01-25 18:01 . 2010-01-25 18:01	--------	d-----w-	c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-01-25 17:59 . 2010-01-25 17:59	--------	d-----w-	c:\program files\PC Drivers HeadQuarters
2010-01-25 17:30 . 2009-10-24 01:49	--------	d-----w-	c:\program files\Realtek
2010-01-25 17:28 . 2010-01-25 17:28	--------	d-----w-	c:\program files\VirtualDJ2
2010-01-25 16:47 . 2010-01-25 14:02	--------	d-----w-	c:\program files\RegCure
2010-01-25 13:45 . 2010-01-25 13:45	--------	d-----w-	c:\program files\NT Registry Optimizer
2010-01-23 20:10 . 2009-10-24 17:15	73160	----a-w-	c:\documents and settings\Tom\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-17 03:31 . 2010-01-17 03:31	--------	d-----w-	c:\documents and settings\Tom\Application Data\NuSphere
2010-01-17 03:30 . 2010-01-17 03:29	--------	d-----w-	c:\program files\NuSphere
2010-01-17 00:29 . 2010-01-17 00:28	--------	d-----w-	c:\program files\ArKaos VJ 3.5 FC1
2010-01-17 00:21 . 2010-01-17 00:21	--------	d-----w-	c:\documents and settings\Tom\Application Data\Resolume Avenue 3
2010-01-17 00:21 . 2010-01-17 00:21	--------	d-----w-	c:\documents and settings\Tom\Application Data\Resolume
2010-01-17 00:21 . 2010-01-17 00:21	--------	d-----w-	c:\documents and settings\All Users\Application Data\Resolume Avenue 3
2010-01-17 00:21 . 2010-01-17 00:20	--------	d-----w-	c:\program files\Resolume Avenue 3.0.0
2010-01-16 23:44 . 2010-01-16 23:44	--------	d-----w-	c:\program files\Common Files\Native Instruments
2010-01-16 23:44 . 2010-01-16 23:44	--------	d-----w-	c:\program files\Native Instruments
2010-01-15 04:20 . 2009-10-24 19:40	806	----a-w-	c:\windows\system32\drivers\SYMEVENT.INF
2010-01-15 04:20 . 2009-10-24 19:40	60808	----a-w-	c:\windows\system32\S32EVNT1.DLL
2010-01-15 04:20 . 2009-10-24 19:40	136496	----a-w-	c:\windows\system32\drivers\SYMEVENT.SYS
2010-01-15 04:20 . 2009-10-24 19:40	10652	----a-w-	c:\windows\system32\drivers\SYMEVENT.CAT
2010-01-15 04:20 . 2009-10-24 19:39	--------	d-----w-	c:\program files\Symantec
2010-01-15 04:15 . 2010-01-15 01:52	127738	----a-w-	c:\windows\hpgins24.dat
2010-01-15 04:06 . 2010-01-15 03:59	105193	----a-w-	c:\windows\HPFins09.dat
2010-01-15 04:06 . 2010-01-15 04:06	--------	d-----w-	c:\program files\Hewlett-Packard
2010-01-15 04:05 . 2010-01-15 04:05	--------	d-----w-	c:\program files\Common Files\HP
2010-01-15 02:03 . 2010-01-15 02:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-01-15 02:03 . 2009-11-12 09:11	--------	d-----w-	c:\program files\HP
2010-01-15 02:02 . 2010-01-15 02:02	--------	d-----w-	c:\program files\Common Files\Hewlett-Packard
2010-01-15 00:40 . 2009-10-28 20:57	--------	d-----w-	c:\program files\SmartDraw 2008
2010-01-14 23:15 . 2010-01-14 23:15	--------	d-----w-	c:\program files\iTunes
2010-01-14 23:15 . 2010-01-14 23:15	--------	d-----w-	c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2010-01-14 23:15 . 2010-01-14 23:15	--------	d-----w-	c:\program files\iPod
2010-01-14 23:15 . 2010-01-14 23:12	--------	d-----w-	c:\program files\Common Files\Apple
2010-01-14 23:15 . 2010-01-14 23:13	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-14 23:14 . 2010-01-14 23:14	--------	d-----w-	c:\program files\Bonjour
2010-01-14 23:14 . 2010-01-14 23:13	--------	d-----w-	c:\program files\QuickTime
2010-01-14 23:13 . 2010-01-14 23:13	--------	d-----w-	c:\program files\Apple Software Update
2010-01-14 23:12 . 2010-01-14 23:12	--------	d-----w-	c:\documents and settings\All Users\Application Data\Apple
2009-12-03 18:47 . 2009-12-03 18:43	152576	----a-w-	c:\documents and settings\Tom\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-03 18:43 . 2009-12-03 18:44	411368	----a-w-	c:\windows\system32\deploytk.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-02-26_18.57.17   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-28 18:48 . 2010-02-28 18:48	16384              c:\windows\Temp\Perflib_Perfdata_778.dat
+ 2010-01-25 16:46 . 2010-02-28 08:42	1250992              c:\windows\system32\Restore\rstrlog.dat
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-03 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-13 141600]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

c:\documents and settings\Tom\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DynDNS Updater Tray Icon.lnk - c:\program files\DynDNS Updater\DynTray.exe [2010-1-20 91504]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-9-24 282624]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AtomPark505\\Atomic Mail Sender\\AtomicMailSender.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\Srv.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\debugger\\DbgListener.exe"=
"c:\\Program Files\\NuSphere\\PhpED\\phped.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [10/28/2009 12:45 PM 5248]
R2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [1/16/2010 5:11 PM 29416]
R2 DynDNS Updater;DynDNS Updater;c:\program files\DynDNS Updater\DynUpSvc.exe [1/20/2010 8:13 AM 99704]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [10/25/2009 12:53 PM 6016]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [10/28/2009 12:45 PM 160640]
S2 FlexService;Remote Connections Service; [x]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys --> c:\windows\system32\drivers\Envy24HF.sys [?]
S3 memsysdrv;Memory System;c:\windows\system32\drivers\memsysdrv.sys [1/30/2010 3:18 AM 44238]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2010-01-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34]

2010-02-28 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 17:20]

2010-01-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 17:20]

2010-02-28 c:\windows\Tasks\SDMsgUpdate (SD).job
- c:\program files\SmartDraw 2008\Messages\SDNotify.exe [2009-10-28 22:39]

2010-02-28 c:\windows\Tasks\UltraVNC Server.job
- c:\progra~1\UltraVNC\winvnc.exe [2009-10-25 22:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.mini20.com
uInternet Settings,ProxyOverride = *.local
IE: Download with &Shareaza - c:\program files\shareaza\razawebhook32.dll/3000
IE: E&xporteren naar Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: NuSphere PhpED :: Debug this page - c:\program files\NuSphere\PhpED\NuSphereIEBar.dll/1000
TCP: {46B8A590-5C7E-4231-9DD0-5CA2B2CC476C} = 216.146.35.35,216.146.36.36
.
- - - - ORPHANS REMOVED - - - -

Notify-NavLogon - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-28 11:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...  

scanning hidden autostart entries ... 

scanning hidden files ...  

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vsdatant]
"ImagePath"="a"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•A~*]
"3140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(792)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-02-28  11:06:06
ComboFix-quarantined-files.txt  2010-02-28 19:06
ComboFix2.txt  2010-02-26 19:00

Pre-Run: 48.533.196.800 bytes free
Post-Run: 48.502.009.856 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 7CC04804188B99F2F30371AD21F11EBA