EastSport

okay I've turned off system restore...

and qoobox is deleted (moved to the recycle bin which has not been emptied yet).

Today I haven't gotten any alerts, but I'm sure they are eminent.

so after doing this I should no longer have trojan horse generic things?

and that tk stuff?

That combofix data was named ComboFix2... which I assumed was the latest results page... there was another one... which was named ComboFix ... both of which were not named by me.

"Combo Fix"
ComboFix 07-08-07.6 - "User" 2007-08-07 23:26:33.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.75 [GMT -5:00]
Command switches used :: C:\Documents and Settings\User\My Documents\CFScript.txt
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\system32\configs
C:\WINDOWS\system32\configs\kmhp83122.exe
C:\WINDOWS\system32\f02WtR


((((((((((((((((((((((((( Files Created from 2007-07-08 to 2007-08-08 )))))))))))))))))))))))))))))))


2007-08-07 22:47 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-07 22:47 1,411,770 --a------ C:\ComboFix.exe
2007-08-07 22:17 <DIR> d-------- C:\Program Files\Trend Micro
2007-08-07 22:16 812,344 --a------ C:\HJTInstall.exe
2007-08-07 21:27 164 --a------ C:\install.dat
2007-08-07 21:25 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\GetRightToGo
2007-08-07 16:15 26,768 --a------ C:\WINDOWS\system\CTL3D.DLL
2007-08-07 16:15 249,072 --a------ C:\WINDOWS\UNINST16.EXE
2007-08-07 15:44 <DIR> d-------- C:\BEST250
2007-08-07 15:43 7,008 --a------ C:\WINDOWS\system\SETUPKIT.DLL
2007-08-07 15:43 398,416 --a------ C:\WINDOWS\system\VBRUN300.DLL
2007-08-07 15:43 356,992 --a------ C:\WINDOWS\system\VBRUN200.DLL
2007-08-07 15:43 283,648 --a------ C:\WINDOWS\uninst.exe
2007-08-07 15:43 28,433 --a------ C:\WINDOWS\SETUP1.EXE
2007-08-07 15:43 271,264 --a------ C:\WINDOWS\system\VBRUN100.DLL
2007-08-07 15:43 <DIR> d-------- C:\DOCUME~1\User\WINDOWS
2007-08-06 18:31 <DIR> d-------- C:\Program Files\KONAMI
2007-08-05 16:38 <DIR> d-------- C:\Program Files\MTV Networks
2007-08-05 16:37 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-08-05 16:34 524,288 --ah----- C:\DOCUME~1\Guest\NTUSER.DAT
2007-08-05 16:13 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-08-05 16:09 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-08-05 16:06 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-08-05 16:06 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-08-05 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-08-05 14:37 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-08-05 14:37 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2007-08-05 14:37 <DIR> d-------- C:\WINDOWS\system32\PreInstall
2007-08-05 14:32 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2007-08-05 14:32 <DIR> d-------- C:\WINDOWS\system32\SoftwareDistribution
2007-08-04 17:07 <DIR> d-------- C:\Program Files\Project64 1.6
2007-08-04 17:04 <DIR> d-------- C:\Program Files\7-Zip
2007-08-04 17:00 <DIR> d-------- C:\Temp
2007-08-04 13:03 <DIR> d-------- C:\DOCUME~1\User\APPLIC~1\Google
2007-08-04 13:01 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-04 13:00 <DIR> d-------- C:\Program Files\Google
2007-08-04 12:18 12,219,983 --------- C:\AVG7QT.DAT


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-07 22:53 --------- d-------- C:\DOCUME~1\User\APPLIC~1\OpenOffice.org2
2007-08-07 22:50 --------- d-------- C:\Program Files\OpenOffice.org 2.2
2007-08-07 22:14 --------- d-------- C:\Program Files\Online Services
2007-08-06 19:54 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-08-06 18:32 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-05 15:54 --------- d-------- C:\Program Files\Messenger
2007-05-16 10:12 86528 --a--c--- C:\WINDOWS\system32\dllcache\directdb.dll
2007-05-16 10:12 85504 --a--c--- C:\WINDOWS\system32\dllcache\wabimp.dll
2007-05-16 10:12 683520 --a--c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-05-16 10:12 683520 --a------ C:\WINDOWS\system32\inetcomm.dll
2007-05-16 10:12 510976 --a--c--- C:\WINDOWS\system32\dllcache\wab32.dll
2007-05-16 10:12 1314816 --a--c--- C:\WINDOWS\system32\dllcache\msoe.dll
2007-05-08 04:24 3583488 --a--c--- C:\WINDOWS\system32\dllcache\mshtml.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2002-10-11 00:39 C:\WINDOWS\system32\pctspk.exe]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 18:42]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-08-04 12:18]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 13:18]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 08:56]

S3 wlluc48;Wireless LAN PC Card Driver;C:\WINDOWS\system32\DRIVERS\wlluc48.sys

*Newly Created Service* - CATCHME

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-07 23:28:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData"="C:\Documents and Settings\Default User\Application Data"
"Cookies"="C:\Documents and Settings\Default User\Cookies"
"Desktop"="C:\Documents and Settings\Default User\Desktop"
"Favorites"="C:\Documents and Settings\Default User\Favorites"
"NetHood"="C:\Documents and Settings\Default User\NetHood"
"Personal"="C:\Documents and Settings\Default User\My Documents"
"PrintHood"="C:\Documents and Settings\Default User\PrintHood"
"Recent"="C:\Documents and Settings\Default User\Recent"
"SendTo"="C:\Documents and Settings\Default User\SendTo"
"Start Menu"="C:\Documents and Settings\Default User\Start Menu"
"Templates"="C:\Documents and Settings\Default User\Templates"
"Programs"="C:\Documents and Settings\Default User\Start Menu\Programs"
"Startup"="C:\Documents and Settings\Default User\Start Menu\Programs\Startup"
"Local Settings"="C:\Documents and Settings\Default User\Local Settings"
"Local AppData"="C:\Documents and Settings\Default User\Local Settings\Application Data"
"Cache"="C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files"
"History"="C:\Documents and Settings\Default User\Local Settings\History"
"My Pictures"=""
"My Music"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SmallIcons]
"SmallIcons"=dword:00000000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"User Agent"="Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
"MigrateProxy"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0]
"1001"=dword:00000000
"1407"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\1]
"Flags"=dword:000000db
"1407"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\2]
"1001"=dword:00000000
"1206"=dword:00000000
"1406"=dword:00000000
"1407"=dword:00000000
"1607"=dword:00000000
"1800"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1806"=dword:00000000
"1807"=dword:00000000
"1A00"=dword:00000000
"1A05"=dword:00000000
"1A10"=dword:00000000
"1E05"=dword:00030000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\3]
"1407"=dword:00000000
"1601"=dword:00000001
"1607"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\4]
"1604"=dword:00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1]
"CurrentLevel"=dword:00010500
"Flags"=dword:000000db

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2]
"CurrentLevel"=dword:00010000
"1001"=dword:00000000
"1004"=dword:00000001
"1201"=dword:00000001
"1206"=dword:00000000
"1406"=dword:00000000
"1407"=dword:00000000
"1607"=dword:00000000
"1800"=dword:00000000
"1804"=dword:00000000
"1805"=dword:00000000
"1806"=dword:00000000
"1809"=dword:00000003
"1A00"=dword:00000000
"1A04"=dword:00000000
"1A05"=dword:00000000
"1C00"=dword:00030000
"1E05"=dword:00030000
"2102"=dword:00000000
"2200"=dword:00000000
"2201"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3]
"CurrentLevel"=dword:00011000
"1407"=dword:00000000
"1601"=dword:00000001
"1607"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4]
"CurrentLevel"=dword:00012000
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Themes\LastTheme]
"Wallpaper"=""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@shell32.dll,-28995"="Shared Music"
"C:\WINDOWS\system32\regsvr32.exe"="Microsoft(C) Register Server"
"C:\WINDOWS\system32\RUNDLL32.exe"="Run a DLL as an App"
"C:\WINDOWS\system32\mshta.exe"="Microsoft (R) HTML Application host"
"C:\WINDOWS\system32\fixmapi.exe"="FIXMAPI 1.0 MAPI Repair Tool"
"C:\WINDOWS\system32\odbcconf.exe"="Microsoft Data Access - ODBC Driver Configuration Program"
"C:\WINDOWS\system32\mstinit.exe"="Task Scheduler Setup"
"C:\Program Files\Outlook Express\setup50.exe"="Outlook Express Setup Library"
"C:\WINDOWS\system32\logagent.exe"="Windows Media Player Logagent"
"C:\WINDOWS\INF\unregmp2.exe"="Microsoft Windows Media Player Setup Utility"
"C:\WINDOWS\system32\Cmd.exe"="Windows Command Processor"
"C:\WINDOWS\pchealth\uploadlb\binaries\uploadm.exe"="PC Health Upload Manager"
"C:\Program Files\Windows Media Player\migrate.exe"="MLS Migrate DLL"
"C:\WINDOWS\system32\grpconv.exe"="Windows Progman Group Converter"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Media\WMSDK\Namespace]
"LocalBase"="C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML"
"DTDFile"="C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD"
"LocalDelta"="C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSD.XML"
"RemoteDelta"="C:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNSR.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"load"=""

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-07 23:29:38
C:\ComboFix-quarantined-files.txt ... 2007-08-07 23:29
C:\ComboFix2.txt ... 2007-08-07 22:54

--- E O F ---