I cant get the MGADiag.exe log to upload. i keep getting an error. but i have attached and pasted the other logs you asked for. the flaching sheild is still there and i can only start my computer in safe mode with networking or just safe mode. thank you so much for all your help. it is greatly appreciated.
ComboFix 08-01-09.2 - Owner 2008-01-10 2:42:31.2 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.0.1252.1.1033.18.126 [GMT -6:00]
Running from: C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\nitsys33.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FMTR
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.
2008-01-10 02:22 . 2008-01-10 02:22 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-10 01:45 . 2008-01-10 01:45 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Office Genuine Advantage
2008-01-07 22:40 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-07 22:10 . 2008-01-08 01:22 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-07 22:10 . 2008-01-07 22:10 <DIR> d-------- C:\WINDOWS\LastGood
2008-01-07 22:10 . 2008-01-07 22:10 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-07 22:10 . 2008-01-07 22:10 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-07 22:10 . 2008-01-07 22:10 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-07 19:47 . 2008-01-07 19:47 <DIR> d-------- C:\ie-spyad_zo
2008-01-07 19:21 . 2008-01-07 19:27 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-01-07 18:15 . 2008-01-07 18:15 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Webroot
2008-01-06 15:26 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 14:54 . 2008-01-06 15:22 <DIR> d-------- C:\Program Files\InfeStop
2008-01-06 14:54 . 2008-01-06 14:54 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\InfeStop.com
2008-01-05 21:45 . 2008-01-05 21:45 <DIR> d---s---- C:\Documents and Settings\Administrator\UserData
2008-01-05 21:21 . 2008-01-05 21:21 <DIR> d-------- C:\Deckard
2008-01-04 23:33 . 2008-01-06 15:21 <DIR> d-------- C:\Program Files\Spy-Rid
2008-01-04 23:33 . 2008-01-04 23:33 <DIR> d-------- C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\spy-rid.com
2008-01-02 02:10 . 2008-01-07 18:18 <DIR> d-------- C:\Program Files\EasySpywareCleaner
2008-01-02 02:10 . 2008-01-02 02:10 <DIR> d-------- C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\EasySpywareCleaner.com
2007-12-28 20:37 . 2007-12-28 20:37 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Webroot
2007-12-28 18:27 . 2007-12-28 18:27 <DIR> d-------- C:\WINDOWS\Favorites
2007-12-28 17:02 . 2007-12-28 17:02 <DIR> d-------- C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\Webroot
2007-12-28 17:02 . 2007-10-01 16:24 163,640 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2007-12-28 17:02 . 2007-10-01 16:24 23,864 --a------ C:\WINDOWS\system32\drivers\sskbfd.sys
2007-12-28 17:02 . 2007-10-01 16:24 21,816 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2007-12-28 17:02 . 2007-10-01 16:24 20,280 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2007-12-28 17:01 . 2007-12-28 17:01 <DIR> d-------- C:\Program Files\Webroot
2007-12-28 17:01 . 2007-12-28 17:01 <DIR> d-------- C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\Webroot
2007-12-28 17:01 . 2007-12-28 17:01 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Webroot
2007-12-28 17:01 . 2007-10-01 16:40 1,526,072 --a------ C:\WINDOWS\WRSetup.dll
2007-12-28 17:00 . 2007-12-28 19:39 164 --a------ C:\install.dat
2007-12-21 00:31 . 2007-12-21 00:31 294 ---hs---- C:\WINDOWS\system32\cjbougsy.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-08 07:04 --------- d-----w C:\Program Files\QuickTime
2008-01-08 06:58 --------- d-----w C:\Program Files\iTunes
2008-01-08 06:57 --------- d-----w C:\Program Files\Ipovalue
2008-01-08 06:23 --------- d-----w C:\Program Files\Google
2008-01-08 00:40 --------- d-----w C:\Program Files\Viewpoint
2007-12-29 02:28 --------- d-----w C:\Program Files\6cqqsf0r
2007-11-29 20:02 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2007-11-27 19:43 34,545 ----a-w C:\sysvqna.exe
2007-11-27 19:11 --------- d-----w C:\Program Files\iConcepts Music Express
2007-11-27 19:10 --------- d-----w C:\Program Files\NStorm
2007-11-27 07:38 4,300,414 ----a-w C:\WINDOWS\java\Packages\3BBB13J7.ZIP
2007-11-27 07:06 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\avg7
2007-11-27 07:03 --------- d-----w C:\Program Files\EmpirePokerMaster
2007-11-27 06:53 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2007-11-26 19:21 --------- d-----w C:\Documents and Settings\Owner.PRINCETO-F4EVBC\Application Data\AVG7
2007-11-20 18:13 --------- d-----w C:\Program Files\Qtbwnj
2007-11-20 18:12 --------- d-----w C:\Documents and Settings\LocalService.NT AUTHORITY\Application Data\AVG7
2007-11-17 02:35 --------- d-----w C:\Program Files\Cool
2007-11-12 08:13 --------- d-----w C:\Program Files\Gateway
2007-11-12 07:15 --------- d-----w C:\Program Files\MySpace
2007-11-12 07:04 --------- d-----w C:\Program Files\FastStone Photo Resizer
2007-10-30 05:24 221,696 ----a-w C:\WINDOWS\systeldd32.dll
2006-07-14 13:27 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2004-06-13 17:04 449 ----a-w C:\Documents and Settings\Owner.PRINCETO-F4EVBC\UpdateReg.reg
2004-11-26 08:08 555,682,639 --sha-w C:\WINDOWS\Registration\nurs.bak1
2004-12-03 19:32 555,682,699 --sh--w C:\WINDOWS\Registration\nurs.bak2
2006-10-21 05:36 515,445 --sha-w C:\WINDOWS\system32\rrutv.bak2
.
((((((((((((((((((((((((((((( snapshot@2008-01-07_18.10.45.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-08-24 14:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\ERDNT.EXE
+ 2008-01-10 08:42:19 245,760 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\
00000001\NTUSER.DAT
+ 2008-01-10 08:42:19 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\
00000002\UsrClass.dat
+ 2008-01-10 08:42:19 241,664 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\
00000003\NTUSER.DAT
+ 2008-01-10 08:42:20 12,288 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\
00000004\UsrClass.dat
+ 2008-01-10 08:42:20 5,570,560 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\
00000005\ntuser.dat
+ 2008-01-10 08:42:20 40,960 ----a-w C:\WINDOWS\ERDNT\Hiv-backup\Users\
00000006\UsrClass.dat
+ 2008-01-09 07:50:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-10 08:22:06 5,570,560 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000001\ntuser.dat
+ 2008-01-10 08:22:07 40,960 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\
00000002\UsrClass.dat
+ 2008-01-09 07:50:30 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-01-10 08:22:04 5,570,560 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\
00000001\ntuser.dat
+ 2008-01-10 08:22:05 40,960 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\
00000002\UsrClass.dat
+ 2007-07-31 01:19:20 92,504 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\cdm.dll
+ 2007-07-31 01:19:36 549,720 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wuapi.dll
+ 2007-07-31 01:19:16 53,080 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wuauclt.exe
+ 2007-07-31 01:19:42 1,712,984 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wuaueng.dll
+ 2007-07-31 01:19:32 325,976 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wucltui.dll
+ 2007-07-31 01:18:40 33,624 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wups.dll
+ 2007-07-31 01:19:12 43,352 ------w C:\WINDOWS\SoftwareDistribution\WebSetup\wups2.dll
+ 2007-03-29 15:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll
+ 2006-10-05 22:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll
+ 2005-06-03 20:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll
+ 2003-08-01 17:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll
+ 2005-05-20 19:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll
+ 2007-11-12 15:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll
+ 2006-02-17 00:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll
+ 2005-10-26 00:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll
+ 2007-11-26 17:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll
+ 2004-05-04 21:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll
+ 2006-07-14 19:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe
+ 2006-04-10 16:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll
+ 2006-02-14 19:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll
+ 2006-02-17 00:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll
+ 2006-10-05 22:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll
+ 2007-06-04 17:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll
+ 2006-06-30 20:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe
+ 2004-02-04 20:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll
+ 2007-10-30 16:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll
+ 2006-08-01 19:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll
+ 2007-11-21 16:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll
+ 2007-10-31 19:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll
+ 2006-08-17 17:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll
+ 2006-09-04 17:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll
+ 2006-08-18 14:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll
+ 2007-03-26 20:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll
+ 2006-08-09 16:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll
+ 2006-07-19 16:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll
+ 2006-01-20 22:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll
+ 2006-05-17 15:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll
+ 2006-08-16 16:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll
+ 2006-06-30 20:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll
+ 2006-08-17 20:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll
+ 2006-08-08 19:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll
+ 2006-08-18 14:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll
+ 2006-08-18 14:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll
+ 2007-10-18 15:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll
+ 2007-11-23 20:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll
+ 2007-10-18 15:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll
+ 2007-10-30 17:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll
+ 2007-08-22 14:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll
+ 2007-11-12 21:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll
+ 2007-08-22 14:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll
+ 2007-08-22 14:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll
+ 2007-10-04 21:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll
+ 2007-10-23 17:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll
+ 2007-05-24 17:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll
+ 2007-04-18 23:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll
+ 2007-01-22 20:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll
+ 2007-06-08 15:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys
+ 2007-06-05 16:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys
+ 1997-09-18 12:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll
+ 2006-02-28 23:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll
+ 2007-09-17 15:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll
+ 2006-08-02 18:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe
- 2001-08-30 10:30:00 50,620 ----a-w C:\WINDOWS\system32\command.com
+ 2001-08-18 19:00:00 50,620 ----a-w C:\WINDOWS\system32\command.com
- 2008-01-06 21:41:12 253,952 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-01-10 08:42:27 253,952 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2007-07-31 01:19:36 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
+ 2007-07-31 01:19:32 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
+ 2007-07-31 01:18:40 33,624 ----a-w C:\WINDOWS\system32\wups.dll
+ 2007-07-31 01:19:12 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
+ 2007-07-31 01:19:46 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
+ 2003-03-26 00:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5AA6D3DC-5327-4122-A52E-D06114743764}]
C:\WINDOWS\System32\mlljj.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D6AA9327-8DAD-4559-7AB3-20BAEA823D74}]
C:\Program Files\Outlook Express\quzajebi.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F44D8E66-7BB6-49BD-A924-5E0368C00FD1}]
C:\Program Files\Video Add-on\isfmdl.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\ypager.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"ulib"="C:\WINDOWS\System32\ulib.exe" [ ]
"197_150_ni_1"="C:\WINDOWS\System32\197_150_ni_1.exe" [ ]
"dbnetlib"="C:\WINDOWS\System32\dbnetlib.exe" [ ]
"wiavusd"="C:\WINDOWS\System32\wiavusd.exe" [ ]
"rsvpsp"="C:\WINDOWS\System32\rsvpsp.exe" [ ]
"adsmsext"="C:\WINDOWS\System32\adsmsext.exe" [ ]
"schannel"="C:\WINDOWS\System32\schannel.exe" [ ]
"sisbkup"="C:\WINDOWS\System32\sisbkup.exe" [ ]
"mll_hp"="C:\WINDOWS\System32\mll_hp.exe" [ ]
"tdi-sonyomg"="C:\WINDOWS\System32\tdi-sonyomg.exe" [ ]
"mchgrcoi"="C:\WINDOWS\System32\mchgrcoi.exe" [ ]
"powrprof"="C:\WINDOWS\System32\powrprof.exe" [ ]
"usp10"="C:\WINDOWS\System32\usp10.exe" [ ]
"pngfilt"="C:\WINDOWS\System32\pngfilt.exe" [ ]
"winhttp"="C:\WINDOWS\System32\winhttp.exe" [ ]
"ipmontr"="C:\WINDOWS\System32\ipmontr.exe" [ ]
"iuctl"="C:\WINDOWS\System32\iuctl.exe" [ ]
"schedsvc"="C:\WINDOWS\System32\schedsvc.exe" [ ]
"msisip"="C:\WINDOWS\System32\msisip.exe" [ ]
"eglivecam_1028"="C:\WINDOWS\System32\eglivecam_1028.exe" [ ]
"qedit"="C:\WINDOWS\System32\qedit.exe" [ ]
"mspatcha"="C:\WINDOWS\System32\mspatcha.exe" [ ]
"javacypt"="C:\WINDOWS\System32\javacypt.exe" [ ]
"msr2cenu"="C:\WINDOWS\System32\msr2cenu.exe" [ ]
"igmpagnt"="C:\WINDOWS\System32\igmpagnt.exe" [ ]
"comctl32"="C:\WINDOWS\System32\comctl32.exe" [ ]
"ftsrch"="C:\WINDOWS\System32\ftsrch.exe" [ ]
"browsewm"="C:\WINDOWS\System32\browsewm.exe" [ ]
"digest"="C:\WINDOWS\System32\digest.exe" [ ]
"dpwsockx"="C:\WINDOWS\System32\dpwsockx.exe" [ ]
"neth"="C:\WINDOWS\System32\neth.exe" [ ]
"dmintf"="C:\WINDOWS\System32\dmintf.exe" [ ]
"kbdlt1"="C:\WINDOWS\System32\kbdlt1.exe" [ ]
"ir41_qcx"="C:\WINDOWS\System32\ir41_qcx.exe" [ ]
"modemui"="C:\WINDOWS\System32\modemui.exe" [ ]
"umpnpmgr"="C:\WINDOWS\System32\umpnpmgr.exe" [ ]
"netapi"="C:\WINDOWS\System32\netapi.exe" [ ]
"sccbase"="C:\WINDOWS\System32\sccbase.exe" [ ]
"tapisrv"="C:\WINDOWS\System32\tapisrv.exe" [ ]
"kbdla"="C:\WINDOWS\System32\kbdla.exe" [ ]
"rasppp"="C:\WINDOWS\System32\rasppp.exe" [ ]
"rdocurs"="C:\WINDOWS\System32\rdocurs.exe" [ ]
"inetcomm"="C:\WINDOWS\System32\inetcomm.exe" [ ]
"ntdsapi"="C:\WINDOWS\System32\ntdsapi.exe" [ ]
"dbmsvinn"="C:\WINDOWS\System32\dbmsvinn.exe" [ ]
"icmui"="C:\WINDOWS\System32\icmui.exe" [ ]
"wiaservc"="C:\WINDOWS\System32\wiaservc.exe" [ ]
"cnmlm38"="C:\WINDOWS\System32\cnmlm38.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 14:00 68856]
"wupdinfo"="C:\WINDOWS\System32\wupdinfo.exe" [ ]
"ezstub3"="C:\WINDOWS\System32\ezstub3.exe" [ ]
"rtipxmib"="C:\WINDOWS\System32\rtipxmib.exe" [ ]
"kbdazel"="C:\WINDOWS\System32\kbdazel.exe" [ ]
"rdpcfgex"="C:\WINDOWS\System32\rdpcfgex.exe" [ ]
"ntlsapi"="C:\WINDOWS\System32\ntlsapi.exe" [ ]
"kbdnec"="C:\WINDOWS\System32\kbdnec.exe" [ ]
"dmdlgs"="C:\WINDOWS\System32\dmdlgs.exe" [ ]
"mswsock"="C:\WINDOWS\System32\mswsock.exe" [ ]
"dispex"="C:\WINDOWS\System32\dispex.exe" [ ]
"wifeman"="C:\WINDOWS\System32\wifeman.exe" [ ]
"wiashext"="C:\WINDOWS\System32\wiashext.exe" [ ]
"ds32gt"="C:\WINDOWS\System32\ds32gt.exe" [ ]
"wtsapi32"="C:\WINDOWS\System32\wtsapi32.exe" [ ]
"ialmgicd"="C:\WINDOWS\System32\ialmgicd.exe" [ ]
"bszip"="C:\WINDOWS\System32\bszip.exe" [ ]
"nmsapi"="C:\WINDOWS\System32\nmsapi.exe" [ ]
"rtm"="C:\WINDOWS\System32\rtm.exe" [ ]
"sfmapi"="C:\WINDOWS\System32\sfmapi.exe" [ ]
"wmpcd"="C:\WINDOWS\System32\wmpcd.exe" [ ]
"bidispl"="C:\WINDOWS\System32\bidispl.exe" [ ]
"riched32"="C:\WINDOWS\System32\riched32.exe" [ ]
"unimdmat"="C:\WINDOWS\System32\unimdmat.exe" [ ]
"msencode"="C:\WINDOWS\System32\msencode.exe" [ ]
"csh"="C:\WINDOWS\System32\csh.exe" [ ]
"racpldlg"="C:\WINDOWS\System32\racpldlg.exe" [ ]
"jgaw400"="C:\WINDOWS\System32\jgaw400.exe" [ ]
"txflog"="C:\WINDOWS\System32\txflog.exe" [ ]
"cabinet"="C:\WINDOWS\System32\cabinet.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"kbdbu"="C:\WINDOWS\System32\kbdbu.exe" [ ]
"shlwapi"="C:\WINDOWS\System32\shlwapi.exe" [ ]
"wlnotify"="C:\WINDOWS\System32\wlnotify.exe" [ ]
"ntmssvc"="C:\WINDOWS\System32\ntmssvc.exe" [ ]
"mswebdvd"="C:\WINDOWS\System32\mswebdvd.exe" [ ]
"kbdal"="C:\WINDOWS\System32\kbdal.exe" [ ]
"ialmgdev"="C:\WINDOWS\System32\ialmgdev.exe" [ ]
"uniplat"="C:\WINDOWS\System32\uniplat.exe" [ ]
"mindex"="C:\WINDOWS\System32\mindex.exe" [ ]
"pdh"="C:\WINDOWS\System32\pdh.exe" [ ]
"mfc42u"="C:\WINDOWS\System32\mfc42u.exe" [ ]
"certmgr"="C:\WINDOWS\System32\certmgr.exe" [ ]
"faultrep"="C:\WINDOWS\System32\faultrep.exe" [ ]
"odbc16gt"="C:\WINDOWS\System32\odbc16gt.exe" [ ]
"eventlog"="C:\WINDOWS\System32\eventlog.exe" [ ]
"wshext"="C:\WINDOWS\System32\wshext.exe" [ ]
"qedwipes"="C:\WINDOWS\System32\qedwipes.exe" [ ]
"feclient"="C:\WINDOWS\System32\feclient.exe" [ ]
"wmpui"="C:\WINDOWS\System32\wmpui.exe" [ ]
"comuid"="C:\WINDOWS\System32\comuid.exe" [ ]
"qmgr"="C:\WINDOWS\System32\qmgr.exe" [ ]
"dsound"="C:\WINDOWS\System32\dsound.exe" [ ]
"smlogcfg"="C:\WINDOWS\System32\smlogcfg.exe" [ ]
"srvsvc"="C:\WINDOWS\System32\srvsvc.exe" [ ]
"deskadp"="C:\WINDOWS\System32\deskadp.exe" [ ]
"autodisc"="C:\WINDOWS\System32\autodisc.exe" [ ]
"rtutils"="C:\WINDOWS\System32\rtutils.exe" [ ]
"fsusd"="C:\WINDOWS\System32\fsusd.exe" [ ]
"wowfax"="C:\WINDOWS\System32\wowfax.exe" [ ]
"dbmsrpcn"="C:\WINDOWS\System32\dbmsrpcn.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2001-08-30 04:30 13312]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-07-10 03:25 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-07-10 03:13 114688]
"GWMDMMSG"="GWMDMMSG.exe" [2002-05-06 18:12 65536 C:\WINDOWS\GWMDMMSG.exe]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2003-09-02 20:25 675840]
"rasfont"="C:\WINDOWS\security\Database\rasfont.exe" [ ]
"uvuditwh"="C:\WINDOWS\uvuditwh.exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2004-12-17 23:20 278528]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-07 12:02 98304]
"fol"="C:\WINDOWS\fol.exe" [ ]
"Etwawx"="C:\Program Files\Qtbwnj\Amoly.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe" [2005-03-04 03:36 36975]
"{77-7C-C8-8D-ZN}"="c:\windows\system32\dwdsrngt.exe" [ ]
"ctfmona"="C:\WINDOWS\System32\ctfmona.exe" [ ]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-10-01 16:40 5367608]
"SDFix"="C:\DOCUME~1\OWNER~1.PRI\Desktop\SDFix\RunThis.bat /second" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SDFix"="C:\DOCUME~1\OWNER~1.PRI\Desktop\SDFix\RunThis.bat /second" [ ]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{b585105c-0e84-4ef0-9c6a-fbe134a72945}"= C:\WINDOWS\System32\ivrllc.dll [2007-11-23 22:55 12800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qkihlbti]
qkihlbti.dll 2007-12-06 14:08 36928 C:\WINDOWS\system32\qkihlbti.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tnjfcfka]
tnjfcfka.dll 2007-12-06 14:17 36928 C:\WINDOWS\system32\tnjfcfka.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsqr32]
winsqr32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, wowfx.dll
S0 ccfzlgyh;ccfzlgyh;C:\WINDOWS\System32\drivers\cyjrngpt.da_ []
S1 drmProc;drmProc;C:\WINDOWS\System32\drivers\mskntmgr.sys [2005-10-20 12:56]
S2 NMSSvc;Intel(R) NMS;C:\WINDOWS\System32\NMSSvc.exe [2002-05-03 13:36]
S2 svcpack;svcpack;C:\WINDOWS\System32\svcpack.exe []
S3 iscFlash;iscFlash;C:\WINDOWS\SYSTEM32\DRIVERS\iscflash.sys []
S3 NMSCFG;NIC Management Service Configuration Driver;C:\WINDOWS\System32\drivers\NMSCFG.SYS [2002-05-03 13:36]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-01-10 02:46:44
Windows 5.1.2600 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\qkihlbti.dll
-> C:\WINDOWS\system32\tnjfcfka.dll
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2600.0000]
-> C:\WINDOWS\system32\qkihlbti.dll
-> C:\WINDOWS\System32\ivrllc.dll
.
Completion time: 2008-01-10 2:49:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 08:49:24
ComboFix2.txt 2008-01-08 00:11:23