I followed all of the instructions and here are posted replies:
ComboFix 08-10-30.09 - Nathan Espinoza 2008-10-30 21:31:26.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.189 [GMT -5:00]
Running from: C:\Documents and Settings\Dolly boushey\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Dolly boushey\Application Data\Google\fwldpl.dll
C:\Documents and Settings\Dolly boushey\Application Data\Google\mupd1_2_1165664.exe
.
((((((((((((((((((((((((( Files Created from 2008-09-28 to 2008-10-31 )))))))))))))))))))))))))))))))
.
2008-10-30 11:33 . 2008-10-30 11:33 <DIR> d-------- C:\rsit
2008-10-30 11:33 . 2008-10-30 11:33 <DIR> d-------- C:\Program Files\trend micro
2008-10-30 11:20 . 2008-10-30 11:20 250 --a------ C:\WINDOWS\gmer.ini
2008-10-30 03:52 . 2008-10-30 03:52 <DIR> d-------- C:\Program Files\Avira
2008-10-30 03:52 . 2008-10-30 03:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-10-30 03:41 . 2008-10-30 03:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-10-30 03:04 . 2008-10-30 03:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-30 03:04 . 2008-10-30 03:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-29 17:48 . 2008-10-29 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-10-26 05:15 . 2008-10-26 05:15 <DIR> d-------- C:\Program Files\Bonjour
2008-10-26 05:14 . 2008-10-26 05:15 <DIR> d-------- C:\Program Files\QuickTime
2008-10-26 05:13 . 2008-10-26 05:13 <DIR> d-------- C:\Program Files\Apple Software Update
2008-10-26 03:29 . 2008-04-13 19:12 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-10-26 03:17 . 2008-10-26 03:17 <DIR> d-------- C:\WINDOWS\system32\scripting
2008-10-26 03:17 . 2008-10-26 03:17 <DIR> d-------- C:\WINDOWS\system32\en
2008-10-26 03:17 . 2008-10-26 03:17 <DIR> d-------- C:\WINDOWS\l2schemas
2008-10-23 20:10 . 2008-10-15 11:34 337,408 -----c--- C:\WINDOWS\system32\dllcache\netapi32.dll
2008-10-23 05:23 . 2008-10-27 20:01 <DIR> d-------- C:\Documents and Settings\Dolly boushey\Application Data\Move Networks
2008-10-23 03:49 . 2008-04-13 19:12 1,306,624 --------- C:\WINDOWS\system32\msxml6.dll
2008-10-23 03:48 . 2008-04-13 19:10 844,314 -----c--- C:\WINDOWS\system32\dllcache\msdxm.ocx
2008-10-23 03:47 . 2008-04-13 19:12 695,808 -----c--- C:\WINDOWS\system32\dllcache\drmv2clt.dll
2008-10-23 03:46 . 2008-04-13 19:11 136,192 --------- C:\WINDOWS\system32\aaclient.dll
2008-10-23 03:46 . 2008-04-13 12:23 8,192 -----c--- C:\WINDOWS\system32\dllcache\asferror.dll
2008-10-22 18:54 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-22 18:53 . 2008-08-14 05:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-22 18:53 . 2008-08-14 05:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-22 18:53 . 2008-08-14 04:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-22 18:53 . 2008-08-14 04:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-22 18:53 . 2008-09-15 07:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-10 16:34 . 2008-06-13 06:05 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-10-10 16:31 . 2008-05-08 09:02 203,136 -----c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-10-10 16:30 . 2008-05-01 09:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-10-10 16:25 . 2008-04-11 14:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-10-10 16:22 . 2008-10-29 18:14 <DIR> d-------- C:\Program Files\OneStep
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-09-05 23:30 . 2008-09-05 23:30 241,704 -----c--- C:\WINDOWS\system32\dllcache\wgaLogon.dll
2008-09-05 23:29 . 2008-09-05 23:29 917,032 -----c--- C:\WINDOWS\system32\dllcache\WgaTray.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-31 01:36 --------- d-----w C:\Documents and Settings\Dolly boushey\Application Data\OpenOffice.org2
2008-10-29 07:02 --------- d-----w C:\Documents and Settings\Dolly boushey\Application Data\Apple Computer
2008-10-26 08:38 --------- d-----w C:\Program Files\Java
2008-10-23 09:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-29 15:18 87,336 ----a-w C:\WINDOWS\system32\dns-sd.exe
2008-08-29 14:53 61,440 ----a-w C:\WINDOWS\system32\dnssd.dll
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-01-08 4866048]
"SigmaTel StacMon"="C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2004-04-29 90169]
"Broadcom Wireless Manager UI"="C:\WINDOWS\System32\WLTRAY.exe" [2005-12-19 1347584]
"iPrint Tray"="C:\WINDOWS\system32\iprntctl.exe" [2007-09-06 40960]
"iPrint Event Monitor"="C:\WINDOWS\system32\iprntlgn.exe" [2007-09-06 45056]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2004-01-08 C:\WINDOWS\system32\nwiz.exe]
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 C:\WINDOWS\BCMSMMSG.exe]
C:\Documents and Settings\Dolly boushey\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 393216]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 nipplpt2;Novell iCapture Lpt Redirector 2;C:\WINDOWS\system32\drivers\nipplpt.sys [2007-09-06 34671]
S2 OneStepSearch Service;OneStepSearch Service;C:\Program Files\OneStep\onestep.exe C:\Program Files\OneStep\onestep.dll Service [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b00d0e90-c2e4-11dc-8e2d-000f1f23261f}]
\Shell\AutoRun\command - E:\
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -
Notify-NavLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Dolly boushey\Application Data\Mozilla\Firefox\Profiles\qx50csdu.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
www.yahoo.com
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-30 21:32:57
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-30 21:34:21
ComboFix-quarantined-files.txt 2008-10-31 02:34:17
Pre-Run: 30,007,431,168 bytes free
Post-Run: 30,174,343,168 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
133 --- E O F --- 2008-10-26 08:26:20
__________________________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:12 PM, on 10/30/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\WLTRAY.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\system32\iprntlgn.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\trend micro\hijackthis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\System32\WLTRAY.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [iPrint Event Monitor] C:\WINDOWS\system32\iprntlgn.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/wind...?1199830544906
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OneStepSearch Service - Unknown owner - C:\Program Files\OneStep\onestep.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
--
End of file - 5635 bytes