Tech Support Forum - View Single Post

eddmead · 11-02-2008, 06:17 AM

Thank you so much for the help!..Here is the log you requested.

ComboFix 08-11-01.05 - Shirly 2008-11-02 7:59:16.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.177 [GMT -5:00]

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\iertutil.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Shirly\Application Data\Facegame
C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe
C:\Documents and Settings\Shirly\Application Data\SpeedRunner
C:\Documents and Settings\Shirly\Application Data\SpeedRunner\config.cfg
C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe
C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SRUninstall.exe
C:\Documents and Settings\Shirly\Local Settings\Temporary Internet Files\bestwiner.stt
C:\Documents and Settings\Shirly\Local Settings\Temporary Internet Files\CPV.stt
C:\Documents and Settings\Shirly\Local Settings\Temporary Internet Files\fbk.sts
C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\DW_Start.lnk
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\006A4041.urr
C:\Program Files\GetPack
C:\Program Files\GetPack\GetPack23.exe
C:\Program Files\iCheck
C:\Program Files\iCheck\iCheck.exe
C:\Program Files\iCheck\Uninstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search3
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\network monitor
C:\temp\tn3
C:\WINDOWS\epgb.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\grfxbanonlm.dll
C:\WINDOWS\ngwstxfd.dll
C:\WINDOWS\qrbgltos.dll
C:\WINDOWS\rosqxvmn.dll
C:\WINDOWS\system32\aomkpr.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\ddcDvwvs.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\fipss.sys
C:\WINDOWS\system32\Drivers\TDSSxeuu.sys
C:\WINDOWS\system32\dwylalxk.ini
C:\WINDOWS\system32\emkrsdbk.ini
C:\WINDOWS\system32\fecmcmrp.dll
C:\WINDOWS\system32\gNXbHRqr.ini
C:\WINDOWS\system32\gNXbHRqr.ini2
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\htaxgo.dll
C:\WINDOWS\system32\iIBUlKAp.dll
C:\WINDOWS\system32\iifdCvwu.dll
C:\WINDOWS\system32\imvkir.dll
C:\WINDOWS\system32\isdmjwho.dll
C:\WINDOWS\system32\kadeqihh.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\nnnmlMDw.dll
C:\WINDOWS\system32\ohwjmdsi.ini
C:\WINDOWS\system32\oPICTJAr.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnmmJcd.dll
C:\WINDOWS\system32\qqxxzc.dll
C:\WINDOWS\system32\rqbwxq.dll
C:\WINDOWS\system32\rqRHbbyV.dll
C:\WINDOWS\system32\rqRHbXNg.dll
C:\WINDOWS\system32\ssqrSLFW.dll
C:\WINDOWS\system32\TDSSehys.dll
C:\WINDOWS\system32\TDSSirxy.dll
C:\WINDOWS\system32\TDSSktkl.dll
C:\WINDOWS\system32\TDSSocun.dll
C:\WINDOWS\system32\TDSSrojf.dll
C:\WINDOWS\system32\TDSSwupe.dat
C:\WINDOWS\system32\tllxdcdr.dll
C:\WINDOWS\system32\tuvTmNfG.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\wmldcaub.dll
C:\WINDOWS\system32\wvUkJdCU.dll
C:\WINDOWS\system32\xlfgptge.dll
C:\WINDOWS\system32\ybmpxvyi.ini
C:\WINDOWS\system32\ypkdooaw.ini
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\U2hpcmx5\
C:\WINDOWS\U2hpcmx5\\oZ1DwAUc.vbs
C:\WINDOWS\uninstall_nmon.vbs
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_TDSSserv
-------\Legacy_TDSSserv
-------\Legacy_CMDSERVICE
-------\Legacy_FIPSS
-------\Legacy_NETWORK_MONITOR
-------\Service_cmdService
-------\Service_fipss
-------\Service_Network Monitor

((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 )))))))))))))))))))))))))))))))
.

2008-11-02 08:12 . 2008-11-02 08:12 32 --a------ C:\WINDOWS\system32\msnav32.ax
2008-10-31 18:47 . 2008-10-31 18:47 <DIR> d-------- C:\rsit
2008-10-31 18:42 . 2008-10-31 18:42 250 --a------ C:\WINDOWS\gmer.ini
2008-10-30 16:26 . 2008-10-30 16:26 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\Gool
2008-10-30 16:21 . 2008-10-30 16:21 <DIR> d-------- C:\Program Files\Webtools
2008-10-30 16:19 . 2008-10-30 16:19 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-30 16:16 . 2008-10-30 16:16 <DIR> d-------- C:\Program Files\Mjcore
2008-10-29 18:54 . 2008-10-29 18:54 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-29 18:08 . 2008-10-29 18:08 <DIR> d-------- C:\Program Files\CleanUp!
2008-10-26 19:24 . 2008-10-26 19:25 548,924 --a------ C:\WINDOWS\system32\pcntttdl.exe
2008-10-26 18:54 . 2008-10-26 18:54 262,182 --a------ C:\WINDOWS\system32\rkwnw64l.exe
2008-10-26 18:23 . 2008-10-26 18:23 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\wi
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\PX
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\m3v
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\fs3
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\EV02
2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\ec2
2008-10-26 18:20 . 2008-10-26 18:35 288,734 --a------ C:\WINDOWS\ndxq3074.exe
2008-10-26 18:20 . 2008-10-26 18:35 16,384 --a------ C:\WINDOWS\j414.exe
2008-10-22 22:27 . 2008-10-22 22:27 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\Simply Super Software
2008-10-22 22:27 . 2008-10-22 22:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2008-10-22 22:27 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-10-22 22:27 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-10-22 22:27 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-10-22 22:27 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-10-22 22:27 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-10-21 18:18 . 2008-10-31 18:21 <DIR> d--h----- C:\$AVG8.VAULT$
2008-10-21 16:14 . 2008-10-21 16:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-10-21 16:14 . 2008-10-22 21:22 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\AVGTOOLBAR
2008-10-21 16:14 . 2008-10-21 16:14 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-10-21 16:14 . 2008-10-21 16:14 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-10-21 16:14 . 2008-10-21 16:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-10-21 16:13 . 2008-10-21 16:13 <DIR> d-------- C:\Program Files\AVG
2008-10-21 16:13 . 2008-10-21 18:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8
2008-10-20 17:25 . 2008-10-21 15:19 <DIR> d-------- C:\Documents and Settings\Shirly\Contacts
2008-10-20 16:54 . 2008-10-21 16:26 0 --ah----- C:\WINDOWS\.security
2008-10-20 16:54 . 2008-10-21 16:26 0 --ah----- C:\.security
2008-10-20 16:51 . 2008-10-21 16:29 <DIR> d-------- C:\Program Files\PC-Antispy
2008-10-20 00:38 . 2008-10-20 00:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\pozgnihc
2008-10-20 00:37 . 2008-10-19 02:01 102,400 --a------ C:\WINDOWS\lomxeqsn.exe
2008-10-20 00:37 . 2008-10-30 16:14 3,530 --a------ C:\WINDOWS\system32\TDSSqein.dll
2008-10-18 21:51 . 2008-10-18 21:51 268 --ah----- C:\sqmdata02.sqm
2008-10-18 21:51 . 2008-10-18 21:51 244 --ah----- C:\sqmnoopt02.sqm
2008-10-18 13:06 . 2008-10-18 13:06 <DIR> d-------- C:\Program Files\Fun Web Products
2008-10-17 19:02 . 2008-10-17 19:02 208 --ah----- C:\sqmdata01.sqm
2008-10-17 19:02 . 2008-10-17 19:02 172 --ah----- C:\sqmnoopt01.sqm
2008-10-17 17:17 . 2008-10-17 17:17 244 --ah----- C:\sqmnoopt00.sqm
2008-10-17 17:17 . 2008-10-17 17:17 232 --ah----- C:\sqmdata00.sqm
2008-10-17 15:41 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-10-17 15:41 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-10-17 15:41 . 2008-04-13 13:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2008-10-17 15:41 . 2001-08-17 21:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\WINDOWS\PixArt
2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\Program Files\Micro Innovations
2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2008-10-17 14:03 . 2008-10-19 20:37 12,548 --a------ C:\WINDOWS\EZMediaBox2.ini
2008-10-17 14:02 . 2008-10-17 14:02 <DIR> d-------- C:\Program Files\BestOn
2008-10-17 14:02 . 2008-07-18 21:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-10-17 14:02 . 2008-07-18 21:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-10-17 14:02 . 2008-07-18 21:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-10-16 20:52 . 2008-10-16 21:01 <DIR> d-------- C:\Program Files\MySpace
2008-10-16 19:50 . 2008-10-16 19:50 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-10-16 19:50 . 2008-10-16 19:50 <DIR> d-------- C:\Documents and Settings\zach\Contacts
2008-10-16 19:49 . 2008-10-16 19:49 <DIR> d-------- C:\Program Files\Real
2008-10-16 19:49 . 2008-10-16 19:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar
2008-10-16 19:47 . 2008-10-16 19:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-10-16 19:47 . 2008-10-16 19:50 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-10-16 19:47 . 2008-10-16 19:51 <DIR> d-------- C:\Program Files\MSN Messenger
2008-10-16 18:04 . 2008-10-26 18:59 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\LimeWire
2008-10-16 18:01 . 2008-10-16 18:01 <DIR> d-------- C:\WINDOWS\Sun
2008-10-16 18:01 . 2008-10-17 10:46 <DIR> d-------- C:\Program Files\Google
2008-10-16 18:00 . 2008-10-16 18:00 <DIR> d-------- C:\Program Files\Java
2008-10-16 18:00 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-10-16 17:57 . 2008-10-16 17:57 <DIR> d-------- C:\Program Files\Common Files\Java
2008-10-16 17:08 . 2001-08-17 21:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2008-10-16 17:08 . 2001-08-17 21:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll
2008-10-16 17:08 . 2001-08-17 21:36 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2008-10-16 17:08 . 2001-08-17 21:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll
2008-10-16 17:08 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2008-10-16 17:08 . 2008-04-13 19:09 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll
2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll
2008-10-16 17:08 . 2001-08-17 13:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2008-10-16 17:08 . 2001-08-17 13:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll
2008-10-16 16:43 . 2008-09-15 07:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys
2008-10-16 16:43 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys
2008-10-16 16:42 . 2008-08-14 05:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-16 16:42 . 2008-08-14 05:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-16 16:42 . 2008-08-14 04:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-16 16:42 . 2008-08-14 04:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-10-14 13:54 . 2008-10-14 13:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles
2008-10-11 22:44 . 2008-10-11 22:44 <DIR> d-------- C:\Program Files\Yahoo!
2008-10-11 20:57 . 2008-10-15 14:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-11 20:57 . 1998-10-29 13:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-10-11 20:56 . 2005-04-01 10:43 66,048 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys
2008-10-11 09:28 . 2008-10-21 16:14 <DIR> d-------- C:\Documents and Settings\zach
2008-10-10 18:50 . 2008-10-10 18:50 <DIR> d-------- C:\CloneDVDTemp
2008-10-10 18:19 . 2001-08-17 12:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-10-10 18:19 . 2001-08-17 12:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys
2008-10-10 18:19 . 2008-04-13 13:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2008-10-10 18:19 . 2008-04-13 13:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys
2008-10-10 14:41 . 2008-10-10 14:41 <DIR> d-------- C:\Program Files\SlySoft
2008-10-10 14:41 . 2008-10-10 14:41 <DIR> d-------- C:\Program Files\Elaborate Bytes
2008-10-10 14:40 . 2008-10-31 18:41 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\U3
2008-10-10 14:40 . 2008-04-13 13:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-26 23:35 184,320 ----a-w C:\WINDOWS\h288.exe
2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\tj85.exe
2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\lik02.exe
2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\eo4.exe
2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\ee3362.exe
2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\cor704836.exe
2008-10-26 23:34 70,599 ----a-w C:\WINDOWS\tjyvb346054.exe
2008-10-26 23:34 262,153 ----a-w C:\WINDOWS\qggu58826.exe
2008-10-26 23:34 191,017 ----a-w C:\WINDOWS\nohh06760.exe
2008-10-26 23:34 1,724,416 ----a-w C:\WINDOWS\nc605007.exe
2008-10-26 23:19 262,172 ----a-w C:\WINDOWS\system32\dwwnw64r.exe
2008-10-26 23:19 153,434 ----a-w C:\WINDOWS\system32\g79.exe
2008-10-26 23:19 1,601,536 ----a-w C:\WINDOWS\mondrv411.exe
2008-10-17 19:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-10-17 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-12-11 503296]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Gool"="C:\Documents and Settings\Shirly\Application Data\Gool\Gool.exe" [2008-10-30 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-21 1235736]
"{85-5E-EA-A3-DW}"="c:\windows\system32\dwwnw64r.exe" [2008-10-26 262172]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 C:\WINDOWS\RTHDCPL.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"D5P1Ak1SB2"="C:\Documents and Settings\All Users\Application Data\pozgnihc\binwvqne.exe" [2008-10-20 57344]

C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\
DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe [2008-10-26 262172]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=,avgrsstx.dll rqbwxq.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-21 97928]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-21 875288]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-21 231704]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-21 76040]
S3 PAC207;Basic Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-05-27 162304]
S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\LaunchU3.exe -a
.
- - - - ORPHANS REMOVED - - - -

BHO-{1D97D4A1-3FC0-4F0F-8B63-5338354BE375} - C:\WINDOWS\system32\rqRHbXNg.dll
BHO-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\wvUkJdCU.dll
BHO-{9213358f-d7ad-409a-ad97-33f0f1ee218d} - C:\WINDOWS\system32\rqbwxq.dll
HKCU-Run-admdsc - C:\WINDOWS\system32\kfapyjil.exe
HKCU-Run-VnrPack20 - C:\Program Files\VnrPack\VnrPack20.exe
HKCU-Run-GetPack23 - C:\Program Files\GetPack\GetPack23.exe
HKCU-Run-Facegame - C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe
ShellExecuteHooks-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\wvUkJdCU.dll
SSODL-qrbgltos-{74747695-FC62-4400-BF3A-2B893CADC3BC} - C:\WINDOWS\qrbgltos.dll
SSODL-ngwstxfd-{0BD404B3-7DCF-425C-B2F9-226D99A09DCE} - C:\WINDOWS\ngwstxfd.dll
SafeBoot-TDSSxeuu.sys

.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-02 08:12:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\searchindexer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\searchprotocolhost.exe
C:\WINDOWS\system32\searchfilterhost.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-11-02 8:14:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-02 13:14:22

Pre-Run: 136,021,463,040 bytes free
Post-Run: 138,657,894,400 bytes free

337 --- E O F --- 2008-10-18 16:30:34

11-02-2008, 06:17 AM	#3 (permalink)
eddmead Registered User Join Date: Jul 2005 Posts: 38 OS: xp pro	Re: Horrible infection. Thank you so much for the help!..Here is the log you requested. ComboFix 08-11-01.05 - Shirly 2008-11-02 7:59:16.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.177 [GMT -5:00] WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . The following files were disabled during the run: C:\WINDOWS\system32\Normaliz.dll C:\WINDOWS\system32\iertutil.dll ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\LocalService\Application Data\NetMon C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt C:\Documents and Settings\Shirly\Application Data\Facegame C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe C:\Documents and Settings\Shirly\Application Data\SpeedRunner C:\Documents and Settings\Shirly\Application Data\SpeedRunner\config.cfg C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SpeedRunner.exe C:\Documents and Settings\Shirly\Application Data\SpeedRunner\SRUninstall.exe C:\Documents and Settings\Shirly\Local Settings\Temporary Internet Files\bestwiner.stt C:\Documents and Settings\Shirly\Local Settings\Temporary Internet Files\CPV.stt C:\Documents and Settings\Shirly\Local Settings\Temporary Internet Files\fbk.sts C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\Deewoo.lnk C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\DW_Start.lnk C:\Program Files\FunWebProducts C:\Program Files\FunWebProducts\ScreenSaver\Images\006A4041.urr C:\Program Files\GetPack C:\Program Files\GetPack\GetPack23.exe C:\Program Files\iCheck C:\Program Files\iCheck\iCheck.exe C:\Program Files\iCheck\Uninstall.exe C:\Program Files\MyWebSearch C:\Program Files\MyWebSearch\bar\History\search3 C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings\setting2.htm C:\Program Files\MyWebSearch\bar\Settings\settings.dat C:\Program Files\network monitor C:\temp\tn3 C:\WINDOWS\epgb.exe C:\WINDOWS\Fonts\' C:\WINDOWS\Fonts\a.zip C:\WINDOWS\Fonts\Setup.exe C:\WINDOWS\grfxbanonlm.dll C:\WINDOWS\ngwstxfd.dll C:\WINDOWS\qrbgltos.dll C:\WINDOWS\rosqxvmn.dll C:\WINDOWS\system32\aomkpr.dll C:\WINDOWS\system32\atmtd.dll C:\WINDOWS\system32\atmtd.dll._ C:\WINDOWS\system32\ddcDvwvs.dll C:\WINDOWS\system32\drivers\core.cache.dsk C:\WINDOWS\system32\drivers\fipss.sys C:\WINDOWS\system32\Drivers\TDSSxeuu.sys C:\WINDOWS\system32\dwylalxk.ini C:\WINDOWS\system32\emkrsdbk.ini C:\WINDOWS\system32\fecmcmrp.dll C:\WINDOWS\system32\gNXbHRqr.ini C:\WINDOWS\system32\gNXbHRqr.ini2 C:\WINDOWS\system32\gside.exe C:\WINDOWS\system32\htaxgo.dll C:\WINDOWS\system32\iIBUlKAp.dll C:\WINDOWS\system32\iifdCvwu.dll C:\WINDOWS\system32\imvkir.dll C:\WINDOWS\system32\isdmjwho.dll C:\WINDOWS\system32\kadeqihh.dll C:\WINDOWS\system32\mcrh.tmp C:\WINDOWS\system32\MSINET.oca C:\WINDOWS\system32\msnav32.ax C:\WINDOWS\system32\nnnmlMDw.dll C:\WINDOWS\system32\ohwjmdsi.ini C:\WINDOWS\system32\oPICTJAr.dll C:\WINDOWS\system32\pac.txt C:\WINDOWS\system32\pmnmmJcd.dll C:\WINDOWS\system32\qqxxzc.dll C:\WINDOWS\system32\rqbwxq.dll C:\WINDOWS\system32\rqRHbbyV.dll C:\WINDOWS\system32\rqRHbXNg.dll C:\WINDOWS\system32\ssqrSLFW.dll C:\WINDOWS\system32\TDSSehys.dll C:\WINDOWS\system32\TDSSirxy.dll C:\WINDOWS\system32\TDSSktkl.dll C:\WINDOWS\system32\TDSSocun.dll C:\WINDOWS\system32\TDSSrojf.dll C:\WINDOWS\system32\TDSSwupe.dat C:\WINDOWS\system32\tllxdcdr.dll C:\WINDOWS\system32\tuvTmNfG.dll C:\WINDOWS\system32\winpfz33.sys C:\WINDOWS\system32\wmldcaub.dll C:\WINDOWS\system32\wvUkJdCU.dll C:\WINDOWS\system32\xlfgptge.dll C:\WINDOWS\system32\ybmpxvyi.ini C:\WINDOWS\system32\ypkdooaw.ini C:\WINDOWS\system32\zxdnt3d.cfg C:\WINDOWS\U2hpcmx5\ C:\WINDOWS\U2hpcmx5\\oZ1DwAUc.vbs C:\WINDOWS\uninstall_nmon.vbs D:\Autorun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_TDSSserv -------\Legacy_TDSSserv -------\Legacy_CMDSERVICE -------\Legacy_FIPSS -------\Legacy_NETWORK_MONITOR -------\Service_cmdService -------\Service_fipss -------\Service_Network Monitor ((((((((((((((((((((((((( Files Created from 2008-10-02 to 2008-11-02 ))))))))))))))))))))))))))))))) . 2008-11-02 08:12 . 2008-11-02 08:12 32 --a------ C:\WINDOWS\system32\msnav32.ax 2008-10-31 18:47 . 2008-10-31 18:47 <DIR> d-------- C:\rsit 2008-10-31 18:42 . 2008-10-31 18:42 250 --a------ C:\WINDOWS\gmer.ini 2008-10-30 16:26 . 2008-10-30 16:26 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\Gool 2008-10-30 16:21 . 2008-10-30 16:21 <DIR> d-------- C:\Program Files\Webtools 2008-10-30 16:19 . 2008-10-30 16:19 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-30 16:16 . 2008-10-30 16:16 <DIR> d-------- C:\Program Files\Mjcore 2008-10-29 18:54 . 2008-10-29 18:54 <DIR> d-------- C:\Documents and Settings\Administrator 2008-10-29 18:08 . 2008-10-29 18:08 <DIR> d-------- C:\Program Files\CleanUp! 2008-10-26 19:24 . 2008-10-26 19:25 548,924 --a------ C:\WINDOWS\system32\pcntttdl.exe 2008-10-26 18:54 . 2008-10-26 18:54 262,182 --a------ C:\WINDOWS\system32\rkwnw64l.exe 2008-10-26 18:23 . 2008-10-26 18:23 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll 2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\wi 2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\PX 2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\m3v 2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\fs3 2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\EV02 2008-10-26 18:20 . 2008-10-26 18:20 <DIR> d-------- C:\WINDOWS\system32\ec2 2008-10-26 18:20 . 2008-10-26 18:35 288,734 --a------ C:\WINDOWS\ndxq3074.exe 2008-10-26 18:20 . 2008-10-26 18:35 16,384 --a------ C:\WINDOWS\j414.exe 2008-10-22 22:27 . 2008-10-22 22:27 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\Simply Super Software 2008-10-22 22:27 . 2008-10-22 22:27 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software 2008-10-22 22:27 . 2006-05-25 14:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-10-22 22:27 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll 2008-10-22 22:27 . 2005-08-26 00:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-10-22 22:27 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll 2008-10-22 22:27 . 2006-06-19 12:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-10-21 18:18 . 2008-10-31 18:21 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-10-21 16:14 . 2008-10-21 16:14 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg 2008-10-21 16:14 . 2008-10-22 21:22 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\AVGTOOLBAR 2008-10-21 16:14 . 2008-10-21 16:14 97,928 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys 2008-10-21 16:14 . 2008-10-21 16:14 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys 2008-10-21 16:14 . 2008-10-21 16:14 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll 2008-10-21 16:13 . 2008-10-21 16:13 <DIR> d-------- C:\Program Files\AVG 2008-10-21 16:13 . 2008-10-21 18:11 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\avg8 2008-10-20 17:25 . 2008-10-21 15:19 <DIR> d-------- C:\Documents and Settings\Shirly\Contacts 2008-10-20 16:54 . 2008-10-21 16:26 0 --ah----- C:\WINDOWS\.security 2008-10-20 16:54 . 2008-10-21 16:26 0 --ah----- C:\.security 2008-10-20 16:51 . 2008-10-21 16:29 <DIR> d-------- C:\Program Files\PC-Antispy 2008-10-20 00:38 . 2008-10-20 00:38 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\pozgnihc 2008-10-20 00:37 . 2008-10-19 02:01 102,400 --a------ C:\WINDOWS\lomxeqsn.exe 2008-10-20 00:37 . 2008-10-30 16:14 3,530 --a------ C:\WINDOWS\system32\TDSSqein.dll 2008-10-18 21:51 . 2008-10-18 21:51 268 --ah----- C:\sqmdata02.sqm 2008-10-18 21:51 . 2008-10-18 21:51 244 --ah----- C:\sqmnoopt02.sqm 2008-10-18 13:06 . 2008-10-18 13:06 <DIR> d-------- C:\Program Files\Fun Web Products 2008-10-17 19:02 . 2008-10-17 19:02 208 --ah----- C:\sqmdata01.sqm 2008-10-17 19:02 . 2008-10-17 19:02 172 --ah----- C:\sqmnoopt01.sqm 2008-10-17 17:17 . 2008-10-17 17:17 244 --ah----- C:\sqmnoopt00.sqm 2008-10-17 17:17 . 2008-10-17 17:17 232 --ah----- C:\sqmdata00.sqm 2008-10-17 15:41 . 2008-04-13 19:12 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-10-17 15:41 . 2008-04-13 13:45 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-10-17 15:41 . 2008-04-13 13:45 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-10-17 15:41 . 2001-08-17 21:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\WINDOWS\PixArt 2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\Program Files\Micro Innovations 2008-10-17 14:05 . 2008-10-17 14:05 <DIR> d-------- C:\Program Files\Common Files\PCCamera 2008-10-17 14:03 . 2008-10-19 20:37 12,548 --a------ C:\WINDOWS\EZMediaBox2.ini 2008-10-17 14:02 . 2008-10-17 14:02 <DIR> d-------- C:\Program Files\BestOn 2008-10-17 14:02 . 2008-07-18 21:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll 2008-10-17 14:02 . 2008-07-18 21:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll 2008-10-17 14:02 . 2008-07-18 21:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-10-16 20:52 . 2008-10-16 21:01 <DIR> d-------- C:\Program Files\MySpace 2008-10-16 19:50 . 2008-10-16 19:50 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-10-16 19:50 . 2008-10-16 19:50 <DIR> d-------- C:\Documents and Settings\zach\Contacts 2008-10-16 19:49 . 2008-10-16 19:49 <DIR> d-------- C:\Program Files\Real 2008-10-16 19:49 . 2008-10-16 19:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Live Toolbar 2008-10-16 19:47 . 2008-10-16 19:47 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2008-10-16 19:47 . 2008-10-16 19:50 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-10-16 19:47 . 2008-10-16 19:51 <DIR> d-------- C:\Program Files\MSN Messenger 2008-10-16 18:04 . 2008-10-26 18:59 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\LimeWire 2008-10-16 18:01 . 2008-10-16 18:01 <DIR> d-------- C:\WINDOWS\Sun 2008-10-16 18:01 . 2008-10-17 10:46 <DIR> d-------- C:\Program Files\Google 2008-10-16 18:00 . 2008-10-16 18:00 <DIR> d-------- C:\Program Files\Java 2008-10-16 18:00 . 2008-06-10 01:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-10-16 17:57 . 2008-10-16 17:57 <DIR> d-------- C:\Program Files\Common Files\Java 2008-10-16 17:08 . 2001-08-17 21:36 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll 2008-10-16 17:08 . 2001-08-17 21:36 8,704 --a--c--- C:\WINDOWS\system32\dllcache\kbdjpn.dll 2008-10-16 17:08 . 2001-08-17 21:36 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll 2008-10-16 17:08 . 2001-08-17 21:36 8,192 --a--c--- C:\WINDOWS\system32\dllcache\kbdkor.dll 2008-10-16 17:08 . 2008-04-13 19:09 6,144 --a------ C:\WINDOWS\system32\kbd106.dll 2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll 2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll 2008-10-16 17:08 . 2008-04-13 19:09 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd106.dll 2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101c.dll 2008-10-16 17:08 . 2001-08-17 13:55 6,144 --a--c--- C:\WINDOWS\system32\dllcache\kbd101b.dll 2008-10-16 17:08 . 2001-08-17 13:55 5,632 --a------ C:\WINDOWS\system32\kbd103.dll 2008-10-16 17:08 . 2001-08-17 13:55 5,632 --a--c--- C:\WINDOWS\system32\dllcache\kbd103.dll 2008-10-16 16:43 . 2008-09-15 07:12 1,846,400 -----c--- C:\WINDOWS\system32\dllcache\win32k.sys 2008-10-16 16:43 . 2008-09-08 05:41 333,824 -----c--- C:\WINDOWS\system32\dllcache\srv.sys 2008-10-16 16:42 . 2008-08-14 05:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-16 16:42 . 2008-08-14 05:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-16 16:42 . 2008-08-14 04:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-16 16:42 . 2008-08-14 04:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-10-14 13:54 . 2008-10-14 13:54 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\nView_Profiles 2008-10-11 22:44 . 2008-10-11 22:44 <DIR> d-------- C:\Program Files\Yahoo! 2008-10-11 20:57 . 2008-10-15 14:21 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-10-11 20:57 . 1998-10-29 13:45 306,688 --a------ C:\WINDOWS\IsUninst.exe 2008-10-11 20:56 . 2005-04-01 10:43 66,048 --a------ C:\WINDOWS\system32\drivers\EAPPkt.sys 2008-10-11 09:28 . 2008-10-21 16:14 <DIR> d-------- C:\Documents and Settings\zach 2008-10-10 18:50 . 2008-10-10 18:50 <DIR> d-------- C:\CloneDVDTemp 2008-10-10 18:19 . 2001-08-17 12:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys 2008-10-10 18:19 . 2001-08-17 12:48 12,160 --a--c--- C:\WINDOWS\system32\dllcache\mouhid.sys 2008-10-10 18:19 . 2008-04-13 13:45 10,368 --a------ C:\WINDOWS\system32\drivers\hidusb.sys 2008-10-10 18:19 . 2008-04-13 13:45 10,368 --a--c--- C:\WINDOWS\system32\dllcache\hidusb.sys 2008-10-10 14:41 . 2008-10-10 14:41 <DIR> d-------- C:\Program Files\SlySoft 2008-10-10 14:41 . 2008-10-10 14:41 <DIR> d-------- C:\Program Files\Elaborate Bytes 2008-10-10 14:40 . 2008-10-31 18:41 <DIR> d-------- C:\Documents and Settings\Shirly\Application Data\U3 2008-10-10 14:40 . 2008-04-13 13:45 26,368 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-26 23:35 184,320 ----a-w C:\WINDOWS\h288.exe 2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\tj85.exe 2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\lik02.exe 2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\eo4.exe 2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\ee3362.exe 2008-10-26 23:35 16,384 ----a-w C:\WINDOWS\cor704836.exe 2008-10-26 23:34 70,599 ----a-w C:\WINDOWS\tjyvb346054.exe 2008-10-26 23:34 262,153 ----a-w C:\WINDOWS\qggu58826.exe 2008-10-26 23:34 191,017 ----a-w C:\WINDOWS\nohh06760.exe 2008-10-26 23:34 1,724,416 ----a-w C:\WINDOWS\nc605007.exe 2008-10-26 23:19 262,172 ----a-w C:\WINDOWS\system32\dwwnw64r.exe 2008-10-26 23:19 153,434 ----a-w C:\WINDOWS\system32\g79.exe 2008-10-26 23:19 1,601,536 ----a-w C:\WINDOWS\mondrv411.exe 2008-10-17 19:04 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-10-17 19:02 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-26 07:24 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 10:11 2,189,184 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 09:33 2,066,048 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-13 15360] "AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2006-12-11 503296] "msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] "Gool"="C:\Documents and Settings\Shirly\Application Data\Gool\Gool.exe" [2008-10-30 61440] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-05-09 7311360] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-05-09 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-10-21 1235736] "{85-5E-EA-A3-DW}"="c:\windows\system32\dwwnw64r.exe" [2008-10-26 262172] "RTHDCPL"="RTHDCPL.EXE" [2006-07-21 C:\WINDOWS\RTHDCPL.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "D5P1Ak1SB2"="C:\Documents and Settings\All Users\Application Data\pozgnihc\binwvqne.exe" [2008-10-20 57344] C:\Documents and Settings\Shirly\Start Menu\Programs\Startup\ DW_Start.lnk - C:\WINDOWS\system32\dwwnw64r.exe [2008-10-26 262172] C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=,avgrsstx.dll rqbwxq.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=C:\WINDOWS\pss\Windows Search.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "C:\\Program Files\\AVG\\AVG8\\avgupd.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-21 97928] R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-21 875288] R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-21 231704] R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-21 76040] S3 PAC207;Basic Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-05-27 162304] S3 RTLWUSB;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver;C:\WINDOWS\system32\DRIVERS\wg111v2.sys [ ] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\LaunchU3.exe -a . - - - - ORPHANS REMOVED - - - - BHO-{1D97D4A1-3FC0-4F0F-8B63-5338354BE375} - C:\WINDOWS\system32\rqRHbXNg.dll BHO-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\wvUkJdCU.dll BHO-{9213358f-d7ad-409a-ad97-33f0f1ee218d} - C:\WINDOWS\system32\rqbwxq.dll HKCU-Run-admdsc - C:\WINDOWS\system32\kfapyjil.exe HKCU-Run-VnrPack20 - C:\Program Files\VnrPack\VnrPack20.exe HKCU-Run-GetPack23 - C:\Program Files\GetPack\GetPack23.exe HKCU-Run-Facegame - C:\Documents and Settings\Shirly\Application Data\Facegame\Facegame.exe ShellExecuteHooks-{758F6D53-DCC7-4CCF-9080-4B6F9389F641} - C:\WINDOWS\system32\wvUkJdCU.dll SSODL-qrbgltos-{74747695-FC62-4400-BF3A-2B893CADC3BC} - C:\WINDOWS\qrbgltos.dll SSODL-ngwstxfd-{0BD404B3-7DCF-425C-B2F9-226D99A09DCE} - C:\WINDOWS\ngwstxfd.dll SafeBoot-TDSSxeuu.sys . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2 O8 -: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 -: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-02 08:12:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\searchindexer.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\WINDOWS\system32\searchprotocolhost.exe C:\WINDOWS\system32\searchfilterhost.exe C:\WINDOWS\system32\imapi.exe . ************************************************************************ . Completion time: 2008-11-02 8:14:44 - machine was rebooted ComboFix-quarantined-files.txt 2008-11-02 13:14:22 Pre-Run: 136,021,463,040 bytes free Post-Run: 138,657,894,400 bytes free 337 --- E O F --- 2008-10-18 16:30:34