awaise

heres the combofix log:

ComboFix 08-12-03.04 - Home 2008-12-04 16:24:56.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.167 [GMT 0:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\~.exe
c:\windows\system32\ayufusel.ini
c:\windows\system32\dazetaha.dll
c:\windows\system32\josoguyi.dll
c:\windows\system32\juborafe.dll
c:\windows\system32\lesufuya.dll
c:\windows\system32\nebiteda.dll
c:\windows\system32\nezovefo.dll
c:\windows\system32\obakepak.ini
c:\windows\system32\ozirusat.ini
c:\windows\system32\ozomorar.ini
c:\windows\system32\raromozo.dll
c:\windows\system32\riwakabe.dll
c:\windows\system32\umidomav.ini
c:\windows\system32\vamodimu.dll
c:\windows\system32\yeyapoyu.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-04 to 2008-12-04 )))))))))))))))))))))))))))))))
.

2008-12-04 13:32 . 2008-12-04 13:34 250 --a------ c:\windows\gmer.ini
2008-12-03 22:19 . 2008-12-03 22:19 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-03 22:18 . 2008-12-03 22:19 <DIR> d-------- c:\program files\Common Files\Real
2008-12-03 22:18 . 2008-12-03 22:18 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-12-02 21:51 . 2008-12-02 21:51 <DIR> d-------- c:\documents and settings\Home\Application Data\Dealio
2008-12-02 21:50 . 2008-12-02 21:50 <DIR> d-------- c:\windows\system32\custom matrices
2008-12-02 21:49 . 2008-12-02 21:49 <DIR> d-------- c:\windows\system32\QuickTime
2008-12-02 21:49 . 2008-12-02 21:50 <DIR> d-------- c:\windows\system32\C2MP
2008-12-01 16:16 . 2008-12-01 16:16 268 --ah----- C:\sqmdata04.sqm
2008-12-01 16:16 . 2008-12-01 16:16 268 --ah----- C:\sqmdata03.sqm
2008-12-01 16:16 . 2008-12-01 16:16 244 --ah----- C:\sqmnoopt03.sqm
2008-12-01 16:16 . 2008-12-01 16:16 172 --ah----- C:\sqmnoopt04.sqm
2008-12-01 00:59 . 2008-12-01 00:59 0 --a------ c:\windows\nsreg.dat
2008-11-30 21:15 . 2008-11-30 21:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\UDL
2008-11-30 21:14 . 2003-07-02 01:00 131,072 --a------ c:\windows\system32\Epcmlib.dll
2008-11-30 17:41 . 2008-11-30 21:13 <DIR> d-------- c:\program files\Smart Panel
2008-11-30 17:41 . 1999-06-15 11:31 96,768 --a------ c:\windows\SlantAdj.dll
2008-11-30 17:41 . 1999-12-07 02:03 73,216 --a------ c:\windows\ADE.DLL
2008-11-30 17:41 . 1999-04-27 00:17 3,136 --a------ c:\windows\Ade001.bin
2008-11-30 17:41 . 1999-08-09 23:50 72 --------- c:\windows\system32\epDPE.ini
2008-11-30 17:38 . 2003-07-23 01:09 75,501 --a------ c:\windows\system32\EBPMON24.DLL
2008-11-30 17:38 . 2003-05-21 02:27 64,000 --a------ c:\windows\system32\ECBTEG.DLL
2008-11-30 17:38 . 2000-06-07 01:01 34,304 --a------ c:\windows\system32\EBPCHP.DLL
2008-11-30 17:38 . 2003-07-16 13:14 31,744 --a------ c:\windows\system32\E_DCINST.DLL
2008-11-30 17:38 . 2001-09-04 02:04 182 --a------ c:\windows\system32\EBPPORT4.DAT
2008-11-30 17:37 . 2008-11-30 21:05 26,660 --a------ c:\windows\EPSTPLOG.BAK
2008-11-30 17:30 . 2008-11-30 17:30 268 --ah----- C:\sqmdata02.sqm
2008-11-30 17:30 . 2008-11-30 17:30 244 --ah----- C:\sqmnoopt02.sqm
2008-11-30 17:21 . 2008-11-30 21:15 <DIR> d--h----- c:\program files\InstallShield Installation Information
2008-11-30 17:21 . 2008-11-30 21:15 <DIR> d-------- c:\program files\EPSON
2008-11-30 17:21 . 2003-07-01 00:00 46,080 --a------ c:\windows\system32\escimgd.dll
2008-11-30 17:21 . 2003-07-01 00:00 29,696 --a------ c:\windows\system32\escwiad.dll
2008-11-30 17:21 . 2003-07-01 00:00 22,528 --a------ c:\windows\system32\esccmd.dll
2008-11-30 17:21 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-11-30 17:21 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-11-30 17:20 . 2008-11-30 17:20 27 --a------ c:\windows\CDE RX500E.ini
2008-11-30 17:10 . 2008-11-30 17:10 268 --ah----- C:\sqmdata01.sqm
2008-11-30 17:10 . 2008-11-30 17:10 244 --ah----- C:\sqmnoopt01.sqm
2008-11-30 17:07 . 2004-08-03 23:08 31,616 --a------ c:\windows\system32\drivers\usbccgp.sys
2008-11-30 17:07 . 2004-08-03 23:08 31,616 --a--c--- c:\windows\system32\dllcache\usbccgp.sys
2008-11-30 17:07 . 2004-08-03 23:01 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2008-11-30 17:07 . 2004-08-03 23:01 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2008-11-30 15:15 . 2008-12-04 16:13 <DIR> d--h----- C:\$AVG8.VAULT$
2008-11-30 15:09 . 2008-11-30 15:09 268 --ah----- C:\sqmdata00.sqm
2008-11-30 15:09 . 2008-11-30 15:09 244 --ah----- C:\sqmnoopt00.sqm
2008-11-30 15:07 . 2008-12-04 16:39 <DIR> d-------- c:\windows\system32\ZoneLabs
2008-11-30 15:07 . 2007-03-09 00:01 1,087,216 --a------ c:\windows\system32\zpeng24.dll
2008-11-30 15:07 . 2008-11-30 17:11 4,212 ---h----- c:\windows\system32\zllictbl.dat
2008-11-30 14:56 . 2008-12-04 16:39 47,197 --a------ c:\windows\system32\vsconfig.xml
2008-11-30 14:52 . 2008-12-04 13:08 <DIR> d-------- c:\windows\system32\drivers\Avg
2008-11-30 14:52 . 2008-11-30 14:52 <DIR> d-------- c:\program files\AVG
2008-11-30 14:52 . 2008-11-30 15:16 <DIR> d-------- c:\documents and settings\Home\Application Data\AVGTOOLBAR
2008-11-30 14:52 . 2008-11-30 14:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2008-11-30 14:52 . 2008-11-30 14:52 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys
2008-11-30 14:52 . 2008-11-30 14:52 10,520 --a------ c:\windows\system32\avgrsstx.dll
2008-11-30 14:35 . 2008-12-04 16:41 <DIR> d-------- c:\windows\Internet Logs
2008-11-30 14:35 . 2008-11-30 14:35 <DIR> d-------- c:\program files\Zone Labs
2008-11-30 14:33 . 2008-11-30 14:33 <DIR> d-------- c:\windows\Logs
2008-11-30 14:31 . 2008-11-30 14:31 90,435,952 --a------ C:\directx_nov2008_redist.exe
2008-11-30 14:23 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2008-11-30 14:22 . 2008-11-30 14:22 <DIR> d-------- c:\program files\MSBuild
2008-11-30 14:22 . 2008-11-30 14:22 <DIR> d-------- c:\program files\Microsoft Works
2008-11-30 14:18 . 2008-11-30 14:21 <DIR> d-------- c:\windows\SHELLNEW
2008-11-30 14:17 . 2008-11-30 14:17 <DIR> dr-h----- C:\MSOCache
2008-11-30 14:17 . 2008-11-30 14:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2008-11-30 14:13 . 2008-11-30 14:13 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-30 14:13 . 2008-12-03 22:18 <DIR> d-------- c:\program files\Real
2008-11-30 14:13 . 2008-11-30 14:13 <DIR> d-------- c:\program files\MSN Messenger
2008-11-30 14:13 . 2008-12-02 18:08 <DIR> d-------- c:\documents and settings\Home\Contacts
2008-11-30 14:06 . 2008-11-30 14:06 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2008-11-30 14:05 . 2008-11-30 14:06 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-30 14:05 . 2008-11-30 14:05 345 --a------ c:\windows\system32\NVU002.nvu
2008-11-30 14:02 . 2008-11-30 15:00 <DIR> d-------- c:\program files\NOS
2008-11-30 14:02 . 2008-11-30 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 22:18 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-02 16:01 65,076 --sha-w c:\windows\system32\henemate.dll
2008-11-30 18:09 100,352 ----a-w c:\windows\Internet Logs\xDB1.tmp
2008-11-30 18:09 1,983,488 ----a-w c:\windows\Internet Logs\xDB2.tmp
2008-11-30 14:34 --------- d-----w c:\documents and settings\Home\Application Data\U3
2008-11-30 13:37 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-30 13:22 --------- d-----w c:\program files\microsoft frontpage
2008-10-27 10:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 10:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-10 04:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 04:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 04:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2008-09-01 16:16 95,744 --sha-w c:\windows\system32\mijejabe.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-12-01 1261336]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-03-09 919280]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I0K2.EXE" [2003-09-12 99840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-03 185872]
"nwiz"="nwiz.exe" [2003-10-06 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ac3filter"= ac3filter.acm
"vidc.hfyu"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgwdsvc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgrsx.exe"=
"c:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-30 97928]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-30 231704]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{71fd6a6a-bee2-11dd-a79d-a246701f923a}]
\Shell\AutoRun\command - G:\LaunchU3.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{e9977cec-9e1e-43fc-a880-7c57a9507f62} - c:\windows\system32\yeyapoyu.dll



**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-04 16:48:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZoneLabs\vsmon.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-04 17:00:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-04 16:59:41

Pre-Run: 74,181,361,664 bytes free
Post-Run: 74,136,002,560 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

194