thanks bob for your help here is logs as requested . see what u think ?
ComboFix 08-12-06.03 - jay 2008-12-06 21:44:54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1432 [GMT 0:00]
Running from: c:\documents and settings\jay\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jay\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\jay\jay.exe
c:\recycler\ADAPT_Installer.exe
c:\windows\fmark2.dat
c:\windows\struct~.ini
c:\windows\system32\_000111_.tmp.dll
c:\windows\system32\~.exe
c:\windows\system32\agdnoaib.dll
c:\windows\system32\biaondga.ini
c:\windows\system32\cennjg.dll
c:\windows\system32\dbptopgf.ini
c:\windows\system32\eberikxp.dll
c:\windows\system32\elvccxaj.ini
c:\windows\system32\fwyiheyt.dll
c:\windows\system32\jaduzumi.dll
c:\windows\system32\kirasahi.dll
c:\windows\system32\kpeqvdom.ini
c:\windows\system32\kSYGQqru.ini
c:\windows\system32\kSYGQqru.ini2
c:\windows\system32\lvksqnlg.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\nemarato.dll
c:\windows\system32\prunnet.exe
c:\windows\system32\pwsudqxt.ini
c:\windows\system32\txqduswp.dll
c:\windows\system32\urqQGYSk.dll
c:\windows\system32\yduiws.dll
c:\windows\system32\zqydux.dll
c:\windows\Tasks\szqrbyje.job
----- BITS: Possible infected sites -----
hxxp://childhe.com
.
((((((((((((((((((((((((( Files Created from 2008-11-06 to 2008-12-06 )))))))))))))))))))))))))))))))
.
2008-12-05 17:01 . 2008-12-05 17:01 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\eBay
2008-12-05 12:54 . 2008-12-05 12:54 250 --a------ c:\windows\gmer.ini
2008-12-04 22:40 . 2008-12-04 22:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-12-04 22:39 . 2008-12-04 22:40 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-04 22:39 . 2008-12-04 22:39 <DIR> d-------- c:\documents and settings\jay\Application Data\SUPERAntiSpyware.com
2008-12-03 14:45 . 2008-12-03 14:45 <DIR> d-------- C:\ProgramData
2008-12-03 14:45 . 2008-12-03 14:45 9,118 --a------ c:\windows\system32\ealregsnapshot1.reg
2008-12-03 13:34 . 2008-12-03 13:34 3,120 --a------ c:\windows\system32\CB4CPW8G.ocx
2008-12-03 13:33 . 2008-12-03 13:33 <DIR> d-------- c:\program files\Planetwide Games
2008-12-03 10:34 . 2008-12-03 10:34 <DIR> d-------- c:\windows\7A9B63233F5E4A2E939E8A1F4F6A0CA8.TMP
2008-11-27 23:06 . 2008-11-27 23:06 3,120 --a------ c:\windows\system32\7UMKDEOF.ocx
2008-11-27 23:05 . 2008-11-27 23:05 3,120 --a------ c:\windows\system32\AAD8B5D8.ocx
2008-11-27 23:04 . 2008-11-27 23:04 <DIR> d-------- c:\program files\Marvel
2008-11-26 20:25 . 2008-11-26 20:25 <DIR> d-------- c:\program files\HiYo
2008-11-26 20:25 . 2008-11-26 20:25 <DIR> d-------- c:\documents and settings\jay\Application Data\HiYo
2008-11-26 20:25 . 2008-11-26 20:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\HiYo
2008-11-23 16:42 . 2008-11-23 18:47 4,379 ---h----- c:\windows\be49f4d98.dat
2008-11-22 12:31 . 2008-11-22 12:32 <DIR> d-------- c:\program files\SopCast
2008-11-20 20:44 . 2008-11-20 20:44 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-11-17 20:04 . 2008-11-17 20:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-13 07:42 . 2008-10-24 11:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-11-13 07:41 . 2008-09-04 17:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-09 15:32 . 2008-11-11 18:28 <DIR> d-------- c:\windows\system32\Nagasoft
2008-11-08 16:52 . 2008-11-15 16:10 15 --a------ c:\windows\Powerplayer.ini
2008-11-07 14:25 . 2008-11-07 14:25 <DIR> d-------- c:\documents and settings\jay\Application Data\Sonic
2008-11-06 14:57 . 2008-11-06 14:57 34,492 --ah----- c:\windows\system32\mlfcache.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-06 22:01 --------- d-----w c:\documents and settings\All Users\Application Data\Kontiki
2008-12-06 14:12 139,280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-12-06 10:17 --------- d-----w c:\documents and settings\All Users\Application Data\Sonic
2008-12-06 10:10 --------- d-----w c:\documents and settings\LocalService\Application Data\SACore
2008-12-05 17:02 --------- d-----w c:\documents and settings\All Users\Application Data\WholeSecurity
2008-12-05 13:17 --------- d-----w c:\documents and settings\jay\Application Data\MailWasherPro
2008-12-04 22:39 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-03 22:19 --------- d-----w c:\program files\Google
2008-12-03 14:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-03 14:45 --------- d-----w c:\program files\Electronic Arts
2008-12-03 13:23 --------- d-s---w c:\program files\Xfire
2008-12-02 21:47 --------- d-----w c:\documents and settings\jay\Application Data\Xfire
2008-11-28 11:17 --------- d-----w c:\documents and settings\jay\Application Data\CopyToDvd
2008-11-22 15:57 --------- d-----w c:\program files\uusee
2008-11-16 13:23 --------- d-----w c:\program files\McAfee
2008-11-15 19:36 --------- d-----w c:\program files\Activision
2008-11-15 17:10 --------- d-----w c:\program files\Common Files\uusee
2008-11-14 18:20 --------- d-----w c:\program files\MP3 Player Utilities 4.03
2008-11-14 14:04 22,328 ----a-w c:\documents and settings\jay\Application Data\PnkBstrK.sys
2008-11-13 14:55 --------- d-----w c:\program files\UseNeXT
2008-11-11 17:04 --------- d-----w c:\documents and settings\All Users\Application Data\DVD Shrink
2008-11-09 14:26 --------- d-----w c:\documents and settings\jay\Application Data\dvdcss
2008-11-07 23:25 --------- d-----w c:\program files\dvdSanta
2008-11-07 22:58 --------- d-----w c:\documents and settings\jay\Application Data\Roxio
2008-11-02 22:02 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-02 21:44 --------- d-----w c:\program files\TVAnts
2008-11-02 21:05 --------- d-----w c:\program files\ATI Technologies
2008-11-01 12:45 48,396 ----a-w c:\windows\UninstVeetleTVPlayer.exe
2008-11-01 11:38 --------- d-----w c:\documents and settings\LocalService\Application Data\Roxio
2008-11-01 11:21 --------- d-----w c:\documents and settings\All Users\Application Data\Uninstall
2008-11-01 11:19 --------- d-----w c:\program files\Roxio
2008-11-01 11:18 --------- d-----w c:\program files\Roxio Creator 2009
2008-11-01 11:18 --------- d-----w c:\program files\Common Files\Sonic Shared
2008-11-01 11:17 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-11-01 11:16 --------- d-----w c:\documents and settings\All Users\Application Data\Roxio
2008-11-01 11:15 --------- d-----w c:\program files\Windows Sidebar
2008-11-01 11:15 --------- d-----w c:\program files\Common Files\Roxio Shared
2008-11-01 11:10 --------- d-----w c:\program files\SmartSound Software
2008-11-01 11:10 --------- d-----w c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2008-11-01 11:07 --------- d-----w c:\program files\Reference Assemblies
2008-11-01 11:07 --------- d-----w c:\program files\MSBuild
2008-10-27 23:35 --------- d-----w c:\documents and settings\jay\Application Data\UseNeXT
2008-10-27 20:38 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-27 18:45 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-21 21:43 --------- d-----w c:\program files\Creative
2008-10-21 21:40 --------- d-----w c:\documents and settings\jay\Application Data\Creative
2008-10-21 18:12 --------- d-----w c:\program files\AGEIA Technologies
2008-10-21 18:08 --------- d-----w c:\program files\D-Tools
2008-10-19 09:56 --------- d-----w c:\program files\Windows Live
2008-10-19 09:51 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-10-19 09:41 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-18 13:19 --------- d-----w c:\program files\Orange
2008-10-18 10:48 --------- d-----w c:\documents and settings\jay\Application Data\ppStream
2008-10-18 10:43 --------- d-----w c:\program files\Common Files\Synacast
2008-10-18 10:43 --------- d-----w c:\documents and settings\jay\Application Data\PPMate
2008-10-15 08:46 --------- d-----w c:\program files\iTunes
2008-10-15 08:46 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-15 08:45 --------- d-----w c:\program files\iPod
2008-10-15 08:44 --------- d-----w c:\program files\QuickTime
2008-10-15 08:44 --------- d-----w c:\program files\Common Files\Apple
2008-10-15 08:41 --------- d-----w c:\program files\Apple Software Update
2008-10-13 10:18 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-09-29 20:28 24,192 ----a-w c:\documents and settings\jay\usbsermptxp.sys
2008-09-29 20:28 22,768 ----a-w c:\documents and settings\jay\usbsermpt.sys
2008-09-29 20:05 92,064 ----a-w c:\documents and settings\jay\mqdmmdm.sys
2008-09-29 20:05 9,232 ----a-w c:\documents and settings\jay\mqdmmdfl.sys
2008-09-29 20:05 79,328 ----a-w c:\documents and settings\jay\mqdmserd.sys
2008-09-29 20:05 66,656 ----a-w c:\documents and settings\jay\mqdmbus.sys
2008-09-29 20:05 6,208 ----a-w c:\documents and settings\jay\mqdmcmnt.sys
2008-09-29 20:05 5,936 ----a-w c:\documents and settings\jay\mqdmwhnt.sys
2008-09-29 20:05 4,048 ----a-w c:\documents and settings\jay\mqdmcr.sys
2007-01-06 22:59 774,144 ----a-w c:\program files\RngInterstitial.dll
2006-12-21 22:21 278,528 ----a-w c:\program files\Common Files\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 68856]
"kdx"="c:\program files\Kontiki\KHost.exe" [2007-11-27 1032376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe" [2006-11-09 49263]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-04-28 185896]
"CTSysVol"="c:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 c:\windows\system32\HdAShCut.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
"SetDefaultMIDI"="MIDIDEF.EXE" [2003-06-20 c:\windows\MIDIDEF.EXE]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 15:28 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.X264"= x264vfw.dll
"msacm.divxa32"= divxa32.acm
"VIDC.XFR1"= xfcodec.dll
[HKLM\~\startupfolder\C:^Documents and Settings^jay^Start Menu^Programs^Startup^Fujitsu Dial-Up PPP Connection.lnk]
path=c:\documents and settings\jay\Start Menu\Programs\Startup\Fujitsu Dial-Up PPP Connection.lnk
backup=c:\windows\pss\Fujitsu Dial-Up PPP Connection.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 22:46 57344 c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eBayToolbar]
--a------ 2008-03-22 12:36 652528 c:\program files\eBay\eBay Toolbar2\eBayTBDaemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kdx]
--a------ 2007-11-27 11:58 1032376 c:\program files\Kontiki\KHost.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-11-15 19:34 1271032 c:\program files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UUSEE]
--a------ 2008-11-13 15:50 787784 c:\program files\Common Files\uusee\UUSeeMediaCenter.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2008-04-14 00:12 110592 c:\windows\system32\bthprops.cpl
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\uusee\\UUSeePlayer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Motorola\\Software Update\\msu.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Ubisoft\\Gearbox Software\\Brothers in Arms - Hell's Highway\\Binaries\\biahh.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Documents and Settings\\jay\\Desktop\\Dead Space.exe"=
"c:\\Program Files\\Electronic Arts\\Dead Space\\Dead Space.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [2005-10-13 35328]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-11-17 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-11-17 55024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" [2008-09-30 203280]
R3 axsaki;axsaki;c:\windows\system32\DRIVERS\axsaki.sys [2003-03-30 102624]
R3 axskbus;axskbus;c:\windows\system32\DRIVERS\axskbus.sys [2003-03-28 8640]
S2 Roxio Upnp Server 11;Roxio Upnp Server 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe" [2008-08-14 367088]
S2 RoxLiveShare11;LiveShare P2P Server 11;"c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe" [2008-08-14 309744]
S2 RoxWatch11;Roxio Hard Drive Watcher 11;"c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe" [2008-08-14 170480]
S3 mamotou;mamotou;c:\windows\system32\DRIVERS\mamotou.sys [2008-07-18 49377]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys []
S3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;"c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" [2008-08-14 313840]
S3 RoxMediaDB11;RoxMediaDB11;"c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe" [2008-08-14 1124848]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-11-17 7408]
S3 ST330;ST330;c:\windows\system32\drivers\st330.sys [2006-12-04 30464]
S3 STBUS;STBUS;c:\windows\system32\drivers\stbus.sys [2006-12-04 12672]
.
Contents of the 'Scheduled Tasks' folder
2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2008-10-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\McAfee\MQC\QcConsol.exe [2008-07-09 17:10]
2008-12-05 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2008-07-09 17:10]
2008-11-24 c:\windows\Tasks\scan.job
- c:\program files\McAfee\MQC\QcConsol.exe [2008-07-09 17:10]
.
- - - - ORPHANS REMOVED - - - -
BHO-{0706ae74-7548-4617-acf7-409d5e745f81} - c:\windows\system32\kirasahi.dll
BHO-{530A65B9-AD2F-48AD-BC18-D349660E1731} - c:\windows\system32\urqQGYSk.dll
BHO-{d44cedd3-0681-493a-a09a-69d8c2e286ee} - c:\windows\system32\zqydux.dll
HKCU-Run-RemoteCenter - c:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE
HKLM-Run-HPHUPD08 - c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
HKLM-Run-CTxfiHlp - CTXFIHLP.EXE
Notify-rqRLcAQj - rqRLcAQj.dll
MSConfigStartUp-miniQQLive - c:\program files\Tencent\QQLive\MiniQQLive.exe
MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\msnmsgr.exe
MSConfigStartUp-PCSuiteTrayApplication - c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
MSConfigStartUp-PcSync - c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
MSConfigStartUp-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
MSConfigStartUp-SpeedTouch USB Diagnostics - c:\program files\Thomson\SpeedTouchUSB\Dragdiag.exe
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.arsenal.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search -
http://edits.mywebsearch.com/toolbar...p=ZRxdm696YYGB
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.03\AMVConverter\grab.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.03\MediaManager\grab.html
IE: 使用UUSee加速播放 - c:\program files\uusee\geturltoplay.htm
IE: 使用UUSee下载 - c:\program files\uusee\geturltodown.htm
FireFox -: Profile - c:\documents and settings\jay\Application Data\Mozilla\Firefox\Profiles\f6egmqgd.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.tdk-gaming.co.uk/
FF -: plugin - c:\documents and settings\jay\Local Settings\Application Data\Octoshape\Octoshape Streaming Services\octoprogram-L03-NMS0810164_SUA_900\npoctoshape.dll
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa2.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF -: plugin - c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF -: plugin - c:\program files\Veetle\plugins\npVeetle.dll
FF -: plugin - c:\program files\Veetle\VLC\npvlc.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-12-06 21:59:13
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2704)
c:\program files\McAfee\SiteAdvisor\saHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Kontiki\KService.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\MsPMSPSv.exe
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
.
**************************************************************************
.
Completion time: 2008-12-06 22:09:37 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-06 22:09:29
ComboFix2.txt 2007-05-10 10
26
Pre-Run: 41,682,640,896 bytes free
Post-Run: 41,777,299,456 bytes free
365 --- E O F --- 2008-11-13 14:55:54