Ok heres the combofix
ComboFix 08-02-20.2 - Owner 2008-02-19 17:32:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.598 [GMT -8:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
C:\WINDOWS\system32\bbeeg.ini
C:\WINDOWS\system32\bbeeg.ini2
C:\WINDOWS\system32\bftwhrdh.ini
C:\WINDOWS\system32\bjetdbmc.ini
C:\WINDOWS\system32\bmqdfxfc.ini
C:\WINDOWS\system32\bvmgsock.ini
C:\WINDOWS\system32\bvyfghjv.ini
C:\WINDOWS\system32\cbsoqkss.ini
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.ini2
C:\WINDOWS\system32\eojwnkhc.ini
C:\WINDOWS\system32\fahqsirj.ini
C:\WINDOWS\system32\fkfuagpp.ini
C:\WINDOWS\system32\fyuwwedx.ini
C:\WINDOWS\system32\gbqmtwga.ini
C:\WINDOWS\system32\geebb.dll
C:\WINDOWS\system32\geebb.exe
C:\WINDOWS\system32\gvcvmxqq.ini
C:\WINDOWS\system32\hixnodcw.ini
C:\WINDOWS\system32\iqatmhgr.ini
C:\WINDOWS\system32\kmllm.ini
C:\WINDOWS\system32\kmllm.ini2
C:\WINDOWS\system32\mimhmenx.ini
C:\WINDOWS\system32\moulogui.ini
C:\WINDOWS\system32\nuwlepvb.ini
C:\WINDOWS\system32\oqstv.ini
C:\WINDOWS\system32\oqstv.ini2
C:\WINDOWS\system32\pmvyrqmm.ini
C:\WINDOWS\system32\qegoifbc.ini
C:\WINDOWS\system32\qqtss.ini
C:\WINDOWS\system32\qqtss.ini2
C:\WINDOWS\system32\swtkvqwx.ini
C:\WINDOWS\system32\tvnykkvg.dll
C:\WINDOWS\system32\ututv.ini
C:\WINDOWS\system32\ututv.ini2
C:\WINDOWS\system32\xhkdsuew.ini
C:\WINDOWS\system32\xskvlryf.ini
C:\WINDOWS\system32\ypicqjfr.ini
.
((((((((((((((((((((((((( Files Created from 2008-01-20 to 2008-02-20 )))))))))))))))))))))))))))))))
.
2008-02-19 16:56 . 2008-02-19 17:13 <DIR> d-------- C:\VundoFix Backups
2008-02-19 00:50 . 2008-02-19 00:50 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-19 00:50 . 2008-02-19 00:50 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-18 19:00 . 2008-02-19 14:01 354 ---hs---- C:\WINDOWS\system32\tgfxaaay.ini
2008-02-16 22:52 . 2008-02-17 23:54 202 --a------ C:\WINDOWS\wininit.ini
2008-02-16 22:30 . 2008-02-19 14:00 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-02-16 22:30 . 2008-02-16 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-16 22:20 . 2008-02-16 22:20 6,029,648 --a------ C:\Program Files\Firefox Setup 2.0.0.12.exe
2008-02-15 00:01 . 2008-02-18 18:57 6,014 --a------ C:\WINDOWS\BM2fdf5f1a.xml
2008-02-15 00:01 . 2008-02-19 17:16 22 --a------ C:\WINDOWS\pskt.ini
2008-02-14 22:27 . 2008-02-14 22:27 <DIR> d-------- C:\WINDOWS\cache
2008-02-14 21:15 . 2008-02-14 23:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-14 00:07 . 2008-02-14 23:22 2,213,829 --ahs---- C:\WINDOWS\system32\fstvabmc.ini
2008-02-13 11:08 . 2008-02-13 11:08 22 --a------ C:\WINDOWS\system32\ati64hlp.stb
2008-02-11 23:58 . 2008-02-11 23:58 25,088 --a------ C:\WINDOWS\system32\Ati2mdxx .exe
2008-02-11 16:35 . 2008-02-11 23:57 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-10 19:25 . 2008-02-10 19:25 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-10 19:18 . 2008-02-10 19:27 354 --ahs---- C:\WINDOWS\system32\gakcfcbh.ini
2008-02-08 00:11 . 2008-02-08 03:04 <DIR> d-------- C:\Documents and Settings\Hossea\Application Data\Azureus
2008-02-07 12:29 . 2008-02-07 12:29 294 --ahs---- C:\WINDOWS\system32\aneyntbu.ini
2008-02-06 14:07 . 2008-02-06 14:07 <DIR> d---s---- C:\Documents and Settings\Hossea\UserData
2008-02-02 21:57 . 2008-02-14 22:27 <DIR> dr-h----- C:\Documents and Settings\Hossea\Application Data\yahoo!
2008-02-02 19:47 . 2008-02-02 19:48 <DIR> d-------- C:\Documents and Settings\Hossea\Shared
2008-02-02 19:47 . 2008-02-02 19:49 <DIR> d-------- C:\Documents and Settings\Hossea\Incomplete
2008-02-02 19:47 . 2008-02-18 23:59 <DIR> d-------- C:\Documents and Settings\Hossea\Application Data\LimeWire
2008-02-02 19:45 . 2007-04-12 06:52 <DIR> d-------- C:\Documents and Settings\Hossea\WINDOWS
2008-02-02 19:45 . 2007-04-12 07:40 <DIR> d-------- C:\Documents and Settings\Hossea\Application Data\You've Got Pictures Screensaver
2008-02-02 19:45 . 2007-04-12 07:39 <DIR> d-------- C:\Documents and Settings\Hossea\Application Data\SampleView
2008-02-02 19:45 . 2007-04-12 07:43 <DIR> d-------- C:\Documents and Settings\Hossea\Application Data\McAfee
2008-02-02 19:45 . 2007-04-13 23:11 <DIR> d-------- C:\Documents and Settings\Hossea\Application Data\AOL
2008-01-28 17:08 . 2008-01-28 17:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\acccore
2008-01-28 17:05 . 2008-02-10 11:19 <DIR> d-------- C:\Program Files\AIM6
2008-01-27 15:56 . 2008-01-27 15:56 <DIR> d--h----- C:\WINDOWS\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 13:09 --------- d-----w C:\Program Files\Warcraft III
2008-02-15 10:44 --------- d-----w C:\Program Files\Google
2008-02-15 07:21 --------- d--h--r C:\Documents and Settings\Owner\Application Data\yahoo!
2008-02-15 07:05 497,152 ----a-w C:\WINDOWS\pchealth\helpctr\binaries\msconfig.exe.tmp
2008-02-15 06:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-02-15 05:22 --------- d-----w C:\Program Files\WC3Banlist
2008-02-12 00:35 --------- d-----w C:\Program Files\Windows Live
2008-02-08 20:23 --------- d-----w C:\Program Files\QuickTime
2008-02-04 21:52 --------- d-----w C:\Program Files\LimeWire
2008-01-31 18:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-01-30 23:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-01-29 01:06 --------- d-----w C:\Program Files\Common Files\AOL
2008-01-29 01:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-01-28 03:11 --------- d-----w C:\Program Files\Windows Defender
2008-01-26 21:58 --------- d-----w C:\Program Files\World of Warcraft
2008-01-21 23:33 --------- d-----w C:\Documents and Settings\Guest\Application Data\Ventrilo
2008-01-20 19:26 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-01-15 08:27 --------- d-----w C:\Program Files\Opera
2008-01-11 06:27 --------- d-----w C:\Program Files\Steam
2008-01-04 19:59 --------- d--h--r C:\Documents and Settings\Guest\Application Data\yahoo!
2007-12-28 09:06 --------- d-----w C:\Program Files\Azureus
2007-12-27 09:59 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2007-12-27 09:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-12-25 02:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-25 01:56 --------- d-----w C:\Program Files\Alwil Software
2007-12-21 04:01 58,904 ----a-w C:\WINDOWS\system32\sysfolderazipcnt.dll
2007-12-21 04:01 58,904 ----a-w C:\WINDOWS\system32\azipcontmn.dll
2007-12-21 02:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\Walgreens
2007-12-07 01:07 659,456 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-20 09:52 7,292,416 ----a-w C:\Program Files\NETGEAR WG311v3 PCI Adapter.msi
2006-03-15 22:19 212,992 ----a-w C:\WINDOWS\inf\WG311v3\CopyWHQLDriver.exe
2006-01-27 01:55 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3.sys
2005-10-06 23:17 280,576 ----a-w C:\WINDOWS\inf\WG311v3\WG311v3XP.sys
.
<pre>
----a-w 50,528 2008-02-10 05:25:42 C:\Program Files\AIM6\aim6 .exe
----a-w 339,968 2008-02-20 01:15:59 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 185,896 2008-02-18 07:24:23 C:\Program Files\Common Files\Real\Update_OB\realsched .exe
----a-w 68,856 2008-02-20 01:15:59 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 1,694,208 2008-02-19 22:01:00 C:\Program Files\Messenger\msmsgs .exe
----a-w 2,097,488 2008-02-19 22:01:06 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 3,497,984 2008-02-20 00:51:40 C:\Program Files\Veoh Networks\Veoh\VeohClient .exe
----a-w 866,584 2008-01-28 20:44:21 C:\Program Files\Windows Defender\MSASCui .exe
----a-w 4,670,968 2008-01-28 03:11:22 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w 25,088 2008-02-12 07:58:17 C:\WINDOWS\system32\Ati2mdxx .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CF1BB6B-CB22-4327-A707-04931FE65FD9}]
C:\WINDOWS\system32\sstqq.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5e4aa43b-329c-4ba8-b98b-0278ccb609ba}]
C:\WINDOWS\system32\wlwlyfvd.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B}]
C:\Program Files\QdrDrive\QdrDrive10.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{98FACDB5-9261-4C09-8389-D95C11FE174E}]
C:\WINDOWS\system32\jkhhe.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA45D21A-C01E-4723-A331-7EE0667A52C2}]
C:\WINDOWS\system32\vtsqo.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD7FB017-6600-46BB-853B-A300280508AB}]
C:\WINDOWS\system32\mllmk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC52CC34-07AC-4283-AD90-5057B47D9575}]
C:\WINDOWS\system32\vtutu.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CHotkey"="zHotkey.exe" [2005-05-03 13:02 543232 C:\WINDOWS\zHotkey.exe]
"Recguard"="%WINDIR%\SMINST\RECGUARD.EXE" [ ]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 04:42 577536 C:\WINDOWS\soundman.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [ ]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 12:45 36040]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Google Updater.lnk
backup=C:\WINDOWS\pss\Google Updater.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WG311v3 Smart Wizard.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG311v3 Smart Wizard.lnk
backup=C:\WINDOWS\pss\NETGEAR WG311v3 Smart Wizard.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2cec6c86]
C:\WINDOWS\system32\sskqosbc.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdvancedCleaner Free]
C:\Program Files\AdvancedCleaner Free\UADC.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-02-09 21:25 50528 C:\Program Files\AIM6\aim6 .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2007-12-04 05:00 79224 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM2fdf5f1a]
C:\WINDOWS\system32\nmjhrsst.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ealb]
C:\PROGRA~1\COMMON~1\YSTEM~1\winword.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
--a------ 2005-08-05 12:56 64512 C:\WINDOWS\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-09-25 13:54 229952 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
C:\WINDOWS\system32\geebb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2008-02-19 16:48 2226688 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrModule12]
C:\Program Files\QdrModule\QdrModule12.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QdrPack12]
C:\Program Files\QdrPack\QdrPack12.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
%WINDIR%\Creator\Remind_XP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2004-11-02 19:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\runner1]
C:\WINDOWS\mrofinu72.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
--a------ 2008-02-19 14:00 2441216 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2007-12-01 14:01 1266936 c:\program files\steam\steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
--a------ 2004-11-15 14:04 135168 C:\Program Files\Digital Media Reader\shwiconem.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-02-17 23:24 526848 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tshbyw]
C:\Documents and Settings\Owner\My Documents\?racle\winword.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-02-19 16:33 4142592 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2007-03-14 16:03 24104 C:\Program Files\Zune\ZuneLauncher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\_AntiSpyware]
C:\Program Files\McAfee\McAfee AntiSpyware\MssCli.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVG Anti-Spyware Guard"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"ZuneNetworkSvc"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"WLSetupSvc"=3 (0x3)
"WinDefend"=2 (0x2)
"usnjsvc"=3 (0x3)
"rpcapd"=3 (0x3)
"ose"=3 (0x3)
"iPod Service"=3 (0x3)
"idsvc"=3 (0x3)
"gusvc"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"aswUpdSv"=2 (0x2)
"Adobe LM Service"=3 (0x3)
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 BEL;Belkin 11Mbps Wireless LAN Driver;C:\WINDOWS\system32\DRIVERS\BELNDS.sys []
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-01-25 09:31]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480
.
Contents of the 'Scheduled Tasks' folder
"2008-02-20 01:25:24 C:\WINDOWS\Tasks\ATF-Cleaner.job"
- C:\Documents and Settings\Owner\Desktop\Stuff\Anti Virus and Protectors\ATF-Cleaner.exe
"2008-02-19 10:39:27 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-19 17:36:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-19 17:38:20
ComboFix-quarantined-files.txt 2008-02-20 01:38:18
.
2008-02-15 07:24:30 --- E O F ---
heres hijack
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:41:58 PM, on 2/19/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.comO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CF1BB6B-CB22-4327-A707-04931FE65FD9} - C:\WINDOWS\system32\sstqq.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: {ab906bcc-8720-b89b-8ab4-c923b34aa4e5} - {5e4aa43b-329c-4ba8-b98b-0278ccb609ba} - C:\WINDOWS\system32\wlwlyfvd.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: BndBlock5 BHO Class - {82EA1A55-9CBC-404b-9D0C-E8BFB7EAAE9B} - C:\Program Files\QdrDrive\QdrDrive10.dll (file missing)
O2 - BHO: (no name) - {98FACDB5-9261-4C09-8389-D95C11FE174E} - C:\WINDOWS\system32\jkhhe.dll (file missing)
O2 - BHO: (no name) - {AA45D21A-C01E-4723-A331-7EE0667A52C2} - C:\WINDOWS\system32\vtsqo.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AD7FB017-6600-46BB-853B-A300280508AB} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {CC52CC34-07AC-4283-AD90-5057B47D9575} - C:\WINDOWS\system32\vtutu.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig .exe /auto
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
--
End of file - 4859 bytes