Just so you know, I can work in normal mode now...I assume that's good.
Here's the virustotal report
Antivirus Version Last Update Result
AhnLab-V3 2008.2.22.0 2008.02.21 -
AntiVir 7.6.0.67 2008.02.21 TR/Spy.Gen
Authentium 4.93.8 2008.02.21 -
Avast 4.7.1098.0 2008.02.21 -
AVG 7.5.0.516 2008.02.21 Downloader.Small.60.BJ
BitDefender 7.2 2008.02.22 -
CAT-QuickHeal 9.50 2008.02.21 TrojanClicker.Agent.ss
ClamAV 0.92.1 2008.02.21 -
DrWeb 4.44.0.09170 2008.02.21 -
eSafe 7.0.15.0 2008.02.21 -
eTrust-Vet 31.3.5552 2008.02.21 -
Ewido 4.0 2008.02.21 -
FileAdvisor 1 2008.02.22 -
Fortinet 3.14.0.0 2008.02.21 -
F-Prot 4.4.2.54 2008.02.20 W32/Injector.A.gen!Eldorado
F-Secure 6.70.13260.0 2008.02.21 Trojan-Clicker.Win32.Agent.ss
Ikarus T3.1.1.20 2008.02.21 Trojan-Spy
Kaspersky 7.0.0.125 2008.02.22 Trojan-Clicker.Win32.Agent.ss
McAfee 5235 2008.02.21 -
Microsoft 1.3204 2008.02.21 -
NOD32v2 2894 2008.02.21 -
Norman 5.80.02 2008.02.21 -
Panda 9.0.0.4 2008.02.21 Trj/Downloader.SRZ
Prevx1 V2 2008.02.22 -
Rising 20.32.32.00 2008.02.21 -
Sophos 4.26.0 2008.02.21 Mal/Emogen-G
Sunbelt 3.0.884.0 2008.02.21 -
Symantec 10 2008.02.22 -
TheHacker 6.2.9.225 2008.02.21 -
VBA32 3.12.6.1 2008.02.21 -
VirusBuster 4.3.26:9 2008.02.21 -
Webwasher-Gateway 6.6.2 2008.02.21 Trojan.Spy.Gen
Additional information
File size: 32256 bytes
MD5: 9181f760ca25e3e91b78240e88324e89
SHA1: 2b49684e802a7fa936d8ba956e061edcb572d018
PEiD: -
packers: PE_Patch.UPX, UPX
This is the combofix report
ComboFix 08-02-22 - Mark 2008-02-22 19:12:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.480 [GMT -5:00]
Running from: C:\Documents and Settings\Mark\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Mark\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\WINDOWS\trashicon.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Xasjce
C:\WINDOWS\trashicon.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.
2008-02-22 18:49 . 2008-02-22 18:49 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-21 18:03 . 2008-02-21 18:03 1,598,422 --a------ C:\ComboFix.exe
2008-02-21 09:50 . 2008-02-21 09:50 32,256 --a------ C:\WINDOWS\wndsk.dll
2008-02-21 09:33 . 2008-02-21 09:33 <DIR> d-------- C:\Deckard
2008-02-21 09:18 . 2008-02-21 18:02 686,630 --a------ C:\dss.exe
2008-02-20 17:20 . 2008-02-21 17:19 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-02-20 17:20 . 2008-02-20 17:20 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\PC Tools
2008-02-20 17:20 . 2008-02-22 19:02 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-20 17:20 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-20 17:20 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-20 17:20 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-20 17:20 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-20 15:02 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\drivers\lbrtfdc.sys
2008-02-20 15:02 . 2004-08-03 22:59 34,688 --a------ C:\WINDOWS\system32\dllcache\lbrtfdc.sys
2008-02-20 15:02 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\drivers\battc.sys
2008-02-20 15:02 . 2001-08-17 13:57 14,080 --a------ C:\WINDOWS\system32\dllcache\battc.sys
2008-02-20 15:02 . 2001-08-17 13:47 13,056 --a------ C:\WINDOWS\system32\drivers\inport.sys
2008-02-20 15:02 . 2001-08-17 13:47 13,056 --a------ C:\WINDOWS\system32\dllcache\inport.sys
2008-02-20 15:02 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2008-02-20 15:02 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\dllcache\changer.sys
2008-02-20 12:53 . 2008-02-20 12:53 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Grisoft
2008-02-20 12:53 . 2008-02-20 12:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-20 12:53 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-14 17:02 . 2008-02-20 12:02 2,858 --a------ C:\WINDOWS\rules.dat
2008-02-09 16:03 . 2008-02-09 16:04 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\Move Networks
2008-01-31 23:13 . 2008-01-31 23:13 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-31 23:13 . 2008-01-31 23:13 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-01-27 19:18 . 2008-01-27 19:18 <DIR> d-------- C:\Program Files\TVUPlayer
2008-01-27 19:18 . 2008-01-27 19:18 <DIR> d-------- C:\Documents and Settings\Mark\Application Data\TVU networks
2008-01-27 19:18 . 2008-01-27 19:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TVU networks
2008-01-27 12:40 . 2008-02-15 21:21 <DIR> d-------- C:\Program Files\UFile 2007
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 18:53 --------- d-----w C:\Program Files\DIGStream
2008-02-20 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\DIGStream
2008-02-17 17:23 --------- d-----w C:\Program Files\iTunes
2008-02-17 17:22 --------- d-----w C:\Program Files\iPod
2008-02-17 17:21 --------- d-----w C:\Program Files\QuickTime
2008-02-02 17:26 --------- d-----w C:\Program Files\Lexmark 2200 Series
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-24 23:19 --------- d-----w C:\Program Files\LimeWire
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-04-28 03:32 379 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb1942.dat
2007-04-28 03:19 177,152 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb5686.dat
2007-04-28 03:19 151 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb1381.dat
2007-04-28 03:19 13,046 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb2032.dat
2007-04-28 03:19 0 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb5768.dat
2007-04-28 00:07 382 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb1942.dat
2007-04-28 00:04 177,152 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb4827.dat
2007-04-28 00:04 151 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb3434.dat
2007-04-28 00:04 13,046 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb5436.dat
2007-04-28 00:04 0 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb4604.dat
2007-04-20 00:14 379 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb1942.dat
2007-04-20 00:13 177,152 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb3119.dat
2007-04-20 00:13 151 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb6385.dat
2007-04-20 00:13 13,046 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb563.dat
2007-04-20 00:13 0 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb4088.dat
2007-04-14 15:11 379 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb1942.dat
2007-04-14 15:06 177,152 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb1354.dat
2007-04-14 15:06 151 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb9227.dat
2007-04-14 15:06 13,046 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb8086.dat
2007-04-14 15:06 0 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb9707.dat
2006-12-01 00:15 177,152 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb1869.dat
2006-11-29 23:26 0 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb7126.dat
2006-11-29 23:26 0 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb2821.dat
2006-11-29 23:26 0 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb212.dat
2006-11-29 23:26 0 ----a-w C:\Documents and Settings\Chris\Application Data\internaldb2053.dat
2006-11-23 15:41 0 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb2476.dat
2006-11-18 16:38 0 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb8178.dat
2006-11-18 04:55 0 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb2391.dat
2006-11-16 23:41 0 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb3430.dat
2006-11-16 23:41 0 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb2097.dat
2006-11-16 23:41 0 ----a-w C:\Documents and Settings\Robert\Application Data\internaldb1013.dat
2006-11-16 04:54 0 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb153.dat
2006-11-15 22:00 0 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb2902.dat
2006-11-15 22:00 0 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb284.dat
2006-11-15 22:00 0 ----a-w C:\Documents and Settings\Dorothy\Application Data\internaldb1615.dat
2006-11-13 02:48 0 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb3902.dat
2006-11-13 02:48 0 ----a-w C:\Documents and Settings\Mark\Application Data\internaldb1538.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:54 5674352]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 17:42 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\ibmmessages.exe" [2004-04-20 05:01 438272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-16 00:10 339968]
"UC_Start"="C:\Program Files\IBM\Updater\\ucstartup.exe" [2003-09-30 18:39 36864]
"UC_SMB"="" []
"ibmmessages"="C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe" [2004-04-20 05:01 438272]
"UpdateManager"="c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 04:01 110592]
"IBMPRC"="C:\IBMTOOLS\UTILS\ibmprc.exe" [2004-03-19 15:12 90112]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 17:08 57344 C:\WINDOWS\system32\ico.exe]
"Hot Key Kbd Daemon"="SKDAEMON.EXE" [2004-03-29 19:02 40960 C:\WINDOWS\system32\SKDAEMON.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 03:00 132496]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-05-04 02:21 176128]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\hphupd05.exe" [2004-03-31 23:34 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 11:38 241664]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2004-05-04 17:17 491520]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-01-30 03:29 180269]
"IBM Warranty Notification"="C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe" [2004-03-12 21:24 106496]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2003-09-29 07:10 81990]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2003-09-10 03:11 135251]
"Camera Detector"="C:\PROGRA~1\ACDSYS~1\DEVDET~1\DEVDET~1.exe" [2002-12-09 14:35 208896]
"DIGStream"="C:\Program Files\DIGStream\digstream.exe" [ ]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2002-07-16 15:21 28672]
"hplampc"="C:\WINDOWS\system32\hplampc.exe" [2002-01-17 10:40 40448]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11 49152]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 17:20 866584]
"Lexmark 2200 Series"="C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe" [2004-02-13 08:08 57344]
"FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2004-02-04 15:33 294912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-04 14:18 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
R2 ibmfilter;ibmfilter;C:\WINDOWS\system32\drivers\ibmfilter.sys [2004-09-23 20:39]
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-05-01 22:16]
R3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 16:55]
R3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 16:25]
R3 portio;TPM Service;C:\WINDOWS\system32\DRIVERS\NscTpmDD.sys [2004-04-27 15:11]
S2 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys [2002-05-01 22:16]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 15:11]
S3 dwusbdnt;dwusbdnt;C:\WINDOWS\system32\DRIVERS\dwusbdnt.sys [2002-05-24 11:52]
S3 hp4200c;%usbscan.SvcDesc%;C:\WINDOWS\system32\DRIVERS\hp4200c.sys [2001-02-18 10:09]
.
Contents of the 'Scheduled Tasks' folder
"2007-11-14 03:23:44 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-22 23:43:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-02-02 03:24:08 C:\WINDOWS\Tasks\HP DArC Task #Hewlett-Packard#7700#MY4822J35YU1.job"
- C:\Program Files\HP\hpcoretech\comp\hpdarc.exe$/#Hewlett-Packard#7700#MY4822J35YU1
"2008-02-21 18:42:01 C:\WINDOWS\Tasks\HP Usg Daily.job"
- C:\Program Files\Hewlett-Packard\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\pexpress\hphped05.exe
"2008-02-22 23:37:49 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2005-01-24 22:11:21 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-02-22 23:42:38 C:\WINDOWS\Tasks\User_Feed_Synchronization-{763AB149-50BF-4C50-8599-78D3972D2FE1}.job"
- C:\WINDOWS\system32\msfeedssync.exe
"2008-02-21 16:58:00 C:\WINDOWS\Tasks\WebReg 20050128115829.job"
- C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqwrg.exeb/TaskName 20050128115829 /N
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-22 19:19:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-22 19:20:36
ComboFix-quarantined-files.txt 2008-02-23 00:20:33
ComboFix2.txt 2008-02-22 23:46:17
.
2008-02-19 20:08:56 --- E O F ---