cut and paste version...
ComboFix 08-04-13.3 - Bill 2008-04-14 20:23:23.1 - NTFSx86
Running from: C:\Documents and Settings\Bill\Desktop\plg\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\Bill\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Bill\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Bill\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\Program Files\CPV
C:\Program Files\CPV\CPV8.dll
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\MyWay
C:\Program Files\NewMediaCodec
C:\Program Files\NewMediaCodec\install.ico
C:\Program Files\NewMediaCodec\Uninstall.exe
C:\Program Files\PC-Cleaner
C:\Program Files\PC-Cleaner\PC-Cleaner.db
C:\Program Files\PC-Cleaner\pccleaner.pkg
C:\Program Files\PC-Cleaner\program.info
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive15.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrModule
C:\Program Files\QdrModule\dicy.gz
C:\Program Files\QdrModule\kwdy.gz
C:\Program Files\QdrModule\pckr.dat
C:\Program Files\QdrModule\QdrModule15.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack15.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\Temporary
C:\WINDOWS\123messenger.per
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\apphelp32.dll
C:\WINDOWS\asferror32.dll
C:\WINDOWS\asycfilt32.dll
C:\WINDOWS\athprxy32.dll
C:\WINDOWS\ati2dvaa32.dll
C:\WINDOWS\ati2dvag32.dll
C:\WINDOWS\audiosrv32.dll
C:\WINDOWS\autodisc32.dll
C:\WINDOWS\avifile32.dll
C:\WINDOWS\avisynthex32.dll
C:\WINDOWS\aviwrap32.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\browserad.dll
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\changeurl_30.dll
C:\WINDOWS\conf.inf
C:\WINDOWS\dat.txt
C:\WINDOWS\didduid.ini
C:\WINDOWS\ky.sxc
C:\WINDOWS\lfn.exe
C:\WINDOWS\licencia.txt
C:\WINDOWS\msa64chk.dll
C:\WINDOWS\msapasrc.dll
C:\WINDOWS\mscon.sio
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\ntnut.exe
C:\WINDOWS\PerfInfo
C:\WINDOWS\pskt.ini
C:\WINDOWS\saiemod.dll
C:\WINDOWS\shdocpe.dll
C:\WINDOWS\shdocpl.dll
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\SYSTEM32\
000080.exe
C:\WINDOWS\SYSTEM32\
000090.exe
C:\WINDOWS\system32\ddcYpmkh.dll
C:\WINDOWS\system32\drivers\fad.sys
C:\WINDOWS\SYSTEM32\ELRYJRqr.ini
C:\WINDOWS\SYSTEM32\ELRYJRqr.ini2
C:\WINDOWS\system32\iaqlybcn.dll
C:\WINDOWS\system32\jqdoqsmn.dll
C:\WINDOWS\SYSTEM32\ncbylqai.ini
C:\WINDOWS\system32\nciyaixp.dll
C:\WINDOWS\SYSTEM32\pkbprthi.ini
C:\WINDOWS\system32\rqRJYRLE.dll
C:\WINDOWS\system32\udpgscvq.dll
C:\WINDOWS\system32\winfrun32.bin
C:\WINDOWS\system32\wmsdkns.exe
C:\WINDOWS\telefonos.txt
C:\WINDOWS\textos.txt
C:\WINDOWS\voiceip.dll
C:\WINDOWS\winsb.dll
C:\WINDOWS\winself.exe
----- BITS: Possible infected sites -----
hxxp://80.93.48.74
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MSSysInterv1
-------\MSSysInterv1
((((((((((((((((((((((((( Files Created from 2008-03-15 to 2008-04-15 )))))))))))))))))))))))))))))))
.
2008-04-14 19:49 . 2008-04-14 19:49 <DIR> d--hs---- C:\found.002
2008-04-14 17:20 . 2008-04-14 17:24 <DIR> d-------- C:\Program Files\RcvSystem
2008-04-14 14:39 . 2008-04-14 14:39 38,400 -ra------ C:\WINDOWS\mrofinu72.exe
2008-04-13 14:53 . 2008-04-14 17:19 101,091 --a------ C:\WINDOWS\BMff304efc.xml
2008-04-13 01:04 . 2008-04-14 20:23 1,908 --a------ C:\WINDOWS\SYSTEM32\default.htm
2008-04-13 00:46 . 2008-04-13 00:46 <DIR> d-------- C:\WINDOWS\cuawsppw
2008-04-13 00:46 . 2008-04-13 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pajgpkhw
2008-04-13 00:46 . 2008-04-13 00:46 196,096 --a------ C:\WINDOWS\dkzobqdi.dll
2008-04-13 00:46 . 2008-04-13 00:46 98,304 --a------ C:\WINDOWS\SYSTEM32\tuvodsxg.exe
2008-04-13 00:46 . 2008-04-13 00:46 70,144 --a------ C:\WINDOWS\twdsdcfa.dll
2008-04-13 00:46 . 2008-04-13 00:46 70,144 --a------ C:\Documents and Settings\All Users\Application Data\sjcrgfyj.dll
2008-04-13 00:44 . 2008-04-13 00:44 397 --a------ C:\WINDOWS\SYSTEM32\LC22.tmp
2008-04-13 00:44 . 2008-04-13 00:44 397 --a------ C:\WINDOWS\SYSTEM32\LA3E.tmp
2008-04-13 00:44 . 2008-04-13 00:44 397 --a------ C:\WINDOWS\SYSTEM32\L879.tmp
2008-04-13 00:44 . 2008-04-13 00:44 397 --a------ C:\WINDOWS\SYSTEM32\L675.tmp
2008-04-08 15:33 . 2008-04-08 12:33 68,096 --a------ C:\WINDOWS\b155.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 04:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-04-04 02:51 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-07 05:32 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-03-07 05:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-03-07 05:32 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
.
------- Sigcheck -------
2005-03-01 16:36 1955840 62c353c0449fd961ef7814973fc2fd30 C:\WINDOWS\Driver Cache\I386\ntkrnlpa.exe
2004-08-03 21:58 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntkrnlpa.exe
2005-03-01 16:36 1955840 62c353c0449fd961ef7814973fc2fd30 C:\WINDOWS\SYSTEM32\ntkrnlpa.exe
2005-03-01 17:33 2040832 a15a2ee0be2f71fc1752a05660b8ebdc C:\WINDOWS\Driver Cache\I386\ntoskrnl.exe
2004-08-03 22:19 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ntoskrnl.exe
2005-03-01 17:33 2040832 a15a2ee0be2f71fc1752a05660b8ebdc C:\WINDOWS\SYSTEM32\ntoskrnl.exe
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db41de82-1dd1-11b2-b7fd-fbaf280c36b9}]
2008-04-13 00:46 70144 --a------ C:\WINDOWS\twdsdcfa.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 15:18 1670144]
"RealPlayer"="%APP_PATH::RealPlay.exe%\realplay.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 11:11 68856]
"EPSON Stylus CX7000F Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBKA.exe" [2006-05-22 05:00 139264]
"QdrModule15"="C:\Program Files\QdrModule\QdrModule15.exe" [ ]
"QdrPack15"="C:\Program Files\QdrPack\QdrPack15.exe" [ ]
"ieamxshm"="C:\WINDOWS\system32\tuvodsxg.exe" [2008-04-13 00:46 98304]
"ychzrbse"="C:\WINDOWS\system32\qtqzmtmt.exe" [2008-04-14 20:39 90112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-06 21:19 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-06 21:07 114688]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-05 22:04 114741]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-12 22:01 155648]
"DwlClient"="C:\Program Files\Common Files\Dell\EUSW\Support.exe" [2004-05-27 20:05 323584]
"ProDsl.exe"="ProDsl.exe" [2001-10-03 16:59 118784 C:\WINDOWS\PRODSL.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-06-18 17:14 98304]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-06-18 18:47 180269]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 01:50 155648]
"tgcmd"="C:\Program Files\support.com\bin\tgcmd.exe" [2002-04-24 17:37 1544192]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 12:03 36975]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"ClamWin"="C:\Program Files\ClamWin\bin\ClamTray.exe" [2007-08-21 13:05 73728]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy Media Creator 7\Drag to Disc\DrgToDsc.exe" [2004-01-27 13:39 1179648]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 17:38 583048]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-05-10 05:12:24 24576]
Norton GoBack.lnk - C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe [2005-11-14 08:24:04 861872]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"B1Z0P48K0b"= C:\Documents and Settings\All Users\Application Data\pajgpkhw\pchupodk.exe
R2 BCMNTIO;BCMNTIO;C:\PROGRA~1\CheckIt\DIAGNO~1\BCMNTIO.sys [2004-03-05 17:09]
R2 MAPMEM;MAPMEM;C:\PROGRA~1\CheckIt\DIAGNO~1\MAPMEM.sys [2004-03-05 17:09]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 13:38]
R3 PRO2100W;Intel® PRO/DSL 2100 Modem - PPP;C:\WINDOWS\System32\DRIVERS\p21c2kW.sys [2001-10-04 17:12]
S3 SQTECH913D;913D Camera;C:\WINDOWS\System32\Drivers\Capt913D.sys [2006-12-21 10:52]
*Newly Created Service* - COMHOST
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-04-14 20:39:02
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2008-04-14 20:50:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-15 04:50:03
Pre-Run: 18,927,992,832 bytes free
Post-Run: 18,898,391,040 bytes free