[bobby080588]

hi guys I just recently scanned my computer trying to get rid of malware using Combofix. This log shown below is what appeared after the scan i would like to know how to use this (understand it someway) in order to get rid of my infections.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Windows\system32\ededoy.dll
C:\Windows\system32\mckkmsne.dll
C:\Windows\system32\onpjnfag.dll
C:\Windows\system32\pxkckdfx.dll
C:\Windows\System32\VwHikUtv.ini
C:\Windows\System32\VwHikUtv.ini2
C:\Windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2008-07-25 to 2008-08-25 )))))))))))))))))))))))))))))))
.

2008-08-24 14:54 . 2008-08-24 14:54 <DIR> d-------- C:\Users\Diego\AppData\Roaming\Malwarebytes
2008-08-24 14:54 . 2008-08-24 14:54 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-08-24 14:54 . 2008-08-24 14:54 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-08-24 14:54 . 2008-08-24 14:54 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-24 14:54 . 2008-08-17 15:05 38,472 --a------ C:\Windows\System32\drivers\mbamswissarmy.sys
2008-08-24 14:54 . 2008-08-17 15:05 17,144 --a------ C:\Windows\System32\drivers\mbam.sys
2008-08-23 23:25 . 2008-08-24 14:52 <DIR> d-------- C:\Users\All Users\Spybot - Search & Destroy
2008-08-23 23:25 . 2008-08-24 14:52 <DIR> d-------- C:\ProgramData\Spybot - Search & Destroy
2008-08-23 23:25 . 2008-08-23 23:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-23 16:19 . 2008-08-23 16:19 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-08-23 16:19 . 2008-08-23 16:19 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-08-23 16:18 . 2008-08-23 16:18 <DIR> d-------- C:\Users\Diego\AppData\Roaming\SUPERAntiSpyware.com
2008-08-23 16:18 . 2008-08-23 16:18 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-08-22 22:52 . 2008-08-22 22:52 1,266,574 --a------ C:\MGtools.exe
2008-08-22 22:15 . 2008-08-22 22:15 <DIR> d-------- C:\Program Files\CCleaner
2008-08-22 21:51 . 2008-08-22 21:50 410,976 --a------ C:\Windows\System32\deploytk.dll
2008-08-22 18:33 . 2008-07-19 01:09 1,811,656 --a------ C:\Windows\System32\wuaueng.dll
2008-08-22 18:33 . 2008-07-18 23:44 1,524,736 --a------ C:\Windows\System32\wucltux.dll
2008-08-22 18:33 . 2008-07-19 01:10 53,448 --a------ C:\Windows\System32\wuauclt.exe
2008-08-22 18:33 . 2008-07-19 01:10 45,768 --a------ C:\Windows\System32\wups2.dll
2008-08-22 18:32 . 2008-07-19 01:09 563,912 --a------ C:\Windows\System32\wuapi.dll
2008-08-22 18:32 . 2008-07-18 23:44 83,456 --a------ C:\Windows\System32\wudriver.dll
2008-08-22 18:32 . 2008-07-19 01:10 36,552 --a------ C:\Windows\System32\wups.dll
2008-08-22 18:31 . 2008-07-18 22:08 163,904 --a------ C:\Windows\System32\wuwebv.dll
2008-08-22 18:31 . 2008-07-18 20:44 31,232 --a------ C:\Windows\System32\wuapp.exe
2008-08-21 03:27 . 2008-07-15 19:48 2,048 --a------ C:\Windows\System32\tzres.dll
2008-08-21 02:50 . 2008-08-21 02:50 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2008-08-21 01:56 . 2008-08-21 01:56 <DIR> d-------- C:\Program Files\Alwil Software
2008-08-21 01:56 . 2008-07-19 10:36 51,280 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-08-20 18:15 . 2008-06-18 23:25 361,984 --a------ C:\Windows\System32\IPSECSVC.DLL
2008-08-20 18:15 . 2008-06-18 23:25 272,896 --a------ C:\Windows\System32\polstore.dll
2008-08-20 18:15 . 2008-06-18 23:25 61,440 --a------ C:\Windows\System32\winipsec.dll
2008-08-20 18:15 . 2008-06-18 23:25 28,672 --a------ C:\Windows\System32\FwRemoteSvr.dll
2008-08-20 18:14 . 2008-04-19 04:13 268,800 --a------ C:\Windows\System32\es.dll
2008-08-20 18:12 . 2008-04-10 01:01 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-08-20 18:12 . 2008-04-09 22:43 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-08-19 14:48 . 2008-08-19 14:48 <DIR> d-------- C:\Users\Diego\AppData\Roaming\muvee Technologies
2008-08-19 14:48 . 2008-08-19 14:48 <DIR> d-------- C:\Users\All Users\muvee Technologies
2008-08-19 14:48 . 2008-08-19 14:48 <DIR> d-------- C:\ProgramData\muvee Technologies
2008-08-19 14:47 . 2008-08-19 14:47 <DIR> d-------- C:\Users\All Users\TEMP
2008-08-19 14:47 . 2008-08-19 14:47 <DIR> d-------- C:\ProgramData\TEMP
2008-08-17 13:28 . 2008-08-17 13:28 <DIR> d-------- C:\Users\All Users\Sandlot Games
2008-08-17 13:28 . 2008-08-17 13:28 <DIR> d-------- C:\ProgramData\Sandlot Games
2008-08-17 13:28 . 2008-08-17 13:28 <DIR> d-------- C:\Program Files\Common Files\Sandlot Shared
2008-08-11 00:53 . 2008-08-11 00:54 <DIR> d-------- C:\SAV32CLI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-25 04:26 --------- d-----w C:\ProgramData\Google Updater
2008-08-23 20:18 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-23 01:50 --------- d-----w C:\Program Files\Java
2008-08-21 07:55 --------- d-----w C:\Program Files\Sophos
2008-08-21 07:53 --------- d-----w C:\Program Files\Windows Mail
2008-08-21 07:32 --------- d-----w C:\ProgramData\Microsoft Help
2008-08-21 07:04 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-21 06:55 --------- d-----w C:\Program Files\Vongo
2008-08-21 06:39 --------- d-----w C:\ProgramData\Sophos
2008-08-20 22:17 --------- d-----w C:\Program Files\Google
2008-08-19 20:20 --------- d-----w C:\ProgramData\WildTangent
2008-08-19 19:36 --------- d-----w C:\Program Files\Microsoft Games
2008-08-19 19:12 --------- d-----w C:\Users\Diego\AppData\Roaming\Sierra
2008-08-19 19:12 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-19 19:12 --------- d-----w C:\Program Files\Sierra
2008-08-09 04:38 --------- d-----w C:\Program Files\Lavasoft
2008-08-09 04:34 --------- d-----w C:\ProgramData\Lavasoft
2008-07-09 07:19 174 --sha-w C:\Program Files\desktop.ini
2008-07-09 07:07 --------- d-----w C:\Program Files\Microsoft SQL Server
2008-06-27 03:54 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-06-12 06:54 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-06-12 06:54 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-06-12 01:21 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2007-11-24 02:26 24,192 ----a-w C:\Users\Diego\usbsermptxp.sys
2007-11-24 02:26 22,768 ----a-w C:\Users\Diego\usbsermpt.sys
2007-11-24 01:11 92,064 ----a-w C:\Users\Diego\mqdmmdm.sys
2007-11-24 01:11 9,232 ----a-w C:\Users\Diego\mqdmmdfl.sys
2007-11-24 01:11 79,328 ----a-w C:\Users\Diego\mqdmserd.sys
2007-11-24 01:11 66,656 ----a-w C:\Users\Diego\mqdmbus.sys
2007-11-24 01:11 6,208 ----a-w C:\Users\Diego\mqdmcmnt.sys
2007-11-24 01:11 5,936 ----a-w C:\Users\Diego\mqdmwhnt.sys
2007-11-24 01:11 4,048 ----a-w C:\Users\Diego\mqdmcr.sys
2007-08-19 19:26 0 ----a-w C:\Users\Diego\AppData\Roaming\wklnhst.dat
2008-01-16 21:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-01-16 21:36 32,768 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-01-16 21:36 16,384 --sha-w C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-17 14:53 1232896]
"HPAdvisor"="C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2007-03-20 18:23 1773568]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 13:34 5724184]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 08:35 125440]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-05 18:51 68856]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 23:36 827392]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-02-26 12:52 138008]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-02-26 12:52 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-02-26 12:52 133912]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2007-03-28 20:45 176128]
"HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2007-06-05 10:12 71176]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 19:30 517768]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 07:00 33648]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" [2008-08-22 21:50 144792]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 16:32 56080 C:\Windows\KHALMNPR.Exe]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-06-07 19:05:38 553021]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2007-12-05 18:51:06 126136]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2007-08-09 22:07:32 692224]
Vongo Tray.lnk - C:\Windows\Installer\{8C3AE2D1-854D-4650-A73D-C7CC7EE36B80}\NewShortcut2_DB7E00C96DEF489A8112D8F81614F45A.exe [2007-05-03 20:03:17 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.IV41"= ir41_32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications]
"<NO NAME>"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile\AuthorizedApplications\List]
"<NO NAME>"=
"C:\\Program Files\\Vongo\\VongoService.exe"= C:\Program Files\Vongo\VongoService.exe:*:enabled:VongoService

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{4F6FCA15-4792-4FC2-A411-5DEE7ABB33DD}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{EBFDDF5A-1363-40AB-A3D9-8C8BCF60F325}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DB62F7AE-6857-4964-85BD-216B646A4510}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{849D2A11-C890-47A7-AF59-6C9829371555}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{2F8A24E2-6266-4C7D-8B8A-F8C077332FAF}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F247C7CA-2F29-460F-916C-1CB41F858373}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{26C399D3-F7FF-4A27-9159-F8F459DECD9D}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{5A68E38F-53F7-44C5-911C-B6C65CD24814}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{05C1C6F0-3A90-462F-83D6-81998825F97C}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6EF0E309-7027-4248-8BC2-2BCA6E81CBE7}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{7724ED3B-D536-4BA8-BCCE-5A26D66B718C}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{FBF01BED-6C73-429B-9A07-25E4B1047928}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{A857FAC5-67AA-49CD-AEA7-4C38CDAB45FE}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{5A11A7EA-5887-4858-9587-A437D61830E3}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{44D32BDF-B682-4940-B74E-92AE653DB7FD}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{71588834-9859-43B4-AFD4-61CBF4A2CF91}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{0C183F0A-23D8-47CE-9E76-3EE77A3F58E5}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B0E04FEB-4D5F-4309-B25E-5185EE11A4B6}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{7797997B-3907-4B7A-8D5E-E9EC8523A10E}C:\\neverwinternights\\nwn\\nwmain.exe"= UDP:C:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"UDP Query User{F1A76D52-6996-4A52-A9C2-658819D27F0B}C:\\neverwinternights\\nwn\\nwmain.exe"= TCP:C:\neverwinternights\nwn\nwmain.exe:Neverwinter Nights
"TCP Query User{2662E3B3-8893-468F-BB67-94EC0F831E7A}C:\\program files\\sierra\\empire earth ii\\ee2.exe"= UDP:C:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II
"UDP Query User{D26E2915-D475-455B-A413-434BF05AC9CD}C:\\program files\\sierra\\empire earth ii\\ee2.exe"= TCP:C:\program files\sierra\empire earth ii\ee2.exe:Empire Earth II
"TCP Query User{29EF4573-848E-45DF-8353-028332F9F5C5}C:\\program files\\hp\\hp software update\\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"UDP Query User{2E4122A5-F0CA-4481-BEC6-DEE2B3381455}C:\\program files\\hp\\hp software update\\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client
"{1E7057B2-6BA6-446C-A230-24D0FC7D78C0}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{CC1074C4-21B1-4F5C-9524-4B59EF5E2F74}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{955D7754-FEFA-405B-811E-A44106B333A3}"= Disabled:UDP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{7ECB92F2-0E07-48D1-BDA5-F44F228BDBEA}"= Disabled:TCP:C:\Program Files\Skype\Phone\Skype.exe:Skype
"{CCED8529-841E-4E89-8B4B-5B379002B7B8}"= Disabled:UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{811E4982-5669-416C-92CF-55E364DB2B5F}"= Disabled:TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"DoNotAllowExceptions"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"DoNotAllowExceptions"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
"C:\\Program Files\\PPStream\\PPStream.exe"= C:\Program Files\PPStream\PPStream.exe:*:Enabled:PPSÍøÂçµçÊÓ
"C:\\Program Files\\PPStream\\PPSAP.exe"= C:\Program Files\PPStream\PPSAP.exe:*:Enabled:PPS ÍøÂç¼ÓËÙÆ÷

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 10:35]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 10:37]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 10:36]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 09:42]
R3 R5U870FLx86;R5U870 UVC Lower Filter ;C:\Windows\system32\Drivers\R5U870FLx86.sys [2006-12-18 18:31]
R3 R5U870FUx86;R5U870 UVC Upper Filter ;C:\Windows\system32\Drivers\R5U870FUx86.sys [2006-12-18 18:31]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys [2007-02-27 16:31]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys [2007-01-23 21:03]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys [2007-02-27 16:31]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a5750c9c-a1d5-11dc-8fd4-001b24591a8e}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2008-08-25 C:\Windows\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 13:20]

2008-08-25 C:\Windows\Tasks\User_Feed_Synchronization-{0577D953-3655-4F84-8D8C-C888067A70EF}.job
- C:\Windows\system32\msfeedssync.exe [2006-11-02 05:45]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0E28648C-A297-4709-851A-78C4C2CF258B} - C:\Windows\system32\vtUkiHwV.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\rzo89th7.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\Google\Google Updater\2.2.969.23408\npCIDetect11.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF -: plugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-25 18:24:28
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Hp\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Vongo\VongoService.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-08-25 18:34:06 - machine was rebooted [Diego]
ComboFix-quarantined-files.txt 2008-08-25 22:33:54

Pre-Run: 71,978,643,456 bytes free
Post-Run: 71,665,528,832 bytes free

288 --- E O F --- 2008-08-21 19:14:04