Thanx for getting back to me punk
THIS IS THE LOG FROM COMBO FIX
ComboFix 08-04-03.5 - Peter D Martin 2008-04-04 22:51:03.1 - NTFSx86
Running from: C:\Documents and Settings\Peter D Martin\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\Peter D Martin\Application Data\FunWebProducts
C:\Documents and Settings\Peter D Martin\Application Data\macromedia\Flash Player\#SharedObjects\BY6KGHKJ\iforex.com
C:\Documents and Settings\Peter D Martin\Application Data\macromedia\Flash Player\#SharedObjects\BY6KGHKJ\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Peter D Martin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Peter D Martin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Peter D Martin\My Documents\FNTS~1
C:\Documents and Settings\Peter D Martin\Start Menu\Programs\Outerinfo
C:\Documents and Settings\Peter D Martin\Start Menu\Programs\Outerinfo\Terms.lnk
C:\Documents and Settings\Peter D Martin\Start Menu\Programs\Outerinfo\Uninstall.lnk
C:\Program Files\asembl~1
C:\Program Files\Common Files\ppatch~1
C:\Program Files\Common Files\pppatc~1
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\PopSwatr\History\allowed
C:\Program Files\FunWebProducts\PopSwatr\History\notallow
C:\Program Files\FunWebProducts\Shared\Cache\AvatarSmallBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn-new.html
C:\Program Files\FunWebProducts\Shared\Cache\FunBuddyIconBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MailStampBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\MyStationeryBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
C:\Program Files\FunWebProducts\Shared\Cache\WebfettiBtn.html
C:\Program Files\Hewlett-Packard\xubaci89104.dll
C:\Program Files\inetget2
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\JavaCore
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\UnInstall.exe
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files\MyWebSearch\bar\1.bin\F3BROVLY.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SHLLVW.DLL
C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
C:\Program Files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
C:\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Cache\
000502F5
C:\Program Files\MyWebSearch\bar\Cache\
0017FE36
C:\Program Files\MyWebSearch\bar\Cache\
002456DB
C:\Program Files\MyWebSearch\bar\Cache\
003E4095
C:\Program Files\MyWebSearch\bar\Cache\
005AB187.bin
C:\Program Files\MyWebSearch\bar\Cache\
005AB3AA.bin
C:\Program Files\MyWebSearch\bar\Cache\
005AB511.bin
C:\Program Files\MyWebSearch\bar\Cache\
006BAC83.bin
C:\Program Files\MyWebSearch\bar\Cache\
007F0390.bin
C:\Program Files\MyWebSearch\bar\Cache\
007F05D2.bin
C:\Program Files\MyWebSearch\bar\Cache\
007F0891.bin
C:\Program Files\MyWebSearch\bar\Cache\
007F1543.bin
C:\Program Files\MyWebSearch\bar\Cache\
007F164D
C:\Program Files\MyWebSearch\bar\Cache\
00A983B0.bin
C:\Program Files\MyWebSearch\bar\Cache\
00A985A4.bin
C:\Program Files\MyWebSearch\bar\Cache\
00A99341.bin
C:\Program Files\MyWebSearch\bar\Cache\
00A994C7.bin
C:\Program Files\MyWebSearch\bar\Cache\
00A9A254.bin
C:\Program Files\MyWebSearch\bar\Cache\files.ini
C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files\MyWebSearch\bar\History\search2
C:\Program Files\MyWebSearch\bar\icons\CM.ICO
C:\Program Files\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files\MyWebSearch\bar\icons\WB.ICO
C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files\MyWebSearch\bar\Settings\prevcfg2.htm
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
C:\Program Files\network monitor
C:\Program Files\NoDNS
C:\Program Files\NoDNS\UnInstall.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\chrome.manifest
C:\Program Files\outerinfo\FF\components\OuterinfoAds.xpt
C:\Program Files\outerinfo\FF\install.rdf
C:\Program Files\outerinfo\Terms.rtf
C:\Program Files\smante~1
C:\Program Files\Temporary
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\sanR24
C:\Temp\sanR24\lDii.log
C:\WINDOWS\BM428dfb51.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\System32\awvvu.dll
C:\WINDOWS\system32\bjbcqufv.dll
C:\WINDOWS\system32\buvigkhr.dll
C:\WINDOWS\system32\chcngsah.dll
C:\WINDOWS\system32\diyjepwa.dll
C:\WINDOWS\system32\f3PSSavr.scr
C:\WINDOWS\system32\fcsgovrt.dll
C:\WINDOWS\system32\fujrdftv.dll
C:\WINDOWS\system32\gueyaoye.dll
C:\WINDOWS\system32\hmwxxnei.dll
C:\WINDOWS\system32\hoxrulwt.dll
C:\WINDOWS\system32\iDlo01
C:\WINDOWS\system32\jbclavhv.dll
C:\WINDOWS\system32\kfquoiyb.dll
C:\WINDOWS\system32\lgkxmnlt.ini
C:\WINDOWS\system32\lktakvyg.dll
C:\WINDOWS\system32\lutcgcba.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mgqfpmpy.dll
C:\WINDOWS\system32\mkwmciyg.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qcceipys.ini
C:\WINDOWS\system32\shdohvuv.dll
C:\WINDOWS\system32\srqffjjc.dll
C:\WINDOWS\system32\sypieccq.dll
C:\WINDOWS\system32\tbkrsbsp.dll
C:\WINDOWS\system32\tlnmxkgl.dll
C:\WINDOWS\system32\tswqmjrm.dll
C:\WINDOWS\system32\tuvvwwu.dll
C:\WINDOWS\system32\twlurxoh.ini
C:\WINDOWS\system32\uovsxpbx.dll
C:\WINDOWS\system32\upjoxenc.dll
C:\WINDOWS\system32\uvvwa.ini
C:\WINDOWS\system32\uvvwa.ini2
C:\WINDOWS\system32\vhvalcbj.ini
C:\WINDOWS\system32\vpioktre.dll
C:\WINDOWS\system32\winupdate.exe
C:\WINDOWS\system32\wqkimido.dll
C:\WINDOWS\system32\wscmp.dll
C:\WINDOWS\system32\xuykdcfq.dll
C:\WINDOWS\system32\xwyvpdtj.dll
C:\WINDOWS\system32\ydagxkgh.dll
C:\WINDOWS\system32\yeihpnsv.dll
C:\WINDOWS\system32\yfhbyanl.dll
C:\WINDOWS\system32\yhenxmhf.dll
C:\WINDOWS\system32\ystem~1
C:\WINDOWS\system32\ystem~1\?ystem\
C:\WINDOWS\TG9ybmEgSHViYmFyZA\
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_NTLOAD
-------\Service_cmdService
-------\Service_Network Monitor
-------\Service_ntload
((((((((((((((((((((((((( Files Created from 2008-03-04 to 2008-04-04 )))))))))))))))))))))))))))))))
.
2008-04-04 21:52 . 2008-04-04 21:52 269,334 --a------ C:\WINDOWS\system32\sjadgjmlsjml.bmp
2008-04-04 19:30 . 2008-04-04 19:30 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-04 19:30 . 2008-04-04 19:30 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-04 18:34 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-04 18:34 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-04 18:34 . 2008-03-28 23:19 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-04 18:34 . 2008-03-26 08:50 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-04 18:34 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-04 18:34 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-04 18:34 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-04 18:34 . 2008-04-04 18:34 6,328 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-04 18:28 . 2008-04-04 18:30 <DIR> d-------- C:\Hijackthis
2008-04-04 18:19 . 2008-04-04 18:19 53,312 --a------ C:\WINDOWS\system32\kcfaxaqk.dll
2008-04-04 16:02 . 2008-04-04 16:02 269,334 --a------ C:\WINDOWS\system32\nmtcn.bmp
2008-04-03 22:19 . 2008-04-03 22:19 269,334 --a------ C:\WINDOWS\system32\tobeh.bmp
2008-04-03 22:09 . 2008-04-03 22:09 269,334 --a------ C:\WINDOWS\system32\atojqtsb.bmp
2008-04-03 19:44 . 2008-04-03 19:44 269,334 --a------ C:\WINDOWS\system32\nepgf.bmp
2008-04-03 17:50 . 2008-04-03 17:50 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-04-03 17:24 . 2008-04-03 17:24 0 --a------ C:\WINDOWS\system32\sex2.ico.tmp
2008-04-03 16:57 . 2008-04-03 16:57 0 --a------ C:\WINDOWS\system32\sex1.ico.tmp
2008-04-03 16:50 . 2008-04-03 16:50 269,334 --a------ C:\WINDOWS\system32\retgr.bmp
2008-04-02 19:05 . 2008-04-02 19:05 269,334 --a------ C:\WINDOWS\system32\obitkjmpcj.bmp
2008-04-02 18:41 . 2008-04-02 18:41 269,334 --a------ C:\WINDOWS\system32\grihsfalkjqd.bmp
2008-04-02 16:37 . 2008-04-02 16:37 269,334 --a------ C:\WINDOWS\system32\dgrmtojipsn.bmp
2008-04-02 16:24 . 2008-04-02 16:24 269,334 --a------ C:\WINDOWS\system32\filcb.bmp
2008-04-02 16:15 . 2008-04-02 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-02 16:02 . 2008-04-02 19:08 3,262 --a------ C:\WINDOWS\system32\sex5.ico
2008-04-02 16:02 . 2008-04-02 19:07 3,262 --a------ C:\WINDOWS\system32\sex4.ico
2008-04-02 16:01 . 2008-04-02 19:07 3,262 --a------ C:\WINDOWS\system32\sex3.ico
2008-04-02 16:01 . 2008-04-02 19:06 3,262 --a------ C:\WINDOWS\system32\sex2.ico
2008-04-02 16:00 . 2008-04-04 18:18 2,114,456 ---hs---- C:\WINDOWS\system32\gntaukud.ini
2008-04-02 15:59 . 2008-04-02 19:09 3,262 --a------ C:\WINDOWS\system32\sex1.ico
2008-04-02 15:56 . 2008-04-02 15:56 269,334 --a------ C:\WINDOWS\system32\dgril.bmp
2008-04-01 20:36 . 2008-04-01 20:36 37,376 -ra------ C:\WINDOWS\mrofinu1000106.exe
2008-04-01 15:57 . 2008-04-01 15:57 269,334 --a------ C:\WINDOWS\system32\atsnehsfatkf.bmp
2008-03-31 22:19 . 2008-04-02 15:59 1,602,328 ---hs---- C:\WINDOWS\system32\auujtkso.ini
2008-03-31 22:12 . 2008-03-31 22:12 269,334 --a------ C:\WINDOWS\system32\rqtsnidofil.bmp
2008-03-31 17:07 . 2008-03-31 17:07 269,334 --a------ C:\WINDOWS\system32\ilcbahsrap.bmp
2008-03-30 21:59 . 2008-03-30 21:59 269,334 --a------ C:\WINDOWS\system32\sjqlknepgbqp.bmp
2008-03-30 19:23 . 2008-03-31 22:14 1,597,592 ---hs---- C:\WINDOWS\system32\mjillbmv.ini
2008-03-30 19:20 . 2008-03-30 19:20 269,334 --a------ C:\WINDOWS\system32\pkrqpcf.bmp
2008-03-28 17:55 . 2008-03-28 17:55 269,334 --a------ C:\WINDOWS\system32\bidcjadsnmtgb.bmp
2008-03-27 18:49 . 2008-03-28 18:07 1,444,668 ---hs---- C:\WINDOWS\system32\ysdhmfef.ini
2008-03-27 18:48 . 2008-03-27 18:48 269,334 --a------ C:\WINDOWS\system32\behob.bmp
2008-03-27 13:15 . 2008-03-27 13:15 269,334 --a------ C:\WINDOWS\system32\jelcrqt.bmp
2008-03-27 13:04 . 2008-03-27 18:49 1,389,477 ---hs---- C:\WINDOWS\system32\iiiubefs.ini
2008-03-27 13:04 . 2008-03-27 13:04 269,334 --a------ C:\WINDOWS\system32\hkjmhofqdsr.bmp
2008-03-27 13:01 . 2005-03-10 13:06 88,064 --a------ C:\WINDOWS\system32\CddbLangE.dll
2008-03-27 12:58 . 2008-03-27 12:58 269,334 --a------ C:\WINDOWS\system32\lgratsbat.bmp
2008-03-25 22:59 . 2008-03-25 22:59 269,334 --a------ C:\WINDOWS\system32\hcnedsrmt.bmp
2008-03-25 22:59 . 2008-03-25 22:59 18,432 --a------ C:\WINDOWS\system32\BluetoothAuthorizationAgent.exe
2008-03-25 22:22 . 2008-03-27 13:00 1,493,721 ---hs---- C:\WINDOWS\system32\hvhrpelt.ini
2008-03-25 21:52 . 2008-03-25 22:20 1,472,400 ---hs---- C:\WINDOWS\system32\yjgqcmdp.ini
2008-03-25 18:23 . 2008-04-02 16:27 <DIR> d-------- C:\Program Files\CPV
2008-03-24 23:37 . 2008-03-24 23:37 53,312 --a------ C:\WINDOWS\system32\aehpnphm.dll
2008-03-24 23:31 . 2008-03-25 21:52 1,472,220 ---hs---- C:\WINDOWS\system32\gfylausq.ini
2008-03-24 18:03 . 2008-03-24 23:31 1,579,008 ---hs---- C:\WINDOWS\system32\psvhfusx.ini
2008-03-24 18:03 . 2008-03-24 18:03 53,312 --a------ C:\WINDOWS\system32\osghwfve.dll
2008-03-23 15:51 . 2008-03-24 18:02 1,543,771 ---hs---- C:\WINDOWS\system32\rkwvoywa.ini
2008-03-22 15:59 . 2008-03-23 10:34 1,430,692 ---hs---- C:\WINDOWS\system32\rpeiolea.ini
2008-03-20 23:56 . 2008-03-28 17:56 <DIR> d-------- C:\Program Files\nvcoi
2008-03-20 23:56 . 2008-03-22 15:58 1,468,006 ---hs---- C:\WINDOWS\system32\hfddtbbr.ini
2008-03-19 22:42 . 2008-03-19 22:42 <DIR> d-------- C:\Program Files\Panicware
2008-03-19 22:36 . 2008-03-20 23:55 1,538,904 ---hs---- C:\WINDOWS\system32\drromsvp.ini
2008-03-18 22:27 . 2008-03-19 22:27 1,526,137 ---hs---- C:\WINDOWS\system32\ascjqioi.ini
2008-03-18 21:32 . 2008-03-19 22:42 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-03-17 18:39 . 2008-03-17 16:39 66,560 --a------ C:\WINDOWS\b155.exe
2008-03-16 22:17 . 2008-03-16 22:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-16 22:09 . 2008-03-18 21:23 1,526,135 ---hs---- C:\WINDOWS\system32\xeoqocqx.ini
2008-03-16 22:01 . 2008-03-16 22:01 63 --a------ C:\WINDOWS\system32\41beda43
2008-03-16 21:56 . 2008-04-02 21:16 <DIR> d-------- C:\WINDOWS\system32\hz7
2008-03-16 21:56 . 2008-04-02 18:34 <DIR> d-------- C:\WINDOWS\system32\cam2
2008-03-16 21:56 . 2008-03-16 21:56 <DIR> d-------- C:\WINDOWS\system32\bx21
2008-03-14 18:26 . 2008-03-14 18:26 <DIR> d-------- C:\WINDOWS\provisioning
2008-03-14 18:26 . 2008-03-14 18:37 <DIR> d-------- C:\WINDOWS\peernet
2008-03-14 17:55 . 2008-03-14 17:55 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-03-14 17:46 . 2004-08-03 23:42 20,480 --a------ C:\WINDOWS\system32\sprecovr.exe
2008-03-14 17:43 . 2004-07-17 12:40 19,528 --a------ C:\WINDOWS\
002333_.tmp
2008-03-14 17:34 . 2002-12-11 17:34 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2008-03-14 17:33 . 2006-02-27 13:32 2,479,616 --a------ C:\WINDOWS\system32\dllcache\msoeres.dll
2008-03-14 17:30 . 2008-03-14 17:30 <DIR> d-------- C:\WINDOWS\EHome
2008-03-14 17:07 . 2007-06-13 20:07 16,896 --a------ C:\WINDOWS\system32\grwinsthlp.exe
2008-03-14 17:07 . 2008-03-14 17:07 248 --a------ C:\UnInstall.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 22:00 --------- d-----w C:\Program Files\Hewlett-Packard
2008-04-01 16:38 --------- d-----w C:\Documents and Settings\Peter D Martin\Application Data\Audacity
2008-03-23 19:28 --------- d-----w C:\Program Files\MSN Messenger
2008-03-19 22:44 --------- d-----w C:\Program Files\Google
2008-03-19 21:25 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-19 21:25 --------- d-----w C:\Program Files\EPSON
2008-03-19 21:23 --------- d-----w C:\Program Files\IKEA HomePlanner
2008-03-18 20:33 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-14 16:09 --------- d-----w C:\Program Files\Canon
2008-03-14 16:05 --------- d-----w C:\Program Files\DivX
2006-11-19 20:50 78,424 ----a-w C:\Documents and Settings\Lorna Hubbard\Application Data\GDIPFONTCACHEV1.DAT
2005-03-15 17:44 0 ----a-w C:\Documents and Settings\Peter D Martin\Application Data\wklnhst.dat
2005-12-06 19:31 56 --sh--r C:\WINDOWS\system32\1607371D5C.sys
2006-01-16 17:58 1,994 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
------- Sigcheck -------
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\$NtServicePackUninstall$\wininet.dll
2004-02-06 18:05 588288 4f64d1df989e3aa2fad91a2f1167b9c7 C:\WINDOWS\$NtUninstallKB918899-IE6SP1-20060725.123917$\wininet.dll
2004-08-04 08:56 656384 c0823fc5469663ba63e7db88f9919d70 C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wininet.dll
2006-04-28 10:58 575488 3d5062a7667913b9b515cc5769e9fb31 C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\rtmgdr\wininet.dll
2006-04-28 18:48 587264 5f4e89c8b4903acbba2f4b32cf1ed3ad C:\WINDOWS\SoftwareDistribution\Download\49afa2a0b3ea87b912cc10130c63a60f\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cb88c3740b7bdbe6238a3381da220dae\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\rtmgdr\wininet.dll
2006-06-23 19:29 587776 40f777875dfa05cd61fd1e8a593be8e9 C:\WINDOWS\SoftwareDistribution\Download\cfab6bea01ff38473d99ea9faefb37c0\RTMQFE\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\wininet.dll
2006-06-23 11:33 575488 7e7760c7f263ec7a740ee265b263f770 C:\WINDOWS\system32\dllcache\wininet.dll
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
2003-03-31 03:00 167552 3b350e5a2a5e951453f3993275a4523a C:\WINDOWS\$NtUninstallQ815485$\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\Driver Cache\i386\ndis.sys
2004-08-04 07:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ndis.sys
2003-03-06 10:30 162432 09b38768036508b51564201afb000950 C:\WINDOWS\system32\drivers\ndis.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{15421B84-3488-49A7-AD18-CBF84A3EFAF6}]
2008-04-02 16:27 51200 --a------ C:\Program Files\CPV\CPV7.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2B0B59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-03-24 23:37 53312 --a------ C:\WINDOWS\System32\aehpnphm.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3CAB59B4-55A3-4737-9FD5-B93C6430BF75}]
2008-04-04 18:19 53312 --a------ C:\WINDOWS\System32\kcfaxaqk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4015CEC3-5A06-788E-0460-5200B9C88BC5}]
C:\WINDOWS\System32\hmmudlk.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{711ECE46-C7E0-422C-A9E0-BCBC634E06E7}]
2005-03-10 13:06 88064 --a------ C:\WINDOWS\System32\CddbLangE.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8E241359-F85C-48B6-859A-86C0F9A52C4C}]
C:\Program Files\Hewlett-Packard\qubaki.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe" [ ]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648]
"Aaou"="C:\WINDOWS\System32\YSTEM~1\winlogon.exe" [ ]
"Gxyb"="C:\Program Files\S?mantec\t?skmgr.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]
"nvcoi"="C:\Program Files\nvcoi\nvcoi.exe" [2008-03-20 23:56 57344]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 12:10 536576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2004-06-17 21:48 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2004-06-17 21:43 118784]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 01:01 110592]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 18:15 98304]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 18:15 536576]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 17:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 08:38 241664]
"HPHUPD05"="c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [ ]
"HPHmon05"="C:\WINDOWS\System32\hphmon05.exe" [2003-05-22 19:55 483328]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-04-30 10:32 208958]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-05-27 20:28 278528]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2005-03-22 23:15 26112]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 03:12 483328]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe" [2004-01-14 02:10 409600]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-12-24 03:33 188416]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-09-12 01:58 229952]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-12-14 02:06 495616]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-08-15 17:05 1838592]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16 376912]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"SBI"="C:\Documents and Settings\Lorna Hubbard\Local Settings\Temporary Internet Files\Content.IE5\T3ZB5TSE\setup_sbd_en[1].exe" [ ]
"BluetoothAuthorizationAgent"="C:\WINDOWS\System32\BluetoothAuthorizationAgent.exe" [2008-03-25 22:59 18432]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2003-03-31 03:00 13312]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-29 18:02 68856]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\System32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-06-11 21:34 190696]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-F400-8796-100000000002}\SC_Acrobat.exe [2005-11-30 21:22:58 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 05:19:24 237568]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.LEAD"= LCODCCMP.DLL
"MSVideo8"= VfWWDM32.dll
.
Contents of the 'Scheduled Tasks' folder
"2008-03-24 23:18:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-04-04 23:09:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?????????A?p?????????? ???B???????????????B? ??????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-04-04 23:18:23 - machine was rebooted [Peter D Martin]
ComboFix-quarantined-files.txt 2008-04-04 22:18:12
Pre-Run: 6,874,923,008 bytes free
Post-Run: 12,382,310,400 bytes free
.
2008-03-16 11:13:52 --- E O F ---