thanks in advance for any help!
ComboFix 08-04-16.5 - Administrator 2008-04-17 21:12:48.1 - NTFSx86
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Helper
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\21724.exe
C:\WINDOWS\system32\byXRhEWm.dll
C:\WINDOWS\system32\dsafhsln.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mWEhRXyb.ini
C:\WINDOWS\system32\mWEhRXyb.ini2
C:\WINDOWS\system32\nlshfasd.dll
C:\WINDOWS\system32\vjmodadn.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2008-03-17 to 2008-04-17 )))))))))))))))))))))))))))))))
.
2008-04-17 17:09 . 2008-04-17 17:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-17 17:01 . 2008-04-17 17:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-04-17 16:19 . 2008-04-17 16:19 <DIR> d-------- C:\Program Files\Yahoo!
2008-04-16 16:19 . 2008-04-16 16:19 <DIR> d-------- C:\VundoFix Backups
2008-04-16 12:43 . 2008-04-17 16:19 <DIR> d-------- C:\Program Files\CCleaner
2008-04-16 11:23 . 2008-04-17 00:14 1,603,615 ---hs---- C:\WINDOWS\system32\srosvtdw.ini
2008-04-16 11:21 . 2008-04-17 21:07 101,178 --a------ C:\WINDOWS\BMc7a4b362.xml
2008-04-15 20:02 . 2008-04-15 20:02 117 --a------ C:\WINDOWS\system32\61a49.exe
2008-04-15 19:54 . 2008-04-15 19:54 117 --a------ C:\WINDOWS\system32\19c56ef.exe
2008-04-15 19:53 . 2008-04-15 19:53 55,218 --a------ C:\WINDOWS\qaszpurn.sys
2008-04-15 19:53 . 2008-04-15 19:53 117 --a------ C:\WINDOWS\system32\19c2d1d.exe
2008-04-15 19:52 . 2008-04-15 19:52 95,744 --a------ C:\WINDOWS\mrofinu1535.exe
2008-04-15 19:17 . 2008-04-15 19:17 <DIR> d-------- C:\Program Files\TryMedia
2008-04-15 19:11 . 2008-04-15 19:11 <DIR> d-------- C:\Program Files\Team17
2008-04-01 15:48 . 2008-04-01 15:48 <DIR> d-------- C:\Program Files\Sun
2008-03-27 18:41 . 2008-03-27 18:41 <DIR> d--h----- C:\WINDOWS\PIF
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 10:26 --------- d-----w C:\Program Files\Download Manager
2008-04-17 08:49 --------- d-----w C:\Program Files\Google
2008-04-16 14:12 --------- d-----w C:\Program Files\eMule
2008-04-05 12:03 --------- d-----w C:\Program Files\DivX
2008-04-01 06:47 --------- d-----w C:\Program Files\Java
2008-03-14 12:07 --------- d-----w C:\Program Files\Power Audio Recorder
2008-03-14 11:56 --------- d-----w C:\Program Files\WMR11
2008-03-14 11:55 --------- d-----w C:\Program Files\Trainz Downloader Pro
2008-03-14 11:54 --------- d-----w C:\Program Files\RipCast 1.9
2008-03-14 11:27 23,616 ----a-w C:\WINDOWS\system32\drivers\nchssvad.sys
2008-03-14 11:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
2008-02-28 02:30 --------- d-----w C:\Program Files\ESET
2008-02-28 02:20 --------- d-----w C:\Program Files\SigScribe4
2008-02-28 02:20 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Move Networks
2008-02-28 02:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-28 02:08 --------- d-----w C:\Program Files\Lavasoft
2008-02-28 02:06 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-27 05:27 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BitTorrent
2008-01-26 05:29 86,016 ----a-w C:\WINDOWS\DUMP813f.tmp
2007-10-21 07:38 40,616 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-09-19 12:46 604 ---ha-w C:\Program Files\STLL Notifier
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mlJBRHaw]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\SimSig\\Drain.exe"=
"C:\\Program Files\\SimSig\\Westbury.exe"=
"C:\\Program Files\\SimSig\\Peterborough.exe"=
"C:\\Program Files\\SimSig\\Swindon.exe"=
"C:\\WINDOWS\\Explorer.exe"= C:\\WINDOWS\\Explorer.EXE
"C:\\WINDOWS\\system32\\taskmgr.exe"=
"C:\\WINDOWS\\system32\\wscntfy.exe"=
"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe"=
"C:\\WINDOWS\\system32\\ctfmon.exe"=
"C:\\Program Files\\Sibelius Software\\Sibelius 4\\Sibelius.exe"=
"c:\\program files\\auran\\trs2006\\bin\\launcher.exe"=
"C:\\Program Files\\Auran\\TRS2006\\TRS2006.exe"=
"c:\\program files\\auran\\trs2006\\bin\\trainz.exe"=
"C:\\WINDOWS\\system32\\Rundll32.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4664:TCP"= 4664:TCP:emule
"4672:UDP"= 4672:UDP:emule
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS [2003-07-24 12:10]
S3 wmi_mfc_tpshoker_80;WMI_MFC_TPSHOKER_80;C:\WINDOWS\system32\drivers\mjingp.sys []
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-17 21:23:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
.
**************************************************************************
.
Completion time: 2008-04-17 21:33:42 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-04-17 12:03:29
Pre-Run: 4,173,520,896 bytes free
Post-Run: 4,149,456,896 bytes free
.
2008-04-12 14:09:28 --- E O F ---