the computer has left my hands and is back in production. combo fix said it cleaned the file, but let me know if you see anything else. thanks, again. here is the file:
ComboFix 08-02-23 - Michelle 2008-02-22 15:42:43.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.237 [GMT -6:00]
Running from: C:\Documents and Settings\Michelle\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\bszip.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-23 to 2008-02-23 )))))))))))))))))))))))))))))))
.
2008-02-22 12:44 . 2008-02-22 12:44 <DIR> d-------- C:\WINDOWS\LastGood
2008-02-21 09:30 . 2008-02-21 09:34 <DIR> d-------- C:\Documents and Settings\Michelle\.housecall6.6
2008-02-21 09:18 . 2008-02-21 09:18 <DIR> d-------- C:\Program Files\Microsoft Silverlight
2008-02-21 09:16 . 2008-02-21 09:16 <DIR> d-------- C:\Program Files\MSBuild
2008-02-21 09:12 . 2008-02-21 09:12 <DIR> d-------- C:\WINDOWS\SYSTEM32\XPSViewer
2008-02-21 09:11 . 2008-02-21 09:11 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-02-21 09:08 . 2008-02-21 09:08 <DIR> d-------- C:\Program Files\MSXML 6.0
2008-02-21 09:08 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\SYSTEM32\spmsg2.dll
2008-02-21 08:59 . 2006-11-13 00:02 288,768 --------- C:\WINDOWS\SYSTEM32\rhttpaa.dll
2008-02-21 08:59 . 2006-1 1-13 00:02 116,736 --------- C:\WINDOWS\SYSTEM32\aaclient.dll
2008-02-21 08:59 . 2006-11-13 00:02 36,352 --------- C:\WINDOWS\SYSTEM32\tsgqec.dll
2008-02-21 08:58 . 2008-02-21 08:56 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-21 08:58 . 2008-02-21 08:58 2,546 --a------ C:\WINDOWS\unins000.dat
2008-02-18 16:40 . 2008-02-22 15:34 9,757 --a------ C:\WINDOWS\SYSTEM32\Config.MPF
2008-02-18 16:39 . 2008-02-19 17:54 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-02-18 16:39 . 2008-02-19 07:40 <DIR> d-------- C:\Documents and Settings\Michelle\Application Data\SiteAdvisor
2008-02-18 16:39 . 2008-02-18 16:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-02-18 16:38 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfehidk.sys
2008-02-18 16:38 . 200 7-07-24 07:40 79,304 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfeavfk.sys
2008-02-18 16:38 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfesmfk.sys
2008-02-18 16:38 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mfebopk.sys
2008-02-18 16:38 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mferkdk.sys
2008-02-18 16:37 . 2008-02-18 16:37 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-18 16:37 . 2008-02-19 07:37 <DIR> d-------- C:\Program Files\McAfee
2008-02-18 16:37 . 2008-02-18 16:37 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-18 16:37 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\Mpfp.sys
2008-02-17 18:53 . 2008-02-17 18:53 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-17 18:34 . 2008-02-17 18:34 < ;DIR&g t; d-------- C:\Documents and Settings\Michelle\Application Data\McAfee
2008-02-08 18:13 . 2008-02-08 18:13 <DIR> d-------- C:\WINDOWS\.jagex_cache_32
2008-01-31 09:28 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2008-01-31 09:28 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll.mui
2008-01-30 23:49 . 2007-12-06 20:21 6,066,176 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll
2008-01-30 23:49 . 2007-06-30 21:31 2,455,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dat
2008-01-30 23:49 . 2007-06-30 21:36 991,232 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieframe.dll.mui
2008-01-30 23:49 . 2007-12-06 20:21 459,264 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeeds.dll
2008-01-30 23:49 . 2007-12-06 20:21 383,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieapfltr.dll
2008-01-30 23:49 . 200 7-12-06 20:21 267,776 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\iertutil.dll
2008-01-30 23:49 . 2007-12-06 20:21 63,488 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\icardie.dll
2008-01-30 23:49 . 2007-12-06 20:21 52,224 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\msfeedsbs.dll
2008-01-30 23:49 . 2007-12-06 05:00 13,824 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\ieudinit.exe
2008-01-30 23:00 . 2008-01-30 23:00 <DIR> d-------- C:\WINDOWS\SYSTEM32\bits
2008-01-30 22:59 . 2007-03-29 06:56 409,600 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgr.dll
2008-01-30 22:59 . 2007-03-29 06:56 18,944 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\qmgrprxy.dll
2008-01-30 22:59 . 2007-03-29 06:56 8,192 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx2.dll
2008-01-30 22:59 . 2007-03-29 06:56 7,168 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx4.dll
2008-01-30 22:59 . 2007-03-29 06:56 7,168 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\bitsprx3.dll
2008-01-30 22:59 . 2007-03-29 06:56 7,168 --------- C:\WINDOWS\SYSTEM32\bitsprx4.dll
2008-01-29 23:31 . 2008-01-29 23:31 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-29 23:29 . 2008-01-29 23:50 <DIR> d-------- C:\SDFix
2008-01-24 16:43 . 2008-01-24 16:43 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-24 15:58 . 2008-02-21 09:22 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-01-24 15:58 . 2008-02-21 09:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 14:09 --------- d-----w C:\Documents and Settings\Michelle\Application Data\Move Networks
2008-02-21 14:03 --------- d-----w C:\Program Files\Yahoo!
2008-02-21 13:59 --------- d--h--r C:\Documents and Settings\Michelle\Application Data\yahoo!
2008-02-21 13:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-02-21 13:58 --------- d-----w C:\Program Files\Google
2008-02-20 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-02-18 22:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2008-02-18 03:30 --------- d-----w C:\Program Files\Java
2008-02-14 13:55 ---------  ;d---- -w C:\Program Files\Lx_cats
2008-01-27 21:29 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-15 19:37 16,384 ----a-w C:\WINDOWS\~DF18B9.tmp
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\pngfilt.dll
2008-01-10 09:06 --------- d-----w C:\Documents and Settings\Michelle\Application Data\StumbleUpon
2008-01-07 02:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-01-06 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-01-06 22:09 --------- d-----w C:\Program Files\Dell Support Center
2008-01-06 22:09 --------- d-----w C:\Program Files\Common Files\supportsoft
2007-12-29 19:23 --------- d-----w C:\Documents and Settings\Michelle\Application Data\Apple Computer
2007-12-25 18:59 -------- -  ;d-----w C:\Program Files\QuickTime
2007-12-25 18:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-08 05:21 3,592,192 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-06 11:01 625,664 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iexplore.exe
2007-12-06 11:00 70,656 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ie4uinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2007-07-04 18:21 48,728 -c--a-w C:\Documents and Settings\Michelle\Application Da ta\GDI PFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 10:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GW Port Controller"="C:\Program Files\Samsung\SmarThru\PORTCTRL.EXE" [2003-01-30 12:12 163840]
"LXBSCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll" [2004-03-17 12:26 65536]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 20:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 20:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 20:17 118784]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 00:05:26 29696]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-11-15 04:31:34 806912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 10:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 10:56 286720 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
--------- 2005-08-18 12:49 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\WMP54GS Wireless Network Monitor\\InvokeSvc2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\backWeb-7288971.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\ZyXEL\\Adsl\\DslStatus.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
S3 glauiad;ZyXEL USB LAN Modem;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2003-01-14 20:14]
.
Contents of the 'Scheduled Tasks' folder
"2005-04-07 18:33:40 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
"2008-02-16 00:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D40HV071-Jonathan Drott).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2008-02-18 22:37:37 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-18 22:37:36 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-23 15:44:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXBSCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-23 15:45:16
ComboFix-quarantined-files.txt 2008-02-23 21:45:14
.
2008-02-17 03:36:01 --- E O F ---