sorry...
ComboFix 08-02-25.2 - ALICE 2008-02-27 14:00:16.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.182 [GMT -6:00]
Running from: C:\Documents and Settings\ALICE\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\ALICE\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\windows\kwv2.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\mysearch
c:\windows\kwv2.dat
.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-26 22:42 . 2008-02-26 22:42 <DIR> d-------- C:\Program Files\Sun
2008-02-26 22:42 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\SYSTEM32\javacpl.cpl
2008-02-26 22:38 . 2008-02-26 22:42 <DIR> d-------- C:\Program Files\Java
2008-02-26 22:38 . 2008-02-26 22:38 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-26 20:04 . 2008-02-26 20:05 <DIR> d-------- C:\Program Files\Panda Security
2008-02-25 13:34 . 2008-02-25 13:34 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2008-02-25 13:34 . 2008-02-25 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-24 15:13 . 2008-02-24 16:10 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-24 15:13 . 2008-02-24 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-24 15:13 . 2008-02-24 15:13 <DIR> d-------- C:\Documents and Settings\ALICE\Application Data\Malwarebytes
2008-02-18 14:06 . 2008-02-18 14:06 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-17 14:46 . 2008-02-17 14:51 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-17 14:31 . 2008-02-17 14:31 <DIR> d-------- C:\Program Files\WebCyberCoach
2008-02-17 14:17 . 2005-07-04 16:03 1,650,688 --a------ C:\WINDOWS\SYSTEM32\qdiagdwc.ocx
2008-02-17 14:17 . 2004-06-15 15:55 7,882 --a------ C:\WINDOWS\SYSTEM32\GTKCMOS.sys
2008-02-17 14:17 . 2005-02-08 12:37 7,626 --a------ C:\WINDOWS\SYSTEM32\GPCIEnum.sys
2008-02-17 14:17 . 2005-02-09 13:08 7,168 --a------ C:\WINDOWS\SYSTEM32\DLPT64.sys
2008-02-17 14:17 . 2004-06-09 09:29 6,977 --a------ C:\WINDOWS\SYSTEM32\DDMI2.sys
2008-02-17 14:17 . 2005-03-13 16:54 6,656 --a------ C:\WINDOWS\SYSTEM32\DLPT2.sys
2008-02-17 14:17 . 2005-02-08 13:04 5,632 --a------ C:\WINDOWS\SYSTEM32\GPCIEn64.sys
2008-02-17 14:17 . 2005-02-08 15:46 5,120 --a------ C:\WINDOWS\SYSTEM32\GTKCMO64.sys
2008-02-17 14:17 . 2005-02-07 19:07 4,608 --a------ C:\WINDOWS\SYSTEM32\DDMI64.sys
2008-02-16 14:26 . 2008-02-16 14:26 <DIR> d-------- C:\WINDOWS\SYSTEM32\Dell
2008-02-16 13:34 . 2008-02-16 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SupportSoft
2008-02-16 13:33 . 2008-02-16 13:34 <DIR> d-------- C:\Program Files\Dell Support Center
2008-02-16 13:33 . 2008-02-16 13:33 <DIR> d-------- C:\Program Files\Common Files\supportsoft
2008-02-15 22:15 . 2008-02-15 23:15 <DIR> d-------- C:\Program Files\RegCure
2008-02-15 21:43 . 2008-02-15 21:42 23,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\TVICHW32.SYS
2008-02-13 14:58 . 2008-02-13 14:58 <DIR> d-------- C:\WINDOWS\SYSTEM32\LogFiles
2008-02-13 14:58 . 2008-02-13 15:03 <DIR> d-------- C:\WINDOWS\SYSTEM32\DRIVERS\UMDF
2008-02-13 14:31 . 2008-02-13 14:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-13 14:31 . 2008-02-13 14:31 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-11 21:12 . 2008-02-11 21:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Tools
2008-02-11 21:12 . 2008-02-11 20:51 218,504 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys
2008-02-11 20:51 . 2008-02-11 21:12 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-02-08 09:32 . 2008-02-08 09:32 <DIR> d-------- C:\Documents and Settings\ALICE\Application Data\MSN6
2008-02-06 16:53 . 2008-02-06 16:53 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-03 22:17 . 2007-01-18 06:00 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgArCln.sys
2008-02-02 00:41 . 2005-06-21 23:43 163,840 --a------ C:\WINDOWS\SYSTEM32\igfxres.dll
2008-02-02 00:13 . 2005-06-22 00:04 61,440 --a------ C:\WINDOWS\SYSTEM32\iAlmCoIn_v4342.dll
2008-01-30 05:42 . 2008-01-30 05:42 <DIR> d---s---- C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\UserData
2008-01-29 00:40 . 2008-01-29 01:21 <DIR> d-------- C:\Program Files\Netcom3 Cleaner
2008-01-28 22:08 . 2008-01-28 22:08 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-01-28 10:15 . 2008-01-28 10:20 <DIR> d-------- C:\Program Files\PCPitstop
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 16:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-27 12:33 --------- d-----w C:\Program Files\Spyware Doctor
2008-02-26 16:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Dell
2008-02-21 14:10 --------- d-----w C:\Program Files\Yahoo!
2008-02-21 14:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\yahoo!
2008-02-21 05:06 --------- d-----w C:\Documents and Settings\Buzbee's\Application Data\Yahoo!
2008-02-17 20:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-17 20:31 --------- d--ha-w C:\Documents and Settings\All Users\Application Data\GTek
2008-02-16 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-16 20:45 --------- d-----w C:\Program Files\Dell
2008-02-16 05:59 --------- d-----w C:\Program Files\Google
2008-02-10 01:42 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-29 00:26 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-01-28 21:49 --------- d-----w C:\Program Files\Common Files\Real
2008-01-25 05:24 --------- d-----w C:\Program Files\EA GAMES
2008-01-25 03:19 --------- d-----w C:\Documents and Settings\ALICE\Application Data\PC Tools
2008-01-24 22:50 --------- d-----w C:\Documents and Settings\ALICE\Application Data\Yahoo!
2008-01-22 17:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Symantec
2008-01-22 17:33 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
2007-12-18 09:51 179,584 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mrxdav.sys
2007-12-07 14:37 3,059,200 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\mshtml.dll
2007-12-06 13:07 18,432 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\iedw.exe
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\SYSTEM32\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\SYSTEM32\DLLCACHE\oleaut32.dll
2006-12-12 16:03 32 ----a-r C:\Documents and Settings\All Users\hash.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"DellSupport-"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09 460784]
"DellSupportCenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" [2007-11-15 09:23 202544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-21 23:48 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2005-06-21 23:44 126976]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 10:43 53248]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 19:12 221184]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 19:15 290816]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-08-26 01:49 77824]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2007-12-10 14:53 1103752]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]
"dscactivate"="C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 09:24 16384]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 03:42 144784]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
R1 pctfw2;pctfw2;C:\WINDOWS\SYSTEM32\DRIVERS\pctfw2.sys [2008-02-11 20:51]
R2 sprtsvc_dellsupportcenter;SupportSoft Sprocket Service (dellsupportcenter);C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service []
.
Contents of the 'Scheduled Tasks' folder
"2008-02-27 16:18:01 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
"2008-02-27 16:22:43 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-21 09:00:00 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-27 14:12:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-27 14:14:52
ComboFix-quarantined-files.txt 2008-02-27 20:14:44
ComboFix2.txt 2008-02-27 01:24:17
ComboFix3.txt 2008-02-26 21:49:54
.
2008-02-24 19:25:51 --- E O F ---