combofix did not put any files on teh desk top....
It did however produce this log in Notepad.
****************
This is a log produced by Combofix BEFORE I used the script you provided
*****************
ComboFix 08-03-22.1 - Jeff 2008-03-26 10:56:47.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1628 [GMT -5:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.
2008-03-22 18:05 . 2008-03-26 10:49 <DIR> d-------- C:\gmax
2008-03-22 03:16 . 2008-03-22 03:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-17 11:58 . 2008-01-08 22:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-17 10:24 . 2008-03-17 10:24 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-17 10:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-14 16:23 . 2008-03-14 16:23 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-03-14 16:23 . 2008-03-14 16:23 741,632 --a------ C:\WINDOWS\system32\vctclwqu.dat
2008-03-14 16:23 . 2008-03-14 16:23 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-03-14 16:23 . 2008-03-14 16:23 42,752 --a------ C:\WINDOWS\system32\pudimfdq.dat
2008-03-14 16:23 . 2008-03-14 16:23 36,608 --a------ C:\WINDOWS\system32\nzeqmvbk.dat
2008-03-14 16:23 . 2008-03-14 16:23 35,072 --a------ C:\WINDOWS\system32\lptjkhtg.dat
2008-03-13 23:15 . 2008-03-13 23:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-13 23:13 . 2008-03-21 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-13 22:55 . 2008-03-13 22:54 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-13 22:55 . 2008-03-13 22:55 2,543 --a------ C:\WINDOWS\unins000.dat
2008-03-13 16:20 . 2008-03-13 16:20 120,576 --a------ C:\WINDOWS\system32\yiqwboxg.dat
2008-03-12 00:08 . 2008-03-12 00:18 <DIR> d-------- C:\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 15:21 --------- d-----w C:\Program Files\Java
2008-03-14 03:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-14 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 04:53 --------- d-----w C:\Program Files\Kodak
2008-02-23 04:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-02-23 04:52 --------- d-----w C:\Program Files\Common Files\Kodak
2008-02-11 19:24 --------- d-----w C:\Documents and Settings\Jeff\Application Data\AdobeUM
2008-02-04 23:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-03 17:26 --------- d-----w C:\Program Files\Steam
2008-01-27 00:55 --------- d-----w C:\Program Files\Warcraft II BNE
2008-01-27 00:20 98,304 ----a-w C:\WINDOWS\W2BNEUnin.exe
2008-01-26 00:38 10,920 ----a-w C:\aolconnfix.exe
2008-01-20 17:57 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-22_ 3.39.33.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 14:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-10 20:56:39 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-25 05:07:47 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-10 20:56:39 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-25 05:07:47 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 00:17 50776]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 14:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 14:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 14:06 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 11:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 12:06 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 00:17 50776 C:\Program Files\America Online 9.0\AOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 18:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2004-10-20 08:40 34904 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2004-11-03 16:03 125528 C:\Program Files\Common Files\AOL\1200056510\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ka4]
C:\WINDOWS\system32\ka4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
--a------ 2006-07-13 00:22 57344 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2001-08-23 16:52 331830 C:\Program Files\Microsoft Works\WksSb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2001-08-16 23:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-11 08:02 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-11 08:02 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-01-11 08:07 1266936 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2001-10-05 19:34 24576 C:\Program Files\Microsoft Works\wkfud.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\NeverwinterNights\\NWN\\nwmain.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1200056510\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 18:01]
S3 gsplittm;gsplittm;C:\DOCUME~1\Jeff\LOCALS~1\Temp\gsplittm.sys []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-26 10:57:42
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-26 10:57:55
ComboFix-quarantined-files.txt 2008-03-26 15:57:54
ComboFix2.txt 2008-03-25 04:56:32
ComboFix3.txt 2008-03-22 09:39:43
***************************
After using the custom script you privided, it produced this log
****************************
It also poped up a IE window and asked that I upload the below file to Bleeping Computer for annalysis. I did. Its a new zip file that was made on my desk top.
C:\Documents and Settings\Jeff\Desktop.\[4]-Submit_2008-03-26@11.02.zip
ComboFix 08-03-22.1 - Jeff 2008-03-26 11:02:58.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1613 [GMT -5:00]
Running from: C:\Documents and Settings\Jeff\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jeff\Desktop\CFScript..txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILE ::
C:\DOCUME~1\Jeff\LOCALS~1\Temp\gsplittm.sys
.
((((((((((((((((((((((((( Files Created from 2008-02-26 to 2008-03-26 )))))))))))))))))))))))))))))))
.
2008-03-22 18:05 . 2008-03-26 10:49 <DIR> d-------- C:\gmax
2008-03-22 03:16 . 2008-03-22 03:16 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-17 11:58 . 2008-01-08 22:24 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-03-17 10:24 . 2008-03-17 10:24 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-03-17 10:21 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-14 16:23 . 2008-03-14 16:23 1,188,375 --a------ C:\WINDOWS\system32\libeay32.dll
2008-03-14 16:23 . 2008-03-14 16:23 741,632 --a------ C:\WINDOWS\system32\vctclwqu.dat
2008-03-14 16:23 . 2008-03-14 16:23 246,545 --a------ C:\WINDOWS\system32\libssl32.dll
2008-03-14 16:23 . 2008-03-14 16:23 42,752 --a------ C:\WINDOWS\system32\pudimfdq.dat
2008-03-14 16:23 . 2008-03-14 16:23 36,608 --a------ C:\WINDOWS\system32\nzeqmvbk.dat
2008-03-14 16:23 . 2008-03-14 16:23 35,072 --a------ C:\WINDOWS\system32\lptjkhtg.dat
2008-03-13 23:15 . 2008-03-13 23:15 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-03-13 23:13 . 2008-03-21 10:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-13 22:55 . 2008-03-13 22:54 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-13 22:55 . 2008-03-13 22:55 2,543 --a------ C:\WINDOWS\unins000.dat
2008-03-13 16:20 . 2008-03-13 16:20 120,576 --a------ C:\WINDOWS\system32\yiqwboxg.dat
2008-03-12 00:08 . 2008-03-12 00:18 <DIR> d-------- C:\temp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-17 15:21 --------- d-----w C:\Program Files\Java
2008-03-14 03:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-14 03:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-23 04:53 --------- d-----w C:\Program Files\Kodak
2008-02-23 04:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-02-23 04:52 --------- d-----w C:\Program Files\Common Files\Kodak
2008-02-11 19:24 --------- d-----w C:\Documents and Settings\Jeff\Application Data\AdobeUM
2008-02-04 23:36 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-03 17:26 --------- d-----w C:\Program Files\Steam
2008-01-27 00:55 --------- d-----w C:\Program Files\Warcraft II BNE
2008-01-27 00:20 98,304 ----a-w C:\WINDOWS\W2BNEUnin.exe
2008-01-26 00:38 10,920 ----a-w C:\aolconnfix.exe
2008-01-20 17:57 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-22_ 3.39.33.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 14:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 13:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 14:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 13:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-10 20:56:39 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-25 05:07:47 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-10 20:56:39 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-25 05:07:47 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2000-08-31 14:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 13:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
- 2008-03-22 09:38:20 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe
+ 2008-03-26 16:05:02 40,960 ----a-w C:\WINDOWS\TEMP\rtdrvmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="C:\Program Files\America Online 9.0\AOL.exe" [2005-07-12 00:17 50776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-09 14:06 7311360]
"nwiz"="nwiz.exe" [2005-12-09 14:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-09 14:06 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-27 11:47 16208384 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe]
"amd_dc_opt"="C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 12:06 77824]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup=C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-12 00:17 50776 C:\Program Files\America Online 9.0\AOL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
--a------ 2004-10-18 18:42 79448 C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
-ra------ 2004-10-20 08:40 34904 C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt]
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2004-11-03 16:03 125528 C:\Program Files\Common Files\AOL\1200056510\EE\AOLHostManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ka4]
C:\WINDOWS\system32\ka4.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark 1200 Series]
--a------ 2006-07-13 00:22 57344 C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Portfolio]
--a------ 2001-08-23 16:52 331830 C:\Program Files\Microsoft Works\WksSb.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Works Update Detection]
--a------ 2001-08-16 23:41 28738 C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 11:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-11 08:02 98304 C:\Program Files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2008-01-11 08:02 26112 C:\Program Files\Real\RealPlayer\RealPlay.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-01-11 08:07 1266936 C:\Program Files\Steam\Steam.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
C:\WINDOWS\system32\dumprep 0 -u
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorksFUD]
--a------ 2001-10-05 19:34 24576 C:\Program Files\Microsoft Works\wkfud.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\NeverwinterNights\\NWN\\nwmain.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\1200056510\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"=
"C:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"=
"C:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 18:01]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-26 11:04:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\Common Files\AOL\Loader\aolload.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\America Online 9.0\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-03-26 11:06:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-26 16:06:25
ComboFix2.txt 2008-03-26 15:57:56
ComboFix3.txt 2008-03-25 04:56:32
ComboFix4.txt 2008-03-22 09:39:43
Malwarebytes' Anti-Malware 1.09
Database version: 548
Scan type: Full Scan (C:\|E:\|)
Objects scanned: 156078
Time elapsed: 23 minute(s), 32 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)