Hi,
Yes, ComboFix is the only program running unless there are processes running. All antivirus programs are disabled.
Jotti found nothing on that file.
Here is the log from ComboFix:
ComboFix 09-03-06.02 - bpolunin 2009-03-11 18:44:55.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.581 [GMT -4:00]
Running from: c:\documents and settings\bpolunin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\bpolunin\Desktop\CFScript.txt
* Created a new restore point
FILE ::
c:\program files\temp01
c:\windows\qrkyvldt
c:\windows\system\xccef090131.exe
c:\windows\system32\drivers\fxbodfnl.sys
c:\windows\system32\drivers\twkusmnj.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\temp01
c:\windows\IE4 Error Log.txt
c:\windows\qrkyvldt
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_QRKYVLDT
-------\Service_fxbodfnl
((((((((((((((((((((((((( Files Created from 2009-02-11 to 2009-03-11 )))))))))))))))))))))))))))))))
.
2009-03-10 17:38 . 2009-03-10 17:38 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-10 17:38 . 2009-03-10 17:38 <DIR> d-------- c:\documents and settings\bpolunin\Application Data\Malwarebytes
2009-03-10 17:38 . 2009-03-10 17:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-10 17:38 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-10 17:38 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-09 18:59 . 2009-03-09 18:59 <DIR> d-------- c:\windows\$SQLUninstallSQL2000-KB960082-v8.00.2055-x86-ENU$
2009-03-09 18:57 . 2009-03-09 18:57 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-09 18:14 . 2009-03-10 19:12 <DIR> d-------- C:\quarantine
2009-03-09 13:43 . 2009-03-09 13:43 <DIR> d-------- c:\program files\Trend Micro
2009-03-09 13:09 . 2009-03-09 13:09 552 --a------ c:\windows\system32\d3d8caps.dat
2009-03-09 12:59 . 2009-03-11 11:09 <DIR> d-------- c:\program files\EsetOnlineScanner
2009-03-09 12:43 . 2009-03-06 19:18 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-03-09 12:23 . 2009-03-09 12:23 186,368 --a------ c:\windows\Monitor Clean.scr
2009-03-03 17:02 . 2009-03-03 17:03 <DIR> d-------- c:\documents and settings\psligar
2009-03-03 14:36 . 2009-03-09 12:32 1,324 --a------ c:\windows\system32\d3d9caps.dat
2009-02-28 08:30 . 2009-03-09 13:59 <DIR> d-------- c:\windows\system32\3361
2009-02-28 07:38 . 2002-02-15 15:02 676,352 --a------ c:\windows\system32\rtl60.bpl
2009-02-28 07:37 . 2009-03-09 18:16 <DIR> d-------- c:\windows\system32\inf
2009-02-23 17:09 . 2009-02-23 17:09 <DIR> d-------- C:\e695dbab6f220fa305e4ad5b538902
2009-02-23 16:49 . 2009-02-23 16:49 <DIR> d-------- c:\program files\Windows Defender
2009-02-23 16:45 . 2009-03-11 18:54 2,206 --a------ c:\windows\system32\wpa.dbl
2009-02-23 16:37 . 2009-02-23 16:37 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-02-23 13:46 . 2009-02-23 13:46 <DIR> dr-h----- c:\documents and settings\Administrator\Application Data\yahoo!
2009-02-23 12:26 . 2009-03-11 17:05 512 --a------ c:\windows\randseed.rnd
2009-02-23 12:25 . 2009-02-23 12:25 <DIR> d-------- c:\program files\Common Files\Cisco Systems
2009-02-23 12:25 . 2009-02-23 12:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee
2009-02-23 12:24 . 2009-02-23 12:25 <DIR> d-------- c:\program files\Network Associates
2009-02-23 12:24 . 2009-02-23 12:24 <DIR> d-------- c:\program files\Common Files\Network Associates
2009-02-23 12:24 . 2009-02-23 12:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\Network Associates
2009-02-23 12:24 . 2006-06-08 21:00 116,864 --a------ c:\windows\system32\drivers\naiavf5x.sys
2009-02-23 12:24 . 2006-06-08 21:00 58,464 --a------ c:\windows\system32\drivers\mvstdi5x.sys
2009-02-20 19:15 . 2009-02-20 19:15 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-20 19:15 . 2009-02-20 19:15 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-20 19:13 . 2009-02-20 19:13 <DIR> d-------- c:\program files\Lavasoft
2009-02-20 19:13 . 2009-02-20 19:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-20 19:13 . 2009-02-20 19:13 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-11 17:55 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 16:46 --------- d-----w c:\program files\Java
2009-02-26 00:06 --------- d-----w c:\program files\Replay Media Catcher
2009-01-30 17:12 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-01-26 21:44 --------- d-----w c:\program files\Galaxy
2008-06-11 16:20 56,912 ----a-w c:\documents and settings\bpolunin\g2mdlhlpx.exe
2008-04-07 06:59 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2008-04-07 06:59 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-07 06:59 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2008-04-07 06:59 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2008-04-07 06:59 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\psligar ----
2009-03-11 00:05 1024 --ah----- c:\documents and settings\psligar\ntuser.dat.LOG
2009-03-11 00:05 1024 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
2009-03-03 17:09 786432 --ah----- c:\documents and settings\psligar\NTUSER.DAT
2009-03-03 17:09 262144 ---h----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
2009-03-03 17:09 178 --ahs---- c:\documents and settings\psligar\ntuser.ini
2009-03-03 17:07 32768 --a------ c:\documents and settings\psligar\Local Settings\History\History.IE5\index.dat
2009-03-03 17:03 62 --ahs---- c:\documents and settings\psligar\Local Settings\desktop.ini
2009-03-03 17:03 552 --a-s---- c:\documents and settings\psligar\Application Data\Microsoft\CryptnetUrlCache\Content\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2009-03-03 17:03 132 --a-s---- c:\documents and settings\psligar\Application Data\Microsoft\CryptnetUrlCache\MetaData\7B2238AACCEDC3F1FFE8E7EB5F575EC9
2009-02-28 21:40 70456 --a------ c:\documents and settings\psligar\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-06-04 03:03 636 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\VSA\8.0\toolbox_reset.tbd
2008-06-04 03:03 636 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\VSA\8.0\toolbox.tbd
2008-06-04 03:03 636 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\MSDN\8.0\toolbox_reset.tbd
2008-06-04 03:03 636 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\MSDN\8.0\toolbox.tbd
2008-06-04 03:03 526 --a------ c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\VSA\8.0\browsers.xml
2008-06-04 03:03 526 --a------ c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\VisualStudio\8.0\browsers.xml
2008-06-04 03:03 526 --a------ c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\MSDN\8.0\browsers.xml
2008-06-04 03:03 526 --a------ c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\Microsoft SQL Server\90\Tools\Shell\browsers.xml
2008-06-04 03:03 503832 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\VisualStudio\8.0\toolbox_reset.tbd
2008-06-04 03:03 503832 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\VisualStudio\8.0\toolbox.tbd
2008-06-04 03:03 43405 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\Microsoft SQL Server\90\Tools\Shell\toolbox_reset.tbd
2008-06-04 03:03 43405 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\Microsoft SQL Server\90\Tools\Shell\toolbox.tbd
2008-06-04 03:03 4278 --a------ c:\documents and settings\psligar\Application Data\Microsoft\VSA\8.0\ActivityLog.xsl
2008-06-04 03:03 4278 --a------ c:\documents and settings\psligar\Application Data\Microsoft\MSDN\8.0\ActivityLog.xsl
2008-06-04 03:03 31 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\Microsoft SQL Server\90\Tools\Shell\toolboxIndex_reset.tbd
2008-06-04 03:03 31 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\Microsoft SQL Server\90\Tools\Shell\toolboxIndex.tbd
2008-06-04 03:03 294 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\VisualStudio\8.0\toolboxIndex_reset.tbd
2008-06-04 03:03 294 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\VisualStudio\8.0\toolboxIndex.tbd
2008-06-04 03:03 20 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\VSA\8.0\toolboxIndex_reset.tbd
2008-06-04 03:03 20 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\VSA\8.0\toolboxIndex.tbd
2008-06-04 03:03 20 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\MSDN\8.0\toolboxIndex_reset.tbd
2008-06-04 03:03 20 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\MSDN\8.0\toolboxIndex.tbd
2008-04-23 03:18 978 --a------ c:\documents and settings\psligar\Application Data\Microsoft\VisualStudio\8.0\VsFontLk.dat
2008-04-23 03:17 67 --ahs---- c:\documents and settings\psligar\Local Settings\Temporary Internet Files\desktop.ini
2008-04-23 03:17 113 --ahs---- c:\documents and settings\psligar\Local Settings\History\History.IE5\desktop.ini
2008-04-23 03:17 113 --ahs---- c:\documents and settings\psligar\Local Settings\History\desktop.ini
2006-08-04 18:02 39936 --a------ c:\documents and settings\psligar\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config.cch
2006-07-18 12:03 2698778 --ah----- c:\documents and settings\psligar\Local Settings\Application Data\IconCache.db
2006-07-18 12:01 800 --a------ c:\documents and settings\psligar\Desktop\Help and Support.lnk
2006-07-18 12:01 777 --a------ c:\documents and settings\psligar\Local Settings\Application Data\ApplicationHistory\fileEdit.exe.6448eaba.ini
2006-07-18 11:57 9946112 --a------ c:\documents and settings\psligar\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\Java 2 Runtime Environment, SE v1.4.2_03.msi
2006-07-18 11:57 473 --a------ c:\documents and settings\psligar\Application Data\Sun\Java\Deployment\deployment.properties
2006-07-18 11:57 3584 --a------ c:\documents and settings\psligar\Local Settings\Application Data\{7148F0A6-6813-11D6-A77B-00B0D0142030}\1033.MST
2006-07-18 11:49 522 --a------ c:\documents and settings\psligar\Start Menu\Programs\Dell\Phone Support.lnk
2006-07-18 11:49 1211 --a------ c:\documents and settings\psligar\Start Menu\Programs\Dell Accessories\Express Service Code.lnk
2006-07-18 11:44 52 --a------ c:\documents and settings\psligar\Favorites\Dell\Dell Auction.url
2006-07-18 11:44 49 --a------ c:\documents and settings\psligar\Favorites\Dell\Support.Dell.Com.url
2006-07-18 11:44 45 --a------ c:\documents and settings\psligar\Favorites\Dell\Dell.url
2006-07-18 11:44 124 --a------ c:\documents and settings\psligar\Favorites\Dell\Dell Internet Security.url
2004-08-11 18:24 2852 --a------ c:\documents and settings\psligar\Local Settings\Application Data\ApplicationHistory\ngen.exe.2c05686e.ini
2004-08-11 18:23 21768 --a------ c:\documents and settings\psligar\Application Data\Microsoft\CLR Security Config\v1.1.4322\security.config
2004-08-11 18:23 1340 --a------ c:\documents and settings\psligar\Local Settings\Application Data\ApplicationHistory\SL30.tmp.47ef97a6.ini
2004-08-11 18:20 84 --ahs---- c:\documents and settings\psligar\My Documents\desktop.ini
2004-08-11 18:20 79 --a------ c:\documents and settings\psligar\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
2004-08-11 18:20 708 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Entertainment\Windows Media Player.lnk
2004-08-11 18:20 683 --a------ c:\documents and settings\psligar\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
2004-08-11 18:20 678 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Address Book.lnk
2004-08-11 18:20 671 --a------ c:\documents and settings\psligar\Start Menu\Programs\Internet Explorer.lnk
2004-08-11 18:20 642 --a------ c:\documents and settings\psligar\Start Menu\Programs\Outlook Express.lnk
2004-08-11 18:20 572 --a------ c:\documents and settings\psligar\My Documents\My Pictures\Sample Pictures.lnk
2004-08-11 18:20 542 --ahs---- c:\documents and settings\psligar\Start Menu\Programs\Accessories\desktop.ini
2004-08-11 18:20 542 --a------ c:\documents and settings\psligar\My Documents\My Music\Sample Music.lnk
2004-08-11 18:20 2570 --ahs---- c:\documents and settings\psligar\Application Data\Microsoft\Internet Explorer\Desktop.htt
2004-08-11 18:20 234 --ahs---- c:\documents and settings\psligar\Start Menu\Programs\desktop.ini
2004-08-11 18:20 197 --a------ c:\documents and settings\psligar\Favorites\Radio Station Guide.url
2004-08-11 18:20 191 --ahs---- c:\documents and settings\psligar\My Documents\My Pictures\Desktop.ini
2004-08-11 18:20 189 --ahs---- c:\documents and settings\psligar\My Documents\My Music\Desktop.ini
2004-08-11 18:20 169 --a------ c:\documents and settings\psligar\Favorites\Links\Windows Marketplace.url
2004-08-11 18:20 150 --ahs---- c:\documents and settings\psligar\Recent\Desktop.ini
2004-08-11 18:20 122 --ahs---- c:\documents and settings\psligar\Favorites\Desktop.ini
2004-08-11 18:20 119 --ahs---- c:\documents and settings\psligar\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
2004-08-11 18:20 119 --a------ c:\documents and settings\psligar\Favorites\MSN.com.url
2004-08-11 18:20 119 --a------ c:\documents and settings\psligar\Favorites\Links\Customize Links.url
2004-08-11 18:20 118 --a------ c:\documents and settings\psligar\Favorites\Links\Windows Media.url
2004-08-11 18:20 113 --a------ c:\documents and settings\psligar\Favorites\Links\Windows.url
2004-08-11 18:20 113 --a------ c:\documents and settings\psligar\Favorites\Links\Free Hotmail.url
2004-08-11 18:20 10389 --a------ c:\documents and settings\psligar\Application Data\Microsoft\Internet Explorer\brndlog.txt
2004-08-11 18:20 0 --a------ c:\documents and settings\psligar\SendTo\My Documents.mydocs
2004-08-11 18:15 84 --ahs---- c:\documents and settings\psligar\Start Menu\Programs\Startup\desktop.ini
2004-08-11 18:15 84 --ahs---- c:\documents and settings\psligar\Start Menu\Programs\Accessories\Entertainment\desktop.ini
2004-08-11 18:15 386 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Program Compatibility Wizard.lnk
2004-08-11 18:15 348 --ahs---- c:\documents and settings\psligar\Start Menu\Programs\Accessories\Accessibility\desktop.ini
2004-08-11 18:15 1503 --a------ c:\documents and settings\psligar\Start Menu\Programs\Remote Assistance.lnk
2004-08-11 18:15 1459 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Command Prompt.lnk
2004-08-11 18:15 1443 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Accessibility\Utility Manager.lnk
2004-08-11 18:15 1436 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk
2004-08-11 18:15 1431 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Tour Windows XP.lnk
2004-08-11 18:15 1429 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Accessibility\Magnifier.lnk
2004-08-11 18:15 1423 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Synchronize.lnk
2004-08-11 18:15 1423 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Notepad.lnk
2004-08-11 18:15 1405 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk
2004-08-11 18:14 720896 --a------ c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_59R.wmdb
2004-08-11 18:14 498 --a------ c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.DTD
2004-08-11 18:14 141 --a------ c:\documents and settings\psligar\Application Data\Microsoft\Internet Explorer\brndlog.bak
2004-08-11 18:14 12784 --a------ c:\documents and settings\psligar\Local Settings\Application Data\Microsoft\Windows Media\9.0\WMSDKNS.XML
2004-08-11 18:13 181 --ahs---- c:\documents and settings\psligar\SendTo\desktop.ini
2004-08-11 18:13 1391 --a------ c:\documents and settings\psligar\Start Menu\Programs\Accessories\Windows Explorer.lnk
2004-08-11 18:13 0 --a------ c:\documents and settings\psligar\SendTo\Mail Recipient.MAPIMail
2004-08-11 18:13 0 --a------ c:\documents and settings\psligar\SendTo\Desktop (create shortcut).DeskLink
2004-08-11 18:13 0 --a------ c:\documents and settings\psligar\SendTo\Compressed (zipped) Folder.ZFSendToTarget
2004-08-11 18:07 62 --ahs---- c:\documents and settings\psligar\Start Menu\desktop.ini
2004-08-11 18:07 62 --ahs---- c:\documents and settings\psligar\Application Data\desktop.ini
2004-08-04 06:00 58 --a------ c:\documents and settings\psligar\Templates\sndrec.wav
2004-08-04 06:00 57 --a------ c:\documents and settings\psligar\Templates\wordpfct.wpg
2004-08-04 06:00 5632 --a------ c:\documents and settings\psligar\Templates\excel.xls
2004-08-04 06:00 461 --a------ c:\documents and settings\psligar\Templates\presenta.shw
2004-08-04 06:00 4608 --a------ c:\documents and settings\psligar\Templates\winword.doc
2004-08-04 06:00 4570 --a------ c:\documents and settings\psligar\Templates\amipro.sam
2004-08-04 06:00 4017 --a------ c:\documents and settings\psligar\Templates\quattro.wb2
2004-08-04 06:00 30 --a------ c:\documents and settings\psligar\Templates\wordpfct.wpd
2004-08-04 06:00 2448 --a------ c:\documents and settings\psligar\Templates\lotus.wk4
2004-08-04 06:00 1769 --a------ c:\documents and settings\psligar\Templates\winword2.doc
2004-08-04 06:00 1518 --a------ c:\documents and settings\psligar\Templates\excel4.xls
2004-08-04 06:00 12288 --a------ c:\documents and settings\psligar\Templates\powerpnt.ppt
---- Directory of C:\e695dbab6f220fa305e4ad5b538902 ----
2009-02-23 17:09 788 --ah----- c:\e695dbab6f220fa305e4ad5b538902\$shtdwn$.req
2009-02-11 21:56 24520 --a------ c:\e695dbab6f220fa305e4ad5b538902\mrtstub.exe
2009-02-11 21:56 21244872 --a------ c:\e695dbab6f220fa305e4ad5b538902\mrt.exe
---- Directory of c:\windows\system32\3361 ----
2009-03-01 06:10 4 --a------ c:\windows\system32\3361\mlog
((((((((((((((((((((((((((((( SnapShot_2009-03-10_13.11.36.90 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-09 11:08:53 1,847,552 ----a-w c:\windows\$hf_mig$\KB958690\SP3QFE\win32k.sys
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB958690\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB958690\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB958690\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB958690\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB958690\update\updspapi.dll
+ 2008-12-05 06:58:08 144,896 ----a-w c:\windows\$hf_mig$\KB960225\SP3QFE\schannel.dll
+ 2007-11-30 11:18:51 17,272 ----a-w c:\windows\$hf_mig$\KB960225\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w c:\windows\$hf_mig$\KB960225\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w c:\windows\$hf_mig$\KB960225\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w c:\windows\$hf_mig$\KB960225\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w c:\windows\$hf_mig$\KB960225\update\updspapi.dll
+ 2008-06-17 19:04:34 8,461,824 ----a-w c:\windows\$hf_mig$\KB967715\SP3QFE\shell32.dll
+ 2008-07-09 07:38:24 17,272 ----a-w c:\windows\$hf_mig$\KB967715\spmsg.dll
+ 2008-07-09 07:38:25 231,288 ----a-w c:\windows\$hf_mig$\KB967715\spuninst.exe
+ 2008-07-09 07:38:24 26,488 ----a-w c:\windows\$hf_mig$\KB967715\update\spcustom.dll
+ 2008-07-09 07:38:29 755,576 ----a-w c:\windows\$hf_mig$\KB967715\update\update.exe
+ 2008-07-09 07:38:37 382,840 ----a-w c:\windows\$hf_mig$\KB967715\update\updspapi.dll
- 2009-03-09 22:59:33 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-03-11 17:56:00 1,165,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
- 2009-03-09 22:59:33 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-03-11 17:56:01 20,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2009-03-09 22:59:33 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2009-03-11 17:56:01 217,864 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2009-03-09 22:59:34 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-03-11 17:56:01 18,704 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-03-09 22:59:34 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-03-11 17:56:01 35,088 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-03-09 22:59:33 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-03-11 17:56:01 845,584 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2009-03-09 22:59:33 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-03-11 17:56:01 922,384 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
- 2009-03-09 22:59:33 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2009-03-11 17:56:01 272,648 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2009-03-09 22:59:34 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-03-11 17:56:01 888,080 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2009-03-09 22:59:33 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2009-03-11 17:56:01 1,172,240 ----a-r c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2008-12-05 06:54:55 144,896 ------w c:\windows\system32\dllcache\schannel.dll
+ 2008-06-17 19:02:19 8,461,312 ------w c:\windows\system32\dllcache\shell32.dll
- 2008-09-15 12:12:56 1,846,400 ------w c:\windows\system32\dllcache\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 ------w c:\windows\system32\dllcache\win32k.sys
- 2008-10-24 21:49:59 270,984 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-03-11 17:58:03 270,984 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2008-04-14 00:12:05 144,384 ----a-w c:\windows\system32\schannel.dll
+ 2008-12-05 06:54:55 144,896 ----a-w c:\windows\system32\schannel.dll
- 2008-04-14 00:12:05 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2008-06-17 19:02:19 8,461,312 ----a-w c:\windows\system32\shell32.dll
+ 2007-11-30 11:18:51 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-09-15 12:12:56 1,846,400 ----a-w c:\windows\system32\win32k.sys
+ 2009-02-09 11:13:27 1,846,784 ----a-w c:\windows\system32\win32k.sys
+ 2008-04-15 17:47:33 1,724,416 ----a-w c:\windows\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-26 13680640]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2006-04-26 143360]
"pdfFactory Dispatcher v2"="c:\windows\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" [2004-11-19 442368]
"MimBoot"="c:\progra~1\MUSICM~1\MUSICM~2\mimboot.exe" [2006-01-19 11776]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-07 180269]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-26 86016]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-06 515416]
"ShStatEXE"="c:\program files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 94208]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2005-12-07 131072]
"Network Associates Error Reporting Service"="c:\program files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 147514]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 c:\windows\stsystra.exe]
"nwiz"="nwiz.exe" [2008-12-26 c:\windows\system32\nwiz.exe]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2007-10-02 81920]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2005-10-06 18:03 278528 c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-09-13 13:31 22880040 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2006-09-07 10:08 180269 c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-08-09 15:41 4617720 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\WS_FTP\\WS_FTP95.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft SQL Server\\90\\Tools\\Binn\\VSShell\\Common7\\IDE\\SqlWb.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-20 64160]
R1 NaiAvTdi1;NaiAvTdi1;c:\windows\system32\drivers\mvstdi5x.sys [2009-02-23 58464]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\vcdcontrolpanel\VCdRom.sys [2008-06-03 8576]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [2008-01-11 30312]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 951120]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder
2009-03-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-06 19:15]
2009-03-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]
2009-03-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.6.0_03\bin\jusched.exe
.
------- Supplementary Scan -------
.
mStart Page =
hxxp://www.dell.comuInternet Connection Wizard,ShellNext =
hxxp://www.google.com/ig/dell?hl=en&cli ... channel=usIE: &Yahoo! Search - file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - file:///c:\program files\Yahoo!\Common/ycsms.htm
Trusted Zone: musicmatch.com\online
TCP: {66374EF0-1FF9-4A70-9584-2E10BA00081A} = 10.218.36.210,10.218.36.181
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-03-11 18:54:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-409800705-1564488996-1541874228-2363\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{07F69B93-795C-4777-4410-3296887861AB}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ialcpmibkiffihmfak"=hex:69,61,67,70,6c,68,64,6b,66,6b,6e,68,63,62,69,65,6e,63,
00,00
"handbmnhefeojfkl"=hex:69,61,67,70,6c,68,64,6b,66,6b,6e,68,63,62,69,65,6e,63,
00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(960)
c:\windows\system32\EntApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Network Associates\Common Framework\FrameworkService.exe
c:\program files\Network Associates\VirusScan\Mcshield.exe
c:\program files\Network Associates\VirusScan\VsTskMgr.exe
c:\program files\Network Associates\Common Framework\naPrdMgr.exe
c:\progra~1\MICROS~4\MSSQL\Binn\sqlservr.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wdfmgr.exe
c:\progra~1\MUSICM~1\MUSICM~2\MMDiag.exe
c:\windows\system32\rundll32.exe
c:\program files\Musicmatch\Musicmatch Jukebox\mim.exe
.
**************************************************************************
.
Completion time: 2009-03-11 18:58:11 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-11 22:58:08
ComboFix2.txt 2009-03-10 21:37:50
ComboFix3.txt 2009-03-10 17:12:51
ComboFix4.txt 2009-03-09 22:26:40
Pre-Run: 125,807,566,848 bytes free
Post-Run: 125,832,032,256 bytes free
401 --- E O F --- 2009-03-11 17:56:58