OK, I got it to work. Had to disable AT&T Security Services for combofix to work.
ComboFix 08-01-23.1C - Robert Smith 2008-01-27 21:42:07.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.192 [GMT -6:00]
Running from: C:\Documents and Settings\Robert Smith\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\acabfxpq.ini
C:\WINDOWS\system32\atpwlpii.ini
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\bdeeg.ini2
C:\WINDOWS\system32\bhtjwwkr.dll
C:\WINDOWS\system32\buoygxnq.dll
C:\WINDOWS\system32\bvoxlkqi.dll
C:\WINDOWS\system32\cbcnwtbf.dll
C:\WINDOWS\system32\ctfmon.exe.tmp
C:\WINDOWS\system32\dhpwhghd.dll
C:\WINDOWS\system32\enudmbds.ini
C:\WINDOWS\system32\exmnhung.dll
C:\WINDOWS\system32\fgexifxi.dll
C:\WINDOWS\system32\fsphmgdp.ini
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\giqrgodp.dll
C:\WINDOWS\system32\iiplwpta.dll
C:\WINDOWS\system32\jebnyulm.ini
C:\WINDOWS\system32\jnxlwvmi.dll
C:\WINDOWS\system32\krufmemq.ini
C:\WINDOWS\system32\kstrgyut.dll
C:\WINDOWS\system32\kyvjesxm.dll
C:\WINDOWS\system32\lhkdrugq.dll
C:\WINDOWS\system32\llhubxto.dll
C:\WINDOWS\system32\mcidwwup.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mluynbej.dll
C:\WINDOWS\system32\mrsawfva.dll
C:\WINDOWS\system32\nnhdgheu.dll
C:\WINDOWS\system32\omdcfept.dll
C:\WINDOWS\system32\otxbuhll.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pdgmhpsf.dll
C:\WINDOWS\system32\qmemfurk.dll
C:\WINDOWS\system32\qpxfbaca.dll
C:\WINDOWS\system32\sdbmdune.dll
C:\WINDOWS\system32\sfpmukeh.dll
C:\WINDOWS\system32\sgfqgxpe.dll
C:\WINDOWS\system32\tbvjigxo.dll
C:\WINDOWS\system32\tjqnjqfj.dll
C:\WINDOWS\system32\tpefcdmo.ini
C:\WINDOWS\system32\vbxtgjuo.exe
C:\WINDOWS\system32\vhttwdny.dll
C:\WINDOWS\system32\wgihbvhi.dll
C:\WINDOWS\system32\wtgyvifm.dll
C:\WINDOWS\system32\wvvut.ini
C:\WINDOWS\system32\wvvut.ini2
C:\WINDOWS\system32\xgcejdde.dll
C:\WINDOWS\system32\xmpqcwxi.dll
C:\winlogon.exe
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((( Files Created from 2007-12-28 to 2008-01-28 )))))))))))))))))))))))))))))))
.
2008-01-27 21:22 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-27 20:22 . 2008-01-27 20:22 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-23 22:12 . 2008-01-25 04:54 1,131,351 --ahs---- C:\WINDOWS\system32\tuouedlv.ini
2008-01-21 22:09 . 2008-01-22 22:08 1,110,920 --ahs---- C:\WINDOWS\system32\iycmjiau.ini
2008-01-20 22:08 . 2008-01-21 22:08 1,091,152 --ahs---- C:\WINDOWS\system32\ydflcmfu.ini
2008-01-17 18:55 . 2008-01-18 21:09 1,527,593 --ahs---- C:\WINDOWS\system32\qnuqnkws.ini
2008-01-16 18:02 . 2008-01-17 18:51 1,591,224 --ahs---- C:\WINDOWS\system32\bjlelsxn.ini
2008-01-15 17:33 . 2008-01-16 17:58 1,706,481 --ahs---- C:\WINDOWS\system32\wscaqeii.ini
2008-01-14 17:32 . 2008-01-15 17:12 1,864,336 --ahs---- C:\WINDOWS\system32\igyeuvxr.ini
2008-01-13 19:52 . 2008-01-13 19:52 <DIR> d-------- C:\Program Files\LimeWire
2008-01-13 07:45 . 2008-01-14 17:28 1,872,164 --ahs---- C:\WINDOWS\system32\uxcwfmsc.ini
2008-01-10 17:47 . 2008-01-11 16:23 1,053,735 --ahs---- C:\WINDOWS\system32\lhykxhdc.ini
2008-01-09 17:37 . 2008-01-10 17:42 1,049,761 --ahs---- C:\WINDOWS\system32\aojedhti.ini
2008-01-08 17:45 . 2008-01-09 17:35 1,055,571 --ahs---- C:\WINDOWS\system32\ajdehnib.ini
2008-01-07 17:34 . 2008-01-08 17:44 1,055,322 --ahs---- C:\WINDOWS\system32\kftnubef.ini
2008-01-06 13:22 . 2008-01-07 17:30 1,044,035 --ahs---- C:\WINDOWS\system32\mkxfjoel.ini
2008-01-05 13:29 . 2008-01-06 13:10 1,043,878 --ahs---- C:\WINDOWS\system32\epvforwe.ini
2008-01-02 19:18 . 2008-01-27 21:36 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-02 19:18 . 2008-01-02 19:18 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-02 10:33 . 2008-01-03 10:54 1,038,656 --ahs---- C:\WINDOWS\system32\adygylmo.ini
2008-01-01 19:19 . 2007-03-06 13:24 55,296 --a------ C:\WINDOWS\system32\drivers\rp_skt32.sys
2008-01-01 19:18 . 2008-01-01 19:18 <DIR> d-------- C:\Program Files\Common Files\Authentium
2008-01-01 19:18 . 2007-04-19 11:24 48,384 --a------ C:\WINDOWS\system32\drivers\rp_pkt32.sys
2008-01-01 19:17 . 2008-01-01 19:17 <DIR> d-------- C:\Program Files\Raxco
2008-01-01 19:17 . 2008-01-01 19:25 <DIR> d-------- C:\Program Files\Common Files\Scanner
2008-01-01 19:17 . 2008-01-01 19:17 <DIR> d-------- C:\Program Files\CA
2008-01-01 19:15 . 2008-01-01 19:16 <DIR> d-------- C:\Program Files\AT&T
2008-01-01 18:53 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-12-31 23:11 . 2007-12-31 23:11 <DIR> d-------- C:\qrnt
2007-12-31 23:11 . 2007-12-31 23:11 <DIR> d-------- C:\CA
2007-12-31 08:42 . 2007-12-31 19:17 1,031,355 --ahs---- C:\WINDOWS\system32\naedjoaw.ini
2007-12-29 09:18 . 2007-12-30 14:11 77,891 --a------ C:\WINDOWS\system32\USRmlnkA .exe
2007-12-29 08:21 . 2007-12-30 19:36 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2007-12-29 08:18 . 2007-12-29 08:18 <DIR> d-------- C:\Program Files\ATT
2007-12-29 06:56 . 2007-12-29 06:56 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2007-12-29 06:56 . 2007-12-29 06:56 <DIR> d-------- C:\Temp\cEeer12
2007-12-29 06:56 . 2007-12-29 06:56 134 --a------ C:\n.bat
2007-12-28 11:41 . 2007-12-28 11:41 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-27 13:58 --------- d-----w C:\Program Files\HiJack This
2008-01-24 00:39 --------- d-----w C:\Program Files\Windows Installer Clean Up
2008-01-03 01:17 --------- d-----w C:\Program Files\iTunes
2008-01-03 01:16 --------- d-----w C:\Program Files\iPod
2008-01-03 01:13 --------- d-----w C:\Program Files\QuickTime
2008-01-02 01:14 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-30 21:49 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2007-12-29 03:57 --------- d-----w C:\Program Files\Yahoo!
2007-12-26 13:52 --------- d-----w C:\Program Files\AC3Filter
2007-12-26 13:18 --------- d-----w C:\Program Files\ahead
2007-12-26 13:13 --------- d-----w C:\Program Files\Common Files\Nero
2007-12-25 13:16 --------- d-----w C:\Program Files\Common Files\Voyetra
2007-12-22 15:22 --------- d-----w C:\Program Files\Canon
2007-12-22 15:18 --------- d-----w C:\Program Files\Common Files\NewSoft
2007-12-22 15:17 --------- d-----w C:\Program Files\Common Files\ScanSoft Shared
2007-12-22 15:17 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-22 15:16 --------- d-----w C:\Program Files\ScanSoft
2007-12-22 15:15 --------- d-----w C:\Program Files\Common Files\CANON
2007-12-22 15:11 --------- d--h--w C:\Program Files\CanonBJ
2007-12-20 10:54 --------- d-----w C:\Program Files\OfficeUpdate11
2007-12-20 10:54 --------- d-----w C:\Program Files\MP3Downloading
2007-12-20 10:54 --------- d-----w C:\Program Files\Microsoft AntiSpyware
2007-12-20 10:54 --------- d-----w C:\Program Files\Hewlett-Packard
2007-12-20 10:53 --------- d-----w C:\Program Files\Lexmark Fax Solutions
2007-12-20 10:53 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-12-20 10:53 --------- d-----w C:\Program Files\Apple Software Update
2007-12-20 10:53 --------- d-----w C:\Program Files\androidnews
2007-12-20 10:53 --------- d-----w C:\Program Files\Amazing DVD Player
2007-12-13 02:11 32,123 ----a-w C:\WINDOWS\PaperPortSave.reg
2007-12-13 02:11 --------- d-----w C:\Program Files\TweakNow RegCleaner Std
2007-12-13 02:09 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-13 01:56 --------- d-----w C:\Program Files\ATI Technologies
2007-12-12 11:42 --------- d-----w C:\Program Files\PrimaScan
2007-12-12 11:42 --------- d-----w C:\Program Files\Common Files\Panasonic
2007-11-24 18:28 654,920 ----a-w C:\mtinst.exe
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2004-12-16 18:50 8,273 ----a-w C:\Program Files\snylcd55.cat
2004-12-12 18:38 2,824 ----a-w C:\Program Files\HS75P_65.icm
2004-12-12 18:36 2,824 ----a-w C:\Program Files\HS75P_93.icm
2004-12-10 02:49 1,636 ----a-w C:\Program Files\SnyLCD55.inf
2004-05-19 15:16 20,854 ----a-w C:\Program Files\README-E.RTF
2007-08-24 03:14 21,382,176 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-24 03:14 980,000 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
.
- Code: Select all
<pre>
----a-w 39,792 2007-12-31 01:36:39 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 45,056 2007-12-31 01:36:40 C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
----a-w 368,706 2007-12-30 20:11:35 C:\Program Files\BroadJump\Client Foundation\CFD .exe
----a-w 1,603,152 2007-12-31 01:36:47 C:\Program Files\Canon\MyPrinter\BJMyPrt .exe
----a-w 644,696 2007-12-31 01:36:45 C:\Program Files\Canon\SolutionMenu\CNSLMAIN .exe
----a-w 65,536 2007-12-30 21:49:44 C:\Program Files\Common Files\Roxio Shared\System\EngUtil .exe
----a-w 210,472 2007-12-31 01:36:42 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdupdate .exe
----a-w 267,064 2007-12-31 01:36:40 C:\Program Files\iTunes\iTunesHelper .exe
----a-w 132,496 2007-12-30 21:49:45 C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
----a-w 217,088 2007-12-30 21:49:45 C:\Program Files\Microsoft IntelliPoint\point32 .exe
----a-w 40,960 2007-12-30 21:49:44 C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart .exe
----a-w 57,344 2007-12-31 01:36:45 C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor .exe
----a-w 286,720 2007-12-30 21:37:10 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-30 21:36:39 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-30 20:11:21 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-30 19:55:56 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-30 19:41:39 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-30 15:48:17 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-30 15:34:53 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-30 15:11:11 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-30 14:01:36 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-30 03:16:30 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-29 16:31:37 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-29 16:10:36 C:\Program Files\QuickTime\qttask .exe
----a-w 286,720 2007-12-29 15:18:31 C:\Program Files\QuickTime\qttask .exe
----a-w 79,400 2007-12-30 22:02:58 C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4 .exe
----a-w 4,670,704 2007-12-30 20:02:58 C:\Program Files\Yahoo!\Messenger\YahooMessenger .exe
----a-w 15,360 2007-12-31 01:36:44 C:\WINDOWS\system32\ctfmon .exe
----a-w 77,891 2007-12-30 20:11:38 C:\WINDOWS\system32\USRmlnkA .exe
</pre>
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW.exe"="C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 13:12 2061816]
"-FreedomNeedsReboot"="C:\Program Files\AT&T\AT&T Internet Security Suite\ZkRunOnceR.exe" [2007-06-28 16:09 13552]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-05-29 19:34 5419008]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\system32\srr
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"HydarVisionViewport"=viewport.exe
"BJCFD"=C:\Program Files\BroadJump\Client Foundation\CFD.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
"Mstask32driver"=Mstask32.exe
"USRpdA"=C:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
"Security32 Loader"=security32.exe
R0 amdagpxp;AMD NB AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\amdagpxp.sys [2001-12-11 14:52]
R2 ppsio2;PPDevice;C:\WINDOWS\system32\drivers\ppsio2.sys [1999-04-01 18:16]
R3 MN130;Microsoft(R) PCI Adapter MN-130;C:\WINDOWS\system32\DRIVERS\MN130-51.sys [2002-05-29 12:25]
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys [2001-12-15 22:42]
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys [2001-12-16 03:27]
S2 IcRecUsb;IC Recorder Driver;C:\WINDOWS\system32\Drivers\IcRecUsb.sys [2001-10-01 22:37]
S3 Amps2prt;PS/2 Port Wheel Mouse Filter Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2000-11-03 20:37]
S3 cirrus;cirrus;C:\WINDOWS\system32\DRIVERS\cirrus.sys [2001-08-17 07:57]
S3 NUVision;NUVision II Video Service;C:\WINDOWS\system32\DRIVERS\nuvvid2.sys [2001-10-28 15:34]
S3 Radialpoint Security Services;AT&T Internet Security Suite;C:\WINDOWS\system32\dllhost.exe [2004-08-04 01:56]
S3 USR7900;U.S. Robotics 10/100 PCI NIC TX;C:\WINDOWS\system32\DRIVERS\USR7900.SYS [2001-12-03 09:41]
S3 USRpdA;U.S. Robotics 56K PCI Faxmodem Driver;C:\WINDOWS\system32\DRIVERS\USRpdA.sys [2001-08-17 15:28]
S3 vtdg46xx;vtdg46xx;C:\PROGRA~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2001-12-13 18:42]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-27 21:43:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs = ????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-27 21:45:00
ComboFix-quarantined-files.txt 2008-01-28 03:44:31
.
2008-01-09 11:23:59 --- E O F ---