ok, downloaded combifix to desktop.
ComboFix 07-10-03.8 - elizabeth 2007-10-03 15:38:21.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.160 [GMT 1:00]
Running from: C:\Documents and Settings\elizabeth\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\elizabeth\Desktop\cfscript
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-09-03 to 2007-10-03 )))))))))))))))))))))))))))))))
.
2007-10-02 16:07 <DIR> d-------- C:\Documents and Settings\elizabeth\Application Data\GetRightToGo
2007-10-02 09:37 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-01 16:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Real
2007-10-01 15:23 <DIR> d-------- C:\WINDOWS\ERUNT
2007-10-01 14:46 <DIR> d-------- C:\Program Files\a-squared Free
2007-10-01 14:09 <DIR> d-------- C:\Program Files\Avira
2007-10-01 14:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2007-10-01 10:52 <DIR> d-------- C:\WINDOWS\$hf_mig$
2007-09-30 20:38 <DIR> d-------- C:\Program Files\NEXON
2007-09-30 17:49 <DIR> d-------- C:\Program Files\Messenger Plus! Live
2007-09-30 17:42 <DIR> d-------- C:\Documents and Settings\elizabeth\Contacts
2007-09-30 17:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2007-09-30 17:36 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2007-09-30 17:35 <DIR> d-------- C:\Program Files\MSN Messenger
2007-09-29 14:21 <DIR> d-------- C:\Poker
2007-09-27 08:42 <DIR> d-------- C:\Documents and Settings\elizabeth\Application Data\Comodo
2007-09-27 08:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-09-27 08:39 <DIR> d-------- C:\Program Files\Comodo
2007-09-26 22:51 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-09-26 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-26 21:26 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-09-26 21:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-09-26 20:37 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-09-26 07:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2007-09-25 20:15 <DIR> d-------- C:\WINDOWS\system32\bits
2007-09-25 20:13 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2007-09-25 20:10 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2007-09-24 18:42 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-09-24 16:51 <DIR> d-------- C:\Program Files\Windows Live
2007-09-24 16:45 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-24 16:45 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-09-24 16:42 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-09-24 16:32 58,776 --a------ C:\WINDOWS\system32\ijjiPlugin2.dll
2007-09-24 16:31 692,224 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2007-09-24 16:31 <DIR> d-------- C:\Program Files\NHN USA
2007-09-24 16:25 3,580 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-09-24 16:18 <DIR> d-------- C:\ijji
2007-09-24 16:04 <DIR> d-------- C:\Program Files\MAIET
2007-09-24 11:58 7,680 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2007-09-24 11:58 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2007-09-24 11:58 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2007-09-24 11:58 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2007-09-24 11:58 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2007-09-24 11:58 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2007-09-24 11:58 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2007-09-21 22:05 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-21 19:30 <DIR> d-------- C:\Program Files\CCleaner
2007-09-21 19:00 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-21 19:00 <DIR> d-------- C:\Documents and Settings\elizabeth\Application Data\Symantec
2007-09-21 18:36 <DIR> d-------- C:\Program Files\Motive
2007-09-21 18:36 <DIR> d-------- C:\Program Files\BT Broadband Desktop Help
2007-09-21 18:35 <DIR> d-------- C:\WINDOWS\LastGood
2007-09-21 18:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-09-21 18:13 <DIR> d-------- C:\Program Files\Symantec
2007-09-21 18:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-21 17:30 131,072 --a------ C:\WINDOWS\system32\Epcmlib.dll
2007-09-21 17:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\UDL
2007-09-21 17:29 91,648 --a------ C:\WINDOWS\system32\E_SAGSET.DLL
2007-09-21 17:29 64,000 --a------ C:\WINDOWS\system32\ECBTEG.DLL
2007-09-21 17:29 34,304 --a------ C:\WINDOWS\system32\EBPCHP.DLL
2007-09-21 17:29 31,744 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-09-21 17:29 182 --a------ C:\WINDOWS\system32\EBPPORT4.DAT
2007-09-21 17:25 <DIR> d-------- C:\Program Files\EPSON
2007-09-21 17:24 76,054 --a------ C:\WINDOWS\system32\EBPMON24.DLL
2007-09-21 17:19 24,960 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-09-21 17:19 24,960 --a------ C:\WINDOWS\system32\dllcache\usbprint.sys
2007-09-21 16:35 <DIR> d-------- C:\Program Files\Common Files\SWF Studio
2007-09-21 16:34 <DIR> d-------- C:\Program Files\dizzler
2007-09-21 16:15 <DIR> d-------- C:\Documents and Settings\elizabeth\Application Data\Motive
2007-09-21 16:05 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2007-09-21 16:03 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-09-21 15:56 <DIR> d---s---- C:\Documents and Settings\elizabeth\UserData
2007-09-21 15:33 <DIR> d-------- C:\Documents and Settings\elizabeth\Application Data\Yahoo!
2007-09-21 15:29 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2007-09-21 15:28 89,088 --a------ C:\WINDOWS\system32\ATL71.DLL
2007-09-21 15:28 84,992 --a------ C:\WINDOWS\system32\ATL70.DLL
2007-09-21 15:28 65,536 --a------ C:\WINDOWS\system32\YCRWin32.dll
2007-09-21 15:28 <DIR> d-------- C:\Program Files\Yahoo!
2007-09-21 15:28 <DIR> d-------- C:\Program Files\btbb_wcm
2007-09-21 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\yahoo!
2007-09-21 15:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Motive
2007-09-21 15:27 <DIR> d-------- C:\Program Files\BT Home Hub
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-29 19:36 --------- d-------- C:\Documents and Settings\elizabeth\Application Data\Real
2007-09-29 12:07 --------- d-------- C:\Documents and Settings\elizabeth\Application Data\MSN6
2007-09-24 16:31 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-09-21 18:36 --------- d-------- C:\Program Files\Common Files\Motive
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-02_ 9.48.52.78 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 262,144 2007-10-03 14:38:14 C:\WINDOWS\system32\config\systemprofile\ntuser.dat
----a-w 16,384 2007-10-03 12:58:22 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-03 12:58:22 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 49,152 2007-10-03 12:58:22 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
----a-w 262,144 2007-10-02 08:42:00 C:\WINDOWS\system32\config\systemprofile\ntuser.dat
----a-w 16,384 2007-10-02 06:26:40 C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
----a-w 32,768 2007-10-02 06:26:40 C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
----a-w 49,152 2007-10-02 06:26:40 C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10]
"SoundMan"="SOUNDMAN.EXE" [2003-08-15 00:34 C:\WINDOWS\SOUNDMAN.EXE]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 12:31]
"BBSetdun"="C:\Program Files\BT Voyager 105 ADSL Modem\Setdun.exe" []
"Booster"="C:\PROGRA~1\BTVOYA~1\oamSender.exe" [2003-11-18 11:40]
"DSLSTATEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe" [2007-01-25 10:19]
"DSLAGENTEXE"="C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe" [2007-01-25 10:18]
"btbb_wcm_McciTrayApp"="C:\Program Files\btbb_wcm\McciTrayApp.exe" [2006-12-07 07:59]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 16:19]
"EPSON Stylus C46 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.exe" [2004-01-13 19:00]
"btbb_McciTrayApp"="C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe" [2007-08-22 13:34]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-09-21 19:24]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-08-31 12:25]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2003-11-11 18:07]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\CPF.exe" [2007-09-27 08:39]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-06-07 14:08]
"eyeBeam SIP Client"="" []
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-09-21 18:36:16]
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe [2007-05-28 19:40:14]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BT Broadband Desktop Help.lnk - C:\Program Files\BT Broadband Desktop Help\bin\matcli.exe [2007-09-21 18:36:16]
TMMonitor.lnk - C:\Program Files\ArcSoft\TotalMedia\TMMonitor.exe [2007-05-28 19:40:14]
R0 avgntmgr;avgntmgr;C:\WINDOWS\System32\DRIVERS\avgntmgr.sys
R1 Asapi;Asapi;C:\WINDOWS\System32\drivers\Asapi.sys
R1 avgntdd;avgntdd;C:\WINDOWS\System32\DRIVERS\avgntdd.sys
R1 vcsmpdrv;vcsmpdrv;C:\WINDOWS\System32\DRIVERS\vcsmpdrv.sys
R2 VCSSecS;Virtual CD v4 Security service (SDK - Version);C:\Program Files\Virtual CD v4 SDK\system\vcssecs.exe
S3 BDA_Capture_225;USB Digital-TV receiver Driver 2.0.1.8;C:\WINDOWS\System32\Drivers\BDA_Capture_225.sys
S3 BDA_Loader_225;USB Digital-TV Receiver Firmware Loader 6.5.8.0;C:\WINDOWS\System32\Drivers\BDA_Loader_225.sys
S3 wanusb;BT Voyager 105 ADSL Modem;C:\WINDOWS\System32\DRIVERS\gwausb.sys
.
Contents of the 'Scheduled Tasks' folder
"2007-10-03 14:03:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
"2007-09-30 10:07:21 C:\WINDOWS\Tasks\HDReg.job"
- c:\Apps\HDReg\HDRegRem.exe
"2007-05-24 15:04:29 C:\WINDOWS\Tasks\Registration reminder 1.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2007-05-24 15:04:29 C:\WINDOWS\Tasks\Registration reminder 2.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
"2007-05-24 15:04:29 C:\WINDOWS\Tasks\Registration reminder 3.job"
- C:\WINDOWS\System32\OOBE\oobebaln.exe
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-10-03 15:41:08
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-03 15:42:13
C:\ComboFix-quarantined-files.txt ... 2007-10-03 15:41
C:\ComboFix2.txt ... 2007-10-02 20:28
C:\ComboFix3.txt ... 2007-10-02 09:49
.
--- E O F ---