Here ya go:
ComboFix 10-09-21.01 - Owner 09/21/2010 22:20:33.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.540 [GMT -5:00]
Running from: c:\documents and settings\Owner.YOUR-374711EFC4\Desktop\ComboFix.exe
AV: Trend Micro AntiVirus *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\millie pullen\Application Data\Faisbu
c:\documents and settings\millie pullen\Application Data\Faisbu\peaky.kia
c:\documents and settings\millie pullen\Application Data\Faisbu\peaky.tmp
c:\documents and settings\millie pullen\Application Data\Zoodu
c:\documents and settings\millie pullen\Application Data\Zoodu\quzui.abh
c:\documents and settings\millie pullen\Local Settings\Application Data\{5F18ABE2-739D-4CC7-9D48-7A0CE5484DBD}
c:\documents and settings\millie pullen\Local Settings\Application Data\{5F18ABE2-739D-4CC7-9D48-7A0CE5484DBD}\chrome.manifest
c:\documents and settings\millie pullen\Local Settings\Application Data\{5F18ABE2-739D-4CC7-9D48-7A0CE5484DBD}\chrome\content\_cfg.js
c:\documents and settings\millie pullen\Local Settings\Application Data\{5F18ABE2-739D-4CC7-9D48-7A0CE5484DBD}\chrome\content\overlay.xul
c:\documents and settings\millie pullen\Local Settings\Application Data\{5F18ABE2-739D-4CC7-9D48-7A0CE5484DBD}\install.rdf
c:\documents and settings\NetworkService\Local Settings\Application Data\Windows Server
c:\documents and settings\Owner.YOUR-374711EFC4\Application Data\Evam
c:\documents and settings\Owner.YOUR-374711EFC4\Application Data\Evam\sibae.boe
c:\documents and settings\Owner.YOUR-374711EFC4\Application Data\Pooniw
c:\documents and settings\Owner.YOUR-374711EFC4\Application Data\Pooniw\ixpi.woz
c:\program files\Common
c:\windows\exacyzez.exe
c:\windows\ezijipyc.exe
c:\windows\hilijex.scr
c:\windows\system32\sdra64.exe
c:\windows\system32\service
c:\windows\system32\service\02052010_TIS17_SfFniAU.log
c:\windows\system32\service\02062010_TIS17_SfFniAU.log
c:\windows\system32\service\03042010_TIS17_SfFniAU.log
c:\windows\system32\service\04082010_TIS17_SfFniAU.log
c:\windows\system32\service\05032010_TIS17_SfFniAU.log
c:\windows\system32\service\05062010_TIS17_SfFniAU.log
c:\windows\system32\service\06062010_TIS17_SfFniAU.log
c:\windows\system32\service\08042010_TIS17_SfFniAU.log
c:\windows\system32\service\08062010_TIS17_SfFniAU.log
c:\windows\system32\service\08092010_TIS17_SfFniAU.log
c:\windows\system32\service\09042010_TIS17_SfFniAU.log
c:\windows\system32\service\10042010_TIS17_SfFniAU.log
c:\windows\system32\service\12042010_TIS17_SfFniAU.log
c:\windows\system32\service\12052010_TIS17_SfFniAU.log
c:\windows\system32\service\13062010_TIS17_SfFniAU.log
c:\windows\system32\service\13092010_TIS17_SfFniAU.log
c:\windows\system32\service\14042010_TIS17_SfFniAU.log
c:\windows\system32\service\15042010_TIS17_SfFniAU.log
c:\windows\system32\service\15052010_TIS17_SfFniAU.log
c:\windows\system32\service\16042010_TIS17_SfFniAU.log
c:\windows\system32\service\16052010_TIS17_SfFniAU.log
c:\windows\system32\service\16092010_TIS17_SfFniAU.log
c:\windows\system32\service\17122009_TIS17_SfFniAU.log
c:\windows\system32\service\18092010_TIS17_SfFniAU.log
c:\windows\system32\service\19042010_TIS17_SfFniAU.log
c:\windows\system32\service\19072010_TIS17_SfFniAU.log
c:\windows\system32\service\20062010_TIS17_SfFniAU.log
c:\windows\system32\service\20072010_TIS17_SfFniAU.log
c:\windows\system32\service\20092010_TIS17_SfFniAU.log
c:\windows\system32\service\21032010_TIS17_SfFniAU.log
c:\windows\system32\service\21082010_TIS17_SfFniAU.log
c:\windows\system32\service\22052010_TIS17_SfFniAU.log
c:\windows\system32\service\23042010_TIS17_SfFniAU.log
c:\windows\system32\service\23072010_TIS17_SfFniAU.log
c:\windows\system32\service\24082010_TIS17_SfFniAU.log
c:\windows\system32\service\25032010_TIS17_SfFniAU.log
c:\windows\system32\service\25042010_TIS17_SfFniAU.log
c:\windows\system32\service\26022010_TIS17_SfFniAU.log
c:\windows\system32\service\26082010_TIS17_SfFniAU.log
c:\windows\system32\service\27052010_TIS17_SfFniAU.log
c:\windows\system32\service\27072010_TIS17_SfFniAU.log
c:\windows\system32\service\29032010_TIS17_SfFniAU.log
c:\windows\system32\service\29072010_TIS17_SfFniAU.log
c:\windows\system32\service\30052010_TIS17_SfFniAU.log
c:\windows\system32\service\30072010_TIS17_SfFniAU.log
c:\windows\system32\service\31052010_TIS17_SfFniAU.log
c:\windows\system32\service\31082010_TIS17_SfFniAU.log
c:\windows\wiaserviv.log
D:\Autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_PRAGMAQQOIPUQSPM
-------\Service_PRAGMAqqoipuqspm
((((((((((((((((((((((((( Files Created from 2010-08-22 to 2010-09-22 )))))))))))))))))))))))))))))))
.
2010-09-20 15:53 . 2010-09-20 15:53 -------- dcsh--w- c:\documents and settings\Administrator\IETldCache
2010-09-18 18:54 . 2010-09-18 18:54 -------- dc----w- C:\rsit
2010-09-15 03:15 . 2010-09-15 03:15 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-09-11 16:35 . 2010-09-11 16:35 -------- dc----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-09-09 15:40 . 2010-09-09 15:48 -------- dc----w- C:\58a7b880c19c64b671
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 15:46 . 2010-01-27 03:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-15 03:15 . 2009-07-04 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-09-13 14:53 . 2006-06-20 22:07 -------- d-----w- c:\program files\Java
2010-09-12 20:52 . 2009-07-04 15:11 2060 ----a-w- c:\documents and settings\Owner.YOUR-374711EFC4\Application Data\wklnhst.dat
2010-09-11 16:45 . 2008-07-05 16:48 -------- d-----w- c:\program files\Windows Live Safety Center
2010-09-11 14:47 . 2009-11-10 02:17 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-29 19:10 . 2010-08-29 19:10 388096 ----a-r- c:\documents and settings\Owner.YOUR-374711EFC4\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-29 19:10 . 2007-04-10 23:59 -------- d-----w- c:\program files\Trend Micro
2010-08-17 13:17 . 2005-01-09 23:48 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-07-22 15:49 . 2005-01-09 23:48 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 05:57 . 2009-04-14 20:53 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-19 18:03 . 2009-12-11 02:12 59472 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-07-19 18:03 . 2009-12-11 02:12 51792 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-07-19 18:02 . 2010-01-27 02:23 163408 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-30 12:31 . 2005-01-09 23:48 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 2005-01-09 23:48 916480 ----a-w- c:\windows\system32\wininet.dll
2008-11-10 00:51 . 2008-11-10 00:51 17323 ----a-w- c:\program files\Common Files\wezyrub._dl
2008-11-10 00:51 . 2008-11-10 00:51 14094 ----a-w- c:\program files\Common Files\enetuw.sys
2008-11-10 00:51 . 2008-11-10 00:51 13004 ----a-w- c:\program files\Common Files\yquduro.inf
2008-11-10 00:51 . 2008-11-10 00:51 10462 ----a-w- c:\program files\Common Files\ubyqig._sy
.
------- Sigcheck -------
[-] 2010-02-15 19:57 . 6EB6539CEC3615B169C341A8C14A768D . 96512 . . [------] . . c:\windows\system32\drivers\atapi.sys
[7] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys
[7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys
[7] 2004-08-10 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
c:\windows\System32\drivers\beep.sys ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2010-01-26 1020248]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-09-18 7204864]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2005-08-06 04:56 64512 ----a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2006-06-20 22:01 169984 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 02:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 21:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
2005-08-12 23:16 1121792 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-09-18 15:32 7204864 ----a-w- c:\windows\system32\nvcpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
2005-09-18 15:32 1519616 ----a-w- c:\windows\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\readericon]
2005-12-10 01:44 139264 ----a-w- c:\program files\Digital Media Reader\readericon45G.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
2002-09-14 05:42 212992 ----a-w- c:\windows\SMINST\Recguard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
2006-11-02 16:21 156160 ----a-w- c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2005-09-26 22:07 90112 ----a-w- c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2007-03-14 08:43 83608 ----a-w- c:\program files\Java\jre1.6.0_01\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ATT-HSI\\McciBrowser.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [12/10/2009 9:10 PM 36368]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [12/10/2009 9:12 PM 51792]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [12/10/2009 9:12 PM 689416]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-09-22 c:\windows\Tasks\User_Feed_Synchronization-{A5A2005B-AF65-45C5-86D1-A7936723FA90}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.aol.com/uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchAssistant =
hxxp://www.google.comIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-21 22:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2360)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Trend Micro\Internet Security\SfCtlCom.exe
c:\windows\ehome\mcrdsvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\windows\system32\dllhost.exe
c:\program files\Trend Micro\BM\TMBMSRV.exe
c:\program files\Java\jre1.6.0_01\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-09-21 22:40:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-22 03:40
Pre-Run: 214,775,459,840 bytes free
Post-Run: 214,756,401,152 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - E72D2FCD50F67A8EF7063FA0BF3AC5F5