Here is the combofix log.
ComboFix 07-12-31.4 - Renee 2008-01-02 11:24:11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.541 [GMT -6:00]
Running from: C:\Documents and Settings\Renee\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Renee\Application Data\inst.exe
C:\Documents and Settings\Renee\Start Menu\Programs\Internet Speed Monitor
C:\Documents and Settings\Renee\Start Menu\Programs\Internet Speed Monitor\Check Now.lnk
C:\Documents and Settings\Renee\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\Agent\MCUPDA~1 .EXE
C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\ISM
C:\Program Files\ISM\ism.exe
C:\Program Files\ISM\Uninstall.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee.com\Agent\MCUPDA~1 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~1.EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~2 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~2.EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~4 .EXE
C:\Program Files\McAfee.com\Agent\MCUPDA~4.EXE
C:\Program Files\McAfee.com\Agent\McUpdate .exe
C:\Program Files\McAfee.com\Agent\McUpdate.exe
C:\Program Files\McAfee.com\Shared\mcappins.exe
C:\Program Files\McAfee.com\VSO\mcmnhdlr.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\QdrDrive
C:\Program Files\QdrDrive\QdrDrive9.dll
C:\Program Files\QdrDrive\qdrloader.exe
C:\Program Files\QdrPack
C:\Program Files\QdrPack\dicts.gz
C:\Program Files\QdrPack\QdrPack11 .exe
C:\Program Files\QdrPack\QdrPack11.exe
C:\Program Files\QdrPack\trgts.gz
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\b122.exe
C:\WINDOWS\b148.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\mrofinu1000106.exe
C:\WINDOWS\mrofinu1188.exe
C:\WINDOWS\system32\b1
C:\WINDOWS\system32\b1\roblcidr31z.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\kdsch.exe
C:\WINDOWS\system32\lsthwwms.dll
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qrutv.ini
C:\WINDOWS\system32\qrutv.ini2
C:\WINDOWS\system32\rynpqefj.dll
C:\WINDOWS\system32\smwwhtsl.ini
C:\WINDOWS\system32\vturq.dll
C:\WINDOWS\system32\vturq.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\x.dat
C:\z.dat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CMDSERVICE
-------\LEGACY_CORE
-------\LEGACY_NETWORK_MONITOR
-------\LEGACY_NWSAPAGENT
-------\core
-------\NwSapAgent
((((((((((((((((((((((((( Files Created from 2007-12-02 to 2008-01-02 )))))))))))))))))))))))))))))))
.
2008-01-02 10:15 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 23:29 . 2008-01-01 23:29 348,160 --a------ C:\WINDOWS\system32\RCX40.tmp
2008-01-01 17:09 . 2008-01-01 17:09 35,474 --a------ C:\CpYl.exe
2008-01-01 13:33 . 2008-01-01 13:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-01 11:47 . 2008-01-01 11:47 <DIR> d-------- C:\Program Files\DVD Decrypter
2008-01-01 11:47 . 2008-01-01 11:47 <DIR> d-------- C:\Program Files\Bonjour
2008-01-01 11:30 . 2008-01-01 11:30 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-01 11:13 . 2008-01-01 11:13 <DIR> d-------- C:\Program Files\DVDFab HD Decrypter 4
2007-12-31 19:54 . 2007-12-31 19:54 348,160 --a------ C:\WINDOWS\system32\RCX3E.tmp
2007-12-30 14:48 . 2007-12-30 14:48 <DIR> d-------- C:\Program Files\RcvSystem
2007-12-28 09:29 . 2005-08-10 11:22 114,464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-12-27 16:30 . 2007-12-27 16:30 128 --a------ C:\Documents and Settings\Renee\services.exe
2007-12-27 14:27 . 2007-12-27 14:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-12-27 14:27 . 2007-12-27 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-12-27 13:37 . 2008-01-02 09:54 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-27 12:29 . 2007-12-27 12:29 <DIR> d-------- C:\Documents and Settings\Renee\Application Data\Alien Skin
2007-12-27 12:25 . 1998-10-09 10:18 296,448 --a------ C:\WINDOWS\Xenofex.ini
2007-12-27 12:24 . 2007-12-27 12:25 <DIR> d-------- C:\Program Files\Photoshop
2007-12-27 12:23 . 2007-12-27 12:23 155,136 --a------ C:\WINDOWS\~GLC0001.TMP
2007-12-27 12:23 . 2007-12-27 12:23 27,136 --a------ C:\WINDOWS\~GLH0001.TMP
2007-12-27 12:20 . 2007-12-27 12:20 155,136 --a------ C:\WINDOWS\~GLC0000.TMP
2007-12-27 12:20 . 2007-12-27 12:20 27,136 --a------ C:\WINDOWS\~GLH0000.TMP
2007-12-27 12:18 . 2007-12-27 12:18 <DIR> d-------- C:\Program Files\Alien Skin
2007-12-27 12:14 . 2007-12-27 12:14 128 --a------ C:\services.exe
2007-12-27 12:13 . 2008-01-02 10:48 1,392,640 --a------ C:\WINDOWS\system32\WLTRAY .exe
2007-12-27 11:55 . 2007-12-27 11:55 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-12-27 11:52 . 2008-01-02 10:11 389,120 --a------ C:\WINDOWS\mrofinu1000106.exe.tmp
2007-12-27 11:52 . 2007-12-27 11:52 134 --a------ C:\n.bat
2007-12-27 11:51 . 2007-12-28 13:55 <DIR> d--hs---- C:\WINDOWS\UmVuZWU
2007-12-27 11:51 . 2007-12-28 15:26 <DIR> d-------- C:\WINDOWS\system32\to9
2007-12-27 11:51 . 2007-12-27 11:51 <DIR> d-------- C:\WINDOWS\system32\dj2
2007-12-27 11:51 . 2007-12-27 12:11 <DIR> d-------- C:\WINDOWS\system32\bbc9
2007-12-27 11:51 . 2007-12-28 15:24 <DIR> d-------- C:\WINDOWS\system32\ardCo18
2007-12-27 11:51 . 2007-12-27 11:51 <DIR> d-------- C:\Temp\cEeer12
2007-12-27 11:51 . 2008-01-02 11:35 <DIR> d-------- C:\Temp
2007-12-27 11:34 . 2007-12-27 11:34 <DIR> d-------- C:\Program Files\McAfee.com
2007-12-27 11:34 . 2005-10-18 11:08 349,760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-12-27 11:34 . 2005-05-24 19:23 288,320 --a------ C:\WINDOWS\system32\mcgdmgr.dll
2007-12-23 14:51 . 2007-12-23 14:51 <DIR> d-------- C:\Documents and Settings\Renee\Application Data\ieSpell
2007-12-19 21:18 . 2008-01-02 00:25 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-19 21:18 . 2007-12-19 21:18 1,409 --a------ C:\WINDOWS\QTFont.for
2007-12-12 11:29 . 2007-12-12 11:29 <DIR> d-------- C:\Netgear
2007-12-09 11:36 . 2007-12-09 11:36 <DIR> d-------- C:\Documents and Settings\Renee\Application Data\WildTangent
2007-12-09 11:35 . 2007-12-09 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WildTangent
2007-12-05 16:32 . 2008-01-01 11:01 <DIR> d-------- C:\Documents and Settings\Renee\Application Data\Vso
2007-12-05 16:32 . 2007-12-05 16:32 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-12-05 16:32 . 2008-01-01 11:01 47,360 --a------ C:\Documents and Settings\Renee\Application Data\pcouffin.sys
2007-12-04 13:41 . 2007-12-04 13:41 671 --a------ C:\WINDOWS\eReg.dat
2007-12-04 13:34 . 2007-12-04 13:34 0 --a------ C:\WINDOWS\system32\_r_a_p_.tmp
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-02 17:34 --------- d-----w C:\Program Files\QuickTime
2008-01-01 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-01 17:47 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-29 05:17 --------- d-----w C:\Program Files\LimeWire
2007-12-28 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 06:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-27 22:35 --------- d-----w C:\Documents and Settings\Renee\Application Data\LimeWire
2007-12-27 18:43 132 ----a-w C:\Program Files\INSTALL.LOG
2007-12-23 20:44 --------- d-----w C:\Program Files\ieSpell
2007-12-22 18:00 --------- d-----w C:\Program Files\WildTangent
2007-12-22 01:09 --------- d-----w C:\Documents and Settings\Renee\Application Data\U3
2007-12-04 19:34 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-04 19:34 --------- d-----w C:\Program Files\EA Games
2007-11-25 23:25 --------- d-----w C:\Program Files\Fairies
2007-11-22 21:16 --------- d-----w C:\Program Files\DVDFab Decrypter 3
2007-11-22 13:25 --------- d-----w C:\Program Files\ICQLite
2007-11-19 23:18 --------- d-----w C:\Program Files\RCA
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-21 23:59 737,280 ----a-w C:\WINDOWS\iun6002.exe
2005-08-02 22:58 293,888 --sha-r C:\WINDOWS\UmVuZWU\command.exe
2005-07-29 22:24 472 --sha-r C:\WINDOWS\UmVuZWU\oApRtqo.vbs
.
Code:
----a-w 39,792 2008-01-02 16:48:08 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w 45,056 2008-01-02 16:48:00 C:\Program Files\ATI Technologies\ATI.ACE\cli .exe
----a-w 81,920 2008-01-02 16:41:55 C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w 221,184 2008-01-02 16:48:04 C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe
----a-w 184,320 2008-01-02 16:48:04 C:\Program Files\Dell\MediaDirect\PCMService .exe
----a-w 303,104 2008-01-02 16:47:41 C:\Program Files\McAfee.com\Agent\mcagent .exe
----a-w 184,320 2007-12-28 02:11:00 C:\Program Files\McAfee.com\Agent\McUpdate .exe
----a-w 131,072 2008-01-02 17:21:08 C:\Program Files\McAfee.com\Shared\mcappins .exe
----a-w 151,552 2008-01-02 16:51:45 C:\Program Files\McAfee.com\VSO\mcmnhdlr .exe
----a-w 163,840 2008-01-02 16:47:33 C:\Program Files\McAfee.com\VSO\mcvsshld .exe
----a-w 53,248 2008-01-02 16:47:11 C:\Program Files\McAfee.com\VSO\oasclnt .exe
----a-w 1,694,208 2008-01-02 16:48:53 C:\Program Files\Messenger\msmsgs .exe
----a-w 1,460,560 2008-01-02 16:08:55 C:\Program Files\Spybot - Search & Destroy\TeaTimer .exe
----a-w 761,947 2008-01-02 16:41:48 C:\Program Files\Synaptics\SynTP\SynTPEnh .exe
----a-w 67,584 2008-01-02 16:47:55 C:\WINDOWS\ehome\ehtray .exe
----a-w 1,392,640 2008-01-02 16:48:11 C:\WINDOWS\system32\WLTRAY .exe
----a-w 122,941 2008-01-02 16:48:08 C:\WINDOWS\system32\dla\tfswctrl .exe
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 05:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [ ]
"QdrPack11"="C:\Program Files\QdrPack\QdrPack11.exe" [ ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [ ]
"Broadcom Wireless Manager UI"="C:\WINDOWS\system32\WLTRAY.exe" [ ]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 23:30 282624 C:\WINDOWS\stsystra.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [ ]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [ ]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [ ]
"PCMService"="C:\Program Files\Dell\MediaDirect\PCMService.exe" [ ]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [ ]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [ ]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [ ]
"MCUpdateExe"="C:\PROGRA~1\mcafee.com\agent\MCUPDA~1.EXE" [ ]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-01-08 20:21:56]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggecba]
hggecba.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
2006-08-03 18:51 1032192 --a------ C:\Program Files\Dell\QuickSet\quickset.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-10-11 18:25 1961984 --------- C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe -atboottime
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{032fff86-a37b-11db-bcd5-0019b9506aad}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fb9cdd76-ab39-11db-bcf0-0019b9506aad}]
\Shell\AutoRun\command - E:\setupSNK.exe
.
**************************************************************************
catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-02 11:39:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-02 11:44:15 - machine was rebooted [Renee]
C:\qoobox\ComboFix-quarantined-files.txt 2008-01-02 17:44:13
.
2007-12-12 23:01:24 --- E O F ---
Smitfraud-C and Virtumonde Please help
