last part ... let me know if you need anything else ...
C:\Program Files\winantispyware 2007\sr.log
C:\Program Files\WinAntiSpyware 2007\sr.log
C:\Program Files\WinAntiSpyware 2007\Summary.dat
C:\Program Files\winantispyware 2007\Summary.dat
C:\Program Files\WinAntiSpyware 2007\support.url
C:\Program Files\winantispyware 2007\support.url
C:\Program Files\WinAntiSpyware 2007\tasks.dat
C:\Program Files\winantispyware 2007\tasks.dat
C:\Program Files\winantispyware 2007\threatnet.dat
C:\Program Files\WinAntiSpyware 2007\threatnet.dat
C:\Program Files\winantispyware 2007\threatnet.ini
C:\Program Files\WinAntiSpyware 2007\threatnet.ini
C:\Program Files\WinAntiSpyware 2007\unins000.dat
C:\Program Files\winantispyware 2007\unins000.dat
C:\Program Files\WinAntiSpyware 2007\unins000.exe
C:\Program Files\winantispyware 2007\unins000.exe
C:\Program Files\WinAntiSpyware 2007\uninstall.ico
C:\Program Files\winantispyware 2007\uninstall.ico
C:\Program Files\WinAntiSpyware 2007\UnWizard.exe
C:\Program Files\winantispyware 2007\UnWizard.exe
C:\Program Files\winantispyware 2007\unwizard.xml
C:\Program Files\WinAntiSpyware 2007\unwizard.xml
C:\Program Files\winantispyware 2007\up.dat
C:\Program Files\WinAntiSpyware 2007\up.dat
C:\Program Files\WinAntiSpyware 2007\updater.dat
C:\Program Files\winantispyware 2007\updater.dat
C:\Program Files\winantispyware 2007\was7.exe
C:\Program Files\WinAntiSpyware 2007\was7.exe
C:\Program Files\WinAntiSpyware 2007\WAS7.url
C:\Program Files\winantispyware 2007\WAS7.url
C:\Program Files\WinAntiSpyware 2007\WAS7.xml
C:\Program Files\winantispyware 2007\WAS7.xml
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\dolphi.exe
C:\Temp\fse
C:\Temp\fse\tmpZTF.log
C:\WINDOWS\bWluZ3dheQ\asappsrv.dll
C:\WINDOWS\bWluZ3dheQ\command.exe
C:\WINDOWS\hosts
C:\WINDOWS\system32\atmtd.dll.tmp
C:\WINDOWS\system32\C1
C:\WINDOWS\system32\C1\son22011.exe
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\drivers\fopn.sys
C:\WINDOWS\system32\f02WtR
C:\WINDOWS\system32\f02WtR\f02WtR1065.exe
C:\WINDOWS\system32\nnnnkjh.dll
C:\WINDOWS\SYSTEM32\rrqss.bak1
C:\WINDOWS\SYSTEM32\rrqss.ini
C:\WINDOWS\system32\ssqrr.dll
C:\WINDOWS\system32\stera.exe
C:\WINDOWS\system32\X4
C:\WINDOWS\system32\X4\mac33p.exe
C:\WINDOWS\tk58.exe
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CMDSERVICE
-------\LEGACY_FOPN
-------\LEGACY_NETWORK_MONITOR
-------\cmdService
((((((((((((((((((((((((( Files Created from 2007-08-10 to 2007-09-10 )))))))))))))))))))))))))))))))
.
2007-09-10 13:15 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-10 11:10 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-10 10:44 <DIR> d-------- C:\Program Files\CCleaner
2007-09-10 10:44 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Yahoo! Companion
2007-09-10 09:19 <DIR> d-------- C:\Program Files\Common Files\Update
2007-09-10 09:14 1,060,864 --a------ C:\WINDOWS\SYSTEM32\mfc71.dll
2007-09-10 09:09 <DIR> d--hs---- C:\WINDOWS\bWluZ3dheQ
2007-09-10 09:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\dr3
2007-09-10 09:09 <DIR> d-------- C:\Temp
2007-09-03 19:20 <DIR> d-------- C:\Program Files\iTunes
2007-09-03 19:19 <DIR> d-------- C:\Program Files\Apple Software Update
2007-09-03 19:19 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-10 10:27 --------- d-------- C:\Program Files\QuickTime
2007-09-09 00:00 --------- d-------- C:\Program Files\Full Tilt Poker
2007-09-03 19:20 --------- d-------- C:\Program Files\iPod
2007-09-03 19:19 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-08-29 19:01 --------- d--h----- C:\DOCUME~1\donghyuk\APPLIC~1\Gtek
2007-08-29 18:53 --------- d-------- C:\Program Files\TaxCut04
2007-08-29 18:51 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-08-29 18:49 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-29 18:49 --------- d-------- C:\Program Files\MUSICMATCH
2007-08-29 18:44 --------- d-------- C:\Program Files\Symantec
2007-08-29 18:44 --------- d-------- C:\DOCUME~1\donghyuk\APPLIC~1\Move Networks
2007-08-29 18:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-08-29 18:33 --------- d-------- C:\Program Files\Common Files\Real
2007-08-29 18:33 --------- d-------- C:\DOCUME~1\donghyuk\APPLIC~1\Real
2007-08-29 18:32 --------- d-------- C:\Program Files\Yahoo!
2007-08-16 08:58 --------- d-------- C:\Program Files\HollywoodPoker
2007-08-16 08:57 --------- d-------- C:\DOCUME~1\donghyuk\APPLIC~1\Aim
2007-07-17 16:55 --------- d-------- C:\Program Files\MSXML 4.0
2007-06-13 06:23 1033216 --a------ C:\WINDOWS\explorer.exe
2005-07-29 20:24:26 472 --sha-r C:\WINDOWS\bWluZ3dheQ\vq5Rtax1yk.vbs
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"PRISMSVR.EXE"="C:\WINDOWS\system32\PRISMSVR.exe" [2003-11-20 16:12]
"IAAnotif"="C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe" [2004-03-23 13:16]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-05-25 23:35]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-11 12:43]
"CTSysVol"="C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2002-10-29 10:18]
"CTDVDDet"="C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2002-09-30 02:00]
"CTHelper"="CTHELPER.EXE" [2003-02-20 17:45 C:\WINDOWS\SYSTEM32\CTHELPER.EXE]
"AsioReg"="REGSVR32.exe" [2004-08-04 06:00 C:\WINDOWS\SYSTEM32\REGSVR32.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00]
"PCMService"="C:\Program Files\Dell\Media Experience\PCMService.exe" [2004-04-11 21:15]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-03-15 02:04]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 06:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 06:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 06:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-27 20:14]
"nigoxohoz"="C:\Program Files\Windows NT\nigoxohoz22011.exe" [2007-08-07 16:30]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" []
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 02:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 01:01:50]
DESKTOP.INI [2004-08-10 14:04:12]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2004-10-11 09:02:04]
C:\DOCUME~1\donghyuk\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]
C:\DOCUME~1\mingway\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM~1\STARTM~1\Programs\Startup\
DESKTOP.INI [2004-08-10 14:04:12]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{4567AB12-B980-44A5-B259-9B09EBEA6331}"= C:\Program Files\WinAntiSpyware 2007\shellext.dll [ ]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\\WINDOWS\\system32\\ssqrr
R0 $sys$cor;$sys$cor;C:\WINDOWS\system32\Drivers\$sys$cor.sys
R1 $sys$crater;$sys$crater;\??\C:\WINDOWS\system32\$sys$filesystem\crater.sys
R2 $sys$DRMServer;Plug and Play Device Manager;C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe
R2 CD_Proxy;XCP CD Proxy;C:\WINDOWS\CDProxyServ.exe
R3 DELL_A02;Dell TrueMobile 1300 USB2.0 WLAN Card Driver;C:\WINDOWS\system32\DRIVERS\PRISMA02.sys
S3 jfdcd;jfdcd;\??\C:\DOCUME~1\donghyuk\LOCALS~1\Temp\jfdcd.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1b3f733b-4b70-11db-b0f4-00111145a175}]
AutoRun\command- F:\setupSNK.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-09 03:35:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-10-15 15:22:41 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\OOBEBALN.EXE
"2007-09-10 16:50:12 C:\WINDOWS\Tasks\Symantec NetDetect.job"
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-10 13:21:30
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$cor]
"ImagePath"="System32\Drivers\$sys$cor.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$crater]
"ImagePath"="\??\C:\WINDOWS\system32\$sys$filesystem\crater.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\$sys$DRMServer]
"ImagePath"="C:\WINDOWS\system32\$sys$filesystem\$sys$DRMServer.exe"
.
Completion time: 2007-09-10 13:22:26 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-10 13:22
.
--- E O F ---
