here it is:
ComboFix 10-09-16.07 - slayerman1 09/17/2010 17:39:52.11.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.707 [GMT -4:00]
Running from: c:\documents and settings\slayerman1\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\slayerman1\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FILE ::
"c:\documents and settings\bratzdoll2\szPayload.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\bratzdoll2\szPayload.exe
.
((((((((((((((((((((((((( Files Created from 2010-08-17 to 2010-09-17 )))))))))))))))))))))))))))))))
.
2010-09-16 21:36 . 2010-09-16 21:36 -------- d-----w- C:\_OTL
2010-09-16 20:32 . 2010-09-16 21:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-09-14 19:48 . 2010-09-14 19:48 -------- d-sh--w- c:\documents and settings\bratzdoll2\IECompatCache
2010-09-11 14:00 . 2010-09-11 14:00 -------- d-----w- c:\program files\CPUID
2010-09-11 14:00 . 2010-09-11 14:00 -------- d-----w- c:\program files\Ask.com
2010-09-11 13:49 . 2010-09-11 13:50 -------- d-----w- c:\program files\SpeedFan
2010-09-09 23:09 . 2010-09-09 23:10 -------- d-----w- c:\program files\CPU Thermometer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-17 21:53 . 2010-09-16 21:42 6132 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-09-17 19:01 . 2006-10-14 13:17 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-09-16 21:34 . 2010-02-21 23:21 -------- d-----w- c:\documents and settings\slayerman1\Application Data\QuickScan
2010-09-16 20:27 . 2008-01-20 16:06 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-09-14 02:33 . 2010-01-21 20:36 -------- d-----w- c:\program files\firefoxnew
2010-08-01 13:41 . 2010-08-01 13:20 -------- d-----w- c:\program files\Windows Desktop Search
2010-08-01 13:25 . 2010-08-01 13:25 -------- d-----w- c:\program files\Microsoft.NET
2010-07-26 19:38 . 2003-12-09 00:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-26 19:30 . 2008-01-22 00:32 -------- d-----w- c:\documents and settings\slayerman1\Application Data\AdobeUM
2010-07-26 17:36 . 2003-11-30 22:33 87643 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2010-07-17 23:43 . 2008-09-01 16:30 560120 ----a-w- c:\documents and settings\slayerman1\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2002-09-11 14:26 . 2007-03-13 23:03 63730 ----a-w- c:\program files\viewsonicinstruct_xp.pdf
2008-12-17 21:59 . 2009-12-29 20:06 67688 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-12-17 21:59 . 2009-12-29 20:06 54368 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-12-17 21:59 . 2009-12-29 20:06 34944 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-12-17 21:59 . 2009-12-29 20:06 46712 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-12-17 21:59 . 2009-12-29 20:06 172136 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2008-01-19 22:04 . 2008-01-19 22:04 2 --shatr- c:\windows\winstart.bat
2007-07-11 14:30 . 2007-06-03 13:23 10022 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 86016]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\windows\System32\logonui.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"Norton Program Scheduler"=3 (0x3)
"NAV Auto-Protect"=3 (0x3)
"NAV Alert"=3 (0x3)
"AVG Anti-Spyware Guard"=2 (0x2)
"AliveEraseAutoComplete"=3 (0x3)
"iPod Service"=3 (0x3)
"IDriverT"=3 (0x3)
"CCALib8"=2 (0x2)
"PREVXAgent"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"Avg7Alrt"=2 (0x2)
"InCDsrvR"=2 (0x2)
"PnkBstrA"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"AntiVirScheduler"=2 (0x2)
"Adobe Version Cue CS3"=3 (0x3)
"WMDM PMSP Service"=2 (0x2)
"AntiVirSchedulerService"=2 (0x2)
"gupdate"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"2479:TCP"= 2479:TCP:Services
"5361:TCP"= 5361:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\SLAYER~2\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\SLAYER~2\LOCALS~1\Temp\ALSysIO.sys [?]
S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [1/19/2008 6:04 PM 25773]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 0037211264952713mcinstcleanup;McAfee Application Installer Cleanup (0037211264952713);c:\docume~1\SLAYER~2\LOCALS~1\Temp\003721~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\SLAYER~2\LOCALS~1\Temp\003721~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/24/2010 9:20 PM 135336]
S4 gupdate;Google Update Service (gupdate); [x]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/7/2009 10:57 AM 24652]
--- Other Services/Drivers In Memory ---
*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder
2010-09-11 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 20:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\slayerman1\Application Data\Mozilla\Firefox\Profiles\cgdiyq3b.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.dslreports.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, »
www.gmer.netRootkit scan 2010-09-17 17:49
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(188)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Easy Media Creator 7\Drag to Disc\Shellex.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\devldr32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\UPHClean\uphclean.exe
c:\program files\Microsoft IntelliPoint\dpupdchk.exe
.
**************************************************************************
.
Completion time: 2010-09-17 17:56:47 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-17 21:56
ComboFix2.txt 2010-09-17 01:18
Pre-Run: 26,977,902,592 bytes free
Post-Run: 26,967,904,256 bytes free
- - End Of File - - E9EA681E5DC5097B899FBF7F76A02B38
·