More news... (Have you given up on me?)
ComboFix did what it could without Windows Recovery Console.... Here's the log:
ComboFix 10-03-03.09 - Terry's email 03/04/2010 10:58:14.1.1 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.802 [GMT -5:00]
Running from: c:\documents and settings\Terry's email\Desktop\Commy.exe.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Terry's email\Local Settings\Application Data\vdukqa
c:\documents and settings\Terry's email\Local Settings\Application Data\vdukqa\qejasftav.exe
C:\LOG15.tmp
C:\LOG1CB.tmp
C:\LOG2B.tmp
C:\LOG3B.tmp
C:\LOG3E.tmp
C:\LOG3F2E.tmp
C:\LOG4B64.tmp
C:\LOG96.tmp
C:\LOGA0.tmp
C:\LOGDB4.tmp
C:\LOGDEF.tmp
C:\LOGEE.tmp
C:\LOGF2.tmp
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\1104BBAB.dat
c:\program files\FunWebProducts\Shared\17CF0DCD.dat
c:\program files\FunWebProducts\Shared\17D638A3.dat
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
.
((((((((((((((((((((((((( Files Created from 2010-02-04 to 2010-03-04 )))))))))))))))))))))))))))))))
.
2010-03-04 03:35 . 2010-03-04 03:48 -------- d-----w- C:\Rooter$
2010-03-03 03:47 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-03-03 03:47 . 2009-10-06 21:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-03-03 03:47 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-03-03 03:45 . 2010-02-05 14:25 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-03-03 03:44 . 2010-03-03 03:44 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-03 03:44 . 2010-03-03 03:47 -------- d-----w- c:\program files\Spyware Doctor
2010-03-03 03:44 . 2010-03-03 03:44 -------- d-----w- c:\documents and settings\Terry's email\Application Data\PC Tools
2010-03-03 03:44 . 2010-03-03 03:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-02-24 23:24 . 2010-02-24 23:24 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-15 06:58 . 2010-02-15 06:58 -------- d-----w- c:\documents and settings\Terry's email\Local Settings\Application Data\PCHealth
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-04 14:46 . 2006-02-27 16:12 -------- d-----w- c:\program files\Symantec AntiVirus
2010-03-04 03:28 . 2008-03-26 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-03-03 04:05 . 2008-09-11 11:51 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-28 23:00 . 2007-12-12 12:20 -------- d-----w- c:\program files\Norton Security Scan
2010-02-28 12:13 . 2009-09-03 18:16 69 ----a-w- c:\documents and settings\Terry's email\jagex_runescape_preferences2.dat
2010-02-28 12:13 . 2008-07-05 10:47 41 ----a-w- c:\documents and settings\Terry's email\jagex_runescape_preferences.dat
2010-02-24 14:16 . 2009-10-03 02:24 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 12:05 . 2009-11-11 12:19 79488 ----a-w- c:\documents and settings\Terry's email\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-02-05 06:08 . 2008-04-03 23:33 -------- d-----w- c:\documents and settings\Terry's email\Application Data\U3
2010-02-04 04:34 . 2007-09-18 21:08 -------- d-----w- c:\program files\Google
2010-01-12 01:41 . 2010-01-12 01:41 -------- d-----w- c:\program files\Lame for Audacity
2010-01-12 01:08 . 2010-01-12 01:08 -------- d-----w- c:\program files\Audacity
2009-12-31 16:50 . 2002-08-29 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2002-08-29 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2006-02-27 12:49 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2002-08-29 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2002-08-29 12:00 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2002-08-29 01:04 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2002-08-29 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-10-19 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-10-19 126976]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-04-08 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-04-17 85184]
"hcsystray"="c:\program files\Kuma Games\hcsystray\hc_tray.exe" [2007-04-26 31944]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-11 342312]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-12-14 467240]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-26 734264]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-07-07 647216]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]
c:\documents and settings\Ben's\Start Menu\Programs\Startup\
hc_tray.lnk - c:\program files\Kuma Games\hcsystray\hc_tray.exe [2007-4-26 31944]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-5-15 217193]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
NETGEAR WG111T Smart Wizard.lnk - c:\program files\NETGEAR\WG111T Configuration Utility\wlan111t.exe [2007-9-14 483412]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\patriots.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Global Star Software\\Jetfighter V\\Game.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Games\\Rise of Nations\\thrones.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/2/2010 10:47 PM 207280]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/22/2009 11:23 PM 135664]
S3 ATHFMWDL;NETGEAR WG111T bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [9/14/2007 5:56 PM 43392]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [9/14/2007 5:56 PM 17149]
S3 EraserUtilDrvI9;EraserUtilDrvI9;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI9.sys [2/26/2010 8:07 PM 102448]
S3 f89fc6bd-0091-4d01-948f-8933bd9e30a2;f89fc6bd-0091-4d01-948f-8933bd9e30a2;\??\f:\cds300\cds300.dll --> f:\cds300\cds300.dll [?]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [4/17/2005 12:30 PM 124608]
.
Contents of the 'Scheduled Tasks' folder
2010-02-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-03-04 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-03-26 05:52]
2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 04:23]
2010-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-23 04:23]
2010-03-04 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
2010-02-28 c:\windows\Tasks\Norton Security Scan for Terry's email.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.yahoo.com/uSearchMigratedDefaultURL =
hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: plaxo.com\www
Handler: CDS300 - {AD43AA67-6860-4531-AC8A-0E68F9CF023E} -
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {75A6AEA3-F26E-4608-AE9B-8DA78C87576E} - hxxps://secure.footprint.net/kingsisle/static/themes/wizard101A/activex/Wizard101GameLauncher.CAB
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-xlcanaou - c:\documents and settings\Terry's email\Local Settings\Application Data\vdukqa\qejasftav.exe
HKLM-Run-xlcanaou - c:\documents and settings\Terry's email\Local Settings\Application Data\vdukqa\qejasftav.exe
AddRemove-Feudalism 2_is1 - g:\feudalism 2\Feudalism2_at\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-04 11:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2010-03-04 11:29:08
ComboFix-quarantined-files.txt 2010-03-04 16:28
Pre-Run: 43,136,094,208 bytes free
Post-Run: 44,541,526,016 bytes free
- - End Of File - - A7834A5B6DCACFA7D73C3D460908979C