Here's the update.
ComboFix 09-09-13.04 - Nate 09/13/2009 22:30.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1030 [GMT -4:00]
Running from: c:\documents and settings\Nate\Desktop\Combo-Fix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\Installer\2c7f6.msi
c:\windows\Installer\2c7fa.msi
.
((((((((((((((((((((((((( Files Created from 2009-08-14 to 2009-09-14 )))))))))))))))))))))))))))))))
.
2009-09-12 09:42 . 2009-09-12 09:42 -------- d-----w- c:\program files\Trend Micro
2009-09-10 15:31 . 2009-09-10 15:31 -------- d-----w- c:\program files\Trojan Remover
2009-09-10 15:29 . 2006-06-19 17:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2009-09-10 15:29 . 2006-05-25 19:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2009-09-10 15:29 . 2005-08-26 05:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2009-09-10 15:29 . 2003-02-03 00:06 153088 ----a-w- c:\windows\system32\unrar3.dll
2009-09-10 15:29 . 2002-03-06 05:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2009-09-10 15:29 . 2009-09-10 15:31 -------- d-----w- c:\documents and settings\Nate\Application Data\Simply Super Software
2009-09-10 15:29 . 2009-09-10 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2009-09-09 05:01 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-09-09 05:01 . 2008-10-16 18:06 208744 ----a-w- c:\windows\system32\muweb.dll
2009-09-08 20:09 . 2009-09-13 13:51 -------- d-----w- c:\documents and settings\Nate\Tracing
2009-09-08 20:08 . 2009-09-08 20:08 -------- d-----w- c:\program files\Microsoft
2009-09-08 20:07 . 2009-09-08 20:07 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-09-08 20:07 . 2009-09-08 20:08 -------- d-----w- c:\program files\Windows Live
2009-08-30 02:24 . 2009-08-30 02:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-08-30 02:14 . 2009-08-30 02:31 -------- d-----w- c:\program files\onwnvo
2009-08-23 07:25 . 2009-08-23 07:25 -------- d-----w- c:\documents and settings\Nate\Local Settings\Application Data\ESET
2009-08-23 07:16 . 2009-08-23 07:45 -------- d-----w- c:\program files\jfqilk
2009-08-18 06:09 . 2009-08-18 06:09 -------- d-----w- c:\documents and settings\Nate\Application Data\AdobeUM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-13 13:50 . 2009-07-21 22:40 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000002-00000000-00000003-00001102-00000004-10071102}.dat
2009-09-13 13:50 . 2009-07-21 22:40 384 ----a-w- c:\windows\system32\DVCState-{00000002-00000000-00000003-00001102-00000004-10071102}.dat
2009-09-13 13:41 . 2009-07-21 21:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-10 18:54 . 2009-07-21 21:46 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 18:53 . 2009-07-21 21:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-10 15:37 . 2009-07-21 21:52 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-09 06:00 . 2009-07-21 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-08 20:05 . 2009-07-21 03:23 70800 ----a-w- c:\documents and settings\Nate\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-12 17:59 . 2009-08-12 17:55 -------- d-----w- c:\documents and settings\Nate\Application Data\Ventrilo
2009-08-12 17:55 . 2009-08-12 17:55 -------- d-----w- c:\program files\Ventrilo
2009-08-12 17:54 . 2009-08-12 17:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-12 17:50 . 2009-07-21 21:44 -------- d-----w- c:\program files\Java
2009-08-08 07:51 . 2009-08-08 07:51 -------- d-----w- c:\documents and settings\Nate\Application Data\Ashampoo
2009-08-08 07:51 . 2009-08-08 07:51 -------- d-----w- c:\documents and settings\All Users\Application Data\ashampoo
2009-08-08 07:51 . 2009-08-08 07:51 -------- d-----w- c:\program files\Ashampoo
2009-08-08 00:22 . 2009-08-07 23:57 -------- d-----w- c:\documents and settings\Nate\Application Data\InfraRecorder
2009-08-05 09:01 . 2008-11-27 04:45 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-29 02:26 . 2009-07-29 02:26 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-25 09:23 . 2009-07-21 21:45 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-22 23:25 . 2009-07-22 23:24 -------- d-----w- c:\program files\EPSON
2009-07-21 23:07 . 2009-07-21 23:07 -------- d-----w- c:\program files\ESET
2009-07-21 23:07 . 2009-07-21 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-21 23:02 . 2009-07-21 21:41 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-21 22:31 . 2009-07-21 22:31 -------- d-----w- c:\program files\Intel
2009-07-21 22:20 . 2009-07-21 22:20 -------- d-----w- c:\documents and settings\Nate\Application Data\GRETECH
2009-07-21 22:09 . 2009-07-21 22:09 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-21 21:59 . 2009-07-21 21:54 -------- d-----w- c:\program files\PhotoshopPortable
2009-07-21 21:58 . 2009-07-21 21:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-07-21 21:54 . 2009-07-21 21:52 -------- d-----w- c:\program files\SpywareBlaster
2009-07-21 21:46 . 2009-07-21 21:46 -------- d-----w- c:\documents and settings\Nate\Application Data\Malwarebytes
2009-07-21 21:46 . 2009-07-21 21:46 -------- d-----w- c:\program files\Sun
2009-07-21 21:45 . 2009-07-21 21:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-21 21:45 . 2009-07-21 21:45 -------- d-----w- c:\program files\GRETECH
2009-07-21 21:42 . 2009-07-21 21:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-21 21:41 . 2009-07-21 21:41 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-07-21 21:41 . 2009-07-21 21:41 -------- d-----w- c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-07-21 21:41 . 2009-07-21 21:41 -------- d-----w- c:\program files\Common Files\InstallShield
2009-07-21 11:37 . 2009-07-21 11:37 -------- d-----w- c:\program files\Microsoft Works
2009-07-21 11:36 . 2009-07-21 11:36 -------- d-----w- c:\program files\MSBuild
2009-07-21 03:29 . 2009-07-21 03:29 0 ----a-w- c:\windows\nsreg.dat
2009-07-21 03:17 . 2009-07-21 03:17 -------- d-----w- c:\program files\microsoft frontpage
2009-07-21 03:14 . 2009-07-21 03:14 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-07-17 19:01 . 2008-11-27 04:45 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2008-11-27 04:45 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2008-11-27 04:45 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-16 14:36 . 2008-11-27 04:45 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-11-27 04:45 119808 ----a-w- c:\windows\system32\t2embed.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"Google Update"="c:\documents and settings\Nate\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-07-22 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-02-06 2021400]
"EPSON Stylus CX3800 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIACA.EXE" [2005-02-08 98304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-09-04 1069960]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"CTHelper"="CTHELPER.EXE" - c:\windows\system32\CTHELPER.EXE [2003-06-20 24576]
"AsioReg"="CTASIO.DLL" - c:\windows\system32\CTASIO.DLL [2003-06-20 118784]
"AlcxMonitor"="ALCXMNTR.EXE" - c:\windows\ALCXMNTR.EXE [2004-09-07 57344]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2/6/2009 2:24 PM 93336]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/6/2009 2:23 PM 727720]
R2 WUSB54Gv42SVC;WUSB54Gv42SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [7/21/2009 5:41 PM 53307]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt --> c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt [?]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-09-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1292428093-1606980848-1003Core.job
- c:\documents and settings\Nate\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-22 20:02]
2009-09-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-1292428093-1606980848-1003UA.job
- c:\documents and settings\Nate\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-22 20:02]
2009-09-13 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-07-23 02:18]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Nate\Application Data\Mozilla\Firefox\Profiles\2j1ak4f9.default\
FF - plugin: c:\documents and settings\Nate\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-09-13 22:38
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Home Edition\kerneld.wnt"
.
Completion time: 2009-09-14 22:39
ComboFix-quarantined-files.txt 2009-09-14 02:39
Pre-Run: 302,885,498,880 bytes free
Post-Run: 303,764,221,952 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
159 --- E O F --- 2009-09-09 06:02