Ok, my computer mysteriously decided to boot up. I ran ComboFix and here are my results.
ComboFix 08-11-18.03 - Crystal Jones 2008-12-02 21:04:17.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1692 [GMT -5:00]
Running from: c:\documents and settings\Crystal Jones\Desktop\-Combo-Fix-.exe
Command switches used :: c:\documents and settings\Crystal Jones\Desktop\CFscript.txt
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
FILE ::
c:\windows\system32\drivers\TDSSxxou.sys
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\TDSSacun.dll
c:\windows\system32\TDSSirxy.dll
c:\windows\system32\TDSSktpa.dll
c:\windows\system32\TDSSqqcn.dll
c:\windows\system32\TDSSwghd.log
c:\windows\system32\TDSSwupe.dat
c:\windows\system32\TDSSyavu.dll
.
((((((((((((((((((((((((( Files Created from 2008-11-03 to 2008-12-03 )))))))))))))))))))))))))))))))
.
2008-12-09 21:47 . 2008-09-07 13:13 1,100 --a------ c:\windows\system32\d3d8caps.dat
2008-12-09 20:49 . 2002-03-05 09:24 36,864 -ra------ c:\windows\system32\deluidrv.exe
2008-12-09 20:49 . 2002-03-05 09:24 32,768 -ra------ c:\windows\system32\usbmonit.exe
2008-12-09 20:49 . 2002-03-05 09:24 32,768 -ra------ c:\windows\system32\delentry.exe
2008-12-09 20:49 . 2002-03-05 09:24 21,064 -ra------ c:\windows\system32\drivers\geneuide.sys
2008-12-05 14:39 . 2008-12-05 14:39
d-------- c:\documents and settings\Crystal Jones\Application Data\Skunk Studios
2008-12-05 12:55 . 2008-12-05 13:25 d-------- c:\documents and settings\Crystal Jones\Application Data\BFG_JanesRealty
2008-12-02 21:03 . 2008-12-02 21:04 d-------- C:\-Combo-Fix-
2008-12-02 18:33 . 2008-12-02 18:33 d-------- c:\documents and settings\Crystal Jones\Application Data\Go-Go Gourmet Chef of the Year
2008-11-29 19:28 . 2008-11-29 19:28 d-------- c:\windows\system32\scripting
2008-11-29 19:28 . 2008-11-29 19:28 d-------- c:\windows\system32\en
2008-11-29 19:28 . 2008-11-29 19:28 d-------- c:\windows\system32\bits
2008-11-29 19:28 . 2008-11-29 19:28 d-------- c:\windows\l2schemas
2008-11-29 19:27 . 2008-11-29 19:27 d-------- c:\windows\ServicePackFiles
2008-11-29 19:21 . 2008-11-29 19:21 d-------- c:\windows\EHome
2008-11-29 19:14 . 2008-04-13 19:11 1,888,992 --------- c:\windows\system32\ati3duag.dll
2008-11-29 14:24 . 2008-11-29 14:24 d-------- c:\documents and settings\Crystal Jones\Application Data\SaveThePuppy
2008-11-25 18:37 . 2008-04-11 14:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll
2008-11-23 20:34 . 2008-11-23 20:34 d-------- c:\program files\Sun
2008-11-18 19:46 . 2008-11-18 19:46 d-------- c:\documents and settings\Crystal Jones\Application Data\PetShowCraze
2008-11-17 21:12 . 2008-11-17 21:12 d-------- c:\documents and settings\All Users\Application Data\Alawar Stargaze
2008-11-16 20:51 . 2008-11-16 20:51 d-------- c:\documents and settings\Crystal Jones\Application Data\Pogo Games
2008-11-14 19:27 . 2008-11-14 19:27 d-------- c:\documents and settings\All Users\Application Data\Fugazo
2008-11-13 19:29 . 2008-11-13 19:29 d-------- c:\documents and settings\Crystal Jones\Application Data\FirstColony
2008-11-12 07:24 . 2008-09-04 12:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-11-12 07:24 . 2008-10-24 06:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-03 01:40 90,112 ----a-w c:\windows\DUMP3a88.tmp
2008-12-03 01:37 90,112 ----a-w c:\windows\DUMP3a98.tmp
2008-12-03 01:31 90,112 ----a-w c:\windows\DUMP3ac6.tmp
2008-12-03 01:26 90,112 ----a-w c:\windows\DUMP39ad.tmp
2008-12-03 01:04 --------- d-----w c:\program files\Lavasoft
2008-12-01 02:48 295,424 ----a-w c:\windows\system32\termsrv.dll
2008-12-01 02:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-01 02:20 --------- d-----w c:\documents and settings\Crystal Jones\Application Data\Wildfire
2008-11-30 23:24 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2008-11-30 02:21 --------- d-----w c:\documents and settings\Crystal Jones\Application Data\PlayFirst
2008-11-24 02:04 --------- d-----w c:\documents and settings\Crystal Jones\Application Data\JewelMatch2
2008-11-24 01:33 --------- d-----w c:\program files\Java
2008-11-23 00:35 --------- d-----w c:\program files\Sudoku - Latin Squares
2008-11-16 16:27 --------- d-----w c:\documents and settings\Crystal Jones\Application Data\Apple Computer
2008-11-14 00:23 --------- d-----w c:\program files\bfgclient
2008-11-10 02:28 --------- d-----w c:\program files\Megaplex Madness - Now Playing
2008-11-10 02:26 --------- d-----w c:\documents and settings\Crystal Jones\Application Data\funkitron
2008-10-31 02:14 --------- d-----w c:\program files\Carrie the Caregiver
2008-10-28 01:20 --------- d-----w c:\program files\Camp Funshine - Carrie the Caregiver 3
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-23 23:46 --------- d-----w c:\documents and settings\Crystal Jones\Application Data\SecretIslandEng
2008-10-23 23:20 --------- d-----w c:\program files\The Treasures of Mystery Island
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-07 02:06 --------- d-----w c:\program files\Cooking Dash
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-10 01:14 1,307,648 ------w c:\windows\system32\msxml6.dll
2008-09-04 17:15 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-08-09 02:05 17,144 ----a-w c:\documents and settings\Crystal Jones\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((( snapshot@2008-12-02_19.44.28.62 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-03 00:42:42 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2008-12-03 01:02:32 16,384 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-12-03 00:42:42 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-12-03 01:02:32 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-12-03 00:05:51 41,144 ----a-w c:\windows\system32\perfc009.dat
+ 2008-12-03 02:03:11 41,144 ----a-w c:\windows\system32\perfc009.dat
- 2008-12-03 00:05:51 313,664 ----a-w c:\windows\system32\perfh009.dat
+ 2008-12-03 02:03:11 313,664 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-05-27 413696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-17 81920]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"EPSON Stylus Photo R300 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2F1.EXE" [2003-06-04 99840]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-10-09 2183168]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"nwiz"="nwiz.exe" [2007-11-17 c:\windows\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2007-11-17 c:\windows\system32\nvhotkey.dll]
c:\documents and settings\Crystal Jones\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-05-27 19:49 10792 c:\program files\Citrix\GoToAssist\480\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
S3 GoToAssist;GoToAssist;"c:\program files\Citrix\GoToAssist\480\g2aservice.exe" Start=service [2008-05-27 16936]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1fd5f9c0-b2ac-11dd-bc93-001d09c52f34}]
\Shell\AutoRun\command - E:\WDSetup.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{77d7ea2a-5c17-11dd-bc27-001d09c52f34}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-08-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-02 21:04:46
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TDSSserv.sys]
"imagepath"="\systemroot\system32\drivers\TDSSxxou.sys"
.
Completion time: 2008-12-02 21:09:04
ComboFix-quarantined-files.txt 2008-12-03 02:09:01
ComboFix2.txt 2008-12-03 00:46:21
Pre-Run: 125,767,335,936 bytes free
Post-Run: 125,758,599,168 bytes free
160 --- E O F --- 2008-11-12 12:36:52