here is the log...did this fix it? the malware seems to be gone i think?
ComboFix 09-05-30.03 - Owner 05/30/2009 20:16.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.447.148 [GMT -4:00]
Running from: c:\documents and settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt
FILE ::
"c:\documents and settings\Owner\Application Data\asd.bat"
"c:\documents and settings\Owner\Application Data\winav.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Owner\Application Data\asd.bat
c:\documents and settings\Owner\Application Data\winav.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_mrtRate
((((((((((((((((((((((((( Files Created from 2009-04-28 to 2009-05-31 )))))))))))))))))))))))))))))))
.
2009-05-30 23:07 . 2004-08-04 07:56 50176 -c--a-w c:\windows\system32\dllcache\proquota.exe
2009-05-30 23:07 . 2004-08-04 07:56 50176 ----a-w c:\windows\system32\proquota.exe
2009-05-26 01:15 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-26 01:15 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 01:15 . 2009-05-26 01:15 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-25 23:27 . 2009-05-26 01:15 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-25 03:03 . 2009-05-25 03:03 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-31 00:12 . 2004-08-15 03:57 -------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-31 00:10 . 2004-04-01 07:28 -------- d-----w c:\program files\Java
2009-04-27 01:03 . 2004-08-15 03:56 -------- d-----w c:\documents and settings\All Users\Application Data\AOL
2009-03-08 08:34 . 2004-08-24 00:32 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 08:34 . 2004-05-20 17:52 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 08:33 . 2004-05-20 17:51 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 08:33 . 2004-05-20 17:33 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 08:32 . 2004-05-20 17:50 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 08:32 . 2004-05-20 17:52 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 08:31 . 2004-05-20 17:52 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 08:31 . 2004-05-20 17:52 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 08:31 . 2004-05-20 17:52 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 08:22 . 2004-05-20 17:52 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-05-20 17:32 284160 ----a-w c:\windows\system32\pdh.dll
.
(((((((((((((((((((((((((((((
SnapShot@2009-05-30_23.11.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-09-26 23:40 . 2007-09-25 04:31 139264 c:\windows\system32\javaws.exe
- 2008-09-26 23:40 . 2008-06-10 06:32 139264 c:\windows\system32\javaws.exe
+ 2008-09-26 23:40 . 2007-09-25 03:30 135168 c:\windows\system32\javaw.exe
- 2008-09-26 23:40 . 2008-06-10 05:21 135168 c:\windows\system32\javaw.exe
+ 2008-09-26 23:40 . 2007-09-25 03:30 135168 c:\windows\system32\java.exe
- 2008-09-26 23:40 . 2008-06-10 05:21 135168 c:\windows\system32\java.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\ypager.exe" [2005-12-08 3096576]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-10-24 307200]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"KBD"="c:\hp\KBD\KBD.EXE" [2003-02-12 61440]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="c:\windows\system32\ps2.exe" [2002-10-16 81920]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb11.exe" [2004-04-06 172032]
"HostManager"="c:\program files\Common Files\AOL\1101359750\ee\AOLSoftware.exe" [2008-11-06 41264]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"vptray"="c:\progra~1\SYMANT~1\SYMANT~1\vptray.exe" [2003-05-21 90112]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2004-10-22 53248]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-24 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HostManager"=c:\program files\Common Files\AOL\1101359750\EE\AOLHostManager.exe
"AOLDialer"=c:\program files\Common Files\AOL\ACS\AOLDial.exe
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\AOL\\1101359750\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YPager.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\1101359750\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1101359750\\EE\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\AOL 9.5\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
S3 DetectAC2000;DetectAC2000;c:\windows\system32\FinePointLib\DetectAC2000.sys [12/7/2004 7:25 PM 79029]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ATWPKT2
*Deregistered* - ATWPKT2
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Norton AntiVirus Server
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - sprtsvc_ddoctorv2
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - W32Time
*Deregistered* - WANMiniportService
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder
2009-05-30 c:\windows\Tasks\HP Usg Daily FY04.job
- c:\program files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped06.exe [2004-06-07 04:53]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.facebook.com/uDefault_Search_URL =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktopmSearch Bar =
hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q304&bd=pavilion&pf=desktopmWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: &Search -
http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKman000IE: &Yahoo! Search -
file:///c:\program files\Yahoo!\Common/ycsrch.htm
IE: Add To HP Organize... - c:\progra~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Yahoo! &Dictionary -
file:///c:\program files\Yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps -
file:///c:\program files\Yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS -
file:///c:\program files\Yahoo!\Common/ycsms.htm
DPF: Microsoft XML Parser for Java -
file://c:\windows\Java\classes\xmldso.cab.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-05-30 20:22
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(380)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLacsd.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\progra~1\SYMANT~1\SYMANT~1\DefWatch.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\progra~1\SYMANT~1\SYMANT~1\Rtvscan.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\wanmpsvc.exe
c:\program files\Yahoo!\Messenger\Ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-31 20:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-31 00:29
ComboFix2.txt 2009-05-30 23:16
Pre-Run: 107,028,312,064 bytes free
Post-Run: 107,022,991,360 bytes free
200 --- E O F --- 2009-05-13 07:02