Here is the COMBOFIX.exe log:
"Compaq_Owner" - 2007-07-25 8:01:20 - ComboFix 07-07-23.6 - Service Pack 2 NTFS
(((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))) )))))
C:\WINDOWS\system32\ayrxngtt.dll
C:\WINDOWS\system32\prkfbnrw.dll
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.tmp
C:\WINDOWS\system32\ilkkj.bak1
C:\WINDOWS\system32\ilkkj.ini
C:\WINDOWS\system32\ilkkj.tmp
C:\WINDOWS\system32\gjjlm.bak1
C:\WINDOWS\system32\gjjlm.bak2
C:\WINDOWS\system32\gjjlm.ini
C:\WINDOWS\system32\gjjlm.ini2
C:\WINDOWS\system32\gjjlm.tmp
C:\WINDOWS\system32\kjjlm.bak1
C:\WINDOWS\system32\kjjlm.bak2
C:\WINDOWS\system32\kjjlm.ini
C:\WINDOWS\system32\kjjlm.ini2
C:\WINDOWS\system32\kjjlm.tmp
C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.ini2
C:\WINDOWS\system32\qpqss.tmp
C:\WINDOWS\system32\rrutv.bak1
C:\WINDOWS\system32\rrutv.bak2
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\rrutv.tmp
C:\WINDOWS\system32\mljjk.dll
* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Common Files\windows
C:\Program Files\Common Files\windows\request.html
C:\Program Files\winsupdater
C:\Program Files\winupdates
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\netstat.com
C:\WINDOWS\system32\ping.com
C:\WINDOWS\system32\taskkill.com
C:\WINDOWS\system32\tasklist.com
C:\WINDOWS\system32\tracert.com
((((((((((((((((((((((((( Files Created from 2007-06-25 to 2007-07-25 )))))))))))))))))))))))))))))))
2007-07-25 07:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-25 07:49 126,016 --a------ C:\WINDOWS\system32\aqqtyqfu.dll
2007-07-20 22:34 <DIR> d-------- C:\VundoFix Backups
2007-07-18 22:53 <DIR> d-------- C:\WINDOWS\network diagnostic
2007-07-17 14:57 4,332 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-17 14:56 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-17 14:56 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-17 14:56 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-16 19:26 <DIR> d-------- C:\Program Files\Vidalia
2007-07-16 19:26 <DIR> d-------- C:\Program Files\Privoxy
2007-07-16 19:26 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Vidalia
2007-07-16 19:24 <DIR> d-------- C:\Program Files\Tor
2007-07-16 19:24 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Tor
2007-07-15 16:41 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-07-13 18:11 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-07-13 18:09 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-07-13 18:09 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-07-13 17:54 <DIR> d-------- C:\Program Files\PowerISO
2007-07-06 23:16 1,480 --a------ C:\WINDOWS\mozver.dat
2007-07-06 23:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-07-06 22:57 <DIR> d-------- C:\DOCUME~1\COMPAQ~1\APPLIC~1\Talkback
2007-07-05 16:18 <DIR> d-------- C:\(Ps2) Pro Evolution Soccer 6 - PAL - ENGLISH (Online Fix With DNAS !!!)
2007-07-02 14:41 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-07-02 14:41 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
2007-07-19 01:35:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-07-17 09:27:27 -------- d-----w C:\Program Files\mIRC
2007-07-14 00:02:17 -------- d-----w C:\Program Files\Symantec
2007-07-14 00:02:09 806 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-07-14 00:02:09 8,014 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-07-13 22:36:14 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Symantec
2007-07-12 04:36:26 -------- d-----w C:\Program Files\DivX
2007-07-05 23:14:55 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\uTorrent
2007-07-04 11:59:01 -------- d-----w C:\Program Files\BitComet
2007-06-21 06:24:18 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Google
2007-06-21 06:23:53 -------- d-----w C:\Program Files\Google
2007-06-21 06:23:52 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-06-19 15:42:52 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\FileMaker
2007-06-16 04:32:13 -------- d-----w C:\Program Files\AIM6
2007-06-13 01:24:10 -------- d-----w C:\Program Files\Live_TV
2007-06-01 00:53:59 -------- d-----w C:\Program Files\ZillaTube
2007-05-29 04:55:43 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\Yahoo!
2007-05-28 05:36:29 -------- d-----w C:\DOCUME~1\COMPAQ~1\APPLIC~1\gtk-2.0
2007-05-28 05:11:39 -------- d-----w C:\Program Files\GIMP-2.0
2007-05-28 05:09:59 -------- d-----w C:\Program Files\Common Files\GTK
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:15 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-02-02 02:14:24 1,188 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\wklnhst.dat
2006-01-27 23:24:29 560 ----a-w C:\DOCUME~1\COMPAQ~1\APPLIC~1\ViewerApp.dat
2005-10-09 16:41:38 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.ex e" [2006-07-21 17:19]
"VTTimer"="VTTimer.exe" []
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 10:01]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-10-22 00:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"SiSPower"="SiSPower.dll" [2004-09-24 11:49 C:\WINDOWS\system32\SiSPower.dll]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2004-10-22 01:01]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 21:22]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwat cher.exe" [2004-10-14 23:54]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 22:02]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\I SUSPM.exe" [2004-04-17 21:41]
"IPInSightMonitor 01"="C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe" [2003-07-14 14:30]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 22:59]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 22:47 C:\WINDOWS\ALCXMNTR.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 19:06 C:\WINDOWS\AGRSMMSG.exe]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"P2kAutostart"="" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:00]
"Aim6"="" []
C:\Documents and Settings\Compaq_Owner\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Compaq Connections.lnk - C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe [2004-10-22 01:11:26]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljihfe]
mljihfe.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winuns32]
winuns32.dll
R1 AmdK8;AMD Athlon64 Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdK8.sys
R1 cdrbsdrv;cdrbsdrv;C:\WINDOWS\system32\drivers\cdrb sdrv.sys
R1 SCDEmu;SCDEmu;C:\WINDOWS\system32\drivers\SCDEmu.s ys
R1 SRTSP;SRTSP;C:\WINDOWS\system32\Drivers\SRTSP.SYS
R1 SRTSPX;SRTSPX;C:\WINDOWS\system32\Drivers\SRTSPX.S YS
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9;C:\WINDOWS\system32\DRIVERS\mdc8021x.sys
R2 WIBUKEY;WIBU-KEY Kernel Driver;C:\WINDOWS\system32\DRIVERS\Wibukey.sys
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\C:\Pro gram Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
R3 Iviaspi;IVI ASPI Shell;C:\WINDOWS\system32\drivers\iviaspi.sys
R3 Ps2;PS2;C:\WINDOWS\system32\DRIVERS\PS2.sys
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbehci.sys
R3 usbhub;USB2 Enabled Hub;C:\WINDOWS\system32\DRIVERS\usbhub.sys
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbohci.sys
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys
R3 USBSTOR;USB Mass Storage Driver;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
S3 2WIREPCP;2Wire USB;C:\WINDOWS\system32\DRIVERS\2WirePCP.sys
S3 Fax;Fax;C:\WINDOWS\system32\fxssvc.exe
S3 gbalink;GBA Link Driver (gbalink.sys);C:\WINDOWS\system32\Drivers\gbalink. sys
S3 P2k;Motorola USB Device;C:\WINDOWS\system32\DRIVERS\P2k.sys
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1);C:\WINDOWS\system32\DRIVERS\SONYPVU1.SY S
S3 SRTSPL;SRTSPL;C:\WINDOWS\system32\Drivers\SRTSPL.S YS
S3 usbaudio;USB Audio Driver (WDM);C:\WINDOWS\system32\drivers\usbaudio.sys
S3 usbccgp;Microsoft USB Generic Parent Driver;C:\WINDOWS\system32\DRIVERS\usbccgp.sys
S3 usbser;Motorola USB Modem Driver;C:\WINDOWS\system32\DRIVERS\usbser.sys
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\WINDOWS\system32\DRIVERS\usbuhci.sys
S3 viagfx;viagfx;C:\WINDOWS\system32\DRIVERS\vtmini.s ys
S3 wanatw;WAN Miniport (ATW);C:\WINDOWS\system32\DRIVERS\wanatw4.sys
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\D]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480
[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{ed1b65ec-ccd6-11db-9788-0011d8232512}]
Auto\command- pagefile.pif
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL pagefile.pif
Contents of the 'Scheduled Tasks' folder
2007-07-14 01:00:21 C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
************************************************** ************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-07-25 08:12:51
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
Completion time: 2007-07-25 8:15:06 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-25 08:14
--- E O F ---
Linear Mode
