Have to send it in two...
ComboFix 08-01-04.1 - Jarrod 2008-01-05 20:32:03.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.122 [GMT 11:00]
Running from: C:\Documents and Settings\Jarrod\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Jarrod\Desktop\CFscript.txt
* Created a new restore point
FILE
C:\WINDOWS\system32\atkgljcb.dat
C:\WINDOWS\system32\libeay32.dll
C:\WINDOWS\system32\libssl32.dll
C:\WINDOWS\system32\mjnshxkg.dat
C:\WINDOWS\system32\pyqv41.exe
C:\WINDOWS\system32\ujaeljov.dat
C:\WINDOWS\system32\uubesphh.dat
C:\WINDOWS\system32\zqdpepnk.dat
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\atkgljcb.dat
C:\WINDOWS\system32\libeay32.dll
C:\WINDOWS\system32\libssl32.dll
C:\WINDOWS\system32\mjnshxkg.dat
C:\WINDOWS\system32\pyqv41.exe
C:\WINDOWS\system32\ujaeljov.dat
C:\WINDOWS\system32\uubesphh.dat
C:\WINDOWS\system32\zqdpepnk.dat
.
((((((((((((((((((((((((( Files Created from 2007-12-05 to 2008-01-05 )))))))))))))))))))))))))))))))
.
2008-01-05 19:36 . 2008-01-05 19:36 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-05 19:18 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-01 16:55 . 2008-01-01 17:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-28 12:39 . 2007-12-28 12:39 <DIR> d-------- C:\Documents and Settings\Jarrod\Application Data\InstallShield
2007-12-19 13:22 . 2007-12-19 13:22 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2007-12-18 20:17 . 2007-12-18 20:17 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
2007-12-17 20:52 . 2007-12-21 10:54 <DIR> d-------- C:\Program Files\Xfire
2007-12-17 20:52 . 2007-12-23 13:25 <DIR> d-------- C:\Documents and Settings\Jarrod\Application Data\Xfire
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-05 07:35 --------- d-----w C:\Program Files\Wesnoth
2007-12-28 01:41 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-28 01:41 --------- d-----w C:\Program Files\THQ
2007-12-18 08:13 --------- d-----w C:\Program Files\Warcraft III
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-11-14 21:22 --------- d-----w C:\Documents and Settings\Dad\Application Data\HP
2007-11-14 21:22 --------- d-----w C:\Documents and Settings\Dad\Application Data\CyberLink
2007-09-26 00:09 5,767 ----a-w C:\Program Files\install.log
2005-09-24 15:49 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-22 17:54 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-04 16:58 458752]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-11 15:03 36975]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-15 06:02 7573504]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-04-18 22:29 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 16:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-07-12 00:55 102400]
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 02:11 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-19 14:33 163840]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2006-01-26 19:18 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 13:23 1187840]
"Reminder"="C:\Windows\CREATOR\Remind_XP.exe" [2006-02-09 12:52 643072]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-05 00:00 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-05 00:00 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 00:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 00:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-05 00:00 455168]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-05 00:00 79224]
"nwiz"="nwiz.exe" [2006-06-15 06:02 1519616 C:\WINDOWS\system32\nwiz.exe]
C:\Documents and Settings\Jarrod\Start Menu\Programs\Startup\
GameSpot Download Manager.lnk - C:\Program Files\GameSpot\GameSpotDownloadManager_Win32.exe [2007-09-19 09:35:40]
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2007-12-05 13:25:00]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 01:05:26]
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-09-25 03:39:30]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 15:05:56]
TabUserW.exe.lnk - C:\WINDOWS\system32\WTablet\TabUserW.exe [2007-06-20 18:23:41]
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 01:49]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-01-05 20:34:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe?
??
@?
??@?
?V?
?@?
@
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-01-05 20:34:40
ComboFix-quarantined-files.txt 2008-01-05 09:34:38
ComboFix2.txt 2008-01-05 08:29:16