| thanks for the reply...
this is the log for combofix...
ComboFix 08-07-10.1 - rak!!!!1 2008-07-11 21:42:16.1 - [color=red][b]FAT32[/b][/color]x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.451 [GMT 5.5:30]
Running from: C:\Documents and Settings\rak!!!!1.RAK!!!!\Desktop\ComboFix.exe
* Created a new restore point
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\rak!!!!1.RAK!!!!\Application Data\macromedia\Flash Player\#SharedObjects\GVP00001\iforex.com
C:\Documents and Settings\rak!!!!1.RAK!!!!\Application Data\macromedia\Flash Player\#SharedObjects\GVP00001\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\rak!!!!1.RAK!!!!\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\rak!!!!1.RAK!!!!\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\WINNT\regsvr.exe
C:\WINNT\system32\28463
C:\WINNT\system32\28463\svchost.001
C:\WINNT\system32\cbxvwWnL.dll
C:\WINNT\system32\fccawXQg.dll
C:\WINNT\system32\hgGvtRLC.dll
C:\WINNT\system32\jkkIYoLB.dll
C:\WINNT\system32\jkkLFwXN.dll
C:\WINNT\system32\regsvr.exe
C:\WINNT\system32\setting.ini
C:\WINNT\system32\setup.ini
C:\WINNT\system32\ssqQgHaB.dll
C:\WINNT\system32\svchost .exe
C:\WINNT\system32\wvUoNgeB.dll
C:\WINNT\Web\default.htt
.
((((((((((((((((((((((((( Files Created from 2008-06-11 to 2008-07-11 )))))))))))))))))))))))))))))))
.
2025-02-20 06:26 . 2003-02-28 18:26 139,536 --a------ C:\WINNT\system32\javaee.dll
2025-02-20 06:26 . 2003-02-28 18:26 46,352 --a------ C:\WINNT\setdebug.exe
2025-02-20 06:26 . 2003-02-28 16:54 7,315 --a------ C:\WINNT\system32\javasup.vxd
2025-02-20 06:26 . 2003-02-28 16:35 6,550 --a------ C:\WINNT\jautoexp.dat
2025-02-20 06:26 . 2003-02-28 16:38 113 --a------ C:\WINNT\system32\zonedon.reg
2025-02-20 06:26 . 2003-02-28 16:38 113 --a------ C:\WINNT\system32\zonedoff.reg
2025-02-19 21:59 . 2025-02-19 21:59 <DIR> d-------- C:\Program Files\Rapidown
2008-07-11 19:48 . 2008-07-11 19:48 <DIR> d--hs---- C:\FOUND.007
2008-07-11 11:02 . 2008-07-11 11:02 <DIR> d--hs---- C:\FOUND.006
2008-07-11 10:45 . 2008-07-11 10:45 <DIR> d--hs---- C:\FOUND.005
2008-07-10 22:23 . 2008-07-10 22:23 <DIR> d--hs---- C:\FOUND.004
2008-07-10 20:35 . 2008-07-10 20:35 <DIR> d-------- C:\!KillBox
2008-07-10 13:01 . 2008-07-10 13:01 <DIR> d--h----- C:\$AVG8.VAULT$
2008-07-10 12:44 . 2008-07-10 12:44 <DIR> d-------- C:\WINNT\system32\drivers\Avg
2008-07-10 12:44 . 2008-07-10 12:44 <DIR> d-------- C:\Program Files\AVG
2008-07-10 12:44 . 2008-07-10 12:44 <DIR> d-------- C:\Documents and Settings\rak!!!!1.RAK!!!!\Application Data\AVGTOOLBAR
2008-07-10 12:44 . 2008-07-10 12:44 <DIR> d-------- C:\Documents and Settings\All Users.WINNT\Application Data\avg8
2008-07-10 12:44 . 2008-07-10 12:44 96,520 --a------ C:\WINNT\system32\drivers\avgldx86.sys
2008-07-10 12:44 . 2008-07-10 12:44 74,376 --a------ C:\WINNT\system32\drivers\avgtdix.sys
2008-07-10 12:44 . 2008-07-10 12:44 12,424 --a------ C:\WINNT\system32\drivers\avgrkx86.sys
2008-07-10 12:44 . 2008-07-10 12:44 10,520 --a------ C:\WINNT\system32\avgrsstx.dll
2008-07-10 12:37 . 2008-07-10 12:37 <DIR> d--hs---- C:\FOUND.003
2008-07-10 11:39 . 2008-07-10 11:41 51,355 --a------ C:\WINNT\system32\muzika.xm
2008-07-10 10:50 . 2008-07-10 10:50 <DIR> d--hs---- C:\FOUND.002
2008-07-10 10:45 . 2008-07-10 10:45 <DIR> d-------- C:\Program Files\True Sword 4
2008-07-10 10:45 . 2008-07-10 10:45 <DIR> d-------- C:\Documents and Settings\rak!!!!1.RAK!!!!\Application Data\True Sword
2008-07-10 09:09 . 2008-07-10 09:09 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-08 17:34 . 2008-07-08 17:34 <DIR> d--hs---- C:\FOUND.001
2008-07-06 09:19 . 2008-07-06 09:19 <DIR> d-------- C:\Program Files\QuickTime
2008-07-03 08:15 . 2008-07-11 19:48 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-07-03 08:15 . 2008-07-03 08:15 1,409 --a------ C:\WINNT\QTFont.for
2008-07-02 14:34 . 2008-07-02 14:34 <DIR> d--hs---- C:\FOUND.000
2008-06-19 12:47 . 2008-06-19 12:47 22,236 --ah----- C:\WINNT\system32\mlfcache.dat
. (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2025-02-20 00:56 155,995 ----a-w C:\WINNT\java\Packages\E9J5JNB5.ZIP 2008-05-30 23:22 823,296 ----a-w C:\WINNT\system32\divx_xx0c.dll 2008-05-30 23:22 823,296 ----a-w C:\WINNT\system32\divx_xx07.dll 2008-05-30 23:22 815,104 ----a-w C:\WINNT\system32\divx_xx0a.dll 2008-05-30 23:22 802,816 ----a-w C:\WINNT\system32\divx_xx11.dll 2008-05-30 23:22 683,520 ----a-w C:\WINNT\system32\DivX.dll 2008-05-30 23:22 593,920 ----a-w C:\WINNT\system32\dpuGUI11.dll 2008-05-30 23:22 57,344 ----a-w C:\WINNT\system32\dpv11.dll 2008-05-30 23:22 53,248 ----a-w C:\WINNT\system32\dpuGUI10.dll 2008-05-30 23:22 344,064 ----a-w C:\WINNT\system32\dpus11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINNT\system32\dpu11.dll 2008-05-30 23:22 294,912 ----a-w C:\WINNT\system32\dpu10.dll 2008-05-22 22:22 524,288 ----a-w C:\WINNT\system32\DivXsm.exe 2008-05-22 22:22 3,596,288 ----a-w C:\WINNT\system32\qt-dx331.dll 2008-05-22 22:20 200,704 ----a-w C:\WINNT\system32\ssldivx.dll 2008-05-22 22:20 1,044,480 ----a-w C:\WINNT\system32\libdivx.dll 2008-05-22 22:19 81,920 ----a-w C:\WINNT\system32\dpl100.dll 2008-05-22 22:19 196,608 ----a-w C:\WINNT\system32\dtu100.dll 2008-05-22 22:19 161,096 ----a-w C:\WINNT\system32\DivXCodecVersionChecker.exe 2008-05-22 22:18 12,288 ----a-w C:\WINNT\system32\DivXWMPExtType.dll 2008-05-03 11:50 1,189 ----a-w C:\extension.reg 2008-04-11 15:40 22,512 ----a-w C:\Documents and Settings\rak!!!!1.RAK!!!!\Application Data\GDIPFONTCACHEV1.DAT 2007-10-31 08:40 200,704 ----a-w C:\Program Files\FLV PlayerFCSetup.exe 2007-10-31 08:39 3,655,488 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2007-10-31 08:32 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2007-02-16 01:45 271 --sh--w C:\Program Files\desktop.ini 2007-02-16 01:45 21,952 ---h--w C:\Program Files\folder.htt 2005-07-14 18:31 27,648 --sha-w C:\WINNT\system32\AVSredirect.dll . [code]<pre> ----a-w 623,995 2008-04-26 14:30:50 C:\Documents and Settings\rak!!!!1.RAK!!!!\My Documents\Amruth\Amruth .exe </pre>[/code]
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 21:54 1694208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-07-10 12:44 1171712]
"Synchronization Manager"="mobsync.exe" [2004-08-04 12:00 143360 C:\WINNT\system32\mobsync.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-04-25 06:23 54784 C:\WINNT\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINNT\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 06:47 443968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe" [2004-08-04 17:30 214528]
C:\Documents and Settings\rak!!!!1.RAK!!!!\Start Menu\Programs\Startup\
æTorrent.lnk - C:\Program Files\uTorrent\utorrent.exe [2006-07-02 21:59:46 219952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"= APTRRNTm.dll
"wave"= APTRRNTm.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINNT^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINNT\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINNT^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINNT\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINNT^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINNT\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alt+Q Hotkey Tool]
C:\WINNT\Alt+Q Hotkey.exe [N/A]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-04-04 03:59 165784 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DaemonTools_WhenUSave_Installer]
C:\Program Files\DaemonTools_WhenUSave_Installer\DaemonTools_WhenUSave_Installer.exe [N/A]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ans_admin.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\ls970_DP.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\lsprepostd.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitest.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\mpitestmpich.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\sxpost.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\tclsh.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\wish.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYS\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\bin\\Intel\\DANSYSMPICH\\ANSYS.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\tclsh.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\TCL\\bin\\Intel\\wish.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\catia\\Intel\\ac4catia.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\CommonFiles\\CATIAV5\\Intel\\code\\bin\\ac4catia5.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\para\\Intel\\ac4para.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\pro\\Intel\\ac4pro.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\sat\\Intel\\ac4sat.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug10\\Intel\\ansconug10.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug20\\Intel\\ansconug20.exe"=
"C:\\Program Files\\Ansys Inc\\v100\\ANSYS\\ac4\\bin\\ug30\\Intel\\ansconug30.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
R0 AvgRkx86;avgrkx86.sys;C:\WINNT\system32\Drivers\avgrkx86.sys [2008-07-10 12:44]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINNT\system32\Drivers\avgldx86.sys [2008-07-10 12:44]
R1 LUMDriver;LUMDriver;C:\WINNT\system32\drivers\LUMDriver.sys [2003-07-11 18:52]
R2 ANSYS FLEXlm license manager;ANSYS FLEXlm license manager;C:\PROGRA~1\ANSYSI~1\SHARED~1\LICENS~1\Intel\lmgrd.exe [2004-10-26 09:05]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-07-10 12:44]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-07-10 12:44]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINNT\system32\Drivers\avgtdix.sys [2008-07-10 12:44]
R2 BBDemon;Backbone Service;G:\Dassault Systemes\B16\intel_a\code\bin\CATSysDemon.exe [2005-09-06 22:11]
R2 OracleServiceXE;OracleServiceXE;g:\oracle\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE []
R2 OracleXETNSListener;OracleXETNSListener;G:\oracle\app\oracle\product\10.2.0\server\BIN\tnslsnr.exe [2006-02-02 00:49]
S3 MTK;Media Technology Kernel Driver;C:\WINNT\system32\Drivers\mtk.sys [2003-11-20 09:27]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;g:\oracle\app\oracle\product\10.2.0\server\Bin\extjob.exe XE []
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c165356-f0e3-11db-a25a-101111111111}]
\Shell\AutoRun\command - C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1e78891a-9426-11dc-882c-101111111111}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8cb304d4-4ce3-11dd-89e8-101111111111}]
\Shell\AutoRun\command - C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL regsvr.exe
\Shell\Open\command - F:\regsvr.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d26153c4-517f-11dc-877f-101111111111}]
\Shell\AutoRun\command - C:\WINNT\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL MicrosoftPowerPoint.exe
\Shell\Open \command - J:\MicrosoftPowerPoint.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{dc5d73b8-4b65-11dd-89e5-101111111111}]
\Shell\AutoRun\command - F:\System\DriveGuard\DriveProtect.exe -run
\Shell\Explore\Command - F:\System\DriveGuard\DriveProtect.exe -run
\Shell\Open\Command - F:\System\DriveGuard\DriveProtect.exe -run
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-07-05 04:35:02 C:\WINNT\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-11 14:19:04 C:\WINNT\Tasks\At1.job"
- C:\WINNT\system32\svchost
.
- - - - ORPHANS REMOVED - - - -
BHO-{BC728C13-5691-4529-A1C2-E662A9AD1C87} - C:\WINNT\system32\iifFwtrQ.dll
ShellExecuteHooks-{BC728C13-5691-4529-A1C2-E662A9AD1C87} - C:\WINNT\system32\iifFwtrQ.dll
Notify-iifFwtrQ - iifFwtrQ.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-07-11 21:43:40 Windows 5.1.2600 Service Pack 2 FAT NTAPI scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-07-11 21:44:06
ComboFix-quarantined-files.txt 2008-07-11 16:14:04
Pre-Run: 1,035,083,776 bytes free
Post-Run: 1,388,281,856 bytes free
239 --- E O F --- 2007-11-27 19:56:35
| 
|