i have the
exact same problem however I have been able to run combofix. Here is the output file:
ComboFix 10-06-15.02 - Clivey 16/06/2010 10:37:39.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1012.544 [GMT 10:00]
Running from: c:\documents and settings\Clivey\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 100324-1] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\clivey\local settings\application data\pdpdpdul\vatqmh.exe
c:\program files\Internet Explorer\SET14.tmp
c:\program files\Internet Explorer\SET15.tmp
.
((((((((((((((((((((((((( Files Created from 2010-05-16 to 2010-06-16 )))))))))))))))))))))))))))))))
.
2010-06-16 00:18 . 2010-06-16 00:18 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2010-06-16 00:10 . 2010-06-16 00:10 -------- d-----w- c:\program files\STOPzilla!
2010-06-16 00:10 . 2010-06-16 00:10 -------- d-----w- c:\program files\Common Files\iS3
2010-06-16 00:10 . 2010-06-16 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2010-06-15 12:51 . 2010-06-16 00:42 -------- d-----w- c:\documents and settings\Clivey\Local Settings\Application Data\pdpdpdul
2010-06-15 12:50 . 2010-06-15 12:50 -------- d-----w- c:\windows\Sun
2010-06-13 01:20 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-02 06:21 . 2010-06-02 06:21 503808 ----a-w- c:\documents and settings\Clivey\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5d161ea7-n\msvcp71.dll
2010-06-02 06:21 . 2010-06-02 06:21 499712 ----a-w- c:\documents and settings\Clivey\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5d161ea7-n\jmc.dll
2010-06-02 06:21 . 2010-06-02 06:21 348160 ----a-w- c:\documents and settings\Clivey\Application Data\Sun\Java\Deployment\cache\6.0\46\f84c6ae-5d161ea7-n\msvcr71.dll
2010-05-17 12:00 . 2010-05-17 12:00 286720 ----a-w- c:\windows\iun506.exe
2010-05-17 12:00 . 2010-05-17 13:02 -------- d-----w- C:\Bridge Base Online
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-16 00:37 . 2010-06-16 00:33 1504 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-05-13 11:00 . 2010-05-13 11:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-05-13 11:00 . 2009-09-29 13:31 -------- d-----w- c:\program files\McAfee Security Scan
2010-05-06 10:41 . 2008-04-15 03:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2008-04-15 03:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2008-04-15 03:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-03-24 15:41 . 2010-03-24 15:41 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-24 15:40 . 2010-03-24 15:40 152576 ----a-w- c:\documents and settings\Clivey\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2010-03-21 08:03 . 2010-03-21 08:03 0 ----a-w- c:\windows\nsreg.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-29 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-03-24 149280]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Domino's Pizza ANZ VPN Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Domino's Pizza ANZ VPN Client.lnk
backup=c:\windows\pss\Domino's Pizza ANZ VPN Client.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchApp]
Alaunch [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-14 15:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ----a-w- c:\windows\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
2006-07-17 14:40 53248 ------w- c:\program files\Realtek\Audio\InstallShield\AzMixerSel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2008-05-22 07:30 425984 ----a-w- c:\acer\Empowering Technology\eRecovery\eRAgent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2008-04-15 03:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 12:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2008-04-15 03:00 59392 ----a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2008-04-15 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2008-04-15 03:00 455168 ----a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2008-05-16 06:39 16862720 ----a-w- c:\windows\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2008-04-25 01:32 1044480 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
R0 szkg5;szkg5;c:\windows\system32\drivers\SZKG.sys [7/12/2009 5:59 PM 61328]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\SZKGFS.sys [24/02/2010 3:06 PM 173328]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [13/01/2009 12:51 PM 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [13/01/2009 12:51 PM 20560]
R3 M3000Srv;Acer Crystal Eye webcam Driver;c:\windows\system32\drivers\M3000KNT.sys [5/05/2008 5:01 PM 254976]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys [7/12/2009 5:59 PM 61328]
S3 BCUMXMIDI;BCUMXMIDI;c:\windows\system32\drivers\bumxmidi.sys [12/01/2006 12:18 PM 22752]
S3 L6TPortGX;Service - Line 6 TonePort GX;c:\windows\system32\Drivers\L6TPortGX.sys --> c:\windows\system32\Drivers\L6TPortGX.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15/01/2010 10:49 PM 227232]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uInternet Connection Wizard,ShellNext = hxxp://en.au.acer.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:1034
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://au.rd.yahoo.com/customize/ycomp/defaults/su/*http://au.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: line6.net
FF - ProfilePath - c:\documents and settings\Clivey\Application Data\Mozilla\Firefox\Profiles\o9an9j44.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 1034
FF - prefs.js: network.proxy.type - 1
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_
everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_a
s_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-vjnxhcmqetcuv - c:\documents and settings\clivey\local settings\application data\pdpdpdul\vatqmh.exe
HKLM-Run-vjnxhcmqetcuv - c:\documents and settings\clivey\local settings\application data\pdpdpdul\vatqmh.exe
Notify-TPSvc - TPSvc.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-06-16 10:42
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
Completion time: 2010-06-16 10:45:06
ComboFix-quarantined-files.txt 2010-06-16 00:45
Pre-Run: 103,741,587,456 bytes free
Post-Run: 103,943,630,848 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 6B44C3EE7D1AD9C6D935254EA02EC309
any help would be great thanks
