i did it, here's the latest log:
ComboFix 09-02-19.01 - Adeeba 2009-02-22 18:02:12.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.3581.2540 [GMT -3:00]
Running from: c:\users\Adeeba\Desktop\ComboFix.exe
Command switches used :: c:\users\Adeeba\Desktop\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated)
FW: Norton Internet Security *disabled*
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.
2009-02-22 17:12 . 2009-02-22 17:12 <DIR> d-------- c:\users\All Users\Malwarebytes
2009-02-22 17:12 . 2009-02-22 17:12 <DIR> d-------- c:\users\Adeeba\AppData\Roaming\Malwarebytes
2009-02-22 17:12 . 2009-02-22 17:12 <DIR> d-------- c:\programdata\Malwarebytes
2009-02-22 17:12 . 2009-02-22 17:12 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-22 17:12 . 2009-02-11 10:19 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-02-22 17:12 . 2009-02-11 10:19 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-02-18 13:35 . 2009-02-18 13:46 <DIR> d-------- c:\users\Adeeba\AppData\Roaming\Dev-Cpp
2009-02-18 13:34 . 2009-02-18 13:34 <DIR> d-------- C:\Dev-Cpp
2009-02-18 10:05 . 2008-12-05 01:26 1,244,672 --a------ c:\windows\System32\mcmde.dll
2009-02-18 10:05 . 2008-12-05 01:29 428,032 --a------ c:\windows\System32\EncDec.dll
2009-02-18 10:05 . 2008-12-05 01:28 292,352 --a------ c:\windows\System32\psisdecd.dll
2009-02-18 10:05 . 2008-12-05 01:28 217,088 --a------ c:\windows\System32\psisrndr.ax
2009-02-18 10:05 . 2008-12-05 01:29 177,152 --a------ c:\windows\System32\mpg2splt.ax
2009-02-18 10:05 . 2008-12-05 01:27 80,896 --a------ c:\windows\System32\MSNP.ax
2009-02-18 10:05 . 2008-12-05 01:27 68,608 --a------ c:\windows\System32\Mpeg2Data.ax
2009-02-18 10:05 . 2008-12-05 01:27 57,856 --a------ c:\windows\System32\MSDvbNP.ax
2009-02-11 19:09 . 2009-02-11 19:09 118 --a------ c:\windows\System32\MRT.INI
2009-02-07 23:08 . 2009-02-08 01:10 <DIR> d-------- c:\windows\BDOSCAN8
2009-01-24 23:09 . 2009-02-12 20:16 <DIR> d-------- c:\users\Adeeba\random
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 20:42 --------- d-----w c:\programdata\Symantec
2009-02-22 18:46 --------- d-----w c:\programdata\Roxio
2009-02-12 06:00 --------- d-----w c:\program files\Windows Mail
2009-02-11 19:15 --------- d-----w c:\users\Adeeba\AppData\Roaming\LimeWire
2009-01-21 23:08 --------- d-----w c:\programdata\CyberLink
2009-01-15 04:16 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-08 01:39 27,934 ----a-w c:\users\All Users\nvModes.dat
2009-01-08 01:39 27,934 ----a-w c:\programdata\nvModes.dat
2009-01-06 21:35 --------- d-----w c:\users\Adeeba\AppData\Roaming\DivX
2009-01-06 21:32 --------- d-----w c:\program files\DivX
2009-01-06 21:32 --------- d-----w c:\program files\Common Files\PX Storage Engine
2009-01-06 19:23 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-01-06 19:23 124,464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-01-06 19:23 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-01-06 19:23 --------- d-----w c:\program files\Symantec
2008-12-29 16:20 --------- d-----w c:\users\Guest\AppData\Roaming\vlc
2008-12-10 19:17 174 --sha-w c:\program files\desktop.ini
2008-10-05 02:37 0 ----a-w c:\users\Adeeba\AppData\Roaming\wklnhst.dat
2008-09-04 22:00 76 --sh--r c:\windows\CT4CET.bin
.
((((((((((((((((((((((((((((( SnapShot@2009-02-22_15.59.16.77 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-22 18:55:28 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-22 21:06:22 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-02-22 18:55:28 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-22 21:06:22 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2009-02-22 18:55:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-02-22 21:06:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-02-22 18:55:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-22 21:06:12 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-02-22 18:55:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-02-22 21:06:12 16,384 --sha-w c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-02-22 18:56:53 6,076 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1626518161-2929080396-116505275-1000_UserData.bin
+ 2009-02-22 20:48:15 6,092 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1626518161-2929080396-116505275-1000_UserData.bin
- 2009-02-22 18:56:53 72,356 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-22 20:48:15 72,356 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-22 17:18:39 43,140 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-22 20:48:14 43,140 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 01:13 721408 --a------ c:\program files\Fingerprint Reader Suite\farchns.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 01:13 721408 --a------ c:\program files\Fingerprint Reader Suite\farchns.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-09-05 1232896]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"FactFinder"="c:\program files\Microsoft FactFinder\ff.exe" [2001-06-22 81920]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2008-04-09 166432]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-04-09 13515296]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-04-09 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-04-09 92704]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-05-16 3444736]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2008-10-17 51048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-19 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"MRT"="c:\windows\system32\MRT.exe" [2009-02-03 21244864]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2008-02-22 1193240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-09-04 19:12 10536 c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{7B3C4EB0-20B3-4B89-B248-E7810C130E59}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{627A842B-3E8F-4799-8213-1861B640F3D1}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{AC91ED12-8024-4F90-8F4A-C628C30B6DD7}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{0DFC109E-7369-4ADC-9E57-33354C1291D6}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{57656B01-03BC-482E-999C-C75AA8FD923B}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9FFA8897-FF49-48DC-A83A-3C507F856C54}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{3DDA4CA1-59F3-409D-B5A4-A7C6CA5D3558}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{EF8B4C7D-510D-412C-88FF-0C61E0323733}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{1020596F-1992-4F0B-BC16-78FF0BC3340F}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{E5558807-9126-4799-B51D-94498BC8F93D}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C2D15551-E4C0-49B7-B83F-8A3ACEF8DA08}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{821A94FD-6723-401C-AAE0-1059373787BC}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{602E7440-16D9-4512-A78E-980FE6A2406D}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\Symantec\DEFINI~1\SymcData\ipsdefs\20090212.002\IDSvix86.sys [2009-02-16 270384]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [2008-09-04 73728]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\Common Files\Symantec Shared\CCSVCHST.EXE [2008-10-27 149352]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-10-07 99376]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [2008-09-05 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [2008-09-05 7424]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\symndisv.sys [2008-06-13 41008]
S3 cmo_bus;Data Modem @ CDMA Composite Device driver (WDM);c:\windows\System32\drivers\cmo_bus.sys [2008-10-05 58352]
S3 cmo_mdfl;Data Modem @ CDMA Filter;c:\windows\System32\drivers\cmo_mdfl.sys [2008-10-05 8304]
S3 cmo_mdm;Data Modem @ CDMA Drivers;c:\windows\System32\drivers\cmo_mdm.sys [2008-10-05 93904]
S3 COH_Mon;COH_Mon;c:\windows\System32\drivers\COH_Mon.sys [2007-05-29 23888]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [2008-09-05 209408]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - COMHOST
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fc790409-b5e1-11dd-8c0e-002268995227}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
2009-01-19 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Adeeba.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-08-26 14:19]
2009-02-22 c:\windows\Tasks\User_Feed_Synchronization-{A17C346D-D918-4BF3-888D-B1FAD8D6E04B}.job
- c:\windows\system32\msfeedssync.exe [2006-11-02 06:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {8EAB7167-A061-4B3E-95F2-205C02AA3EA6} = 196.3.132.1 196.3.132.4
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-02-22 18:06:25
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll
- - - - - - - > 'Explorer.exe'(1952)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Microsoft FactFinder\FFMH.DLL
c:\users\Adeeba\AppData\Local\Temp\catchme.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\wlanext.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\windows\System32\stacsv.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\combofix\hidec.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\windows\ehome\ehmsas.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Fingerprint Reader Suite\psqltray.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Common Files\Nokia\MPAPI\MPAPI3s.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Dell Support Center\gs_agent\dsc.exe
c:\program files\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\combofix\Catchme.tmp
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2009-02-22 18:11:25 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-22 21:10:05
ComboFix2.txt 2009-02-22 19:01:42
Pre-Run: 78,872,215,552 bytes free
Post-Run: 78,635,069,440 bytes free
242 --- E O F --- 2009-02-18 17:31:34
thanks