Here is the log from ComboFix ,
Can some help me.....
ComboFix 08-12-28.01 - DADS 2008-12-28 12:17:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.650 [GMT -8:00]
Running from: J:\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated)
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Matthew\Application Data\FunWebProducts
c:\documents and settings\Matthew\Application Data\FunWebProducts\Data\Matthew\avatar.dat
c:\documents and settings\Matthew\Application Data\FunWebProducts\Data\Matthew\zbucks.dat
c:\windows\Install.txt
c:\windows\system32\Cache
c:\windows\system32\ddcYpnki.dll.vir
c:\windows\system32\ddcYppoO.dll
c:\windows\system32\geBrSiIY.dll.vir
c:\windows\system32\hpfgqk.dll
c:\windows\system32\jkkLBssS.dll
c:\windows\system32\OoppYcdd.ini
c:\windows\system32\OoppYcdd.ini2
c:\windows\system32\qhpmbvws.dll.vir
c:\windows\system32\rlnvdjqw.dll
c:\windows\system32\rqRKARhh.dll
c:\windows\system32\tmp0_753803216614.bk
c:\windows\system32\uegusbbg.dll
c:\windows\system32\vcyhfika.dll
----- BITS: Possible infected sites -----
hxxp://eh914.homeip.net
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_AFINDING
-------\Legacy_AFISICX
-------\Legacy_MABIDWE
-------\Legacy_MACIDWE
-------\Legacy_NOBICYT
-------\Legacy_NOXTCYR
-------\Legacy_NOYTCYR
-------\Legacy_PERFMONS
-------\Legacy_PERFS
-------\Legacy_ROUTING
-------\Legacy_ROXTCTM
-------\Legacy_ROYTCTM
-------\Legacy_SOBICYT
-------\Legacy_SOTPECA
-------\Legacy_SOXPECA
-------\Legacy_TDXDOWKC
-------\Legacy_TDYDOWKC
-------\Legacy_WSERVING
-------\Legacy_WSLDOEKD
-------\Service_AFinding
-------\Service_perfmons
-------\Service_perfs
-------\Service_Routing
-------\Service_WServing
((((((((((((((((((((((((( Files Created from 2008-11-28 to 2008-12-28 )))))))))))))))))))))))))))))))
.
2008-12-28 12:23 . 2008-12-28 12:23 <DIR> d-------- c:\windows\LastGood
2008-12-28 12:23 . 2008-10-16 14:06 208,744 --a------ c:\windows\system32\muweb.dll
2008-12-28 09:55 . 2008-12-28 10:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-28 09:55 . 2008-12-28 12:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-27 21:56 . 2008-12-27 21:56 <DIR> d-------- c:\program files\Trojan Remover
2008-12-27 21:56 . 2008-12-27 21:56 <DIR> d-------- c:\documents and settings\DADS\Application Data\Simply Super Software
2008-12-27 21:56 . 2008-12-27 21:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-12-27 21:56 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-12-27 21:56 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-12-27 21:56 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-12-27 21:56 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-12-27 21:56 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-12-27 21:19 . 2008-12-27 21:20 <DIR> d-------- c:\program files\CCleaner
2008-12-27 16:20 . 2008-12-27 22:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-27 12:51 . 2008-12-27 12:51 132,096 --a------ c:\windows\ulugitul.dll.vir
2008-12-27 12:39 . 2008-12-27 12:39 2 --a------ C:\819263107
2008-12-27 12:38 . 2008-12-27 12:38 44,032 --a------ c:\windows\Vgofe.dll.vir
2008-12-27 12:38 . 2008-12-27 12:38 44,032 --a------ C:\iuauk.exe
2008-12-27 12:32 . 2008-12-27 12:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\CrucialSoft Ltd
2008-12-27 12:31 . 2008-12-27 12:31 <DIR> d-------- c:\documents and settings\Matthew\Application Data\Datel
2008-12-26 15:51 . 2008-12-26 15:51 <DIR> d-------- c:\documents and settings\Darren\Application Data\Sony
2008-12-26 15:14 . 2008-12-26 15:14 <DIR> d-------- c:\documents and settings\Matthew\Application Data\Sony
2008-12-26 15:14 . 2008-12-26 15:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-12-26 15:12 . 2008-12-26 15:12 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-12-26 15:10 . 2008-12-26 15:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Corporation
2008-12-23 16:39 . 2008-04-25 19:41 218,624 --a--c--- c:\windows\system32\dllcache\uxtheme.dll
2008-12-23 13:28 . 2008-12-24 06:56 <DIR> d-------- c:\documents and settings\Matthew\Application Data\PowerChallenge
2008-12-23 11:08 . 2008-10-24 03:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2008-12-23 11:06 . 2008-09-04 09:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll
2008-12-23 10:57 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-20 09:56 . 2008-12-20 09:56 <DIR> d-------- c:\program files\Apple Software Update
2008-12-14 17:31 . 2008-12-14 17:30 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-08 23:04 . 2008-12-08 23:04 <DIR> d-------- c:\program files\iTunes
2008-12-08 23:04 . 2008-12-08 23:04 <DIR> d-------- c:\program files\iPod
2008-12-08 23:04 . 2008-12-08 23:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-02 21:09 . 2008-12-02 21:09 <DIR> d-------- c:\program files\MSBuild
2008-12-02 21:08 . 2008-12-16 17:36 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-02 12:37 . 2008-12-20 19:45 <DIR> d-------- c:\documents and settings\DADS\Application Data\DVD Flick
2008-12-02 12:37 . 2004-03-09 00:00 609,824 --a------ c:\windows\system32\comctl32.ocx
2008-12-02 12:37 . 1998-06-24 00:00 164,144 --a------ c:\windows\system32\comct232.ocx
2008-12-02 12:37 . 2007-08-31 18:36 36,864 --a------ c:\windows\system32\trayicon_handler.ocx
2008-12-02 12:37 . 2008-08-31 13:27 28,672 --a------ c:\windows\system32\mousewheel.ocx
2008-11-30 20:37 . 2008-11-30 20:38 <DIR> d-------- c:\documents and settings\Darren\Contacts
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-28 06:38 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-12-27 23:56 --------- d-----w c:\documents and settings\DADS\Application Data\uTorrent
2008-12-26 23:36 --------- d-----w c:\program files\Google
2008-12-26 23:12 --------- d-----w c:\program files\Sony
2008-12-26 18:52 --------- d-----w c:\documents and settings\Darren\Application Data\PowerChallenge
2008-12-24 07:58 --------- d-----w c:\program files\Bonjour
2008-12-23 19:21 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-20 17:56 --------- d-----w c:\program files\QuickTime
2008-12-15 01:30 --------- d-----w c:\program files\Java
2008-12-09 07:04 --------- d-----w c:\program files\Common Files\Apple
2008-12-02 19:07 --------- d-----w c:\documents and settings\DADS\Application Data\Apple Computer
2008-11-12 03:50 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 03:50 --------- d-----w c:\program files\AnalyzerSoftware
2008-11-08 00:34 --------- d-----w c:\documents and settings\All Users\Application Data\Avg8
2008-11-08 00:24 --------- d-----w c:\program files\McAfee
2008-11-08 00:24 --------- d-----w c:\program files\Common Files\Cisco Systems
2008-11-08 00:24 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee
2008-11-08 00:23 --------- d-----w c:\program files\Common Files\McAfee
2008-11-02 01:09 --------- d-----w c:\program files\Common Files\Sagekey Software
2008-11-02 01:08 --------- d-----w c:\program files\Snapshot Viewer
2008-10-17 00:37 30 ----a-w c:\documents and settings\Matthew\jagex_runescape_preferences.dat
2008-01-28 19:00 56,912 ----a-w c:\documents and settings\Darren\g2mdlhlpx.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-01-24 111952]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=hpfgqk.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRegistrationService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVLibraryService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNetworkService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVRecordingEngine.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVGuideDataLoader.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVSettingsService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVTaskManagerService.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVD3DShell.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\SetupWizard.exe"=
"f:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
"c:\\Program Files\\Sony\\Station\\LaunchPad\\LaunchPad.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVNotifierService.exe"=
"c:\\Documents and Settings\\Darren\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"f:\\Azureus Downloads\\uTorrent.exe"=
"c:\\Documents and Settings\\DADS\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\SnapStream Media\\Beyond TV\\BTVPlaybackEngine.exe"=
"c:\\Documents and Settings\\Matthew\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"f:\\New Folder\\Matthew's Documents\\PSP\\MediaManager.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
S2 ConnectDaily;Connect Daily;"c:\program files\MH Software\Connect Daily\jakarta-tomcat-5.0.30-mhs\bin\tomcat5.exe" //RS//ConnectDaily []
S2 solewxte;solewxte Service;c:\windows\system32\solewxte.exe []
.
Contents of the 'Scheduled Tasks' folder
2008-12-28 c:\windows\Tasks\durjmwhl.job
- c:\windows\system32\rundll32.exe [2008-04-13 16:12]
.
- - - - ORPHANS REMOVED - - - -
BHO-{3B69DBDA-4B42-4E44-9638-389F224D1F45} - c:\windows\system32\ddcYppoO.dll
BHO-{D9327AE6-5340-42E0-AA99-2007F4D1CDA3} - c:\windows\system32\geBrSiIY.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://mytelus.com/
IE: &Search - ?p=ZJman000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - f:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: *.secure-sam.com
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
c:\windows\Downloaded Program Files\plinstll.dll - O16 -: {EAC139A9-D22D-4C29-8D1C-252BE63750F9}
hxxp://www.cooliris.com/shared/plinstll.cab
c:\windows\Downloaded Program Files\plinstll.inf
FF - ProfilePath - c:\documents and settings\DADS\Application Data\Mozilla\Firefox\Profiles\2tnflhvz.default\
FF - component: c:\documents and settings\DADS\Application Data\Mozilla\Firefox\Profiles\2tnflhvz.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
FF - user.js: yahoo.homepage.dontask - true.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-28 12:24:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
.
**************************************************************************
.
Completion time: 2008-12-28 12:26:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-12-28 20:26:24
Pre-Run: 3,051,855,872 bytes free
Post-Run: 3,546,968,064 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
243
Thanks