Ok, here's the log from Combofix, I'll get the Malware log next
ComboFix 09-11-05.01 - Administrator 11/05/2009 15:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1434 [GMT -5:00]
Running from: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-2025429265-1450960922-839522115-500
c:\temp\Inet\Temporary Internet Files\SKBGM.cfg
c:\temp\Inet\Temporary Internet Files\SKBGM0.che
c:\temp\Inet\Temporary Internet Files\SKBGM1.che
c:\temp\Inet\Temporary Internet Files\SKBGM2.che
c:\temp\Inet\Temporary Internet Files\SKBGM3.che
c:\temp\Inet\Temporary Internet Files\SKBGM4.che
c:\temp\Inet\Temporary Internet Files\SKBGM5.che
c:\temp\Inet\Temporary Internet Files\SKBGM6.che
c:\temp\Inet\Temporary Internet Files\SKBGM7.che
c:\temp\Inet\Temporary Internet Files\SKBGM8.che
c:\temp\Inet\Temporary Internet Files\SKBGM9.che
----- BITS: Possible infected sites -----
hxxp://77.74.48.111
.
((((((((((((((((((((((((( Files Created from 2009-10-05 to 2009-11-05 )))))))))))))))))))))))))))))))
.
2009-11-04 02:58 . 2009-11-04 04:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-04 02:58 . 2009-11-04 03:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-04 00:12 . 2009-11-04 00:18 -------- d-----w- c:\program files\support.com
2009-11-04 00:12 . 2009-11-04 00:12 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\SupportSoft
2009-11-04 00:12 . 2009-11-04 00:12 -------- d-----w- c:\program files\Common Files\SupportSoft
2009-11-03 18:59 . 2009-10-06 23:47 3510552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-10-25 01:57 . 2009-10-25 01:57 1925024 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2009-10-25 01:57 . 2009-10-26 02:06 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-10-22 12:22 . 2009-10-06 23:47 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-10-17 12:20 . 2009-10-17 12:20 2025752 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-10-10 01:39 . 2009-10-10 01:39 126970 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\uninstall.exe
2009-10-10 01:38 . 2009-10-10 01:39 1407680 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\MoveMediaPlayerWin_071505000010.exe
2009-10-08 16:06 . 2009-10-06 23:46 1142552 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgupd.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-05 13:54 . 2009-01-20 02:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\skypePM
2009-11-04 01:31 . 2008-12-11 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-10-22 23:34 . 2009-01-20 02:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\Skype
2009-10-13 12:14 . 2007-05-19 23:32 -------- d--h--w- c:\documents and settings\Administrator\Application Data\Move Networks
2009-10-10 01:39 . 2009-08-03 21:48 4187512 ----a-w- c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
2009-09-25 21:58 . 2009-01-20 19:58 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-09-21 13:33 . 2009-04-22 16:22 -------- d-----w- c:\program files\Flickr Uploadr
2009-09-11 14:18 . 2006-05-17 11:54 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2006-05-17 11:54 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2006-05-17 11:55 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2006-05-17 11:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2006-05-17 11:54 17408 ----a-w- c:\windows\system32\corpol.dll
2009-08-26 08:00 . 2006-05-17 11:55 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-23 18:34 . 2008-12-11 13:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-23 18:34 . 2008-12-11 13:14 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-23 18:34 . 2008-12-11 13:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-17 18:46 . 2009-08-17 18:46 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2008-04-14 00:11 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\loginkey.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 18:34 11952 ----a-w- c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2008-04-14 00:12 32256 ----a-w- c:\windows\system32\tpgwlnot.dll
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup=c:\windows\pss\Microsoft Office OneNote 2003 Quick Launch.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\skcbgm.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Flickr Uploadr\\Flickr Uploadr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 FJGPNV;FJGPNV;c:\windows\system32\drivers\FJGPNV.SYS [05/17/2006 2:56 PM 10496]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [02/21/2006 5:05 PM 36352]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [09/23/2005 9:48 AM 28544]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/11/2008 8:14 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/11/2008 8:14 AM 108552]
R1 cmdGuard;cmdGuard;c:\windows\system32\drivers\cmdguard.sys [12/10/2008 10:42 PM 101776]
R1 cmdHlp;cmdHlp;c:\windows\system32\drivers\cmdhlp.sys [12/10/2008 10:42 PM 31504]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [12/11/2008 8:14 AM 908056]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [12/11/2008 8:14 AM 297752]
R2 FlashDrv;FlashDrv;c:\progra~1\Fujitsu\FlashAid\FlashDrv.sys [05/17/2006 2:56 PM 7196]
R3 Fjbtndrv;Fujitsu Button Driver;c:\windows\system32\drivers\FjBtnDrv.sys [05/17/2006 2:56 PM 17920]
R3 FUJ02E1;%FUJ02E1.DeviceDesc%;c:\windows\system32\drivers\FUJ02E1.sys [05/17/2006 2:39 PM 5632]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [05/17/2006 2:39 PM 4864]
R3 hidpen;Wacom Serial Pen HID MiniDriver;c:\windows\system32\drivers\hidpen.sys [05/17/2006 2:39 PM 31104]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [05/17/2006 2:39 PM 35968]
S3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [05/17/2006 7:31 AM 14208]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {E75386B4-C629-11DB-8338-444553544200} - hxxp://cyimg7.cyworld.com/cymusic/package/cyinstal.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\o66nfd0h.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.locorunning.com/race-series.php
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -
SharedTaskScheduler-{d9918442-cc02-4a59-bef4-fbb9c59ea853} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{5a267ced-62b7-4c04-8f0e-ec76db4c3ffb} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{e87ca22f-b05e-4055-a199-9ddc675f4ddd} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{7df4301b-b9d7-4975-9a27-356b796c32ab} - c:\windows\system32\busebayu.dll
SharedTaskScheduler-{64919a54-20dd-4c35-9247-ebb666c1ce4b} - c:\windows\system32\busebayu.dll
SSODL-hapokegik-{d9918442-cc02-4a59-bef4-fbb9c59ea853} - c:\windows\system32\busebayu.dll
SSODL-kazilokur-{5a267ced-62b7-4c04-8f0e-ec76db4c3ffb} - c:\windows\system32\busebayu.dll
SSODL-zamezakif-{e87ca22f-b05e-4055-a199-9ddc675f4ddd} - c:\windows\system32\busebayu.dll
SSODL-wineyusap-{7df4301b-b9d7-4975-9a27-356b796c32ab} - c:\windows\system32\busebayu.dll
SSODL-lezoyulam-{64919a54-20dd-4c35-9247-ebb666c1ce4b} - c:\windows\system32\busebayu.dll
Notify-WgaLogon - (no file)
AddRemove-KB923789 - c:\windows\system32\MacroMed\Flash\genuinst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-05 15:08
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3644)
c:\windows\system32\WININET.dll
c:\program files\windows journal\nbmaptip.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
c:\windows\SYSTEM32\WISPTIS.EXE
c:\windows\System32\tabbtnu.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\System32\digtizer.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\Ink\TCServer.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\o2flash.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-05 15:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-05 20:16
Pre-Run: 51,120,893,952 bytes free
Post-Run: 50,993,229,824 bytes free
- - End Of File - - 77E069C885B1A6429522B6840BD84568