ComboFix 08-10-02.04 - xp user 2008-10-03 21:22:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.90 [GMT 10:00]
Running from: C:\Documents and Settings\xp user\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\xp user\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\xp user\Cookies\xp_user@ths.ten.com[2].txt
C:\WINDOWS\system32\AutoRun.inf

----- BITS: Possible infected sites -----

hxxp://ftp.hp.com
.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-09-28 20:34 . 2008-09-28 20:34 <DIR> d-------- C:\Program Files\iPod Access for Windows
2008-09-28 20:34 . 2008-09-28 20:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Findley Designs
2008-09-28 19:09 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-09-28 19:09 . 2004-08-03 23:08 25,600 --a--c--- C:\WINDOWS\system32\dllcache\usbser.sys
2008-09-28 19:05 . 2008-09-28 19:09 <DIR> d-------- C:\Documents and Settings\xp user\Application Data\PC Suite
2008-09-28 19:04 . 2008-09-28 19:09 <DIR> d-------- C:\Documents and Settings\xp user\Application Data\Nokia
2008-09-28 19:03 . 2008-09-28 19:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-09-28 18:52 . 2008-09-28 18:52 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-09-28 18:52 . 2008-09-28 18:52 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-09-28 18:51 . 2008-09-28 18:51 <DIR> d-------- C:\Program Files\DIFX
2008-09-28 18:50 . 2007-09-17 15:53 21,632 --a------ C:\WINDOWS\system32\drivers\pccsmcfd.sys
2008-09-28 18:36 . 2008-09-28 18:36 <DIR> d-------- C:\Program Files\PC Connectivity Solution
2008-09-28 18:35 . 2008-09-28 18:51 <DIR> d-------- C:\Program Files\Nokia
2008-09-28 18:35 . 2008-05-07 07:38 659,968 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-09-28 18:35 . 2008-05-07 07:38 20,864 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-09-28 18:35 . 2008-05-07 07:38 17,536 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-09-28 18:35 . 2008-05-07 07:38 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys
2008-09-28 18:35 . 2008-06-06 09:24 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-09-28 18:18 . 2008-09-28 18:18 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_C oinstaller_Critical.Wdf
2008-09-28 18:18 . 2008-09-28 18:18 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_010 05.Wdf
2008-09-28 18:03 . 2008-09-28 18:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-09-26 15:57 . 2008-09-26 15:57 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-26 15:55 . 2008-09-26 16:59 <DIR> d-------- C:\SDFix
2008-09-24 16:39 . 2008-09-24 16:39 32 --a------ C:\WINDOWS\system32\thxcfg.ini
2008-09-17 19:36 . 2008-09-17 19:37 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-09-13 10:47 . 2008-09-13 10:47 <DIR> d-------- C:\Documents and Settings\xp user\Application Data\Malwarebytes
2008-09-13 10:46 . 2008-09-13 10:52 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-13 10:46 . 2008-09-13 10:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-13 10:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-13 10:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-09-19 13:06 --------- d-----w C:\Documents and Settings\xp user\Application Data\LimeWire
2008-09-17 09:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-10 06:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-30 05:42 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-25 00:53 --------- d-----w C:\Program Files\NOS
2008-08-25 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\NOS
2008-08-24 12:35 --------- d-----w C:\Documents and Settings\xp user\Application Data\TrojanHunter
2008-08-24 11:16 --------- d-----w C:\Documents and Settings\xp user\Application Data\Apple Computer
2008-08-24 10:56 --------- d-----w C:\Program Files\TrojanHunter 5.0
2008-08-24 06:31 --------- d-----w C:\Program Files\Common Files\Adobe AIR
2008-08-24 06:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-13 12:59 --------- d-----w C:\Program Files\Google
2008-08-06 01:54 --------- d-----w C:\Program Files\Trend Micro
2008-08-05 12:30 --------- d-----w C:\Program Files\Alwil Software
2008-08-05 11:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg8
2008-08-05 08:03 --------- d-----w C:\Program Files\SFerret
2008-08-05 07:57 --------- d-----w C:\Program Files\CCleaner
2008-07-18 12:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 12:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 12:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 12:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 12:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 12:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 12:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 12:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 12:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 12:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:32 253,952 ----a-w C:\WINDOWS\system32\es.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2008-08-20 68856]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp. exe" [2008-07-20 78008]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2008-08-12 1056928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
--a------ 2008-07-10 09:47 116040 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-08-18 18:41 1832272 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-20 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswF sBlk.sys [2008-07-20 20560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\QTTask.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = Google
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 21:25:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
Completion time: 2008-10-03 21:29:57
ComboFix-quarantined-files.txt 2008-10-03 11:29:26

Pre-Run: 7,052,877,824 bytes free
Post-Run: 7,031,046,144 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Professional" /noexecute=optin /fastdetect

154 --- E O F --- 2008-09-10 12:26:48

Go to next site:
VirusTotal - Free Online Virus and Malware Scan
On top you'll find 'Browse'
Click the browse button and browse to next file:



C:\WINDOWS\system32\thxcfg.ini


Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.


If that one is to busy here is another option:


Online malware scan

And

Virus File Scanner


How is your computer behaving now?

No difference...


Antivirus Version Last Update Result
AhnLab-V3 2008.10.2.0 2008.10.01 -
AntiVir 7.8.1.34 2008.10.01 -
Authentium 5.1.0.4 2008.09.30 -
Avast 4.8.1248.0 2008.10.01 -
AVG 8.0.0.161 2008.10.01 -
BitDefender 7.2 2008.10.01 -
CAT-QuickHeal 9.50 2008.10.01 -
ClamAV 0.93.1 2008.10.01 -
DrWeb 4.44.0.09170 2008.10.01 -
eSafe 7.0.17.0 2008.10.01 -
eTrust-Vet 31.6.6119 2008.09.30 -
Ewido 4.0 2008.10.01 -
F-Prot 4.4.4.56 2008.09.30 -
F-Secure 8.0.14332.0 2008.10.01 -
Fortinet 3.113.0.0 2008.10.01 -
GData 19 2008.10.01 -
Ikarus T3.1.1.34.0 2008.10.01 -
K7AntiVirus 7.10.479 2008.10.01 -
Kaspersky 7.0.0.125 2008.10.01 -
McAfee 5395 2008.10.01 -
Microsoft 1.4005 2008.10.01 -
NOD32 3486 2008.10.01 -
Norman 5.80.02 2008.10.01 -
Panda 9.0.0.4 2008.09.30 -
PCTools 4.4.2.0 2008.10.01 -
Prevx1 V2 2008.10.01 -
Rising 20.63.62.00 2008.09.28 -
SecureWeb-Gateway 6.7.6 2008.10.01 -
Sophos 4.34.0 2008.10.01 -
Sunbelt 3.1.1675.1 2008.09.27 -
Symantec 10 2008.10.01 -
TheHacker 6.3.0.9.097 2008.10.01 -
TrendMicro 8.700.0.1004 2008.10.01 -
VBA32 3.12.8.6 2008.09.30 -
ViRobot 2008.10.1.1401 2008.10.01 -
VirusBuster 4.5.11.0 2008.10.01 -
Additional information
File size: 32 bytes
MD5...: 19135c59563b1df86725b3ae1393bea0
SHA1..: 14b8215c19321159178d1677e00a0adb54978311
SHA256: 381dfddd404625c025162a9b1c8db2aad7af7b27c2368e49dc 789f8565975726
SHA512: bddc30d9bfb0e014357b2e771013a951ad5b0824e21fca2649 1d736cf33b9e2a
55a3ba64db1fc6d8618caaa18fc5d8be3739e5e7b17f3e22e1 e6afe6d36877b6
PEiD..: -
TrID..: File type identification
Generic INI configuration (100.0%)
PEInfo: -