My explorer.exe keeps flashing on and off.
I ran combofix and this was the log:
ComboFix 08-05-29.1 - Joshua 2008-06-09 11:21:50.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.2044 [GMT -4:00]
Running from: C:\Users\Joshua\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Windows\System32\FeMllnnn.ini
C:\Windows\System32\FeMllnnn.ini2
C:\Windows\system32\FLTuvGgh.ini
C:\Windows\System32\FLTuvGgh.ini2
C:\Windows\system32\hgGvuTLF.dll
C:\Windows\system32\mcrh.tmp
C:\Windows\system32\nijemqtn.dll
C:\Windows\system32\nnnllMeF.dll
C:\Windows\system32\uyxfmefb.dll
.
((((((((((((((((((((((((( Files Created from 2008-05-09 to 2008-06-09 )))))))))))))))))))))))))))))))
.
2008-06-09 10:20 . 2008-06-09 10:20 54,156 --ah----- C:\Windows\QTFont.qfn
2008-06-09 10:20 . 2008-06-09 10:20 1,409 --a------ C:\Windows\QTFont.for
2008-06-09 10:17 . 2008-06-08 19:53 58,368 --a------ C:\Windows\System32\mlJCRjIA.dll
2008-06-08 19:57 . 2008-06-08 19:57 58,368 --a------ C:\Windows\System32\fcccdAPf.dll
2008-06-08 19:56 . 2002-07-07 18:14 1,294,336 --a------ C:\Windows\System32\vorbis.acm
2008-06-08 19:55 . 2008-06-08 19:55 <DIR> d-------- C:\Program Files\Outsim
2008-06-08 19:52 . 2008-06-08 19:56 <DIR> d-------- C:\Program Files\Image-Line
2008-06-08 17:22 . 2008-06-08 17:22 38,869 --a------ C:\Windows\4ORMULATOR-.ini
2008-06-08 14:28 . 2008-06-08 14:28 <DIR> d-------- C:\Program Files\FXpansion
2008-06-08 12:35 . 1998-04-30 14:56 129,024 --a------ C:\Windows\UNWISE.EXE
2008-06-08 12:34 . 2008-06-08 12:34 <DIR> d-------- C:\audio
2008-06-08 12:30 . 2008-06-08 12:30 <DIR> d-------- C:\Program Files\VstPlugins
2008-06-08 12:30 . 1997-02-01 18:10 11,910 --a------ C:\Windows\System32\Genmidi.dll
2008-06-08 12:30 . 1997-02-01 18:10 11,910 --a------ C:\Windows\Genmidi.dll
2008-06-08 12:30 . 2001-09-16 17:39 1,024 --a------ C:\b4
2008-06-08 12:15 . 2008-06-08 12:18 <DIR> d-------- C:\Users\Joshua\AppData\Roaming\Propellerhead Software
2008-06-08 12:15 . 2008-06-08 12:15 <DIR> d-------- C:\Users\All Users\Propellerhead Software
2008-06-08 12:15 . 2008-06-08 12:15 233,472 --a------ C:\Users\Joshua\AppData\Roaming\REX Shared Library.dll
2008-06-08 12:15 . 2008-06-08 12:15 225,280 --a------ C:\Users\Joshua\AppData\Roaming\Rewire.dll
2008-06-08 11:46 . 2008-06-08 12:08 <DIR> d-------- C:\Program Files\Common Files\Native Instruments
2008-06-08 11:36 . 2008-06-08 12:30 <DIR> d-------- C:\Program Files\Native Instruments
2008-06-08 11:25 . 2008-06-08 11:25 <DIR> d-------- C:\Program Files\Arturia
2008-06-08 11:18 . 2008-06-08 11:18 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-06-08 11:14 . 2008-06-08 11:14 717,296 --a------ C:\Windows\System32\drivers\sptd.sys
2008-06-08 11:13 . 2008-06-08 11:13 <DIR> d-------- C:\Users\Joshua\AppData\Roaming\DAEMON Tools
2008-06-06 19:51 . 2008-06-06 19:51 <DIR> d-------- C:\Program Files\uTorrent
2008-06-06 19:43 . 2008-06-06 19:43 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-06-04 21:38 . 2008-06-04 21:38 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-06-02 15:57 . 2008-06-08 19:53 <DIR> d-------- C:\Users\Joshua\AppData\Roaming\uTorrent
2008-05-27 15:24 . 2008-05-27 15:24 <DIR> d-------- C:\Users\Joshua\AppData\Roaming\Apple Computer
2008-05-27 15:03 . 2008-03-07 20:37 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-05-27 15:03 . 2008-03-08 00:30 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-05-27 15:02 . 2008-05-27 22:02 28,190 --a------ C:\Users\Joshua\AppData\Roaming\nvModes.dat
2008-05-27 00:21 . 2008-05-27 00:21 <DIR> d-------- C:\Users\Joshua\AppData\Roaming\acccore
2008-05-26 22:32 . 2008-05-26 23:59 <DIR> d-------- C:\Windows\LMIB931.tmp
2008-05-26 22:12 . 2008-05-27 21:35 <DIR> d-------- C:\Users\Joshua\AppData\Roaming\ComAgent
2008-05-26 20:05 . 2008-05-26 21:54 <DIR> d-------- C:\Windows\LMIB9CD.tmp
2008-05-26 18:35 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-05-26 18:35 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-05-26 18:35 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-05-26 18:35 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-05-26 18:35 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-05-26 18:35 . 2008-05-26 18:53 7,616 --a------ C:\Windows\System32\tmp.reg
2008-05-26 14:59 . 2008-05-26 14:59 <DIR> d-------- C:\Windows\System32\vntiho06
2008-05-26 14:59 . 2008-05-26 14:59 <DIR> d-------- C:\temp\vtmp2
2008-05-25 09:44 . 2008-05-25 09:44 <DIR> d-------- C:\Program Files\Alt-N Technologies
2008-05-20 23:03 . 2008-05-20 23:03 <DIR> d-------- C:\Program Files\PowerISO
2008-05-12 16:39 . 2008-05-12 16:39 <DIR> d-------- C:\Windows\Profiles\All Users\Application Data\SupportSoft
2008-05-12 16:39 . 2008-05-12 16:39 <DIR> d-------- C:\Windows\Profiles
2008-05-12 16:39 . 2007-05-17 17:43 15,086 --a------ C:\Windows\ComcastWebmail.ico
2008-05-12 16:38 . 2008-05-12 16:38 <DIR> d-------- C:\Program Files\Comcast
2008-05-12 16:31 . 2008-05-12 16:31 <DIR> d-------- C:\Program Files\support.com
2008-05-12 16:30 . 2008-05-12 16:38 <DIR> d-------- C:\Program Files\Common Files\SupportSoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-09 00:36 --------- d-----w C:\Program Files\Bonjour
2008-06-09 00:35 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-06-09 00:35 --------- d-----w C:\Program Files\CyberLink
2008-06-08 23:01 --------- d-----w C:\Users\Joshua\AppData\Roaming\Digidesign
2008-06-08 19:24 --------- d-----w C:\Program Files\UltimateSoundBank
2008-06-08 19:24 --------- d-----w C:\Program Files\QuickTime
2008-06-08 19:24 --------- d-----w C:\Program Files\Propellerhead
2008-06-08 19:24 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-08 15:34 --------- d-----w C:\Program Files\Digidesign
2008-06-07 03:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-06-05 01:38 --------- d-----w C:\Users\Joshua\AppData\Roaming\NCH Swift Sound
2008-05-30 23:15 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-30 23:15 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-30 23:15 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-30 23:15 --------- d-----w C:\Program Files\Symantec
2008-05-26 19:43 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-05-22 11:23 --------- d-----w C:\Users\Joshua\AppData\Roaming\U3
2008-05-19 20:18 --------- d-----w C:\Program Files\HP
2008-05-14 20:56 --------- d-----w C:\Program Files\Windows Mail
2008-05-03 20:43 --------- d-----w C:\Program Files\Ableton
2008-05-03 19:46 --------- d-----w C:\Program Files\Safari
2008-05-03 19:43 --------- d-----w C:\Program Files\Apple Software Update
2008-04-30 02:14 --------- d-----w C:\Program Files\BitPim
2008-04-29 02:38 --------- d-----w C:\Program Files\Norton 360
2008-04-25 18:52 --------- d-----w C:\Program Files\LG Electronics
2008-04-25 18:51 --------- d-----w C:\Program Files\Verizon Wireless
2008-04-11 20:16 --------- d-----w C:\Program Files\AIM6
2008-04-11 20:15 --------- d-----w C:\Program Files\Viewpoint
2008-04-11 20:15 --------- d-----w C:\Program Files\Common Files\AOL
2008-04-11 20:11 --------- d-----w C:\Program Files\Yahoo!
2007-10-23 06:54 174 --sha-w C:\Program Files\desktop.ini
2004-12-03 13:28 651,264 ----a-w C:\Program Files\Common Files\ARP2600 V.dpm
2003-02-24 21:28 761,358 ----a-w C:\Program Files\Common Files\ARP2600 V.dpm.rsr
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FFFFFFFF-FF12-44C5-91EC-068E3AA1B2D7}]
2007-08-31 14:32 177504 --a------ c:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 08:36 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-09-19 16:05 81920]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-09-19 16:05 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-09-19 16:05 8497696]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 05:45 222208]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"= l3codecp.acm
"wave1"= Digi32.dll
"MIDI1"= diomidi.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-25 16:21 50528 C:\Program Files\AIM6\aim6.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM1b49b432]
C:\Windows\system32\nijemqtn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-07-17 21:54 116072 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
C:\Windows\system32\CF1010.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-04-01 05:39 486856 C:\Program Files\DAEMON Tools Lite\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ddoctorv2]
--a------ 2007-04-19 14:21 198184 C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DigidesignMMERefresh]
--a------ 2007-10-31 01:35 77824 C:\Program Files\Digidesign\Drivers\MMERefresh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
[ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2007-05-08 16:24 54840 C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
--a------ 2007-08-22 19:31 80896 C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
--a------ 2007-09-13 11:47 480560 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
--a------ 2007-08-23 18:36 455968 C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
--a------ 2008-06-08 19:53 58368 C:\Windows\system32\mlJCRjIA.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
--a------ 2007-09-04 17:54 554320 C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
--a------ 2007-09-19 18:31 202032 C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
--a------ 2007-09-30 23:34 181544 C:\Program Files\HP\QuickPlay\QPService.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 04:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec PIF AlertEng]
--a------ 2008-01-29 18:38 583048 C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
--a------ 2007-09-15 04:29 102400 C:\Program Files\Synaptics\SynTP\SynTPStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
--a------ 2007-01-08 18:53 311296 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{29DA7670-1067-4EF0-89EE-9BD6B12C9B54}"= UDP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CABE275A-2E71-4CD7-BEFE-592949AFE45F}"= TCP:C:\Program Files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{3EC86714-8387-408B-96E6-981610836165}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{6F50D2C4-8E6C-46EE-88E2-254E72827181}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{39B3D989-6E77-4032-8CD7-F8CA94EF8C0D}"= C:\Program Files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{45353C69-11B0-49DF-A153-FAEF489D2F33}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B9D5E06F-0DF6-4F61-A359-53B94B0B938C}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{F6A10BF2-F0DE-4AAE-BFE2-504D153C766F}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{170CDA6A-111A-4A9A-98ED-2A85D43D77DB}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{B81F62E7-E9A4-4330-BE2B-FBF881E4FAB3}"= UDP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{2F635961-175D-4664-B4FD-26A3D12F4096}"= TCP:C:\Program Files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{59E18CD1-0049-40CA-A11D-00610E88AA85}"= C:\Program Files\HP\QuickPlay\QP.exe:Quick Play
"{FBE38116-F9DC-4A9C-AE14-54329B4B7012}"= C:\Program Files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"TCP Query User{5FC3A29F-98C8-4EDE-9817-EE5681AD3B45}C:\\users\\joshua\\appdata\\local\\temp\\lmi79f2.tmp\\lmi_rescue.exe"= UDP:C:\users\joshua\appdata\local\temp\lmi79f2.tmp\lmi_rescue.exe:lmi_rescue.exe
"UDP Query User{3B19039F-9DAE-4B49-A4F6-337C9F3F1F43}C:\\users\\joshua\\appdata\\local\\temp\\lmi79f2.tmp\\lmi_rescue.exe"= TCP:C:\users\joshua\appdata\local\temp\lmi79f2.tmp\lmi_rescue.exe:lmi_rescue.exe
"{031613F2-DE72-426D-A486-8FEF53955F15}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{EC247F33-A994-4625-9DD2-3BC938219DAC}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{968BC355-0240-4229-8B4B-D21D1EC28856}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8AAD52B4-1016-4B43-B367-ABB7E81E67EB}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{25EDEDF5-727F-4D9C-A718-AF37B88EA352}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{F9308D3D-9CC3-42CA-BE99-26F8D4892DAB}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{DB47A22D-292A-4175-8526-3A4983DB27DF}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F5AC424E-8194-4B0C-AD41-2F0ECE95232E}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{0F068BEC-AA52-4A76-9346-4A88593D943B}"= UDP:C:\Program Files\AIM6\aim6.exe:AIM
"{BA39AEE6-75B7-4475-B6AF-CDBF5B0CA101}"= TCP:C:\Program Files\AIM6\aim6.exe:AIM
"{A8434540-5013-4345-9FD4-0F46A0B25870}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{8BDB5E7D-10DA-446E-9CED-95A5385F2649}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080606.003\IDSvix86.sys [2008-02-14 03:39]
R2 DigiNet;Digidesign Ethernet Support;C:\Windows\system32\DRIVERS\diginet.sys [2007-10-31 03:16]
R2 QPCapSvc;QuickPlay Background Capture Service (QBCS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe" [2007-09-30 23:34]
R2 QPSched;QuickPlay Task Scheduler (QTS);"C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe" [2007-09-30 23:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2007-07-10 10:27]
R3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2007-05-30 19:40]
R3 HpqRemHid;HP Remote Control HID Device;C:\Windows\system32\DRIVERS\HpqRemHid.sys [2007-07-11 14:30]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 17:50]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 20:46]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 03:30]
S3 dalwdmservice;dal service;C:\Windows\system32\drivers\dalwdm.sys [2007-10-31 03:15]
S3 GameConsoleService;GameConsoleService;"C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe" [2007-07-23 19:33]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7f6080e0-e590-11dc-9c8b-001e680952ab}]
\shell\AutoRun\command - F:\LaunchU3.exe -a
*Newly Created Service* - COMHOST
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2008-06-09 11:27:44
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Windows\System32\audiodg.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\System32\drivers\XAudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
C:\Windows\System32\wbem\WMIADAP.exe
C:\Windows\System32\dllhost.exe
.
**************************************************************************
.
Completion time: 2008-06-09 11:32:20 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-09 15:32:09
Pre-Run: 101,077,364,736 bytes free
Post-Run: 100,835,229,696 bytes free
279 --- E O F --- 2008-06-05 22:17:14
also, I found these in my msconfig startup menu that were checked and not there before, so I unchecked them:
Item: MSServer
Command: rundll32.exe C:\Windows\system32\mlJCRjIA.dll,#1
Item: BM1b49b432
Command: Rundll32/exe "C:\Windows\system32\nijemqtn.dll",s
any and all help will be greatly appreciated!