Help: PSW.x-Virus Trojan

[hucam]

Hello,

I am new to this. I need your help, my pc has been infected with this virus. I have downloaded and run the Comfix and here is the log file. Please help. thnx.


ComboFix 07-11-06.4 - User 2007-11-06 21:16:33.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.79 [GMT 11:00]
Running from: C:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content.IE5\NW6Z7VXK\ComboFix[1].exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\HFKAYDYY\www.inter-focus.cn
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\#SharedObjects\HFKAYDYY\www.inter-focus.cn\IFFLASHAD_PLAYER.sol
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn
C:\Documents and Settings\User\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.inter-focus.cn\settings.sol
C:\Documents and Settings\User\Application Data\PPATCH~1
C:\Documents and Settings\User\Application Data\YSTEM3~1
C:\Documents and Settings\User\Favorites\Online Security Guide.lnk
C:\Documents and Settings\User\My Documents\SKS~1
C:\Documents and Settings\User\My Documents\SKS~1\??sks\
C:\Documents and Settings\User\My Documents\TSKS~1
C:\Program Files\Common Files\{3CF3F~1
C:\Program Files\Common Files\{3CF3F~1\toolbardll.lzma
C:\Program Files\Common Files\{BCF3F~1
C:\Program Files\Common Files\{BCF3F~1\system.dll
C:\Program Files\Common Files\{BCF3F~2
C:\Program Files\Common Files\{BCF3F~3
C:\Program Files\Common Files\{BCF3F~3\system.dll
C:\Program Files\Common Files\ppatch~1
C:\Program Files\windows
C:\Program Files\winupdates
C:\Program Files\winupdates\a.zip
C:\WINDOWS\b.exe
C:\WINDOWS\crosof~1.net
C:\WINDOWS\sembly~1
C:\WINDOWS\setup.exe
C:\WINDOWS\system32\__c0065282.dat
C:\WINDOWS\system32\__c006BBC9.dat
C:\WINDOWS\system32\__c00E450.dat
C:\WINDOWS\system32\__c00F4D4C.dat
C:\WINDOWS\system32\~.exe
C:\WINDOWS\system32\awvvt.dll
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\ehhkj.bak1
C:\WINDOWS\system32\ehhkj.bak2
C:\WINDOWS\system32\ehhkj.ini
C:\WINDOWS\system32\ehhkj.ini2
C:\WINDOWS\system32\ehhkj.tmp
C:\WINDOWS\system32\fhkmp.bak1
C:\WINDOWS\system32\fhkmp.ini
C:\WINDOWS\system32\fhkmp.ini2
C:\WINDOWS\system32\fhkmp.tmp
C:\WINDOWS\system32\hfbpdcnx.dllbox
C:\WINDOWS\system32\ljjkhfc.dll
C:\WINDOWS\system32\mbols~1
C:\WINDOWS\system32\mtbvnpio.dllbox
C:\WINDOWS\system32\qpqss.bak1
C:\WINDOWS\system32\qpqss.bak2
C:\WINDOWS\system32\qpqss.ini
C:\WINDOWS\system32\rcterrtq.dllbox
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\ssqpq.dll
C:\WINDOWS\system32\svchosts.lzma
C:\WINDOWS\system32\sysdl132.exe
C:\WINDOWS\system32\tvvwa.bak1
C:\WINDOWS\system32\tvvwa.bak2
C:\WINDOWS\system32\tvvwa.ini
C:\WINDOWS\system32\xzqkqcxa.dllbox
C:\WINDOWS\system32\ymante~1
C:\WINDOWS\system32\ystem3~1

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MSDIRECTX
-------\LEGACY_SYSTEM
-------\system


((((((((((((((((((((((((( Files Created from 2007-10-06 to 2007-11-06 )))))))))))))))))))))))))))))))
.

2007-11-06 21:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-06 20:54 3,332 --a------ C:\WINDOWS\system32\tmp.reg
2007-11-03 16:52 <DIR> d--h----- C:\Program Files\ApplePie
2007-10-20 18:53 7,552 --a------ C:\WINDOWS\system32\drivers\SONYPVU1.SYS
2007-10-20 18:53 7,552 --a------ C:\WINDOWS\system32\dllcache\sonypvu1.sys
2007-10-10 06:43 582,656 --a------ C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 11:42 <DIR> d-------- C:\Program Files\Avanquest update
2007-10-07 11:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\InstallShield

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-03 22:17 --------- d-----w C:\Program Files\SUPERAntiSpyware
2007-10-31 09:42 33,856 -c--a-w C:\Documents and Settings\User\Application Data\GDIPFONTCACHEV1.DAT
2007-10-19 12:10 --------- d-----w C:\Program Files\Motorola Phone Tools
2007-10-07 00:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-07 00:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\BVRP Software
2007-09-20 04:18 --------- d-----w C:\Documents and Settings\User\Application Data\dvdcss
2007-09-19 01:56 --------- d-----w C:\Program Files\Nokia
2007-09-19 01:56 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-09-15 05:55 --------- d-----w C:\Program Files\UniKey
2007-09-13 02:46 --------- d-----w C:\Program Files\MSN Messenger
2007-03-30 12:06 92,064 -c--a-w C:\Documents and Settings\User\mqdmmdm.sys
2007-03-30 12:06 9,232 -c--a-w C:\Documents and Settings\User\mqdmmdfl.sys
2007-03-30 12:06 79,328 -c--a-w C:\Documents and Settings\User\mqdmserd.sys
2007-03-30 12:06 66,656 -c--a-w C:\Documents and Settings\User\mqdmbus.sys
2007-03-30 12:06 6,208 -c--a-w C:\Documents and Settings\User\mqdmcmnt.sys
2007-03-30 12:06 5,936 -c--a-w C:\Documents and Settings\User\mqdmwhnt.sys
2007-03-30 12:06 4,048 -c--a-w C:\Documents and Settings\User\mqdmcr.sys
2007-03-30 12:06 25,600 -c--a-w C:\Documents and Settings\User\usbsermptxp.sys
2007-03-30 12:06 22,768 -c--a-w C:\Documents and Settings\User\usbsermpt.sys
2007-03-16 19:52 32,768 -c--a-w C:\Documents and Settings\User\setup9x.exe
2007-03-16 19:52 201 -c--a-w C:\Documents and Settings\User\q.bat
2007-03-16 00:44 114 -c--a-w C:\Documents and Settings\User\hhjj.bat
2007-03-11 03:43 75 -c--a-w C:\Documents and Settings\User\n.bat
2007-03-11 03:43 122 -c--a-w C:\Documents and Settings\User\yyd.bat
2007-03-11 03:42 90,112 -c--a-w C:\Documents and Settings\User\sml.exe
2007-03-11 03:42 260 -c--a-w C:\Documents and Settings\User\x.dat
2007-03-09 08:39 203,149 -c--a-w C:\Documents and Settings\User\xtz.exe
2007-03-07 22:38 90,112 -c--a-w C:\Documents and Settings\User\smsc.exe
2007-02-02 18:59 188 -c--a-w C:\Documents and Settings\User\ggg.bat
2007-02-02 18:58 32,768 -c--a-w C:\Documents and Settings\User\setup.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4AE2A9A0-DC33-4C27-B521-5B6C68C1C53D}]
2007-11-03 16:52 95232 --a------ C:\Program Files\ApplePie\ie-improver.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95DDF2D8-6D36-488B-86C8-976568CB703E}]
C:\WINDOWS\system32\pmkhf.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B51B0F10-BE8E-E452-A0DF-C7DEB4C20AB5}]
C:\WINDOWS\system32\kykmg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E4727300-6F18-41A5-A504-7F4431F15545}]
C:\WINDOWS\system32\jkhhe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 17:28]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2003-05-30 10:42]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 17:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-09-12 22:10]
"ACTIVBOARD"="c:\apps\ABoard\ABoard.exe" [2003-05-02 12:31]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 05:00]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2005-10-27 10:01]
"Compaq32 Service Drivers"="msconfig32.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2004-04-05 17:56]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-06-14 16:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-12-05 20:42]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 14:16]
"OpwareSE4"="C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 13:45]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 18:56]
"Compaq32 Service Drivers"="msconfig32.exe" []
"Spyware Doctor"="C:\Program Files\Spyware Doctor\swdoctor.exe" [2005-05-26 09:52]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-17 17:35]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [2007-01-19 12:49]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 15:06]
"Update Service"="C:\Program Files\Common Files\Teknum Systems\update.exe" []
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 13:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\runservices]
"Compaq32 Service Drivers"=msconfig32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"Compaq32 Service Drivers"=msconfig32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runservices]
"Compaq32 Service Drivers"=msconfig32.exe

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Compaq32 Service Drivers"=msconfig32.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-12-25 08:04:42]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\awvvt.dll

R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys
S2 ecure;FireDaemon Service: ecure;C:\WINDOWS\Temp\FireDaemon.EXE
S2 svchost1;FireDaemon Service: svchost1;C:\WINDOWS\Temp\FireDaemon.EXE
S3 BTCFilterService;USB Networking Driver Filter Service;C:\WINDOWS\system32\DRIVERS\motfilt.sys
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys
S3 motmodem;Motorola USB CDC ACM Driver;C:\WINDOWS\system32\DRIVERS\motmodem.sys
S3 Motousbnet;Motorola USB Networking Driver Service;C:\WINDOWS\system32\DRIVERS\Motousbnet.sys
S3 usbsermptxp;Motorola USB Modem Driver for MPT XP;C:\WINDOWS\system32\DRIVERS\usbsermptxp.sys

.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-06 21:40:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-06 21:41:44 - machine was rebooted
.
--- E O F ---