Webuser Forums: Probs with malware, any help appreciated!

Had the same issue with Win32.Agent.frl

Ran the tool mentioned here and the problem is gone! Here's the log:

ComboFix 08-04-27.3 - gregg 2008-04-28 18:30:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1466 [GMT -7:00]
Running from: C:\Documents and Settings\gregg\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\_000007_.tmp.dll
C:\WINDOWS\system32\amvo1.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-28 to 2008-04-29 )))))))))))))))))))))))))))))))
.

2008-04-28 17:52 . 2008-04-28 17:52 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-28 17:24 . 2008-04-28 17:24 <DIR> d-------- C:\Program Files\BlackIsle
2008-04-27 14:05 . 2008-04-28 17:33 52,736 --a------ C:\WINDOWS\ipuninst.exe
2008-04-25 16:43 . 2008-04-27 20:07 <DIR> d-------- C:\Program Files\HP
2008-04-25 16:43 . 2008-04-25 16:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HPSSUPPLY
2008-04-25 16:43 . 2007-08-06 13:41 252,928 --a------ C:\WINDOWS\system32\HP1006LM.DLL
2008-04-25 16:43 . 2007-05-31 10:13 65,536 --a------ C:\WINDOWS\system32\HPPLVS.dll
2008-04-25 16:41 . 2008-04-25 16:41 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-04-25 16:40 . 2008-04-25 16:43 <DIR> d--h----- C:\Program Files\Avago-HP
2008-04-25 16:37 . 2008-04-25 16:37 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-04-25 16:35 . 2004-08-03 23:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-04-25 16:35 . 2004-08-03 23:01 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2008-04-15 11:35 . 2004-08-03 23:07 8,832 --a------ C:\WINDOWS\system32\drivers\wmiacpi.sys
2008-04-15 11:35 . 2004-08-03 23:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-04-07 10:04 . 2008-04-07 10:04 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-07 10:04 . 2008-04-07 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-06 16:44 . 2008-04-06 16:44 <DIR> d-------- C:\Documents and Settings\gregg\Application Data\Alien Skin
2008-04-06 16:39 . 2008-04-06 16:39 <DIR> d-------- C:\Program Files\Alien Skin
2008-03-30 21:35 . 2008-03-30 21:36 <DIR> d-------- C:\Lightroom Backup
2008-03-30 15:58 . 2007-10-25 20:36 8,454,656 --a------ C:\WINDOWS\system32\SET26.tmp
2008-03-30 15:58 . 2006-12-06 22:29 2,374,472 --a------ C:\WINDOWS\system32\SET23.tmp
2008-03-30 15:58 . 2007-10-29 03:26 115,712 --a------ C:\WINDOWS\system32\SET27.tmp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-22 21:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-06 22:20 --------- d-----w C:\Program Files\Java
2008-03-20 01:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-14 22:26 --------- d-----w C:\Program Files\NovaStor
2008-03-13 03:10 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-04 02:22 20,992 ----a-w C:\WINDOWS\jestertb.dll
2008-03-03 19:29 --------- d-----w C:\Program Files\SQLyog Enterprise
2008-03-03 19:29 --------- d-----w C:\Documents and Settings\gregg\Application Data\SQLyog
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\SET169.tmp
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\SET161.tmp
2008-02-20 05:32 148,992 ----a-w C:\WINDOWS\system32\SET162.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-10-23 22:17 5674352]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-09-18 07:16 171464]

C:\Documents and Settings\gregg\Start Menu\Programs\Startup\
Shortcut to taskmgr.exe.lnk - C:\WINDOWS\system32\taskmgr.exe [2002-08-28 12:20:00 135680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2006-09-08 13:29 24686 C:\WINDOWS\system32\ckpNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"C:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"C:\\eclipse\\eclipse.exe"=
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=

R1 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2006-09-08 13:29]
R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2006-09-08 13:29]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-09-08 13:29]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2006-09-08 13:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{95acdb45-8175-11dc-8a92-806d6172696f}]
\Shell\AutoRun\command - gjn2pjlw.exe
\Shell\explore\Command - gjn2pjlw.exe
\Shell\open\Command - gjn2pjlw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b975bb47-8231-11dc-beb3-de5216b6f3fe}]
\Shell\AutoRun\command - G:\f.exe
\Shell\explore\Command - G:\f.exe
\Shell\open\Command - G:\f.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-29 00:58:48 C:\WINDOWS\Tasks\HP WEP.job"
- C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-28 18:31:16
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-28 18:32:00
ComboFix-quarantined-files.txt 2008-04-29 01:31:53

Pre-Run: 28,005,576,704 bytes free
Post-Run: 29,511,798,784 bytes free

117

Post Extras