Hi,
Sorry for the delay, the Spyware check took a couple of hours and the Super Bowl was yeserday so was a little crazy. Logs are below. You will note I posted two SuperAntiSpyware logs because I ran the Spyware twice, since I wasn't sure if I executed it the first time. Thus one has yesterdays date and one has today's date, so please feel free to reference whichever one you prefer.
Super Anti Spyware 3-FebSUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 02/03/2008 at 07:55 PM
Application Version : 3.9.1008
Core Rules Database Version : 3394
Trace Rules Database Version: 1386
Scan type : Complete Scan
Total Scan Time : 05:17:53
Memory items scanned : 502
Memory threats detected : 0
Registry items scanned : 5962
Registry threats detected : 1
File items scanned : 188113
File threats detected : 61
Adware.Tracking Cookie
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal
[email protected][2].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal
[email protected][1].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal
[email protected][2].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@zedo[2].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal
[email protected][1].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal
[email protected][2].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal
[email protected][1].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@casalemedia[1].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@atdmt[1].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@2o7[2].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@amsterdamlivexxx[1].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal
[email protected][1].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@adbrite[2].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@questionmarket[2].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@tacoda[2].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@doubleclick[1].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@advertising[2].txt
C:\Documents and Settings\The Prodigal Son\Cookies\the prodigal son@adultfriendfinder[1].txt
C:\Documents and Settings\Annette\Cookies\annette@2o7[1].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][2].txt
C:\Documents and Settings\Annette\Cookies\annette@adbrite[2].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][2].txt
C:\Documents and Settings\Annette\Cookies\annette@adserver[1].txt
C:\Documents and Settings\Annette\Cookies\annette@advertising[1].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][1].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][1].txt
C:\Documents and Settings\Annette\Cookies\annette@apmebf[2].txt
C:\Documents and Settings\Annette\Cookies\annette@atdmt[2].txt
C:\Documents and Settings\Annette\Cookies\annette@burstnet[2].txt
C:\Documents and Settings\Annette\Cookies\annette@casalemedia[1].txt
C:\Documents and Settings\Annette\Cookies\annette@collective-media[1].txt
C:\Documents and Settings\Annette\Cookies\annette@doubleclick[1].txt
C:\Documents and Settings\Annette\Cookies\annette@fastclick[2].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][1].txt
C:\Documents and Settings\Annette\Cookies\annette@overture[2].txt
C:\Documents and Settings\Annette\Cookies\annette@partner2profit[2].txt
C:\Documents and Settings\Annette\Cookies\annette@questionmarket[2].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][1].txt
C:\Documents and Settings\Annette\Cookies\annette@revsci[1].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][2].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][1].txt
C:\Documents and Settings\Annette\Cookies\annette@statcounter[1].txt
C:\Documents and Settings\Annette\Cookies\annette@tacoda[1].txt
C:\Documents and Settings\Annette\Cookies\annette@tribalfusion[1].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][1].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][2].txt
C:\Documents and Settings\Annette\Cookies\annette@zedo[1].txt
C:\Documents and Settings\Dominick\Cookies\dominick@2o7[1].txt
C:\Documents and Settings\Dominick\Cookies\dominick@nandomedia[1].txt
C:\Documents and Settings\Dominick\Cookies\dominick@revsci[1].txt
C:\Documents and Settings\Dominick\Cookies\dominick@tacoda[2].txt
Adware.AdSponsor/ISM
HKU\S-1-5-21-1957994488-362288127-725345543-1006\Software\QdrModule
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4384A9FF-63F0-4233-9762-7443BC02109B}\RP870\A0119131.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4384A9FF-63F0-4233-9762-7443BC02109B}\RP874\A0125023.DLL
Adware.SBSoft
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4384A9FF-63F0-4233-9762-7443BC02109B}\RP874\A0122953.DLL
E:\SYSTEM VOLUME INFORMATION\_RESTORE{4384A9FF-63F0-4233-9762-7443BC02109B}\RP874\A0122954.DLL
Trojan.Unknown Origin
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4384A9FF-63F0-4233-9762-7443BC02109B}\RP874\A0122957.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{4384A9FF-63F0-4233-9762-7443BC02109B}\RP874\A0122958.EXE
E:\SYSTEM VOLUME INFORMATION\_RESTORE{4384A9FF-63F0-4233-9762-7443BC02109B}\RP874\A0122959.EXE
E:\SYSTEM VOLUME INFORMATION\_RESTORE{4384A9FF-63F0-4233-9762-7443BC02109B}\RP874\A0122960.EXE
Adware.WhenU
E:\SYSTEM VOLUME INFORMATION\_RESTORE{4384A9FF-63F0-4233-9762-7443BC02109B}\RP874\A0122961.EXE
BearShare File Sharing Client
E:\C 2006-11-19 23;31;44\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
Super Anti Spyware 4-FebSUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 02/04/2008 at 04:32 AM
Application Version : 3.9.1008
Core Rules Database Version : 3394
Trace Rules Database Version: 1386
Scan type : Complete Scan
Total Scan Time : 05:00:51
Memory items scanned : 387
Memory threats detected : 0
Registry items scanned : 5672
Registry threats detected : 0
File items scanned : 188776
File threats detected : 15
Adware.Tracking Cookie
C:\Documents and Settings\Annette\Cookies\
[email protected][1].txt
C:\Documents and Settings\Annette\Cookies\
[email protected][1].txt
C:\Documents and Settings\Annette\Cookies\annette@adtech[1].txt
C:\Documents and Settings\Annette\Cookies\annette@trafficmp[1].txt
C:\Documents and Settings\Annette\Cookies\annette@zedo[2].txt
Trojan.Unknown Origin
C:\RECYCLER\NPROTECT\01118667
C:\RECYCLER\NPROTECT\01118669
C:\RECYCLER\NPROTECT\01118702
C:\RECYCLER\NPROTECT\01118706
Adware.AdSponsor/ISM
C:\RECYCLER\NPROTECT\01118699
C:\RECYCLER\NPROTECT\01118712
Adware.SBSoft
C:\RECYCLER\NPROTECT\01118701
C:\RECYCLER\NPROTECT\01118716
Adware.WhenU
C:\RECYCLER\NPROTECT\01118704
BearShare File Sharing Client
E:\C 2006-11-19 23;31;44\PROGRAM FILES\BEARSHARE\BEARSHARE.EXE
HiJAck thisLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:47:58 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\C 2006-11-19 23;31;44\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
E:\C 2006-11-19 23;31;44\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
E:\C 2006-11-19 23;31;44\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Roxio\GoBack\GBTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Roxio\GoBack\GBPoll.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ATIPTA] E:\C 2006-11-19 23;31;44\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ASUS Probe] E:\C 2006-11-19 23;31;44\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint 5.2\IPoint\SETUP\Files\point32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] E:\C 2006-11-19 23;31;44\Program Files\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] E:\C 2006-11-19 23;31;44\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\C 2006-11-19 23;31;44\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] E:\C 2006-11-19 23;31;44\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: GoBack.lnk = C:\Program Files\Roxio\GoBack\GBTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) -
http://ca.com/us/sec...an/pestscan.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1093183032953O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1176080121296O17 - HKLM\System\CCS\Services\Tcpip\..\{BABBCB70-5A75-463A-88A6-FA942A4EF484}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{CE060BFA-A084-4070-B61A-9A4A0728EF39}: NameServer = 208.67.220.220,208.67.222.222
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: GBPoll - Roxio, Inc. - C:\Program Files\Roxio\GoBack\GBPoll.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
--
End of file - 9469 bytes
ComboFix ComboFix 08-02.02.5 - The Prodigal Son 2008-02-03 14:01:00.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.180 [GMT -5:00]
Running from: C:\Documents and Settings\The Prodigal Son\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\The Prodigal Son\Desktop\OPERATION FIX VIRUS\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-01-03 to 2008-02-03 )))))))))))))))))))))))))))))))
.
2008-01-27 20:23 . 2008-01-27 20:23 557,056 --a------ C:\Documents and Settings\Dominick\GoToAssist_phone__317_en.exe
2008-01-26 14:48 . 2008-01-26 14:48 <DIR> d-------- C:\VundoFix Backups
2008-01-20 11:53 . 2008-01-20 11:53 32 --ahs---- C:\WINDOWS\system32\{5EA08C94-6BBC-4535-9147-DAFD2BD0033C}.dat
2008-01-20 11:53 . 2008-01-20 11:53 32 --ahs---- C:\WINDOWS\{B5E2E974-54C4-454E-B46B-9578C8266F15}.dat
2008-01-20 11:52 . 2008-01-20 11:52 32 --ahs---- C:\WINDOWS\system32\{C96919BD-BFB6-4FBB-8692-1D2A141AD344}.dat
2008-01-20 11:52 . 2008-01-20 11:52 32 --ahs---- C:\WINDOWS\{346C4F16-7C1C-413C-BB94-078D45F7A913}.dat
2008-01-20 11:51 . 2008-01-20 11:51 32 --ahs---- C:\WINDOWS\system32\{933638AD-76F7-493E-B02A-DCF0943683FA}.dat
2008-01-20 11:51 . 2008-01-20 11:51 32 --ahs---- C:\WINDOWS\{96AE22BC-5715-4B43-8533-27020211E4B4}.dat
2008-01-20 11:50 . 2002-08-14 06:03 34,578 --a------ C:\WINDOWS\system32\drivers\NPDRIVER.SYS
2008-01-20 11:50 . 2002-08-14 06:03 31,744 --a------ C:\WINDOWS\system32\S32STAT.DLL
2008-01-20 11:49 . 2002-08-13 17:00 182,784 --a------ C:\WINDOWS\system32\ddao35.dll
2008-01-20 11:49 . 2002-08-13 17:00 94,208 --a------ C:\WINDOWS\system32\qdcsinet.dll
2008-01-20 11:49 . 2002-08-13 17:00 86,016 --a------ C:\WINDOWS\system32\apitrap.dll
2008-01-20 11:49 . 2002-08-13 17:00 13,792 --a------ C:\WINDOWS\system32\drivers\qdfsdrv.sys
2008-01-20 11:49 . 2008-01-20 11:49 32 --ahs---- C:\WINDOWS\system32\{BDE223A3-C2D1-4FA4-8568-F0D45A3ED5AA}.dat
2008-01-20 11:49 . 2008-01-20 11:49 32 --ahs---- C:\WINDOWS\system32\{9D03B736-97A3-40C9-B40B-5ED10FC7ACE8}.dat
2008-01-20 11:49 . 2008-01-20 11:49 32 --ahs---- C:\WINDOWS\system32\{0AEE89A4-2494-44F5-8DC5-C2CB5F0E8624}.dat
2008-01-20 11:49 . 2008-01-20 11:49 32 --ahs---- C:\WINDOWS\{B1B16FC6-239A-4B36-BAA0-D3B5E4F2AA22}.dat
2008-01-20 11:49 . 2008-01-20 11:49 32 --ahs---- C:\WINDOWS\{A124F442-EEF6-44B6-9EF9-D4BBA0A4D275}.dat
2008-01-20 11:49 . 2008-01-20 11:49 32 --ahs---- C:\WINDOWS\{4848229A-C621-4158-8E90-221D4F5824FB}.dat
2008-01-20 11:48 . 2002-08-14 14:03 45,056 --a------ C:\WINDOWS\system32\WNASPI2K.BAK
2008-01-20 11:48 . 2002-08-14 14:03 17,005 --a------ C:\WINDOWS\system32\drivers\ASPI2K.BAK
2008-01-20 11:48 . 2002-08-14 14:03 5,600 --a------ C:\WINDOWS\system\WINASPI.BAK
2008-01-20 11:48 . 2002-08-14 14:03 4,672 --a------ C:\WINDOWS\system\WOWPOST.BAK
2008-01-20 11:47 . 2008-01-20 11:47 32 --ahs---- C:\WINDOWS\system32\{BE1ACE46-4A86-45E8-A99E-5FB03A81E906}.dat
2008-01-20 11:47 . 2008-01-20 11:47 32 --ahs---- C:\WINDOWS\{A6C91350-E81C-47FB-A7B4-7A51B163BA20}.dat
2008-01-20 11:47 . 2008-01-20 11:47 14 --a------ C:\WINDOWS\system32\SR2.dat
2008-01-13 20:05 . 2008-02-03 08:00 <DIR> d-------- C:\Documents and Settings\The Prodigal Son\Application Data\AVG7
2008-01-13 12:57 . 2008-01-24 04:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-13 12:57 . 2008-01-13 12:57 <DIR> d-------- C:\Documents and Settings\Dominick\Application Data\PC Tools
2008-01-13 12:57 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-13 12:57 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-13 12:57 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-13 12:57 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-13 12:45 . 2008-01-13 12:45 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-01-13 12:45 . 2008-02-02 08:00 <DIR> d-------- C:\Documents and Settings\Dominick\Application Data\AVG7
2008-01-13 12:45 . 2008-01-13 12:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-13 12:45 . 2008-01-13 12:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-01-05 10:13 . 2008-01-05 10:13 1,283,174 --a------ C:\Install
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-02 22:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-02 17:25 --------- d-----w C:\Program Files\TomTom HOME
2008-02-02 17:25 --------- d-----w C:\Program Files\SymNetDrv
2008-02-02 17:25 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-02-02 17:25 --------- d-----w C:\Program Files\Microsoft IntelliPoint
2008-01-28 02:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-26 19:39 --------- d-----w C:\Program Files\ParticleG
2008-01-26 19:09 --------- d-----w C:\Program Files\Java
2008-01-25 22:30 --------- d-----w C:\Program Files\Norton SystemWorks
2008-01-21 22:11 --------- d-----w C:\Documents and Settings\The Prodigal Son\Application Data\ZoomBrowser EX
2008-01-21 21:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-01-20 16:51 --------- d-----w C:\Program Files\Symantec
2008-01-20 16:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-01-13 17:56 --------- d-----w C:\Program Files\Google
2007-12-25 06:03 --------- d-----w C:\Program Files\Trend Micro
2007-12-24 23:31 4,194,304,000 --sha-w C:\gobackio.bin
2007-12-24 19:04 --------- d-----w C:\Documents and Settings\The Prodigal Son\Application Data\SUPERAntiSpyware.com
2007-12-24 19:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-12-24 18:37 --------- d-----w C:\Program Files\Focus MP3 Recorder
2007-12-24 03:02 --------- d-----w C:\Documents and Settings\The Prodigal Son\Application Data\PrevxCSI
2007-12-24 03:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Prevx
2007-12-23 18:07 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll
2004-08-28 01:17 450,560 -c----w C:\Documents and Settings\Dominick\chatlnk.exe
2003-08-27 19:19 36,963 -c----r C:\Program Files\Common Files\SM1updtr.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-01-05 11:06 1694208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:56 15360]
"swg"="E:\C 2006-11-19 23;31;44\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe" [2006-10-16 22:00 163576]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-12-29 14:03 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="E:\C 2006-11-19 23;31;44\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-08-25 11:52 339968]
"ASUS Probe"="E:\C 2006-11-19 23;31;44\Program Files\ASUS\Probe\AsusProb.exe" [2002-12-06 15:07 617984]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint 5.2\IPoint\SETUP\Files\point32.exe" [2004-06-03 01:50 204800]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Symantec NetDriver Monitor"="E:\C 2006-11-19 23;31;44\Program Files\SymNetDrv\SNDMon.exe" [2005-11-03 19:10 100056]
"Adobe Reader Speed Launcher"="E:\C 2006-11-19 23;31;44\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" [2005-09-24 01:05 29696]
"QuickTime Task"="E:\C 2006-11-19 23;31;44\Program Files\QuickTime\qttask.exe" [2006-07-14 22:52 282624]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-01-13 12:45 579072]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-12-28 20:28 54296]
"ccRegVfy"="C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" [2007-12-28 20:28 58392]
"GhostStartTrayApp"="C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2007-12-28 20:28 94208]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-01-13 12:45 219136]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GoBack.lnk - C:\Program Files\Roxio\GoBack\GBTray.exe [2004-08-22 18:51:24 524288]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2003-10-31 18:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SM1BG]
-r------- 2003-08-27 14:20 94208 C:\WINDOWS\SM1BG.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startman]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
--------- 2004-11-10 23:15 111816 C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=2 (0x2)
"Adobe LM Service"=3 (0x3)
R0 GBDevice;GBDevice;C:\WINDOWS\system32\drivers\GBDevice.sys [2002-01-21 11:37]
R0 GoBack2K;GoBack2K;C:\WINDOWS\system32\drivers\GoBack2K.sys [2002-01-21 11:36]
R1 GhPciScan;GhostPciScanner;C:\Program Files\Norton SystemWorks\Norton Ghost\ghpciscan.sys [2002-08-14 15:11]
R2 GBFSHook;GBFSHook;C:\WINDOWS\system32\drivers\GBFSHook.sys [2002-01-21 11:37]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2002-08-14 06:03]
S3 ICAM3NT5;Intel USB Video Camera III;C:\WINDOWS\system32\Drivers\Icam3.sys [2001-08-17 13:05]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-02 15:08:19 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\NAVW32.exe
"2008-02-01 23:01:30 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-02-03 19:04:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-03 14:05:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-03 14:06:20
ComboFix-quarantined-files.txt 2008-02-03 19:06:06
ComboFix2.txt 2008-02-03 18:58:01
ComboFix3.txt 2008-02-02 17:35:39
ComboFix4.txt 2008-02-02 16:48:55
.
2008-01-10 08:03:27 --- E O F ---
Thanks