Thanks for the help. Here are your requested logs:
ComboFix 08-02.03.1 - FrontDesk 2008-02-04 9:44:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.130 [GMT -5:00]
Running from: C:\Documents and Settings\FrontDesk\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\FrontDesk\Application Data\inst.exe
C:\Documents and Settings\FrontDesk\My Documents\SMANTE~1
C:\Documents and Settings\FrontDesk\My Documents\STEM~1
C:\Documents and Settings\FrontDesk\My Documents\STEM~1\??stem\
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aebbsyvw.ini
C:\WINDOWS\system32\bszip.dll
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
C:\WINDOWS\system32\kjkkj.ini2
C:\WINDOWS\system32\kytrsdgm.ini
C:\WINDOWS\system32\pjwkfdcm.ini
C:\WINDOWS\system32\qtutv.ini
C:\WINDOWS\system32\qtutv.ini2
C:\WINDOWS\system32\drivers\core.cache.dsk . . . . failed to delete
.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.
2008-02-04 09:48 . 2008-02-04 09:48 <DIR> d-------- C:\TEMP\tn3
2008-02-04 09:43 . 2004-08-03 23:00 260,272 --a------ C:\cmldr
2008-02-04 09:43 . 2006-02-03 15:18 211 --a------ C:\Boot.bak
2008-01-29 12:56 . 2008-02-04 09:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-01-29 12:56 . 2008-01-29 12:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-29 12:56 . 2008-01-29 12:56 <DIR> d-------- C:\Documents and Settings\FrontDesk\Application Data\SUPERAntiSpyware.com
2008-01-29 12:56 . 2008-01-29 12:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-01-29 12:17 . 2008-01-31 08:56 167,545 --a------ C:\WINDOWS\system32\drivers\core.cache.dsk
2008-01-15 12:04 . 2008-01-15 12:04 <DIR> d-------- C:\WINDOWS\ERUNT
2008-01-10 15:41 . 2008-01-14 12:40 <DIR> d-------- C:\Program Files\CleanUp!
2008-01-10 14:33 . 2008-01-10 14:33 <DIR> d-------- C:\Documents and Settings\FrontDesk\Application Data\Grisoft
2008-01-10 14:32 . 2008-01-10 14:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-10 14:32 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-10 11:42 . 2008-01-10 11:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-01-10 09:29 . 2008-01-10 09:30 6,516 --ahs---- C:\WINDOWS\system32\oqtss.ini
2008-01-08 15:31 . 2008-02-04 08:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SITEguard
2008-01-08 15:29 . 2008-01-14 12:09 <DIR> d-------- C:\Program Files\STOPzilla!
2008-01-08 15:29 . 2008-01-08 15:29 <DIR> d-------- C:\Program Files\Common Files\iS3
2008-01-08 15:29 . 2008-02-04 09:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\STOPzilla!
2008-01-08 13:31 . 2008-01-08 13:31 15,360 --a------ C:\WINDOWS\system32\ctfmon .exe
2008-01-08 12:45 . 2008-01-08 12:45 4,286 --a------ C:\WINDOWS\system32\MobileSidewalk.ico
2008-01-08 08:31 . 2008-01-08 08:31 114,688 --a------ C:\WINDOWS\system32\igfxpers .exe
2008-01-08 08:31 . 2008-01-08 08:31 94,208 --a------ C:\WINDOWS\system32\igfxtray .exe
2008-01-08 08:31 . 2008-01-08 08:31 77,824 --a------ C:\WINDOWS\system32\hkcmd .exe
2008-01-08 08:17 . 2008-01-08 08:17 <DIR> d-------- C:\Documents and Settings\FrontDesk\Application Data\EasySpywareCleaner.com
2008-01-08 08:15 . 2008-01-09 09:15 <DIR> d-------- C:\Program Files\EasySpywareCleaner
2008-01-07 17:15 . 2008-01-14 08:31 <DIR> d-------- C:\WINDOWS\VXNlcg
2008-01-07 17:15 . 2008-01-09 09:15 <DIR> d-------- C:\WINDOWS\system32\oobe3
2008-01-07 17:15 . 2008-01-08 08:26 <DIR> d-------- C:\WINDOWS\system32\drivez4
2008-01-07 17:15 . 2008-01-07 17:15 86,016 --a------ C:\WINDOWS\system32\drivers\classpnpp.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-14 17:48 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-01-14 17:09 --------- d-----w C:\Program Files\Google
2008-01-09 15:03 --------- d-----w C:\Program Files\Common Files\Ahead
2008-01-08 20:36 --------- d-----w C:\Program Files\Dentrix
2008-01-08 20:35 --------- d-----w C:\Program Files\QuickTime
2008-01-08 20:34 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-12-12 17:28 30,208 ----a-r C:\WINDOWS\system32\drivers\SZKG.sys
2007-10-09 19:05 7,404,592 ----a-w C:\Program Files\vsoConvertXtoDVD2_setup.exe
2007-10-09 19:05 47,360 ----a-w C:\Documents and Settings\FrontDesk\Application Data\pcouffin.sys
2007-10-01 13:43 182,131,744 ----a-w C:\Program Files\Nero-7.10.1.0_eng_trial_wch.exe
2007-09-27 12:57 2,501,967 ----a-w C:\Program Files\PFCSetup1.0.160.exe
2007-08-29 14:35 2,560 ----a-w C:\Documents and Settings\FrontDesk\cdcache.dat
2007-08-29 14:34 3,584 ----a-w C:\Documents and Settings\FrontDesk\netcache.dat
2007-06-21 20:22 28,608 ----a-w C:\WINDOWS\Fonts\HeroOfFools.zip
2007-06-21 20:22 22,752 ----a-w C:\WINDOWS\Fonts\AlanisHand.zip
2007-06-21 20:17 39,121 ----a-w C:\WINDOWS\Fonts\jandles.zip
2006-07-18 17:53 563,712 ----a-w C:\Documents and Settings\FrontDesk\370_gotomypc.exe
2006-06-01 16:16 6,656 ----a-w C:\Documents and Settings\FrontDesk\KWDCACHE.DAT
2007-06-20 12:22 56 --sh--r C:\WINDOWS\system32\E131B0BBDE.sys
2007-06-20 12:22 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.
<pre>
----a-w 1,404,928 2008-01-08 13:31:00 C:\Program Files\Analog Devices\Core\smax4pnp .exe
----a-w 344,064 2008-01-08 13:30:59 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx .exe
----a-w 22,016 2008-01-08 13:31:14 C:\Program Files\Borland\InterBase\Bin\ibguard .exe
----a-w 155,648 2008-01-08 13:31:28 C:\Program Files\Common Files\Ahead\Lib\NeroCheck .exe
----a-w 81,920 2008-01-08 13:31:09 C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
----a-w 48,752 2008-01-08 13:31:01 C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w 53,248 2008-01-08 13:30:58 C:\Program Files\CyberLink\PowerDVD\DVDLauncher .exe
----a-w 81,920 2008-01-08 13:31:53 C:\Program Files\Dentrix\DtxQuickLaunch .exe
----a-w 305,490 2008-01-08 19:54:46 C:\Program Files\EasySpywareCleaner\EasySpywareCleaner .exe
----a-w 68,856 2008-01-08 13:32:01 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier .exe
----a-w 1,694,208 2008-01-08 21:23:43 C:\Program Files\Messenger\msmsgs .exe
----a-w 85,184 2008-01-08 13:31:04 C:\Program Files\Symantec AntiVirus\VPTray .exe
----a-w 1,106,944 2008-01-08 13:31:12 C:\Program Files\X-Rite\ShadeVision\SRman .exe
----a-w 15,360 2008-01-08 18:31:43 C:\WINDOWS\system32\ctfmon .exe
----a-w 77,824 2008-01-08 13:31:22 C:\WINDOWS\system32\hkcmd .exe
----a-w 114,688 2008-01-08 13:31:25 C:\WINDOWS\system32\igfxpers .exe
----a-w 94,208 2008-01-08 13:31:19 C:\WINDOWS\system32\igfxtray .exe
</pre>
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ShadeVisionManager"="C:\Program Files\X-Rite\ShadeVision\SRman.exe" [ ]
"NWEReboot"="" []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Name Grabber.LNK - X:\ImageXL\Name Grabber.exe [2005-08-16 09:38:54 495616]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2005-12-08 09:03:02 811008]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2006-08-22 07:46:12 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, , , , , , , , , , , , , , , , , , , , , ,
R0 szkg5;szkg;C:\WINDOWS\system32\DRIVERS\szkg.sys [2007-12-12 12:28]
R1 classpnpp;classpnpp;C:\WINDOWS\system32\drivers\classpnpp.sys [2008-01-07 17:15]
S3 InterBaseGuardian;InterBase Guardian;C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe []
S3 InterBaseServer;InterBase Server;C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe -s []
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-04 09:49:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
.
**************************************************************************
.
Completion time: 2008-02-04 9:50:43 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 14:50:27
.
2007-09-27 13:05:36 --- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:26, on 2008-02-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
X:\ImageXL\Name Grabber.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll (file missing)
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell....iler/SysPro.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1174401550239O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Unknown owner - C:\PROGRA~1\Borland\INTERB~1\Bin\ibguard.exe (file missing)
O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\PROGRA~1\Borland\INTERB~1\Bin\ibserver.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
--
End of file - 4635 bytes
TJ