Running it in safe mode worked, although Norton AV had a lot to say about it! The HijackThis file will be in the next post.
ComboFix 08-02-21 - angi 2008-02-21 12:37:51.3 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\angi\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-01-21 to 2008-02-21 )))))))))))))))))))))))))))))))
.
2008-02-20 17:54 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-20 17:53 . 2008-02-20 17:53 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-19 21:37 . 2008-02-19 21:37 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-02-19 21:37 . 2008-02-19 21:37 <DIR> d-------- C:\WINDOWS\ehome
2008-02-19 21:28 . 2002-08-29 05:41 1,349,120 --a------ C:\WINDOWS\system32\query.dll
2008-02-19 21:26 . 2002-04-22 20:18 766,934 --a------ C:\WINDOWS\system32\instcat.sql
2008-02-19 20:51 . 2001-08-23 07:00 116,736 --a------ C:\WINDOWS\system32\dpcdll.dll.wga
2008-02-19 20:51 . 2001-08-23 07:00 29,338 --a------ C:\WINDOWS\system32\EULA.TXT.wga
2008-02-19 20:51 . 2001-08-23 07:00 27,136 --a------ C:\WINDOWS\system32\pidgen.dll.wga
2008-02-19 20:51 . 2008-02-19 20:51 12,922 --a------ C:\WINDOWS\system32\wpa.bak
2008-02-19 20:37 . 2008-02-19 20:37 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-19 20:36 . 2008-02-19 20:36 142 --a------ C:\WINDOWS\system32\spupdsvc.inf
2008-02-19 12:45 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-02-19 12:45 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-02-18 15:47 . 2008-02-18 15:47 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-18 07:30 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\sdrkjtscwscx.sys
2008-02-17 17:25 . 2008-02-17 17:25 <DIR> d-------- C:\Documents and Settings\angi\Application Data\Grisoft
2008-02-17 13:15 . 2008-02-18 07:16 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-17 13:15 . 2008-02-17 13:15 <DIR> d-------- C:\Documents and Settings\angi\Application Data\SUPERAntiSpyware.com
2008-02-17 13:15 . 2008-02-17 13:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 00:46 . 2008-02-16 00:46 <DIR> d-------- C:\Documents and Settings\Tina\Application Data\MSN6
2008-02-16 00:46 . 2008-02-16 00:46 <DIR> d-------- C:\Documents and Settings\Tina\Application Data\Grisoft
2008-02-16 00:46 . 2008-02-16 00:46 <DIR> d-------- C:\Documents and Settings\Jennifer\Application Data\Grisoft
2008-02-16 00:46 . 2008-02-16 00:46 <DIR> d-------- C:\Documents and Settings\Allyson\Application Data\Grisoft
2008-02-16 00:46 . 2008-02-16 00:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-15 15:27 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-15 15:24 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\smpvgfgihmvs.sys
2008-02-15 09:16 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-02-15 09:16 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-02-15 09:16 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-02-15 09:16 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-02-15 07:29 . 2008-02-18 07:59 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-15 07:29 . 2008-02-18 07:08 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-15 07:29 . 2008-02-18 07:08 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-15 07:29 . 2008-02-18 07:08 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-14 14:38 . 2007-05-30 07:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-31 09:48 . 2008-01-31 09:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-31 09:46 . 2008-02-17 13:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-24 08:02 . 2008-02-14 12:03 429 --a------ C:\WINDOWS\wininit.ini
2008-01-23 19:45 . 2008-01-23 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-01-23 19:35 . 2008-02-18 07:15 <DIR> d-------- C:\Program Files\Bonjour
2008-01-23 19:17 . 2008-01-23 19:17 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-20 23:01 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 22:54 --------- d-----w C:\Program Files\Java
2008-02-18 12:14 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-18 12:14 --------- d-----w C:\Program Files\QuickTime
2008-02-18 12:14 --------- d-----w C:\Program Files\iTunes
2008-02-18 12:14 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-18 12:13 --------- d-----w C:\Program Files\Google
2008-02-16 05:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-13 21:35 --------- d-----w C:\Program Files\Norton SystemWorks
2008-02-04 22:17 --------- d-----w C:\Documents and Settings\Tina\Application Data\uTorrent
2008-01-31 14:48 --------- d-----w C:\Program Files\Lavasoft
2008-01-31 14:48 --------- d-----w C:\Documents and Settings\angi\Application Data\Lavasoft
2008-01-18 20:30 --------- d-----w C:\Documents and Settings\Tina\Application Data\Pegasys Inc
2008-01-14 00:10 202,240 ----a-w C:\WINDOWS\system32\Pride & Prejudice - Mr Darcy.scr
2008-01-13 23:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Macrovision
2008-01-13 23:03 --------- d-----w C:\Program Files\Common Files\Macromedia Shared
2008-01-13 23:00 --------- d-----w C:\Program Files\Common Files\Macromedia
2008-01-13 22:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 22:58 --------- d-----w C:\Program Files\Macromedia
2008-01-07 02:58 --------- d-----w C:\WINDOWS\system32\config\systemprofile\Application Data\Apple Computer
2008-01-06 03:48 --------- d-----w C:\Program Files\iPod
2008-01-06 03:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-06 03:41 --------- d-----w C:\Program Files\Apple Software Update
2008-01-06 03:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2007-12-14 16:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-05-19 01:51 49,344 -c--a-w C:\Documents and Settings\Allyson\Application Data\GDIPFONTCACHEV1.DAT
2007-02-11 21:54 49,344 -c--a-w C:\Documents and Settings\Tina\Application Data\GDIPFONTCACHEV1.DAT
2004-03-06 05:29 49,344 -c--a-w C:\Documents and Settings\Jennifer\Application Data\GDIPFONTCACHEV1.DAT
2001-08-23 12:00 94,784 -csh--w C:\WINDOWS\twain.dll
2001-08-23 12:00 46,592 -csh--w C:\WINDOWS\twain_32.dll
2001-08-23 12:00 995,383 --sh--w C:\WINDOWS\system32\mfc42.dll
2001-08-23 12:00 50,688 --sh--w C:\WINDOWS\system32\msvcirt.dll
2002-08-29 10:41 401,462 --sha-w C:\WINDOWS\system32\msvcp60.dll
2002-08-29 10:41 323,072 --sha-w C:\WINDOWS\system32\msvcrt.dll
2002-08-29 10:41 569,344 --sh--w C:\WINDOWS\system32\oleaut32.dll
2001-08-23 12:00 106,496 --sh--w C:\WINDOWS\system32\olepro32.dll
2001-08-23 12:00 9,728 -csh--w C:\WINDOWS\system32\regsvr32.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2002-08-29 05:41 1511453]
"Norton SystemWorks"="C:\Program Files\Norton SystemWorks\cfgwiz.exe" [2004-09-09 21:12 132248]
"ctfmon.exe"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 05:41 13312]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"D-Link AirPlus Xtreme G"="C:\Program Files\D-Link\AirPlus Xtreme G\AirPlusCFG.exe" [2003-09-19 21:34 2498560]
"ANIWZCSService"="C:\Program Files\Alpha Networks\ANIWZCS Service\WZCSLDR.exe" [2003-08-21 16:12 32768]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-08-03 21:24 196608]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2003-07-28 14:19 4841472]
"nwiz"="nwiz.exe" [2003-07-28 14:19 323584 C:\WINDOWS\system32\nwiz.exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-01-17 11:42 58728]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-11-02 16:59 218240]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-04-05 22:18 100056]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"HPHmon03"="C:\WINDOWS\System32\hphmon03.exe" [2001-08-03 21:24 311296]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-09-20 16:19 185632]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-12-11 12:10 267048]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
.
Contents of the 'Scheduled Tasks' folder
"2008-02-15 03:57:13 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-16 01:13:04 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - angi.job"
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeh/task:
"2008-02-18 19:47:56 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Program Files\Norton SystemWorks\OBC.exe
"2008-02-21 05:00:00 C:\WINDOWS\Tasks\Symantec Drmc.job"
- C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-21 12:47:49
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-21 12:56:22
ComboFix-quarantined-files.txt 2008-02-21 17:56:18
ComboFix2.txt 2008-02-21 16:19:31
.
2008-02-20 01:37:36 --- E O F ---